Paulo Sergio Pagliusi (2008) Internet Authentication for Remote Access.
Full text access: Open
It is expected that future IP devices will employ a variety of different network access technologies to gain ubiquitous connectivity. Currently there are no authentication protocols available that are lightweight, can be carried over arbitrary access networks, and are flexible enough to be re-used in the many different contexts that are likely to arise in future Internet remote access. Furthermore, existing access procedures need to be enhanced to offer protection against Denial-of-Service (DoS) attacks, and do not provide non-repudiation. In addition to being limited to specific access media, some of these protocols are limited to specific network topologies and are not scalable. This thesis reviews the authentication infrastructure challenges for future Internet remote access supporting ubiquitous client mobility, and proposes a series of solutions obtained by adapting and reinforcing security techniques arising from a variety of different sources. The focus is on entity authentication protocols that can be carried both by the IETF PANA authentication carrier and by the EAP mechanisms, and possibly making use of an AAA infrastructure. The core idea is to adapt authentication protocols arising from the mobile telecommunications sphere to Internet remote access. A proposal is also given for Internet access using a public key based authentication protocol. The subsequent security analysis of the proposed authentication protocols covers a variety of aspects, including: key freshness, DoS-resistance, and "false-entity-in-the-middle" attacks, in addition to identity privacy of users accessing the Internet via mobile devices. This work aims primarily at contributing to ongoing research on the authentication infrastructure for the Internet remote access environment, and at reviewing and adapting authentication solutions implemented in other spheres, for instance in mobile telecommunications systems, for use in Internet remote access networks supporting ubiquitous mobility
This is a Published version This version's date is: 20/03/2008 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/2e0499f2-c685-c52b-ef00-8cb7a5aa49f3/1/
Deposited by () on 28-Jun-2010 in Royal Holloway Research Online.Last modified on 15-Dec-2010
[1] 3rd Generation Partnership Project, Technical Speci¯cation Group CoreNetwork and Terminals, Valbonne, France. 3GPP TS 24.109 V7.5.0 |Bootstrapping interface (Ub) and network application function interface(Ua), Protocol details (Release 7), December 2006.
[2] 3rd Generation Partnership Project, Technical Speci¯cation Group CoreNetwork and Terminals, Valbonne, France. 3GPP TS 29.229 V7.6.0 | Cxand Dx interfaces based on the Diameter protocol, Protocol details (Release7), September 2007.
[3] 3rd Generation Partnership Project, Technical Speci¯cation Group CoreNetwork and Terminals, Valbonne, France. 3GPP TS 29.109 V7.7.0 |Generic Authentication Architecture (GAA), Zh and Zn Interfaces basedon the Diameter protocol, Stage 3 (Release 7), September 2007.
[4] 3rd Generation Partnership Project, Technical Speci¯cation Group CoreNetwork and Terminals, Valbonne, France. 3GPP TS 23.003 V7.5.0 |Numbering, addressing and identi¯cation (Release 7), September 2007.
[5] 3rd Generation Partnership Project, Technical Speci¯cation Group Ser-vices and System Aspects, Valbonne, France. 3GPP TS 33.222 V7.2.0| Generic Authentication Architecture (GAA), Access to network appli-cation functions using Hypertext Transfer Protocol over Transport LayerSecurity (HTTPS) (Release 7), September 2006.
[6] 3rd Generation Partnership Project, Technical Speci¯cation Group Ser-vices and System Aspects, Valbonne, France. 3GPP TS 33.221 V7.0.0 |Generic Authentication Architecture (GAA), Support for subscriber cer-ti¯cates (Release 7), June 2007.
[7] 3rd Generation Partnership Project, Technical Speci¯cation Group Ser-vices and System Aspects, Valbonne, France. 3GPP TS 33.220 V7.9.0 |Generic Authentication Architecture (GAA), Generic bootstrapping archi-tecture (Release 7), September 2007.
[8] 3rd Generation Partnership Project, Technical Speci¯cation Group Ser-vices and System Aspects, 3G Security, Valbonne, France. 3GPP TS33.102 V7.1.0 | Security Architecture (Release 7), December 2006.
[9] 3rd Generation Partnership Project, Technical Speci¯cation Group Ser-vices and System Aspects, 3G Security, Valbonne, France. 3GPP TS35.202 V7.0.0 | Speci¯cation of the 3GPP Con¯dentiality and IntegrityAlgorithms, Document 2: KASUMI Speci¯cation (Release 7), June 2007.
[10] 3rd Generation Partnership Project, Technical Speci¯cation Group Ser-vices and System Aspects, 3G Security, Valbonne, France. 3GPP TR33.919 V7.2.0 | Generic Authentication Architecture (GAA), SystemDescription (Release 7), March 2007.
[11] 3rd Generation Partnership Project, Technical Speci¯cation Group Ser-vices and System Aspects, Liberty Alliance and 3GPP Security Inter-working, Valbonne, France. 3GPP TR 33.980 V7.6.0 | Interworkingof Liberty Alliance Identity Federation Framework (ID-FF), Identity WebServices Framework (ID-WSF) and Generic Authentication Architecture(GAA) (Release 7), September 2007.
[12] R. Aarts and P. Madsen (editors). Liberty ID-WSF interaction servicespeci¯cation, version: 2.0-04. Liberty Speci¯cation draft-liberty-idwsf-interaction-svc-v2.0-04, Liberty Alliance Project, November 2005.
