Handover Authentication for Mobile Networks: Security and Efficiency Aspects

A handover authentication module in mobile networks enables mobile nodes to securely and seamlessly roam over multiple access points. However, designing an appropriate handover authentication protocol is a difficult task because wireless networks are susceptible to attacks, and mobile nodes have limited power and processing capability. In this article, we identify the security and efficiency requirements of a good handover authentication protocol and analyze the existing related protocols, and show that many such protocols are either insecure or inefficient. Then we review a recently proposed protocol named PairHand, which has been shown to outperform all other protocols on security and efficiency. Furthermore, we propose a novel protocol named HashHand that not only inherits the merits of PairHand and efficiently eliminates its security vulnerabilities, but also provides a session key update mechanism. Experiments using our implementation on resource-limited laptop PCs show that HashHand is feasible for practical mobile networks.