1. Field of the Invention
The present invention relates generally to a communication system, and in particular, to an authentication system and a method thereof in a communication system.
2. Description of the Related Art
Communication systems are being developed to provide users with service having various levels of Quality of Service (QoS). There are ongoing studies for supporting high-speed service by ensuring mobility and QoS in a Broadband Wireless Access (BWA) communication system such as Wireless Local Area Network (WLAN) and Wireless Metropolitan Area Network (WMAN). Institute of Electrical and Electronics Engineers (IEEE) 802.16a/d and IEEE 802.16e are such major systems.
With reference to FIG. 1, authentication, particularly by the twice Extensible Authentication Protocol (EAP) in a typical IEEE 802.16e communication system will be described herein. For notational simplicity, the twice EAP is called ‘EAP-in-EAP’ and an operation mode by EAP-in-EAP is called ‘EAP-in-EAP mode’.
FIG. 1 is a diagram illustrating a signal flow for EAP-in-EAP authentication in a typical IEEE 802.16e communication system.
Referring to FIG. 1, the IEEE 802.16e communication system includes a Mobile Station (MS) 100, a Base Station (BS) 140, and an Authorization, Authentication, and Accounting (AAA) server 180. Since the IEEE 802.16e communication system operates in EAP-in-EAP, it authenticates in the twice EAP scheme. For convenience sake, authentication based on the EAP scheme is referred to as ‘EAP authentication’. The first of the two EAP authentications is device authentication 120 and the second is user authentication 160 after the first EAP authentication is successful.
When device authentication is required, the BS 140 transmits an EAP-REQUEST/IDENTITY message to the MS 100, requesting EAP authentication. Because EAP messages are exchanged between the MS 100 and the BS 140 by Privacy Key Management (PKM)_EAP_TRANSFER in the IEEE 802.16e system, the BS 140 transmits a PKM_EAP/EAP-REQUEST/IDENTITY message to the MS 100 in step 101. The MS 100 replies by transmitting a PKM_EAP/EAP-RESPONSE/IDENTITY message in step 103.
The BS 140 forwards the PKM_EAP-EAP-RESPONSE/IDENTITY message to the AAA server 180. EAP messages are exchanged between the BS 140 and the AAA server 180 by Remote Authentication Dial-In User Service (RADIUS) protocol messages or DIAMETER protocol messages. In the illustrated case of FIG. 1, RADIUS protocol messages are used between the BS 140 and the AAA server 180. Hence, the BS 140 transmits a RADIUS ACCESS REQUEST/IDENTITY message to the AAA server 180 in step 105.
The AAA server 180 performs device authentication on the MS 100 by authenticating the PKM_EAP messages using EAP-Transport Level Security (TLS), EAP-Transport Level Security Pre-Shared Key (TLSPSK), EAP-Authentication and Key Agreement (AKA), or EAP-PSK in step 107. As a consequence of the device authentication, the AAA server 180 and the MS 100 share a Master Session Key (MSK) in steps 109 and 111.
The AAA server 180 transmits a RADIUS ACCEPT message as an EAP-SUCCESS message to the BS 140 in step 113. The RADIUS ACCEPT message includes the MSK. In step 115, the BS 140 transmit a PKM_EAP/EAP-SUCCESS message to the MS 100, notifying of the success of the EAP authentication.
In steps 117 and 119, the MS 100 and the BS 140 generate an EAP Integrity Key (EIK) and a Pairwise Master Key (PMK) from the MSK during the device authentication 120. The EIK generated created through the device authentication 120 is used to protect EAP messages transmitted during the second EAP authentication, i.e. the user authentication 160.
During the user authentication 160, the BS 140 transmits a PKM_EAP/EAP-REQUEST/IDENTITY message to the MS 100 when the user authentication is needed, in step 161. The MS 100 replies by transmitting a PKM_EAP/EAP-RESPONSE/IDENTITY message in step 163.
In step 165, the BS 140 converts the PKM_EAP/EAP-RESPONSE/IDENTITY message in the form of a RADIUS ACCESS REQUEST/IDENTITY message and transmits it to the AAA server 180.
The AAA server 180 performs user authentication on the MS 100 by authenticating the PKM_EAP messages using EAP-Message-DigestS (MD5) or EAP-Microsoft Challenge Authentication Protocol version 2 (MSCHAPv2) in step 167. Unlike the device authentication 120, no additional MSK is generated even when the user authentication is completed. Meanwhile, upon reception of a RADIUS ACCEPT message in step 169, the BS 140 transmits a PKM_EAP/EAP-SUCCESS message to the MS 100 in step 171. In steps 173 and 175, the MS 100 and the BS 140 generate an Authorization Key (AK) using the PMK. The creation of the AK will be described later in more detail with reference to FIG. 2.
As described above, in EAP-in-EAP authentication of the IEEE 802.16e communication system, an MSK is generated during the first EAP authentication only.
FIG. 2 is a flowchart illustrating a creation procedure for an AK in the typical IEEE 802.16e communication system. This operation takes place in the MS and the BS each and the creation of the AK will be described herein in the context of the BS.