[13] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz. Extensi-ble authentication protocol (EAP). Request For Comments 3748, InternetEngineering Task Force, June 2004.
[14] B. Aboba and P. Calhoun. (RADIUS) (remote authentication dial in userservice) support for extensible authentication protocol (EAP). RequestFor Comments 3579, Internet Engineering Task Force, September 2003.
[15] B. Aboba, P. Calhoun, S. Glass, T. Hiller, P. McCann, H. Shiino, P.Walsh,G. Zorn, G. Dommety, C. Perkins, B. Patil, D. Mitton, S. Manning,M. Beadles, X. Chen, S. Sivalingham, A. Hameed, M. Munson, S. Ja-cobs, B. Lim, B. Hirschman, R. Hsu, H. Koo, M. Lipford, E. Campbell,Y. Xu, S. Baba, and E. Jaques. Criteria for evaluating AAA protocols fornetwork access. Request For Comments 2989, Internet Engineering TaskForce, November 2000.
[16] B. Aboba, H. Krawczyk, and Y. She®er. PIC, a pre-IKE credential provi-sioning protocol. Internet Draft (Work in Progress) draft-ietf-ipsra-pic-06,Internet Engineering Task Force, October 2002.
[17] B. Aboba and D. Simon. PPP EAP TLS authentication protocol. RequestFor Comments 2716, Internet Engineering Task Force, October 1999.
[18] B. Aboba, D. Simon, and P. Eronen. Extensible authentication protocol(EAP) key management framework. Internet Draft (Work in Progress)draft-ietf-eap-keying-19, Internet Engineering Task Force, October 2007.
[19] B. Aboba and J. Wood. Authentication, authorization and accounting(AAA) transport pro¯le. Request For Comments 3539, Internet Engi-neering Task Force, June 2003.
[20] J. Arkko and H. Haverinen. Extensible authentication protocol method for3rd generation authentication and key agreement (EAP-AKA). RequestFor Comments 4187, Internet Engineering Task Force, January 2006.
[21] N. Asokan, V. Niemi, and K. Nyberg. Man-in-the-middle in tunnelledauthentication protocols. In B. Christianson, B. Crispo, J. Malcolm, andM. Roe, editors, Security Protocols: 11th International Workshop on Se-curity Protocols, Proceedings, Lecture Notes in Computer Science 3364,pages 28{41, Cambridge, UK, April 2003. Springer-Verlag.[22] M. Badra and P. Urien. EAP-Double-TLS authentication protocol. In-ternet Draft (Work in Progress) draft-badra-eap-double-tls-05, InternetEngineering Task Force, June 2006.
[23] J. Beatty, J. Sergent, and J. Hodges (editors). Liberty ID-WSF discoveryservice speci¯cation, version: 2.0-12. Liberty Speci¯cation draft-liberty-idwsf-disco-svc-v2.0-12, Liberty Alliance Project, November 2005.
[24] S. Beaulieu and R. Pereira. Extended authentication within IKE(XAUTH). Internet Draft (Work in Progress) draft-beaulieu-ike-xauth-02, Internet Engineering Task Force, October 2001.
[25] F. Bersani and H. TschÄofenig. The EAP-PSK protocol: a pre-shared keyEAP method. Request For Comments 4764, Internet Engineering TaskForce, January 2007.[26] C. W. Blanchard. Wireless security. In R. Temple and J. Regnault, editors,Internet and wireless security, chapter 8, pages 147{162. Institution ofElectrical Engineers Press, London, 2002.
[27] L. Blunk and J. Vollbrecht. PPP extensible authentication protocol(EAP). Request For Comments 2284, Internet Engineering Task Force,March 1998.
[28] L. Blunk, J. Vollbrecht, and B. Aboba. The one time password (OTP)and generic token card authentication protocols. Internet Draft (Work inProgress) draft-ietf-eap-otp-00, Internet Engineering Task Force, October2002.
[29] D. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn,H. Nielsen, and D. Winer (editors). Simple object access protocol (SOAP)version 1.1. W3C Note NOTE-SOAP-20000508, World Wide Web Con-sortium, May 2000.
[30] C. Brookson. GSM (and PCN) security and encryption.http://www.brookson. com/gsm/gsmdoc.htm, 1994.
[31] A. Buckley, P. Satarasinghe, V. Alperovich, J. Puthenkulam, J. Walker,and V. Lortz. EAP SIM GMM authentication. Internet Draft (Workin Progress) draft-buckley-pppext-eap-sim-gmm-00, Internet EngineeringTask Force, August 2002.
[32] P. Calhoun, S. Farrell, and W. Bulley. Diameter CMS security application.Internet Draft (Work in Progress) draft-ietf-aaa-diameter-cms-sec-04, In-ternet Engineering Task Force, March 2002.
[33] P. Calhoun, T. Johansson, C. Perkins, T. Hiller, and P. McCann. Di-ameter mobile IPv4 application. Request For Comments 4004, InternetEngineering Task Force, August 2005.[34] P. Calhoun, J. Loughney, E. Guttman, G. Zorn, and J. Arkko. Diameterbase protocol. Request For Comments 3588, Internet Engineering TaskForce, September 2003.
[35] P. Calhoun, G. Zorn, D. Spence, and D. Mitton. Diameter network accessserver application. Request For Comments 4005, Internet EngineeringTask Force, August 2005.
