Telecommunication Systems (2020) 75:259–271

https://doi.org/10.1007/s11235-020-00683-9

A secure n-secret based client authentication protocol for 802.11

WLANs
Pawan Kumar1 · Dinesh Kumar2

Published online: 15 June 2020

© Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract
Authentication has strong impact on the overall security model of every information system. Various authentication techniques
are available for restricting the access of unauthorized users to the enterprise scale networks. IEEE 802.1X defines a secure
and reliable authentication framework for 802.11 WLANs, where Extensible Authentication Protocol (EAP) provides the
base to this architecture. EAP is a generic architectural framework which supports extensibility by incorporating the new and
improved authentication schemes, which are based on different types of credentials. Currently there exist a number of EAP
and Non-EAP methods with varying level of security and complexity. In this work, we have designed a new n-secret based
authentication scheme referred here as Personal Dialogue Based Authentication, for the client authentication to the network.
It is a Transport Layer Security (TLS) protected authentication protocol, which will be executed inside the secure TLS tunnel
for providing the privacy and credential security to the wireless client. The developed authentication protocol has a reasonable
set of features like; strong security, user privacy, simplicity and extensibility. For the formal analysis of the protocol we have
used SPAN–AVISAP model checker on Ubuntu platform for validating the realization of the specified security goals. The
experimental results obtained by simulation performed with the Automated Validation of Internet Security Protocols and
Applications (AVISPA) tool shows that our protocol is efficient and secured.

Keywords Information security · Authentication · WLAN · EAP · 802.1X

1 Introduction i.e. biometric based, something we have i.e. token based or

Wireless technology is preferred choice for every network
because of its efficiency, flexibility and cost savings. Appli-
cations of wireless networks are evolving rapidly and all its
security concerns are also getting resolved very quickly. As
the information security is a highly dynamic area, it requires
continuous up-gradation and advancement by the incorpo-
ration of new methods and techniques. Authentication is an
essential component of every secure communication system.
A well designed authentication scheme can protect a network
from various potential threats. Almost all the authentica-
tion schemes are based on the theory of: something we are
B Dinesh Kumar
something we know i.e. secret based [1]. Simple authentica-
tion schemes use one of these authentication factors, while
the multifactor authentication schemes combine two or more
authentication factors to make the system more secure and
difficult to crack [2].
Wireless standards WPA2 and 802.11i offers the protec-
tion against almost all identified WLAN attacks associated
with privacy, integrity and authenticity in the wireless com-
munication [3]. Keeping in view the importance of authen-
tication in every network security model and to boost up the
authentication aspect of security an exclusive authentication
framework 802.1X was designed by the IEEE in the year
2004. This specialized authentication framework was devel-
oped for deployment in both type of environments wireless as

[email protected] well as wired LANs. This 802.1X port-based NAC (Network
Pawan Kumar Access Control) framework is based on the EAP (Extensible
[email protected] Authentication Protocol) [4].
1
In wireless communication systems, broadcasting nature
IKG PTU, Kapurthala, India
of channel demands more sophisticated authentication tech-
2 DAV Institute of Engineering and Technology, Jalandhar, niques for providing the security in communication. As there
India

