1. Field of the Invention
The present invention relates to a wireless communication authentication system and a wireless communication authentication method for excluding an unauthorized user from a network that is connected to a wireless communication area.
2. Description of the Related Art
Generally, wireless communication systems need to authenticate legitimate users who are going to use the network in order to exclude an unauthorized user who would attempt to intercept data sent from a mobile node owned by a legitimate user to a wireless link and abuse the network based on the intercepted data.
FIG. 1 of the accompanying drawings shows a conventional host routing hierarchical network comprising external network 100, a plurality of routers 101, 102-1, 102-2, 103-1 through 103-4, a plurality of base stations 104-1 through 104-8, mobile node 105, and authentication server 106. Router 101 is connected to external network 100. Routers 102-1, 102-2 are connected to and operate under router 101. Routers 103-1, 103-2 are connected to and operate under router 102-1. Routers 103-3, 103-4 are connected to and operate under router 102-2. Base stations 104-1, 104-2 are connected to and operate under router 103-1. Base stations 104-3, 104-4 are connected to and operate under router 103-2. Base stations 104-5, 104-6 are connected to and operate under router 103-3. Base stations 104-7, 104-8 are connected to and operate under router 103-4. Mobile node 105 is a node that is movable while being connected to the network. Authentication server 106 serves to authenticate data in routers 103-1 through 103-4.
A wireless communication authentication process which is carried out in the conventional host routing hierarchical network shown in FIG. 1 will be described below with reference to FIG. 2 of the accompanying drawings.
It is assumed that mobile node 105 is currently present in an area covered by base station 104-2 and is connected to base station 104-2 through a wireless link. Therefore, data sent from mobile node 105 travels through a communication route extending from mobile node 105 through base station 104-2, router 103-1, router 102-1 to router 101. The communication route is held in route tables that are owned respectively by routers 101, 102-1, 103-1.
Thereafter, mobile node 105 moves from the area covered by base station 104-2 into an area covered by base station 104-3.
When mobile node 105 moves, it sends route update data to base station 104-3 (step 301). The route update data includes the identifier of a destination router, the identifier of mobile node 105, a time stamp or a sequence number.
When the route update data sent from mobile node 105 is received by base station 104-3 (step 302), the received route update data is sent from base station 104-3 to router 103-2 (step 303).
When the route update data sent from base station 104-3 is received by router 103-2 (step 304), the received route update data is sent from router 103-2 to authentication server 106 (step 305).
When the route update data sent from router 103-2 is received by authentication server 106 (step 306), the received route update data is authenticated by authentication server 106 (step 307).
The route update data includes an authentication code in addition to the items described above. The authentication code is calculated by a hash function from a secret key and the above items, other than the authentication code, of the route update data. The secret key can be recognized by only authentication server 106 and mobile node 105. In step 307, the route update data is authenticated by recalculating the authentication code and determining whether the received authentication code is correct or not.
Even if the route update data is intercepted and used by an unauthorized user in the wireless zone between mobile node 105 and base stations 104-1 through 104-8, the route update data thus intercepted and used is rejected as incorrect data. Specifically, since the route update data includes the time stamp or the sequence number, authentication server 106 detects a duplication of the time stamp or the sequence number and judges that the duplicated route update data is used by an unauthorized user.
When authentication server 106 authenticates the route update data, authentication server 106 sends an authentication result to router 103-2 (step 308).
When the authentication result sent from authentication server 106 is received by router 103-2 (step 309), if the authentication result is GOOD, then the route table in router 103-2 is updated based on the route update data which has been authenticated and information indicating that the base station to which the route update data has been sent is base station 104-3 (step 310). At this time, the route table in router 103-2 is updated such that data to be sent to mobile node 105 will be routed through base station 104-3. If the authentication result is NOT GOOD, then the route table is not updated, and the authentication process is put to an end.