[36] S. Cantor and J. Kemp (editors). Liberty ID-FF protocols and schemaspeci¯cation, version: 1.2-errata-v3.0. Liberty Speci¯cation draft-liberty-id®-protocols-schema-1.2-errata-v3.0, Liberty Alliance Project, May 2005.
[37] S. Cantor, J. Kemp, and D. Champagne (editors). Liberty ID-FF bind-ings and pro¯les speci¯cation, version: 1.2-errata-v2.0. Liberty Speci¯-
cation draft-liberty-id®-bindings-pro¯les-1.2-errata-v2.0, Liberty AllianceProject, September 2004.
[38] W. Cheswick and S. Bellovin. Firewalls and Internet Security. Addison-Wesley Publishing Company, Reading, Massachusetts, 1994.
[39] D. D. Clark and D. R. Wilson. A comparison of commercial and militarycomputer security policies. In Proceedings of the 1987 IEEE Symposiumon Security and Privacy, pages 184{194, Oakland, CA, April 1987. IEEEComputer Society Press.
[40] R. Clarke. Authentication: A su±ciently rich model to enable e-business. Review Draft of 26/12/2001, Department of Computer Science,Australian National University, Canberra 0200, Australia, available athttp://www.anu.edu.au/people/Roger.Clarke/EC/AuthModel.html, De-cember 2001.
[41] R. Clarke. Certainty of identity: A fundamental misconception, and afundamental threat to security. Privacy Law and Policy Reporter, 8(3):63{65, July 2001.
[42] J. Daemen and V. Rijmen. The Design of Rijndael: AES | The AdvancedEncryption Standard. Springer-Verlag, Berlin, 2002.
[43] A. W. Dent and C. J. Mitchell. User's Guide to Cryptography and Stan-dards. Artech House, London, 2004.
[44] C. Dierks and C. Allen. The TLS protocol version 1.0. Request ForComments 2246, Internet Engineering Task Force, January 1999.
[45] W. Di±e and M. Hellman. New directions in cryptography. IEEE Trans-actions on Information Theory, IT-22(6):644{654, June 1976.
[46] R. Droms. Dynamic host con¯guration protocol. Request For Comments2131, Internet Engineering Task Force, March 1997.
[47] R. Droms, J. Bound, B. Volz, T. Lemon, C. Perkins, and M. Carney.Dynamic host con¯guration protocol for ipv6 (DHCPv6). Request ForComments 3315, Internet Engineering Task Force, July 2003.
[48] D. Eastlake 3rd, S. Crocker, and J. Schiller. Randomness recommenda-tions for security. Request For Comments 1750, Internet Engineering TaskForce, December 1994.
[49] C. Kaufman (editor). Internet key exchange (IKEv2) protocol. RequestFor Comments 4306, Internet Engineering Task Force, December 2005.
[50] G. Lambert (editor). Liberty ID-SIS contact book service implementa-tion guidelines, version: 1.0-06. Liberty Speci¯cation draft-liberty-id-sis-contactbook-guidelines-v1.0-06, Liberty Alliance Project, July 2005.
[51] J. Arkko (editor), J. Kempf, B. Zill, and P. Nikander. SEcure NeighborDiscovery (SEND). Request For Comments 3971, Internet EngineeringTask Force, March 2005.
[52] J. Kainulainen (editor). Liberty ID-SIS geolocation service speci¯cation,version: 1.0-12. Liberty Speci¯cation draft-liberty-id-sis-gl-v1.0-12, Lib-erty Alliance Project, April 2005.
[53] J. Uberti (editor). Liberty ID-SIS presence service implementation guide-lines, version: 1.0-12. Liberty Speci¯cation draft-liberty-id-sis-presence-guidelines-v1.0-12, Liberty Alliance Project, July 2005.
[54] P. Saint-Andre (editor). Liberty ID-SIS presence service speci¯cation,version: 1.0-10. Liberty Speci¯cation draft-liberty-id-sis-presence-v1.0-10,Liberty Alliance Project, July 2005.
[55] S. Kellomaki (editor). Liberty ID-SIS contact book service speci¯cation,version: 1.0-11. Liberty Speci¯cation draft-liberty-id-sis-cb-v1.0-11, Lib-erty Alliance Project, July 2005.
[56] T. Wason (editor), S. Cantor, J. Hodges, J. Kemp, and P. Thompson.Liberty ID-FF architecture overview, version 1.2-errata-v1.0. Draft Spec-i¯cation draft-liberty-id®-arch-overview-1.2-errata-v1.0, Liberty AllianceProject, May 2005.
[57] G. Ellison, F. Hirsch, and P. Madsen (editors). ID-WSF 2.0 SecMechSAML Pro¯le, version: v2.0-11. Liberty Speci¯cation draft-liberty-idwsf-security-mechanisms-saml-pro¯le-v2.0-11, Liberty Alliance Project,November 2005.
[58] G. Ellison, F. Hirsch, and P. Madsen (editors). Liberty ID-WSF securitymechanisms core, version: v2.0-12. Liberty Speci¯cation draft-liberty-idwsf-security-mechanisms-core-v2.0-12, Liberty Alliance Project, Novem-ber 2005.