123

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

260
is no physical linkage among devices to define the member-
ship in a wireless networking setup, there exists no physical
mechanism to restrict a device in the radio range from
accessing a wireless network. Wireless networks require
authentication and access control mechanism of diverse
nature than deployed in their wired counterparts. Varieties of
authentication methods have been devised for the WLANs,
ranging from very simple open access to 802.1x authen-
tication, all with their own pros and cons. Authentication
methods which are used for authenticating the clients can be
broadly divided into three categories namely; open authen-
tication, shared secret based authentication and certificate
based authentication. Open authentication method is suitable
for the networking environment, where ease of connectivity
is priority than the information security. Shared secret based
authentication schemes are easy to implement and manage,
but are less secure and are vulnerable to various types of
attacks. In the third category there is a most secure X.509
certificate based authentication. Certificate based authenti-
cation schemes are most secure and highly difficult to forge,
but the weak point of this method is, it is costly to deploy
and manage certificates on client devices.
1.1 Motivation
As 802.11 WLAN technology evolved, a diverse set of
authentication methods have been developed for it. IEEE
802.1x based EAP is a generic authentication framework and
only defines the transport and usage of identity credentials.
EAP encapsulates the user credentials like usernames, pass-
words, certificates, tokens, OTPs, etc. which a client presents
to the network for proving its identity. No doubt existing
authentication methods are contributing in network security,
more or less, yet each of these methods have significant draw-
backs.
Password based authentication schemes are very easy to
implement and manage, but are less secure. X.509 certifi-
cate based authentication schemes are considered to be most
secure, but are hard to setup and maintain technically as well
as are costly. In soft token based authentication schemes like
OTP, user needs access to a device, like a phone or computer.
Other disadvantage to using soft token based authentication
is the possibility of an attacker having access to the software
that is sending and receiving the code. On the other hand, dis-
advantage of using hard token based authentication scheme
is the need to possess some physical device. These devices
can be stolen by an attacker, or even lost or damaged by the
end user. In biometric based authentication system, which
uses the individual’s biological data to verify the identity
also have many limitations. The biggest disadvantage of bio-
metric authentication is that biometric identifiers cannot be
changed or reset, if compromised.
123
Content courtesy of Springer Nature, terms of use apply. Rights reserved.
P. Kumar, D. Kumar
After performing an intensive survey of existing authenti-
cation mechanisms used in WLANs, the idea was conceived
to design an authentication scheme that is on one hand as
easy as possible for the legitimate users of the network to gain
access, while on the other it’s as difficult as possible for some-
one who is not authorized to gain access. Our overall goal is
to develop a dynamic, lightweight and secure authentication
scheme for the enterprise grade networking environment, by
integrating the simplicity of password based authentication
methods and strength of certificate ones.
1.2 Our contributions
The major contribution and claims of this research are high-
lighted below:
1. We have pointed out that all the existing certificate-based
client authentication protocols include high computation
cost and incur high implementation and administrative
overhead. We have also analyzed that all the password
based client authentication schemes are insecure against
known attacks.
2. Design and analysis of a lightweight and robust n-secrets
based authentication method for authenticating the wire-
less clients to the network. This method will be executed
within the TLS based protective tunnel for providing
privacy and credential security to the clients requesting
network service.
3. The proposed protocol is analyzed using the SPAN–
AVISPA simulation tool and its results showed that the
proposed authentication scheme is efficient and secure.
4. We proved that our protocol is safe and all the specified
security goals i.e. mutual authentication and secrecy of
susceptible attributes are achieved.
5. We have analyzed that the performance of our protocol
is better than other similar protocols in terms of com-
putation and communication overhead, as it completes
the entire authentication process in very less number of
steps.
1.3 Organization of the paper
This rest of the paper is organized as follows. Section 2
presents a literature review, in order to present a well under-
standing of existing work related to our approach. Section 3,
gives an overview of the architecture framework of 802.1x
and EAP. Section 4 presents the discussion of our authenti-
cation scheme. Section 5 details the formal analysis of our
method using SPAN–AVISPA tool. Section 6 shows the sim-
ulation results of proposed protocol and its comparison with
other similar protocols. Finally, Sect. 7 presents the Conclu-
sions with some remarks and future scope.
A secure n-secret based client authentication protocol for 802.11 WLANs
2 Related work
In last one decade wireless network security has remained
an active area of research for industry and academia. A lot
of advancements have been observed from every aspect for
ensuring the secure and fast communication services to the
users. After studying the client authentication mechanisms
used in various network security models deployed in the wire-
less environment, the idea for developing a secure and feature
rich authentication scheme for an enterprise grade network-
ing environment is conceived. In this section work related
with our research has been presented.
Authentication scheme EAP-PK introduced by Idrissi et
al. [5] provides mutual authentication by using a unique pair
of keys (Ke, Kd), which is a pair of pre-shared secret keys
between the client and authentication server. This method
does not require PKI infrastructure. A unique pair of keys
is generated by the authentication server and communicated
to the client via some other secure channel independent of
802.11 WLAN. At the time of authentication both the par-
ties i.e. client and authentication server ensures each other
that they possess the secret key pair. After the successful
authentication the same key pair is used for the encryption
and decryption of data flowing between the communicat-
ing peers. Author in [6] has introduced a new technique
for securing the WLAN network by designing a fast token-
based authentication scheme for the wireless network. In
this scheme temporary and permanent tokens are generated
and issued by the authentication sever to the wireless client,
which are then used by the client to derive the token keys dur-
ing the registration and authentication process respectively.
The token keys derived during the registration and authen-
tication stage are used to encrypt the data flowing between
the client and authentication server. In the work titled, fast