After the route table in router 103-2 is updated, the route update data is sent from router 103-2 to router 102-1 (step 312). Based on the received route update data and information indicating that the route update data is sent from router 103-2, the route table in router 102-1 is updated (step 313). At this time, the route table in router 102-1 is updated such that data to be sent to mobile node 105 will be routed through router 103-2.
Router 101 which is higher in level than router 102-1 already has route information with respect to mobile node 105 and the route information does not need to be changed. Therefore, the route update data is not sent from router 102-1 to router 101.
However, because one common authentication server is used to authenticate the route update data in routers 103-1 through 103-4, problems arise as follows:
When a mobile node switches base stations which the mobile node connected to according to a technique known as handover for wireless communication systems, the authentication server authenticates the connected user for the base station which is newly connected to the mobile node. If the authentication server is widely spaced from the newly connected base station, then an authentication packet transmitted between the authentication server and the base station suffers a transmission delay, possibly resulting in a communication failure time upon handover.
It has been considered to reduce the transmission delay time by placing a plurality of authentication servers in respective positions close to the base stations or designing the base stations such that they also serve as authentication servers.
However, the above solutions make it possible for an unauthorized user to use the network based on a replay attack. The replay attack is one of hacking attempts to eavesdrop on the password or the encryption key of a user and use it to masquerade the user.
FIG. 3 of the accompanying drawings shows a wireless communication authentication system employing routers which also serve as authentication servers. The wireless communication authentication system shown in FIG. 3 comprises external network 200, a plurality of authentication-capable routers 201, 202-1, 202-2, a plurality of base stations 204-1 through 204-8, and mobile nodes 205, 207. Router 201 is connected to external network 200. Routers 202-1, 202-2 are connected to and operate under router 201. Authentication-capable routers 203-1, 203-2 are edge routers with an authenticating function which are connected to and operate under router 202-1. Authentication-capable routers 203-3, 203-4 are edge routers with an authenticating function which are connected to and operate under router 202-2. Base stations 204-1, 204-2 are connected to and operate under authentication-capable router 203-1. Base stations 204-3, 204-4 are connected to and operate under authentication-capable router 203-2. Base stations 204-5, 204-6 are connected to and operate under authentication-capable router 203-3. Base stations 204-7, 204-8 are connected to and operate under router 203-4. Mobile nodes 205, 207 are nodes that are movable while being connected to the network. Mobile node 207 is the mobile node of an unauthorized user who intercepts route update data in a wireless zone between mobile node 205 and base station 204-2 and attempts to masquerade mobile node 205 to use the network.
A wireless communication authentication process which is carried out in the wireless communication authentication system shown in FIG. 3 will be described below with reference to FIG. 4 of the accompanying drawings.
It is assumed that mobile node 205 is currently present in an area covered by base station 204-2 and is going to be connected to base station 204-2 through a wireless link. Mobile node 205 sends route update data to base station 204-2 (step 401). The route update data includes the identifier of a destination router, the identifier of mobile node 205, a time stamp or a sequence number.
When the route update data sent from mobile node 205 is received by base station 204-2 (step 402), the received route update data is sent from base station 204-2 to authentication-capable router 203-1 (step 403).
When the route update data sent from base station 204-2 is received by authentication-capable router 203-1 (step 404), the received route update data is authenticated by authentication-capable router 203-1 (step 405).
The route update data includes an authentication code in addition to the items described above. The authentication code is calculated by a hash function from a secret key and the above items, other than the authentication code, of the route update data. The secret key is recognized by only authentication-capable routers 203-1 through 203-4 and mobile node 205. In step 405, the route update data is authenticated by recalculating the authentication code and determining whether the received authentication code is correct or not.
If the authentication result produced by authentication-capable router 203-1 is GOOD, then the route table in authentication-capable router 203-1 is updated based on the route update data which has been authenticated and information indicating that the base station to which the route update data has been sent is base station 204-2 (step 406). At this time, the route table in authentication-capable router 203-1 is updated such that data to be sent to mobile node 205 will be routed through base station 204-2. If the authentication result is NOT GOOD, then the route table is not updated, and the authentication process is put to an end.