[59] P. Eronen, T. Hiller, and G. Zorn. Diameter extensible authenticationprotocol (EAP) application. Request For Comments 4072, Internet Engi-neering Task Force, August 2005.
[60] P. Eronen and H. TschÄofenig. Pre-shared key ciphersuites for transportlayer security (TLS). Request For Comments 4279, Internet EngineeringTask Force, December 2005.
[61] ETSI. GSM Technical Speci¯cation GSM 04.08 (ETS 300 940): \Digi-tal cellular telecommunication system (Phase 2+); Mobile radio interfacelayer 3 speci¯cation" (version 7.8.0). European Telecommunications Stan-dards Institute, June 2000.
[62] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, andT. Berners-Lee. Hypertext transfer protocol | HTTP/1.1. Request ForComments 2616, Internet Engineering Task Force, June 1999.
[63] S. Fluhrer, I. Mantin, and A. Shamir. Weaknesses in the key scheduling al-gorithm of RC4. In S. Vaudenay and A.M. Youssef, editors, Selected Areasin Cryptography: 8th Annual International Workshop | SAC 2001, Pro-ceedings, Lecture Notes in Computer Science 2259, pages 1{24, Toronto,Ontario, Canada, August 2001. Springer-Verlag.
[64] W. Ford. Computer communications security: Principles, standard pro-tocols and techniques. Prentice Hall, Upper Saddle River, New Jersey,1994.
[65] D. Forsberg, Y. Ohba, B. Patil, H. TschÄofenig, and A. Yegin. Protocolfor carrying authentication for network access (PANA). Internet Draft(Work in Progress) draft-ietf-pana-pana-10, Internet Engineering TaskForce, July 2005.
[66] D. Forsberg, Y. Ohba, B. Patil, H. TschÄofenig, and A. Yegin. Protocolfor carrying authentication for network access (PANA). Internet Draft(Work in Progress) draft-ietf-pana-pana-18, Internet Engineering TaskForce, September 2007.
[67] D. Forsberg and J. Rajahalme. Secure network access authentica-tion (SeNAA). Internet Draft (Work in Progress) draft-forsberg-pana-secure-network-access-auth-01, Internet Engineering Task Force, Septem-ber 2002.
[68] J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Lu-otonen, and L. Stewart. HTTP authentication: Basic and digest accessauthentication. Request For Comments 2617, Internet Engineering TaskForce, June 1999.
[69] A. Freier, P. Karlton, and P. Kocher. The SSL protocol version 3.0. In-ternet Draft (Work in Progress) draft-freier-ssl-version3-02, Internet En-gineering Task Force, November 1996.
[70] P. Funk and S. Blake-Wilson. EAP tunneled TLS authentication protocol(EAP-TTLS). Internet Draft (Work in Progress) draft-ietf-pppext-eap-ttls-05, Internet Engineering Task Force, July 2004.
[71] J. T. Geier and J. Geier. Wireless LANs. Sams Publishing, Indianapolis,IN, USA, 2nd edition, 2001.
[72] D. Gollmann. What do we mean by entity authentication? In Proceed-ings of the 1996 IEEE Symposium on Security and Privacy, pages 46{54,Oakland, CA, May 1996. IEEE Computer Society Press.
[73] C. Grahm, D. Castellanos, and J. Kainulainen (editors). Liberty ID-SIS geolocation service implementation guidelines, version: 1.0-15. Lib-erty Speci¯cation draft-liberty-id-sis-gl-guidelines-v1.0-15, Liberty Al-liance Project, April 2005.
[74] M. Gudgin, M. Hadley, N. Mendelsohn, J. Moreau, H. F. Nielsen, A. Kar-markar, and Y. Lafon (editors). SOAP version 1.2 part 1: Messagingframework (second edition). W3C Recommendation REC-soap12-part1-20070427, World Wide Web Consortium, April 2007.
[75] N. Haller, C. Metz, P. Nesser, and M. Straw. A one-time password system.Request For Comments 2289, Internet Engineering Task Force, February1998.
[76] D. Harkins and D. Carrel. The Internet Key Exchange (IKE). RequestFor Comments 2409, Internet Engineering Task Force, November 1998.
[77] H. Haverinen and J. Salowey. Extensible authentication protocol methodfor GSM subscriber identity modules (EAP-SIM). Request For Comments4186, Internet Engineering Task Force, January 2006.
[78] J. Hodges and R. Aarts (editors). Liberty ID-WSF authentication serviceand single sign-on service speci¯cation, version: 1.1. Liberty Speci¯cationliberty-idwsf-authn-svc-v1.1, Liberty Alliance Project, May 2005.
[79] P. Ho®man. Algorithms for Internet Key Exchange version 1 (IKEv1).Request For Comments 4109, Internet Engineering Task Force, May 2005.
[80] R. Housley, W. Polk, W. Ford, and D. Solo. Internet X.509 public keyinfrastructure certi¯cate and certi¯cate revocation list (CRL) pro¯le. Re-quest For Comments 3280, Internet Engineering Task Force, April 2002.
[81] M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press, USA,2nd edition, 2003.
[82] R. Hulsebosch, C. GÄunther, G. Horn, S. Holtmanns, K. Howker, K. Pa-terson, J. Claessens, and M. Schuba. Pioneering advanced mobile privacyand security. In C. J. Mitchell, editor, Security for mobility, chapter 17,pages 383{432. Institution of Electrical Engineers Press, London, January2004.