and secure authentication using double token based scheme
for WLANs by Poonam et al. [7], authors have proposed a
double token based fast authentication scheme. They have
performed the security analysis and comparison of proposed
method with the original EAP–TLS. They have reported that
the enhanced method improves the EAP–TLS handshake and
protection mechanisms.
In the work undertaken in [8], authors have proposed a
new authentication method EAP–TTLS–ISRP. The authen-
tication method proposed by them ensures both user and
device authentication. They have verified the efficiency and
security of the proposed method by using the AVISPA tool.
In [9] authors have done the analysis of EAP–FAST protocol
and have found that this method uses server certificate only
once in the beginning (when client has not valid PAC) and
all subsequent sessions skip the PAC (Protected Access Cre-
dential) provisioning. This technique makes it faster than the
other certificate based EAP methods. Work in [10] proposes
a new authentication scheme based on hash chain method
Content courtesy of Springer Nature, terms of use apply. Rights reserved.
261
for VANET, where the authentication process is carried out
at authentication centre. Authors in [11] have proposed an
initial access authentication protocol, named FLAP which
realizes the authentication and key distribution functions.
They have done the formal evaluation of the method by
establishing a real test-bed and by using the NS3 simulator
and compared their method with EAP–TLS. In [12] authors
have proposed an authentication method by considering the
character of the terminal users. In their scheme they have
deployed two AAA servers, local and central for increasing
the speed of the authentication process. Fan C. al. in [13],
have introduced a complete EAP method, which fulfills the
requirements of RFC 4017, provide lightweight computation
and have forward secrecy property. Authors have used only
the symmetric encryption–decryption for reducing the com-
putation overhead of the protocol. They have performed the
comparison of their method with existing WLAN authentica-
tion methods in terms of security requirements defined in the
RFC 4017. They have also calculated and compared the com-
putation time of EAP–TLS, EAP–TTLS, EAP–PEAP and
EAP–FAST etc. with their proposed method and reported that
due to the use of only symmetric encryption, the computation
cost has reduced drastically in comparison to authentication
methods, which uses the asymmetric encryption in carrying
out the authentication process.
In the work undertaken in [14] has identified a weakness
WPA2 protocol’s four-way handshake. The newly discovered
vulnerability, which author calls a Key Reinstallation Attack,
allows a hacker to tamper with or record and replay third
message of four-way handshake, enabling them to reinstall
a cryptographic key that’s already been used. That key reuse
also resets the counters for how many packets, or bits of data,
have been sent and received for a particular key. When these
tallies are reset, an attacker can replay and decrypt packets,
and even forge packets in some cases. In [15] it is stated that
WPA3 is the next generation of Wi-Fi security, which pro-
vides cutting-edge security protocols to the market. It adds
new features to simplify Wi-Fi security, enable more robust
authentication, deliver increased cryptographic strength for
highly sensitive data and maintain resiliency of mission crit-
ical networks. Over time, the resistance of authentication
protocols to attack is increasing [16]. To secure the older
authentication protocols, it is common to use some form of
encrypted channel to protect the insecure method across an
insecure network. The development of strong tunneling tech-
nologies such as the Transport Layer Security (TLS) and the
IP Security protocols (IPSec) offers an attractive solution for
protecting the authentication protocols.
In [17–19] authors have enhanced the efficiency of EAP–
TLS and EAP–TTLS authentication methods either by mod-
ifying the steps or by replacing the cipher-suite algorithms.
After performing a detailed literature review, it has been
observed that password based client authentication methods
123
262
are simple to manage and easy to deploy, but are vulnerable
to various attacks. On the other hand certificate based client
authentication methods like EAP–TLS provide highest level
of security, but are difficult to deploy and manage. These
methods also have long authentication delay as compared
to the password based methods due to the processing over-
heads. The tunneled methods EAP–TTLS and EAP–PEAP
were developed to achieve the balance between security and
performance and require only authentication server to have a
digital certificate, where client can be authenticated using any
legacy methods. These tunneled methods are also vulnerable
to various attacks, if not properly implemented [20].
3 802.1X–EAP authentication
To enhance the security of 802.11 WLANs, IEEE 802.11i has
developed an authentication framework identified by 802.1X.
This framework uses various EAP methods for providing the
secure means of user authentication in a flexible manner.
Basically 802.1X provides a network access model, whereas
EAP adds the various authentication methods for accessing
the network. It is a data link layer protocol for providing
the user authentication services in wireless networking envi-
ronment. It protects the network by denying access to the
network services until a user requesting access to the network
is authenticated successfully [21]. Generally, IEEE 802.1X
based authentication is deployed in enterprise grade WLANs
to accomplish the authentication process. In this system, the
port with which the client device is associated remains in
unauthenticated state and allows only the authentication traf-
fic to pass through it. Once the authentication process is
completed successfully it changes its state to authenticated
state. In this way 802.1X port access control mechanism
prevents full access to the network services until authenti-
cation process completes successfully. 802.1X framework
defines three entities namely Supplicant, Authenticator, and
Authentication Server, and all these entities reside in three
separate devices. Supplicant resides in wireless client sta-
tion, access point contains authenticator and authentication
server resides in AAA (Authentication, Authorization and
Accounting) server such as RADIUS. All the components of
802.1x authentication framework are shown in Fig. 1.
EAP is a universal authentication protocol which provides
the support for multiple authentication methods by encap-
sulating the client credentials into the generic frames [4].
It provides a flexible and open architecture for supporting
the multiple authentication methods. It enables the dynamic
selection of authentication method at the time of authentica-
tion, based on information transmitted in the access-request
made by the client.
Various EAP and non-EAP authentication methods, rang-
ing from the most basic password based technique to most
123
Content courtesy of Springer Nature, terms of use apply. Rights reserved.
P. Kumar, D. Kumar
sophisticated and secure X.509 digital certificate are avail-
able for use with the 802.1X authentication framework. Every
authentication mechanism has its own set of strengths and