After the route table in authentication-capable router 203-1 is updated, the route update data is sent from authentication-capable router 203-1 to router 202-1 (step 407).
When the route update data sent from authentication-capable router 203-1 is received by router 202-1 (step 408), the route table in router 202-1 is updated based on the received route update data and information indicating that authentication-capable router from which the route update data has been sent is authentication-capable router 203-1 (step 409). At this time, the route table in router 202-1 is updated such that data to be sent to mobile node 205 will be routed through authentication-capable router 203-1. Thereafter, the route update data is sent from router 202-1 to router 201 (step 410).
The route update data sent from mobile node 205 to base station 204-2 in step 401 is intercepted by mobile node 207 owned by an unauthorized user who is present in the area covered by base station 204-3 (step 411). Mobile node 207 masquerades mobile node 205 and sends the intercepted route update data to base station 204-3 (step 412). The route update data sent from mobile node 207 is received by base station 204-3 (step 413). The received route update data is sent from base station 204-3 to authentication-capable router 203-2 (step 414).
When the route update data sent from base station 204-3 is received by authentication-capable router 203-2 (step 415), the received route update data is authenticated by authentication-capable router 203-2 (step 416).
Unlike authentication server 106 shown in FIG. 1 which is common to all the routers, the individual routers shown in FIG. 3 have respective authenticating functions. Therefore, even though the route update data includes a sequence number or a time stamp, the route update data that includes the same sequence number or the same time stamp is received by the different authentication-capable routers. Each of the authentication-capable routers is thus unable to determine whether the route update data is incorrect or not from its authentication records, but recognizes all successfully authenticated route update data as legitimate route update data. Accordingly, the data used by the unauthorized user is not excluded, but is normally processed.
If the authentication result produced by authentication-capable router 203-2 is GOOD, then the route table in authentication-capable router 203-2 is updated based on the route update data which has been authenticated and information indicating that the base station to which the route update data has been sent is base station 204-3 (step 417). At this time, the route table in authentication-capable router 203-2 is updated such that data to be sent to mobile node 205 will be routed through base station 204-3. If the authentication result is NOT GOOD, then the route table is not updated, and the authentication process is put to an end.
After the route table in authentication-capable router 203-2 is updated, the route update data is sent from authentication-capable router 203-2 to router 202-1 (step 418).
When the route update data sent from authentication-capable router 203-2 is received by router 202-1 (step 419), the route table in router 202-1 is updated based on the received route update data and information indicating that authentication-capable router from which the route update data has been sent is authentication-capable router 203-2 (step 420). At this time, the route table in router 202-1 is updated such that data to be sent to mobile node 205 will be routed through authentication-capable router 203-2.
As described above, the communication route to legitimate mobile node 205, which has been updated in step 409, is changed by mobile node 207 that has impersonated mobile node 205. Consequently, legitimate mobile node 205 is no longer able to use the wireless communication authentication system.
In view of the above problems, a process of excluding an unauthorized user is disclosed in JP-1995-203540A. According to the disclosed process, the base stations of a wireless communication network have respective authenticating functions. When a mobile node sends a connection request to a base station, the base station sends an inherent identification number of its own to the mobile node. The mobile node generates an authentication code as well as other route information based on the identification number, adds the authentication code to route update data, and sends the route update data to the base station. The base station determines, based on its authenticating function, whether the identification number included in the received route update data is the same as the identification number of the base station or not. An unauthorized user who has sent route update data including a different identification number is thus excluded.
The process disclosed in the above patent document is problematic in that many base stations installed in a wireless communication area need to have respective authenticating functions, and an edge router has to recognize whether all base stations connected to and operable under the edge router have respective authenticating functions or not. In addition, if there is a base station having no authenticating function, then the edge router is required to perform some authenticating process on its own.