[83] Institute of Electrical and Electronics Engineers. 1363a{2004 | IEEEStandard Speci¯cations for Public-Key Cryptography | Amendment 1:Additional Techniques, 2004.
[84] Institute of Electrical and Electronics Engineers. 802.1X{2004 | IEEEStandard for Local and metropolitan area networks Port-Based NetworkAccess Control, 2004.
[85] Institute of Electrical and Electronics Engineers. 802.11{2007 | IEEEStandard for Information technology |Telecommunications and informa-tion exchange between systems | Local and metropolitan area networks |Speci¯c requirements | Part 11: Wireless LAN Medium Access Control(MAC) and Physical Layer (PHY) Speci¯cations, 2007.
[86] International Organization for Standardization (ISO), Geneva. ISO 7498-2, Information processing systems | Open Systems Interconnection |Basic Reference Model | Part 2: Security Architecture, 1st edition, 1989.
[87] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 9798-1, Informationtechnology | Security techniques | Entity authentication | Part 1:General, 2nd edition, 1997.
[88] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 18033-1, Informationtechnology | Security techniques | Encryption algorithms | Part 1:General, 1st edition, 2005.
[89] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 18033-3, Informationtechnology | Security techniques | Encryption algorithms | Part 3:Block ciphers, 1st edition, 2005.
[90] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 18033-4, Informationtechnology | Security techniques | Encryption algorithms | Part 4:Stream ciphers, 1st edition, 2005.
[91] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 10118-1, Informationtechnology | Security techniques | Hash-functions | Part 1: General,2nd edition, 2000.
[92] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 10118-2, Informationtechnology | Security techniques | Hash-functions | Part 2: Hash-functions using an n-bit block cipher, 2nd edition, 2000.
[93] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 10118-3, Informationtechnology | Security techniques | Hash-functions | Part 3: Dedicatedhash-functions, 3rd edition, 2004.
[94] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 10118-4, Informationtechnology | Security techniques | Hash-functions | Part 4: Hash-functions using modular arithmetic, 1st edition, 1998.
[95] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 9797-1, Informa-tion technology | Security techniques | Message Authentication Codes(MACs) | Part 1: Mechanisms using a block cipher, 1st edition, 1999.
[96] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 9797-2, Informa-tion technology | Security techniques | Message Authentication Codes(MACs) | Part 2: Mechanisms using a dedicated hash-function, 1st edi-tion, 2002.
[97] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC FDIS 14888-2, Infor-mation technology | Security techniques | Digital signatures with ap-pendix | Integer factorization based mechanisms, 2nd edition, October2007.
[98] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 11770-1, Informationtechnology | Security techniques | Key management | Part 1: Frame-work, 1st edition, 1996.
[99] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC FCD 18033-2, Infor-mation technology | Security techniques | Encryption algorithms |Part 2: Asymmetric ciphers, 1st edition, 2006.
[100] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC FCD 14888-1, Infor-mation technology | Security techniques | Digital signatures with ap-pendix | Part 1: General, 2nd edition, September 2007.
[101] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 14888-3, Informationtechnology | Security techniques | Digital signatures with appendix |Part 3: Discrete logarithm based mechanisms, 2nd edition, 2006.
[102] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC FCD 11770-3, Infor-mation technology | Security techniques | Key management | Part 3:Mechanisms using asymmetric techniques, 2nd edition, October 2007.
[103] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 18028-4, Informationtechnology | Security techniques | IT network security | Part 4: Se-curing remote access, 1st edition, 2005.
[104] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 13239, Informationtechnology | Telecommunications and information exchange between sys-tems | High-level data link control (HDLC) procedures, 3rd edition, 2002.
[105] International Organization for Standardization (ISO), International Elec-trotechnical Commission (IEC), Geneva. ISO/IEC 18031, Informationtechnology | Security techniques | Random bit generation, 1st edition,2005.
[106] International Telecommunication Union - Radiocommunication StudyGroups (ITU-R), Geneva. Recomendation ITU-R M.1457: De-tailed Speci¯cations of the radio interfaces of International MobileTelecommunications-2000 (IMT-2000), 1999.
[107] International Telecommunication Union - Telecommunication Standard-ization Sector (ITU-T), Geneva. Recommendation X.800, Data Communi-cation Networks: Open System Interconnection (OSI); Security, structureand Applications | Security architecture for Open Systems Interconnec-tion for CCITT Applications, 1991. Also published as ISO InternationalStandard 7498-2.
[108] International Telecommunication Union - Telecommunication Standard-ization Sector (ITU-T), Geneva. Recommendation X.509, Informationtechnology | Open Systems Interconnection | The Directory: Public-key and attribute certi¯cate frameworks, March 2000. Also published asISO International Standard 9594-8.
[109] P. Jayaraman, R. Lopez, Y. Ohba, M. Parthasarathy, and A. Yegin. PANAframework. Internet Draft (Work in Progress) draft-ietf-pana-framework-10, Internet Engineering Task Force, September 2007.
[110] D. Johnson, C. Perkins, and J. Arkko. Mobility support in IPv6. RequestFor Comments 3775, Internet Engineering Task Force, June 2004.
[111] S. Josefsson. The EAP securID(r) mechanism. Internet Draft (Work inProgress) draft-josefsson-eap-securid-01, Internet Engineering Task Force,February 2002.
