Dual authentications for fast handoff in IEEE 802.11 WLANs: A reactive approach

Although the mobility between APs (access point) was initially not a major concern of IEEE 802.11, the inter-AP mobility becomes an essential issue in WLAN toward the paradigm of ubiquitous computing. Supporting inter-AP mobility, however, incurs handoff latency including discovery and reauthentication delay. In particular, most efforts to reduce the reauthentication delay have focused on proactive approaches, which transfer security contexts to candidate network entities via an inter-AP protocol before handoff occurs. These proactive approaches have a number of restrictions such as target prediction and inter-AP communication. The selection of a candidate network inherently has a probabilistic in-deterministicity. Implementation and deployment of inter-AP communication have not been successful so far, and even been withdrawn from IEEE 802.11 standardization. In this paper, we propose a novel deterministic reactive authentication scheme to achieve fast handoff in IEEE 802.11 which does not require inter-AP communication. The proposed protocol is divided into two steps: immediate authentication (IA) and full authentication (FA). IA enables the AP receiving an authentication request to allow a mobile node (MN) to temporally access the network, if the MN has trustworthy evidence which the AP can validate promptly. In the FA step, the AP fully authenticates the MN for reducing the optimisticity of IA´s temporal authentication. The performance evaluation and security analysis show the proposed scheme can reduce reauthentication delay enough to support seamless inter-AP mobility without a significant sacrifice of secrecy in practical and realistic scenarios.