weaknesses. These methods depict a tradeoff between secu-
rity, cost and ease of deployment.
3.1 Features of 802.1X and EAP authentication
framework
Various features of 802.1X and EAP authentication frame-
work are:
• Support for multiple authentication mechanisms
• Network Access Server (NAS) devices i.e. switches or
access points need not to have mechanism for understand-
ing each authentication method and may act as a pass-
through device for a backend authentication server [21]
• Separation of the authenticator from the backend authen-
tication server simplifies credentials management and
policy decision making.
4 New Personal Dialogue Based
Authentication (PDBA) scheme
With the increased usage of wireless networks for enterprise
as well as home applications, demand for the more sophisti-
cated authentication and encryption techniques has increased
many folds. In the present decade secret sharing for secure
authentication has emerged as a hot area of research in field of
network security. Strength of network access control mech-
anism is one of the primary factors used in the estimation
of level of data security managed by any online information
system. Therefore, protecting the confidentiality of data is of
paramount importance for every organization.
In this work we have designed a novel authentication
scheme referred here as n-secret based Personal Dialogue
Based Authentication (PDBA), for the authentication of
wireless clients in an enterprise grade network. It is a
TLS protected authentication method, which works after the
establishment of secure channel between the wireless client
and authentication server by using the TLS protocol. In this
method, rather than combining multiple factors of different
types, authentication is made on the basis of unique PID
(profile ID) and client’s response to one or more dynamic
challenges put by the authentication server.
In this scheme, it is mandatory for a regular user to com-
plete the registration process prior to accessing the network
services. A wireless profile of every regular user is created
after the successful completion of the registration process.
While creating its profile a user provides the values for the set
of attributes presented by the system through a user friendly
A secure n-secret based client authentication protocol for 802.11 WLANs
Fig. 1 Components of 802.1X
Framework
interface. This authentication protocol provides the strong
mutual authentication, where server is authenticated to the
wireless client by sending its X.509 digital certificate to it,
and client authentication is accomplished by combining its
multiple factors, which are unique Profile_Id, MAC address
and response of one or more random challenges.
4.1 Registration process of PDBA scheme
In this method, for registering with the network, it is manda-
tory for every new user to create its profile by providing the
values of the mandatory fields and selecting a pre-specified
number of factual questions from the list provided in the
interface. After selecting the specified number of questions,
user has to provide responses corresponding to the selected
questions. The user also has the flexibility of adding fac-
tual questions of its own choice. Once the user’s profile is
submitted successfully, authentication server will assign a
unique PID to the newly registered user. PID, which is the
unique profile_id of the client, is sent to the client out-of-band
through some secure channel like email, after the registration
and subsequent approval process of client’s profile by the net-
work administrator.
The link for completing the registration process is sent
to every new client by sending an invitation email at regis-
tered email id. The entire registration process of the client
is secured by using the SSL-encrypted HTTPS connec-
tion. After the successful registration of the client following
information is maintained by the authentication server cor-
responding to the every registered client.
• Unique PID (Profile_Id) assigned to client by the authen-
tication server.
• MAC List, a data structure for holding a list of 3–4 MAC
addresses of the devices, which client generally uses for
accessing the network.
• A list of n-secrets along with their responses, provided
by the client at the time of registration.
4.2 Authentication process of PDBA scheme
In this method, TLS protocol is used to protect the entire
client authentication process by using a combined two-step
approach. In the first step, TLS protocol is used to authenti-
cate the server to the client and for establishing a protective
Content courtesy of Springer Nature, terms of use apply. Rights reserved.
263
outer tunnel between client and authentication server. In the
second step, this secure tunnel is used to protect client’s
authentication credentials, which pass through this virtual
TLS tunnel. This tunneled PDBA authentication method used
for the client’s authentication can also be referred as inner
authentication method.
The authentication process of a registered client using the
PDBA method is depicted in Fig. 2. Here in this protocol,
the entire process of mutual authentication is carried out
in two stages. In the first stage, authenticator generates an
EAP-identity request as a part of the association process. As
this method support client identity hiding, so to preserve the
client’s anonymity, supplicant on the wireless client hides the
client’s true identity and forwards the passphrase anonymous
or anonymous@realm_x as its identity. Clients belonging to
the domain of authentication server sends only passphrase
‘anonymous’, while the clients from the other domains i.e.
roaming clients sends anonymous@realm_x to the authenti-
cation server as their identity . On receiving the association
request, firstly network is authenticated to the client by send-
ing the authentication server’s public key certificate to the
client. After the successful authentication of network to the
client, a secure virtual tunnel is established between client
and authentication server. Now authentication server sends
an identity request packet to the client, requesting it to send
its true identity. In response to the authentication server’s
request, client forwards its unique PID and MAC address
to the authentication server. On receiving the client’s cre-
dentials, authentication server verifies these. If PID is found
correct and MAC address is there in the MAC list asso-
ciated with that client, then the authentication server will
dynamically select a factual challenge from the list of fac-
tual questions associated with that PID and send it to the
client. In response to the factual challenge, client will send
the appropriate response for proving its identity. On receiv-
ing the client’s response, authentication server will verify
the response, depending on the outcome of the verification
process authentication server may send authentication suc-
cessful or failure or may send another dynamically selected
factual challenge to client. In this authentication scheme
authentication server will put minimum zero challenge and
at the most three challenges before the client. As depicted
in the last row of Table 1, in case the PID provided by the
client is incorrect, then no challenge will be presented by the
authentication server and authentication will get failed. All
123
 264