[112] S. Kellomaki and R. Lockhart (editors). Liberty ID-SIS employee pro-¯le service implementation guidelines, version: 1.1. Liberty Speci¯ca-tion lliberty-idsis-ep-guidelines-v1.1, Liberty Alliance Project, September2005.
[113] S. Kellomaki and R. Lockhart (editors). Liberty ID-SIS employee pro¯leservice speci¯cation, version: 1.1. Liberty Speci¯cation liberty-idsis-ep-v1.1, Liberty Alliance Project, September 2005.
[114] S. Kellomaki and R. Lockhart (editors). Liberty ID-SIS personal pro-¯le service implementation guidelines, version: 1.1. Liberty Speci¯cationliberty-idsis-pp-guidelines-v1.1, Liberty Alliance Project, September 2005.
[115] S. Kellomaki and R. Lockhart (editors). Liberty ID-SIS personal pro¯leservice speci¯cation, version: 1.1. Liberty Speci¯cation liberty-idsis-pp-v1.1, Liberty Alliance Project, September 2005.
[116] S. Kent. IP authentication header. Request For Comments 4302, InternetEngineering Task Force, December 2005.
[117] S. Kent. IP encapsulating security payload (ESP). Request For Comments4303, Internet Engineering Task Force, December 2005.
[118] S. Kent and K. Seo. Security architecture for the Internet Protocol. Re-quest For Comments 4301, Internet Engineering Task Force, December2005.
[119] V. Khu-smith and C. Mitchell. Enhancing e-commerce security usingGSM authentication. In K. Bauknecht, A. Min Tjoa, and G. Quirchmayr,editors, E-Commerce and Web Technologies: 4th International Conference| EC-Web 2003, Proceedings, Lecture Notes in Computer Science 2738,pages 72{83, Prague, Czech Republic, September 2003. Springer-Verlag.
[120] H. Knospe and S. Schwiderski-Grosche. Future mobile networks: Ad-hocaccess based on online payment with smartcards. In 13th IEEE Interna-tional Symposium on Personal, Indoor and Mobile Radio Communications(PIMRC 2002), Proceedings, pages 197{200, Lisbon, Portugal, September2002. Institute of Electrical and Electronics Engineers.
[121] H. Knospe and S. Schwiderski-Grosche. Online payment for access to het-erogeneous mobile networks. In N.P. Foteini and B. Arroyo-Fernandez,editors, IST Mobile & Wireless Telecommunications Summit 2002, Pro-ceedings, pages 748{752, Thessaloniki, Greece, June 2002. IST.
[122] H. Knospe and S. Schwiderski-Grosche. Secure mobile commerce. InC. J. Mitchell, editor, Security for Mobility, chapter 14, pages 325{346.Institution of Electrical Engineers Press, January 2004.
[123] H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hashing for mes-sage authentication. Request For Comments 2104, Internet EngineeringTask Force, February 1997.
[124] P. Laitinen, P. Ginzboorg, N. Asokan, S. Holtmanns, and V. Niemi. Ex-tending cellular authentication as a service. In First IEE InternationalConference on Commercialising Technology and Innovation, Proceedings,pages 0 90{D2/4, London, September 2005. Institution of Electrical En-gineers Press.
[125] A. Lior and A. Yegin. PANA AAA interworking. Internet Draft (Work inProgress) draft-ieft-pana-aaa-interworking-00, Internet Engineering TaskForce, July 2005.
[126] B. Lloyd and W. Simpson. PPP authentication protocols. Request ForComments 1334, Internet Engineering Task Force, October 1992.
[127] J. Malcolm. Lightweight authentication in a mobile network (transcriptof discussion). In B. Christianson, B. Crispo, J. Malcolm, and M. Roe,editors, Security Protocols Workshop 2001, 9th International Workshop,Revised Papers. Lecture Notes in Computer Science 2467, pages 217{220,Cambridge, UK, April 2001. University of Hertfordshire, Springer-Verlag.
[128] E. Maler, P. Mishra, and R. Philpott (editors). Assertions and protocolfor the OASIS security assertion markup language (SAML) v1.1. Oasiscommittee speci¯cation, Organization for the Advancement of StructuredInformation Standards, May 2003.
[129] L. Mamakos, K. Lidl, J. Evarts, D. Carrel, D. Simone, and R. Wheeler.A method for transmitting PPP over ethernet (PPPoE). Request ForComments 2516, Internet Engineering Task Force, February 1999.
[130] M. Matsui. New block encryption algorithm MISTY. In E. Biham, editor,Fast Software Encryption '97, Proceedings, Lecture Notes in ComputerScience 1267, pages 54{68, Haifa, Israel, January 1997. Springer-Verlag.
[131] D. Maughan, M. Schertler, M. Schneider, and J. Turner. Internet secu-rity association and key management protocol (ISAKMP). Request ForComments 2408, Internet Engineering Task Force, November 1998.
[132] A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of AppliedCryptography. CRC Press, Boca Raton, 1996.
[133] C. Metz. OTP extended responses. Request For Comments 2243, InternetEngineering Task Force, November 1997.
[134] D. Meyer. Administratively scoped IP multicast. Request For Comments2365, Internet Engineering Task Force, July 1998.
