Page 250 - Handout Computer Network.
P. 250

carrying  user-level  data  exchanged  between  the  mobile  device  and  the  access  point  (AP).
                 Symmetric  key  encryption  is  used  in  practice,  since  encryption  and  decryption  must  be
                 performed  at  high  speeds.  The  mobile  device  and  AP  will  need  to  derive  the  symmetric
                 encryption and decryption keys to be used. scenario of a mobile device wishing to attach to
                 an802.11 network. We see the two usual network components that we encountered





























                            Figure 54:  Mutual authentication and encryption-key derivation

                 in our earlier study of 802.11 networks—the mobile device and the AP. We also see a new
                 architectural  component,  the  authentication  server  (AS)  that  will  be  responsible  for
                 authenticating the mobile device. The authentication server might be co-located in the AP, but
                 more typically, it is implemented as a separate server that provides authentication services.

                 For  authentication,  the AP  serves  as  a  pass-through  device,  relaying  authentication  and  key
                 derivation  messages  between  the  mobile  device  and  the  authentication  server.  Such  an
                 authentication  server  would  typically  provide  authentication  services  for  all  APs  within  its
                 network.

                 We can identify four distinct phases to the process of mutual authentication and encryption-key
                 derivation and use in:
                    1.  Discovery.
                         In the discovery phase, the AP advertises its presence and the forms of authentication
                        and  encryption  that  can  be  provided  to  the  mobile  device.  The  mobile  device  then
                        requests the specific forms of authentication and encryption that it desires. Although the
                        device  and  AP  are  already  exchanging  messages,  the  device  has  not  yet  been
                        authenticated nor does it have an encryption key for frame transmission over the wireless
                        link,  and so several  more  steps  will  be  required  before  the device can communicate
                        securely through the AP.
                    2.  Mutual authentication and shared symmetric key derivation.
                        This is the most critical step in “securing” the 802.11 channel. As we will see, this step is
                        greatly  facilitated  by  assuming  (which  is  true  in  practice  in  both  802.11  and  4G/5G




                                                                 290
   245   246   247   248   249   250   251   252   253   254