Table 1 Possible outcomes of PDBA authentication method

123
Unique profile MAC address of Response of Response of Response of Outcome of
ID (PID) and mobile client factual factual factual authentication
security challenge-1 challenge-2 challenge-3 process
domain/realm (FC-1) (FC-2) (FC-3)

Correct Found Correct FC-2 will not be generated FC-3 will not be generated Successful and
next step begins
Correct Not found Correct Correct FC-3 will not be generated Successful, New
MAC will be
added to the
MAC list and
next step begins
Correct Not found Incorrect Correct Correct Successful, new
MAC will be
added to the
MAC list and
next step begins
Correct Not found Correct Incorrect Correct Successful, new
MAC will be
added to the
MAC list and
next step begins
Correct Not found Incorrect Incorrect FC-3 will not be generated Failure, error
message:
authentication
failed and
access denied
Correct Found Incorrect Correct FC-3 will not be generated Successful and
next step begins
Correct Found Incorrect Incorrect Correct Successful and
next step begins
Correct Found Incorrect Incorrect Incorrect Failure, error
message:
authentication
failed and
access denied

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Incorrect Does not matters FC-1 will not be generated FC-2 will not be generated FC-3 will not be generated Failure, error
message:
profile/user
does not exist
P. Kumar, D. Kumar
A secure n-secret based client authentication protocol for 802.11 WLANs 265

Fig. 2 EAP–TTLS–PDBA
authentication process

the possibilities, which may arise during the authentication
process are listed in Table 1.
4.3 PDBA protocol working procedure in PS
(Peer-Server) notation
The dialogue between the client and authentication server
for accomplishing the mutual authentication process is given
under in Peer-Server notation. These steps are used by
us for modeling the PDBA authentication method and its
further conversion into the High Level Protocol Specifica-
tion Language (HLPSL) for its verification and validation
using the SPAN–AVISPA tool. Comments beginning with
% symbol are given on the right side of these steps (in
bold) for the better explanation of the authentication pro-
cess.

123

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

266 P. Kumar, D. Kumar

P ← S: request_id % peer receives request for identity • Light weight and secure mutual authentication scheme.
message • Support both user as well as device authentication
P → S: respond_id.UserId % anonymous ID sent by • Unlike single password, user authentication is based on
peer, will reveal only realm the unique profile_id and random challenges put by the
system for granting access to the network.
1st Phase: TLS tunnel establishment
• Support user privacy by identity hiding in TLS tunnel.
P ← S: start_ttls
• Purely soft-tokens based authentication scheme, hence
P → S: Version.SessionID.Np.CipherSuite % Client_
no physical device or token is required for authentication.
Hello, consisting of values for beginning a new session
• Being purely soft-token-based scheme, it is very easy and
P ← S: Version.SessionID.Ns.Cipher % Server_Hello,
inexpensive to implement.
consisting of values for beginning a new session
• No need of hefty PKI for client authentication, hence
P ← S: S.Ks_inv(Kca) % Public Key/ Server certificate
reduces the burden of network administrators.
signed by CA
• No fear of stolen, lost or forget like physical tokens or
P ← S: Shd % server_hello_done message is sent by
passwords.
server
• Legitimate user can use any device for accessing the net-
P → S: PMS_Ks % client_key_exchange encrypted with
work services.
Public Key of server
• No time bound expiry of tokens like passwords or OTP.
P → S: Ccs % change_cipher_spec message is sent by
• No need of any other secondary device like mobile phone
peer to server
for completing the authentication process.
P → S: {Finished}_SessionK % finished from peer
• Resistant to both type of attacks active as well as passive
encrypted with session key
like MITM, password sniffing, replay and brute force.
P ← S: Ccs % change_cipher_spec message sent by
server to peer
P ← S: {Finished}_SessionK % finished message from
Server encrypted with session key
5 Formal analysis of EAP–TTLS–PDBA using
SPAN–AVISP tool
2nd Phase: using TLS tunnel for authenticating
the peer established in Ist Phase The PDBA authentication protocol has been analyzed for
realization of the specified security goals by using the
P ← S: RequestID % peer once again receives request
AVISPA, Automated Validation of Security Protocols and
for identity
Applications tool. This simulation tool executes protocol
P → S: Prof_Id_Ks % peer sent unique Profile_Id
models coded in the HLPSL, which is a role based lan-
Encrypted with Public key of the server
guage. The structure of the AVISPA tool is shown in Fig. 3. In
P ← S: Rand_Chal % server puts a Random Chal-
this tool hlpsl2if module translate the HLPSL code into the
lenge/Factual question from Profile
Intermediate format (IF). The intermediate format is then
P → S: Chal_Response_Ks % peer response is sent to
processed by a model checker module to analyze the accom-
server encrypted with server’s Public key
plishment of the specified security goals. There are four back-
P ← S: Success/Failure % depending upon the veri-
end tools are available for the analysis the IF specification.
fication of challenge response authentication process ends
These tools are: OFMC (On-the-Fly Model- Checker), CL-
with success or failure message.
AtSe (Constraint- Logic-based Attack Searcher), SATMC
The complete mutual authentication process between the
(SAT-based Model-Checker), TA4SP (the Tree Automata
mobile supplicant (MS) and the authentication server (AS)
tool based on Automatic Approximations for the Analysis)
through the authenticator is depicted in Fig. 2. In this process,
of Security Protocols. Possible flaws in a protocol can be
it is assumed that the mobile supplicant is an already regis-
identified using these back end tools. OFMC uses the sym-
tered entity and possesses a valid PID (Profile ID) obtained
bolic techniques for performing the bounded analysis and
from the authentication server after completing the registra-
protocol falsification. It provides a translation which is used
tion process successfully.
to find an attack in the protocol. Translation and checking
are fully automatic and performed by OFMC without help of
any external tool [22] (Fig. 4).
4.4 Features of the n-secret based PDBA For the verification and validation of our protocol, we
authentication have chosen the OFMC (On-the Fly Model Checker) back-
end tool because of its many interesting features. It supports
The novel authentication scheme is very rich in terms of good the verification of secrecy of information between the autho-
features, which are listed under: rized entities by using the goal predicate secret supported