[135] C. Mitchell. The security of the GSM air interface protocol. Techni-cal Report RHUL-MA-2001-3, Department of Mathematics, Royal Hol-loway, University of London, Egham, Surrey TW20 0EX, UK, availableat http://www.rhul.ac.uk/mathematics/techreports, August 2001.
[136] C. Mitchell and P. Pagliusi. Is entity authentication necessary? InB. Christianson, J. A. Malcolm, B. Crispo, and M. Roe, editors, SecurityProtocols: 10th International Workshop on Security Protocols, Proceed-ings, Lecture Notes in Computer Science 2845, pages 20{33, Cambridge,UK, December 2003. Springer-Verlag.
[137] C. J. Mitchell. Cryptography for mobile security. In C. J. Mitchell, editor,Security for Mobility, IEE Telecommunications Series, chapter 1, pages 3{10. Institution of Electrical Engineers Press, London, 2004.
[138] A. Niemi, J. Arkko, and V. Torvinen. Hypertext transfer protocol (HTTP)digest authentication using authentication and key agreement (AKA). Re-quest For Comments 3310, Internet Engineering Task Force, September2002.
[139] NIST. Federal Information Processing Standard, Secure Hash Standard(FIPS Publication 180-1). National Institute of Standards and Technol-ogy, U.S. Department of Commerce, Gaithersburg, MD, April 1995.
[140] NIST. Federal Information Processing Standards: Data Encryption Stan-dard (DES) (FIPS Publication 46-3). National Institute of Standards andTechnology, U.S. Department of Commerce, Gaithersburg, MD, October1999.
[141] NIST. Federal Information Processing Standards: Digital Signature Stan-dard (FIPS Publication 186-2). National Institute of Standards and Tech-nology, Gaithersburg, MD, January 2000.
[142] NIST. Federal Information Processing Standard, Advanced EncryptionStandard (AES) (FIPS Publication 197). National Institute of Stan-dards and Technology, U.S. Department of Commerce, Gaithersburg, MD,November 2001.
[143] Y. Ohba, S. Baba, and S. Das. PANA over TLS. Internet Draft (Workin Progress) draft-ohba-pana-potls-01, Internet Engineering Task Force,October 2002.
[144] Y. Ohba, S. Das, B. Patil, H. Soliman, and A. Yegin. Problem statementand usage scenarios for PANA. Internet Draft (Work in Progress) draft-ietf-pana-usage-scenarios-06, Internet Engineering Task Force, April 2003.
[145] P. Pagliusi. A contemporary foreword on GSM security. In G. Davida,Y. Frankel, and O. Rees, editors, Infrastructure Security: InternationalConference | InfraSec 2002, Proceedings, Lecture Notes in ComputerScience 2437, pages 129{144, Bristol, UK, October 2002. Springer-Verlag.
[146] P. Pagliusi and C. Mitchell. PANA/GSM authentication for Internet ac-cess. In P. Farkas, editor, Joint 1st Workshop on Mobile Future & Sympo-sium on Trends in Communications | SympoTIC'03, Proceedings, pages146{152, Bratislava, Slovakia, October 2003. Institute of Electrical andElectronics Engineers.
[147] P. Pagliusi and C. Mitchell. PANA/IKEv2: an Internet authenticationprotocol for heterogeneous access. In K. Chae and M. Yung, editors, 4thInternational Workshop on Information Security Applications | WISA2003, Proceedings, Lecture Notes in Computer Science 2908, pages 135{149, Jeju Island, Korea, August 2003. Springer-Verlag.
[148] P. S. Pagliusi and C. J. Mitchell. Heterogeneous Internet access viaPANA/UMTS. In the Proceedings of 3rd International Conference onInformation Security, Hardware/Software Codesign And Computers Net-work | ISCOCO 2004, Rio de Janeiro, Brazil, October 2004. To bepublished in the World Scienti¯c and Engineering Academy and Society(WSEAS) Transactions.
[149] A. Palekar, D. Simon, J. Salowey, H. Zhou, G. Zorn, and S. Josefs-son. Protected EAP protocol (PEAP) version 2. Internet Draft (Workin Progress) draft-josefsson-pppext-eap-tls-eap-10, Internet EngineeringTask Force, October 2004.
[150] M. Parthasarathy. PANA enabling IPsec based access control. InternetDraft (Work in Progress) draft-ietf-pana-ipsec-07, Internet EngineeringTask Force, July 2005.
[151] M. Parthasarathy. Protocol for carrying authentication and network ac-cess (PANA) threat analysis and security requirements. Request For Com-ments 4016, Internet Engineering Task Force, March 2005.
[152] B. Patel, B. Aboba, S. Kelly, and V. Gupta. Dynamic host con¯gurationprotocol (DHCPv4) | con¯guration of ipsec tunnel mode. Request ForComments 3456, Internet Engineering Task Force, January 2003.
[153] C. Perkins. IP mobility support for IPv4. Request For Comments 3344,Internet Engineering Task Force, August 2002.
[154] R. Perlman. Understanding IKEv2: Tutorial, and rationale for decisions.Internet Draft (Work in Progress) draft-ietf-ipsec-ikev2-tutorial-01, Inter-net Engineering Task Force, February 2003.
[155] F. Piper and S. Murphy. Cryptography: A Very Short Introduction. OxfordUniversity Press, 2002.
[156] J. Postel. User datagram protocol. Request For Comments 0768, InternetEngineering Task Force, August 1980.