Referring to FIG. 2, the BS receives an MSK generated during the first EAP authentication, i.e. the device authentication from the AAA server in step 211 and generates an EIK and a PMK using the MSK in step 213. Specifically, the BS generates an EIK and a PMK with a predetermined number of bits, for example, a 160-bit EIK and a 160-bit PMK by truncating the MSK.
In step 215, the BS generates an AK by applying the PMK to a predetermined function. Specifically, the BS uses the PMK in a Dot16KDF function, for example. The Dot16KDF function is expressed set forth in Equation (1) below asAK=Dot16KDF(PMK, SSID|BSID|‘AK’,160)   (1)where SSID is the Identifier (ID) of the MS for which the EAP authentication is performed, BSID is the ID of the BS, ‘AK’ is the AK created by the Dot16KDF, and 160 denotes the length of the AK, 160 bits. Hence, the Dot16KDF function generates a 160-bit AK using the PMK and a parameter of the SSID and the BSID in concatenation.
FIG. 3 is a diagram illustrating a signal flow for a Security Association & Traffic Encryption Key (SA-TEK) 3way handshake procedure for EAP-in-EAP authentication in the typical IEEE 802.16e communication system.
Referring to FIG. 3, the IEEE 802.16e communication system includes an MS 300, an adversary MS (ADV) 320, a BS 340, and an AAA server 360. The MS 300 and the BS 340 are normal devices/users, and the ADV 320 is an adversary device/user which has a valid key for the first EAP authentication and intercepts an EAP message from the MS 300 during the second EAP authentication.
The first EAP authentication is performed among the MS 300, the BS 340, and the AAA server 360 in the manner illustrated with reference to FIG. 1 in step 311. In steps 313 and 315, thus, the MS 300 and the BS 340 acquire an EIK (EIKMS) and a PMK (PMKMS).
Meanwhile, the ADV 320 also performs the EAP authentication with the BS 340 and the AAA server 360 in step 317. In steps 319 and 321, thus, the ADV 320 and the BS 340 acquire an EIK (EIKADV) and a PMK (PMKADV).
When user authentication is needed, the BS 340 then transmits a PKM_EAP/EAP-REQUEST/IDENTITY message to both the MS 300 and the ADV 320 in steps 323 and 325. The MS 300 replies by transmitting a PKM_EAP/EAP-RESPONSE/IDENTITY message in step 327. The ADV 320 monitors the PKM_EAP/EAP-RESPONSE/IDENTITY message, copies it, and transmits the copy using EIKADV in step 329.
Upon reception of the PKM_EAP/EAP-RESPONSE/IDENTITY messages from the MS 300 and the ADV 320, the BS 340 converts the PKM_EAP/EAP-RESPONSE/IDENTITY messages in the form of RADIUS REQUEST/IDENTITY messages and forwards them to the AAA server 360 in steps 331 and 333.
The AAA server 360 transmits ACCESS CHALLENGE messages to the MS 300 and the ADV 320 in steps 335 and 337. The ACCESS CHALLENGE messages each include authentication parameters for access attempt, CHALLENGE AND SECRETE.
The MS 300 generates a parameter VALUE using CHALLENGE and SECRETE included in the ACCESS CHALLENGE message. VALUE is created by a predetermined function, for example, an MD5 function expressed as set forth below in Equation (2):VALUE=MD5(ID, SECRET, CHALLENGE)   (2)where ID represents the ID of the MS 300.
In step 341, the MS 300 transmits a PKM_EAP/EAP-RESPONSE/RESPONSE message including its ID and VALUE to the BS 340. However, the ADV 320 intercepts the PKM_EAP/EAP-RESPONSE/RESPONSE message and transmits a PKM_EAP/EAP-RESPONSE/RESPONSE message including the ID of the ADV 320 and VALUE created by the MS 300 using EIKADV to the BS 340 in step 343.
The BS 340 then converts the PKM_EAP/EAP-RESPONSE/RESPONSE message received from the ADV 320 in the form of a RADIUS ACCESS REQUEST/RESPONSE message and forwards it to the AAA server 360 in step 345.
The AAA server 360 authenticates the ADV 320 using an ID, SECRET, and VALUE that it has in step 347. As the authentication is successful, the AAA server 360 transmits a RADIUS ACCEPT message notifying of the successful EAP authentication to the BS 340 in step 349. In step 351, thus, the ADV 320 succeeds in the EAP authentication when the SA-TEK 3-way handshake is performed among the ADV 320, the BS 340 and the AAA server 360. The phenomenon of the adversary device/user intercepting the AK of the normal device/user and performing EAP authentication is called Man-in-the-middle-attack.
As described above, because in EAP-in-EAP authentication, the typical IEEE 802.16e communication system generates an MSK during the first EAP authentication only and an AK is created using a PMK derived from the MSK, the man-in-the-middle-attack phenomenon takes place. As a result, a normal service is impossible to provide to a normal device/users, thereby decreasing the overall QoS of the system. Accordingly, there is a need for developing a new authentication method for eliminating the man-in-the-middle-attack phenomenon.