123

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

A secure n-secret based client authentication protocol for 802.11 WLANs 267

Fig. 3 Architecture of AVISPA

tool with four back-end tools

Fig. 4 Output generated by PDBA authentication with OFMC backend

by it. By using the goal predicate request, we can define
and verify the goal of strong mutual authentication [23]. In
the designed authentication protocol the following security
properties have been verified:
1. Secrecy property of the parameters shared between Peer
P and authentication server S:
– PID(Unique Profile ID of the Peer)
– Chal_Rs (Challenge Response provided by the Peer)
– PMS (Pre Master Secret)
– Session Key(derived between server and peer)
By goal specification in HLPSL: secrecy_of sec_pid,
sec_chalrs, sec_pms, sec_sessionK
2. Strong Mutual Authentication between Server S and Peer
P:
– Authentication of Server S by Peer P on Ks i.e. Public
Key of authentication server
By goal specification in HLPSL: authentication_on
auth_ks

123

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

268 P. Kumar, D. Kumar

Fig. 5 Protocol simulation of PDBA in SPAN

Fig. 6 Protocol simulation of EAP–TTLS–CHAP in SPAN

123

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

A secure n-secret based client authentication protocol for 802.11 WLANs 269

Fig. 7 Protocol simulation of PEAP-MSCHAP in SPAN

– Authentication of Peer P by Server S on PID(Peer’s TTLS–CHAP and PEAP–MSCHAP is shown in Figs. 6 and 7
Profile ID) and Chal_rs(Challenge response given respectively.
by the Peer in response to the Challenge put by the
authentication server)
6 Results and discussion
By goal specification in HLPSL: authentication_on
auth_pid On executing the PDBA authentication protocol’s HLPSL
specification by using the OFMC backend tool of SPAN the
By goal specification in HLPSL: authentication_on following output is obtained:
auth_chalrs SAFE
DETAILS
BOUNDED_NUMBER_OF_SESSIONS
5.1 Performance analysis of TTLS–PDBA PROTOCOL
/home/span/span/results/EAP_PDBA.if
We have performed the performance analysis of PDBA GOAL
authentication method, by using the protocol simulation tool as_specified
of SPAN. The output of SPAN’s protocol simulation tool for BACKEND
the TTLS–PDBA method is shown in Fig. 5. As depicted OFMC
in the figure, the process of PDBA mutual authentication COMMENTS
between client and server is accomplished only in four steps. STATISTICS
For comparing the performance of our protocol with other parseTime: 0.00s
similar tunnel based authentication methods we have selected searchTime: 0.36s
two very popular mutual authentication protocols EAP– visitedNodes: 113 nodes
TTLS–CHAP and PEAP–MSCHAP, which are similar in depth: 10 plies
working and perform the task of mutual authentication in two The output of simulator given in Figs. 5, 6 and 7 shows
stages like PDBA protocol. The protocol simulation of EAP– that our protocol is safe and all the specified goals of client