[157] J. Postel. Transmission control protocol. Request For Comments 0793(STD 7), Internet Engineering Task Force, September 1981.
[158] J. Puthenkulam, V. Lortz, A. Palekar, and D. Simon. The compoundauthentication binding problem. Internet Draft (Work in Progress) draft-puthenkulam-eap-binding-04, Internet Engineering Task Force, October2003.
[159] E. Rescorla. HTTP over TLS. Request For Comments 2818, InternetEngineering Task Force, May 2000.
[160] C. Rigney, W. Willats, and P. Calhoun. (RADIUS) extensions. RequestFor Comments 2869, Internet Engineering Task Force, June 2000.
[161] C. Rigney, S. Willens, A. Rubens, and W. Simpson. Remote authentica-tion dial in user service (RADIUS). Request For Comments 2865, InternetEngineering Task Force, June 2000.
[162] R. Rivest. The MD5 message-digest algorithm. Request For Comments1321, Internet Engineering Task Force, April 1992.
[163] R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digitalsignatures and public key cryptosystem. In Communications of the ACM.21:120{126, February 1978.
[164] R.L. Rivest. The rc4 encryption algorithm. Technical report, RSA DataSecurity, Inc., Redwood City, CA, March 1992.
[165] J. Salowey and P. Eronen. Guidelines for using the EAP extended mastersession key (EMSK). Internet Draft (Work in Progress) draft-salowey-eap-key-deriv-02, Internet Engineering Task Force, November 2003.
[166] B. Schneier. Secrets & Lies: Digital Security in a Networked World. JohnWiley & Sons, New York, 2000.
[167] S. Schwiderski-Grosche and H. Knospe. Public key based network access.In C. J. Mitchell, editor, Security for Mobility, chapter 8, pages 171{189.IEE Press, January 2004.
[168] W. Simpson. The point-to-point protocol (PPP). Request For Comments1661 (STD 51), Internet Engineering Task Force, July 1994.
[169] W. Simpson. PPP challenge handshake authentication protocol (CHAP).Request For Comments 1994, Internet Engineering Task Force, August1996.
[170] W. Stallings. Cryptography and Network Security: Principles and Prac-tice. Prentice Hall, Upper Saddle River, New Jersey, 2nd edition, 1999.
[171] D. Stanley, J. Walker, and B. Aboba. Extensible authentication protocol(EAP) method requirements for wireless LANs. Request For Comments4017, Internet Engineering Task Force, March 2005.
[172] Third Generation Partnership Project 2. 3GPP2 SC.R5001-0 | 3GPP2Vision, 1st edition, June 2004.
[173] J. Tourzan and Y. Koga (editors). Liberty ID-WSF web services frame-work overview, version: 1.1. Liberty Speci¯cation liberty-idwsf-overview-v1.1, Liberty Alliance Project, May 2005.
[174] W. Townsley, A. Valencia, A. Rubens, G. Pall, G. Zorn, and B. Palter.Layer two tunneling protocol \L2TP". Request For Comments 2661, In-ternet Engineering Task Force, August 1999.
[175] H. TschÄofenig, D. Kroeselberg, Y. Ohba, and F. Bersani. EAP IKEv2method. Internet Draft (Work in Progress) draft-tschofenig-eap-ikev2-08,Internet Engineering Task Force, January 2006.
[176] H. TschÄofenig, D. Kroeselberg, A. Pashalidis, Y. Ohba, and F. Bersani.EAP IKEv2 method. Internet Draft (Work in Progress) draft-tschofenig-eap-ikev2-15, Internet Engineering Task Force, September 2007.
[177] J. Walker. Unsafe at any key size; an analysis of theWEP encapsulation. IEEE Document 802.11-00/362, available athttp://md.hudora.de/archiv/wireless/unsafew.pdf, October 2000.
[178] J.Walker and R. Housley. The EAP Archie protocol. Internet Draft (Workin Progress) draft-jwalker-eap-archie-01, Internet Engineering Task Force,June 2003.
[179] M. Walker and T. Wright. Security. In F. Hillebrand, editor, GSM andUMTS: The Creation of Global Mobile Communication, chapter 15, pages385{406. John Wiley & Sons, New York, 2002.
[180] X. Wang and H. Yu. How to break MD5 and other hash functions. InR. Cramer, editor, Advances in Cryptology: 24th Annual InternationalConference on the Theory and Applications of Cryptographic Techniques| EUROCRYPT 2005, Proceedings, Lecture Notes in Computer Science3494, pages 19{35, Aarhus, Denmark, May 2005. Springer-Verlag.
[181] WAP. Speci¯cation WAP-261-WTLS-20010406-a | Wireless Applica-tion Protocol | Wireless Transport Layer Security, Version 06-Apr-2001,available from http://www.wapforum.org. Wireless Application ProtocolForum, April 2001.
[182] M. Wasserman. Recommendations for IPv6 in third generation partner-ship project (3GPP) standards. Request For Comments 3314, InternetEngineering Task Force, September 2002.
[183] C. Wingert and M. Naidu. CDMA 1xRTT Security OverView. QualcommIncorporated, 1st edition, August 2002.
[184] A. Yegin, Y. Ohba, R. Penno, G. Tsirtsis, and C. Wang. Protocol forcarrying authentication for network access (PANA) requirements. RequestFor Comments 4058, Internet Engineering Task Force, May 2005.