123

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

270
identity privacy, credential security, session key security and
mutual authentication are achieved successfully. No new vul-
nerability or attack has been reported by the model checker. It
can be observed in Fig. 5, protocol simulation of PDBA, that
it has accomplished the task of authentication only in 4 steps
executed between peer P and server S. On the other hand,
EAP–TTLS–CHAP and PEAP–MSCHAP have completed
the authentication process in 5 and 12 steps respectively as
shown in Figs. 6 and 7.
So, PDBA is a compact authentication scheme, as it com-
pletes the authentication process in less no. of steps as
compared to the other similar authentication methods. As
overall authentication delay directly depends on the no. of
steps in the authentication process, so authentication delay
of PDBA scheme is definitely going to be less as compared to
the other tunneled methods EAP–TTLS–CHAP and PEAP-
MSCHAP. Hence the proposed PDBA authentication scheme
is compact and efficient as compared to the similar tunnel
based mutual authentication schemes.
7 Conclusions and future scope
The authentication method presented in this work has a rich
set of desirable features and it is better than the simple pass-
word based techniques and certificate based authentication
schemes in terms of security and ease of deployment respec-
tively. On its verification using the SPAN–AVISPA tool, the
protocol model is found to be safe against various authenti-
cation attacks and all the specified goals of client identity
privacy, credential security and session key security and
mutual authentication are achieved. No new vulnerability or
attack has been reported by the model checker.
This method can be a good choice for implementing the
secure and easily deployable authentication scheme for the
enterprise grade wireless networks. In the future work this
method can be extended by incorporating the more sophisti-
cated features, which are desirable in the efficient and secure
authentication schemes. Performance analysis of this method
for finding the exact authentication delay can also be per-
formed using NS3 simulator in different network scenarios
to get the clear picture of the performance gain.
Funding No funding agency.
Compliance with ethical standards
Conflict of interest The authors declare that they have no conflict of
interest.
Research involving human participants and/or animals No human par-
ticipations and/or animals has been involved in this work.
123
Content courtesy of Springer Nature, terms of use apply. Rights reserved.
P. Kumar, D. Kumar
References
1. Peisert, S., Talbot, E., & Kroeger, T. (2013). Principles of authen-
tication. In New security paradigms (pp. 47–56). London: ACM.
2. Aldwairi, M., & Aldhanhani, S. (2017). Multi-factor authentication
system. In International conference on research and innovation in
computer engineering and computer sciences. Malaysia: MTSA.
3. Ajah, I. A. (2014). Evaluation of enhanced security solutions in
802.11-based networks. International Journal of Network Security
and Its Applications, 6(4), 29–42.
4. Geier, J. (2008). Implementing 802.1 X security solutions for wired
and wireless networks. New York: Wiley.
5. Idrissi, Y. E. H. E., Zahid, N., & Jedra, M. (2011). A new EAP
authentication method for IEEE 802.11 wireless. International
Journal of Computer Science and Network Security, 11(6), 1–11.
6. Kbar, G. (2010). Wireless network token-based fast authentication.
IN International conference on telecommunications (pp. 227–233).
Qatar: IEEE.
7. Jindal, P., & Singh, B. (2013). Fast and secure authentication using
double token based scheme for WLANs. International Journal of
Computer Applications, 62(8), 25–32.
8. Alezabi, K. A., Hashim, F., Hashim, S. J., & Ali, B. M. (2013).
A new tunnelled EAP based authentication method for WiMAX
networks. InInternational conference on communications (pp.
412–417). Malaysia: IEEE.
9. Eshmurzaev, B., & Dalkilic, G. (2012). Analysis of EAP-FAST
protocol. In International conference on information technology
interfaces (pp. 417–422). Croatia: IEEE.
10. Vighnesh, N. V., Kavita, N., Shalini, R. U., & Sampalli, S. (2011).
A novel sender authentication scheme based on hash chain for
vehicular ad-hoc networks. In Symposium on wireless technology
and applications (pp. 96–101). Malaysia: IEEE.
11. Li, X., Bao, F., Li, S., & Ma, J. (2013). FLAP: an efficient WLAN
initial access authentication protocol. IEEE Transactions on Par-
allel and Distributed Systems, 25(2), 488–497.
12. Hong-tao, G. (2015). Fast authentication method for wireless local
area network. International Journal of Security and Its Applica-
tions, 9(6), 53–60.
13. Fan, C., Lin, Y. H., & Hsu, R. H. (2012). Complete EAP method:
User efficient and forward secure authentication protocol for IEEE
802.11 wireless LANs. IEEE Transactions on Parallel and Dis-
tributed Systems, 24(4), 672–680.
14. Newman, L. H. (2017). The secure Wi-Fi standard has a huge
dangerous flaw. Resource Document. Wired. Retrieved March
25, 2020 from https://www.wired.com/story/krack-wi-fi-wpa2-
vulnerability.
15. Alliance, Wi-Fi. (2019). Discover Wi-Fi security. Resource Doc-
ument. Retrieved March 29, 2020, from https://www.wi-fi.org/
discover-wi-fi/security.
16. TSA Division, TEC (2018). WLAN (Wireless Local Area Net-
work) Security. Resource Document. Retrieved March 29, 2020,
from http://tec.gov.in/pdf/Studypaper/WLANsecuritystudypaper.
pdf.
17. Shojaie, B., Saberi, I., & Salleh, M. (2017). Enhancing EAP-
TLS authentication protocol for IEEE 802.11i. Wireless Networks,
23(5), 1491–1508.
18. Dejamfar, S. M., & Najafzadeh, S. (2017). Enhancing efficiency of
EAP-TTLS protocol through the simultaneous use of encryption
and digital signature algorithm. International Journal of Network
Security & Its Applications, 9(4), 45–55.
19. Bahrami, N., Shiri, M. E., & Akhgar, M. S. (2013). Enhanced
authentication protocol EAP-TTLS using encrypted ECDSA.
International Journal of Computer Science Issues, 10(6), 173–177.
A secure n-secret based client authentication protocol for 802.11 WLANs 271

20. Hoeper, K., & Chen, L. (2010). An inconvenient truth about Dinesh Kumar is currently work-
tunneled authentications. In IEEE conference on local computer ing as Associate Professor and
networks (LCN). https://doi.org/10.1109/LCN.2010.5735754. Head in the Department of Infor-
21. Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., & Levkowetz, H. mation Technology at DAV Insti-
(2004). RFC 3748-Extensible authentication protocol (EAP) (pp. tute of Engineering & Technol-
1–67). Network Working Group, The Internet Society ogy, Jalandhar, India. He has done
22. Genet, T. (2015). A short SPAN+AVISPA tutorial. Research Report. B.Tech in CSE, M.Tech in Infor-
https://hal.inria.fr/hal-01213074v1/document. mation Technology and Ph.D. in
23. Viganò, L. (2006). Automated security protocol analysis with the Computer Engineering. He has a
AVISPA tool. Electronic Notes in Theoretical Computer Science, vast experience in teaching as well
155, 61–86. as research. His research inter-
ests are in the fields of Natu-
ral Language Processing, Machine
Publisher’s Note Springer Nature remains neutral with regard to juris- Learning, Wireless Networks, and
dictional claims in published maps and institutional affiliations. Data Structures. He is the author
of over 70 research papers in various international journals and con-
ferences. He has guided 35 M.Tech Thesis and 02 Phd candidates. He
is a Life member of Indian Society for Technical Education (ISTE),
Pawan Kumar received his Mas- Computer Society of India, Punjab Academy of Sciences and Member
ters degree in information tech- of Computer Society of India, International Association of Computer
nology in the year 2000 from the Science & Information Technology. He is also a reviewer of many
science and technology university reputed journals.
of Haryana (India). Presently he is
pursuing Ph.D. from the technical
university of Punjab (India). He
is working as Assistant Professor
in Computer Science in a highly
reputed college of Punjab (India).
He is having about 18 years expe-
rience of teaching various courses
at UG and PG level. Kumar has
published about 10 papers in var-
ious peer-reviewed research jour-
nals of national and international repute. He has also presented about
10 papers in various national and international conferences. His
research interests span (but not limited to) data structure, wireless
security, software engineering and expert systems.

123

Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Terms and Conditions
Springer Nature journal content, brought to you courtesy of Springer Nature Customer Service Center GmbH (“Springer Nature”).
Springer Nature supports a reasonable amount of sharing of research papers by authors, subscribers and authorised users (“Users”), for small-
scale personal, non-commercial use provided that all copyright, trade and service marks and other proprietary notices are maintained. By
accessing, sharing, receiving or otherwise using the Springer Nature journal content you agree to these terms of use (“Terms”). For these
purposes, Springer Nature considers academic use (by researchers and students) to be non-commercial.
These Terms are supplementary and will apply in addition to any applicable website terms and conditions, a relevant site licence or a personal
subscription. These Terms will prevail over any conflict or ambiguity with regards to the relevant terms, a site licence or a personal subscription
(to the extent of the conflict or ambiguity only). For Creative Commons-licensed articles, the terms of the Creative Commons license used will
apply.
We collect and use personal data to provide access to the Springer Nature journal content. We may also use these personal data internally within
ResearchGate and Springer Nature and as agreed share it, in an anonymised way, for purposes of tracking, analysis and reporting. We will not
otherwise disclose your personal data outside the ResearchGate or the Springer Nature group of companies unless we have your permission as
detailed in the Privacy Policy.
While Users may use the Springer Nature journal content for small scale, personal non-commercial use, it is important to note that Users may
not:

1. use such content for the purpose of providing other users with access on a regular or large scale basis or as a means to circumvent access
control;
2. use such content where to do so would be considered a criminal or statutory offence in any jurisdiction, or gives rise to civil liability, or is
otherwise unlawful;
3. falsely or misleadingly imply or suggest endorsement, approval , sponsorship, or association unless explicitly agreed to by Springer Nature in
writing;
4. use bots or other automated methods to access the content or redirect messages
5. override any security feature or exclusionary protocol; or
6. share the content in order to create substitute for Springer Nature products or services or a systematic database of Springer Nature journal
content.
In line with the restriction against commercial use, Springer Nature does not permit the creation of a product or service that creates revenue,
royalties, rent or income from our content or its inclusion as part of a paid for service or for other commercial gain. Springer Nature journal
content cannot be used for inter-library loans and librarians may not upload Springer Nature journal content on a large scale into their, or any
other, institutional repository.
These terms of use are reviewed regularly and may be amended at any time. Springer Nature is not obligated to publish any information or
content on this website and may remove it or features or functionality at our sole discretion, at any time with or without notice. Springer Nature
may revoke this licence to you at any time and remove access to any copies of the Springer Nature journal content which have been saved.
To the fullest extent permitted by law, Springer Nature makes no warranties, representations or guarantees to Users, either express or implied
with respect to the Springer nature journal content and all parties disclaim and waive any implied warranties or warranties imposed by law,
including merchantability or fitness for any particular purpose.
Please note that these rights do not automatically extend to content, data or other material published by Springer Nature that may be licensed
from third parties.
If you would like to use or distribute our Springer Nature journal content to a wider audience or on a regular basis or in any other manner not
expressly permitted by these Terms, please contact Springer Nature at

[email protected]