Managing Handover Authentication in Big-domain Wireless Environment

Transcription

1 Managing Handover Authentiation in Big-domain Wireless Environment Changsheng Wan, Aiqun Hu, Juan Zhang Managing Handover Authentiation in Big-domain Wireless Environment Changsheng Wan *1, Aiqun Hu *1, Juan Zhang *2 *1 Radio Department, Southeast University, Naning, Jiangsu, Chin *2 Aounting Department, Naning University, Naning, Jiangsu, China doi: /itvol4issue313 Abstrat Mobility management is the ey feature of wireless networ When the mobile node roams from the home networ to the foreign networ, the foreign networ aess server usually does not have the seurity material of the mobile node, and an not authentiate the mobile node by itself Thus the three-party authentiation is used, and the foreign networ aess server onsults the home authentiation server of the mobile node for authentiation (usually through the foreign authentiation server) However, this sort of authentiation will lead to a long lateny With the wide deployment of lateny sensitive servies in wireless networ, the handover authentiation lateny beomes more and more flagrant Currently, many standards organizations are woring on this issue, and they defined a lot of protools for optimizing the handover authentiation proedure These protools mainly inlude the fast re-authentiation protool, the pre-authentiation protool and the ontext transfer based authentiation protool However, urrent protools will put a heavy burden on the authentiation server in big domain, and thus add a long lateny to the handover authentiation proedure This paper presents an ellipti urve based authentiated ey agreement protool with mutual authentiation property to address this problem Keywords Handoff algorithm, authentiation, mobility management 1 Introdution The problem of wireless handover authentiation is usually onerned with mobility management When the mobile node (MN) roams into a foreign domain, the foreign networ aess server (NAS) will at as a pass through authentiator (AU), and onsults the authentiation server in the MN s home domain (AAAH) for authentiation through the foreign domain authentiation server (AAAF) Currently the extensible authentiation protool (EAP) [1] [14] is used for this sort of three-party authentiation EAP [1] defined an authentiation framewor whih supports multiple EAP methods suh as EAP-MD5 [1] and EAP-TLS [19] In the ase of three-party authentiation, the AAAH verifies the ertifiate or identity of the MN, and generates a shared master session ey (MSK) for the AU and the MN However, aording to [2], the time for simplest EAP method EAP-MD5 is more than 70ms whih does not support mutual authentiation and MSK generating For those EAP methods supporting both mutual authentiation and MSK generating, the authentiation lateny an easily be several hundred milliseonds This is too long for lateny sensitive servies suh as VOIP whih requires the overall handover lateny of under 50ms [20] To optimize the EAP protool, researhers divide the handover authentiation proedure into two senarios alled inter-domain handover authentiation and intra-domain handover authentiation Here interdomain handover refers to the senario that the mobile node roams from one AU to another that belongs to different AAAF, while the intra-domain handover refers to the senario that the mobile node roams from one AU to another within the same AAAF Usually when inter-domain handover ours, the full EAP proedure must be established, sine the new domain needs to onsult the AAAH for authentiating the mobile node This may add additional lateny to the handover proedure and put a heavy burden on the networ So, the bigger the domain is, the better effiieny the handover authentiation is In the ase of intra-domain handover, several mehanisms are designed for reduing the handover authentiation lateny They are alled fast re-authentiation protool [4], pre-authentiation protool [5], ontext transfer based authentiation protool [7] The fast re-authentiation protool defined an intradomain authentiation mehanism When the mobile node roams into the AAAF domain, the AAAH distributes the domain speifi root ey to the AAAF 86

2 Journal of Convergene Information Tehnoy Volume 4, Number 3, September 2009 after EAP proedure [4] Thus, in the subsequent authentiation proedure, the MN, the AAAF and the AU do the re-authentiation proedure based on DSRK without the partiipation of the AAAH The fast reauthentiation protool redued the signaling ost and seurity ost between AAAF and AAAH, but it an only meet the requirement of small domains In bigdomain environment, there may be a lot of MNs roaming from one AU to another Sine AUs still needs to onsult the AAAF during handover authentiation, the fast re-authentiation protool will still put a heavy burden on the AAAF For example, assuming an AAAF manages 100 AUs, and every AU needs to authentiate 100 MNs at the same time, then the AAAF needs to generate 100*100=10,000 MSKs in a short period of time If the ey generation hash funtion is SHA-1, then aording to [3], the total ey generating lateny is 973ms*10,000=973s If we tae message enryption/deryption ost and routing ost into aount, the lateny on the AAAF may be several minutes Also the fast re-authentiation protool requires a ompliated ey hierarhy [11][15], whih may be too ostly to the arrier too The pre-authentiation protool is initially defined by the IEEE wor group to tae the authentiation servie overhead out of the time-ritial re-assoiation proess [5] Sine the MN an be authentiated with multiple APs, the pre-authentiation proedure may put a muh heavier burden on the AAAF and AAAH In [21], Mishra et al report that the pre-authentiation message violates the IEEE state mahine as speified in [5] Due to those issues, the IETF uses pre-authentiation only for inter-domain handover authentiation [6] The ontext transfer based authentiation protool is an intra-domain handover authentiation protool When the MN roams from the old AU to the new AU, the old AU transfers the eying material of the MN to the new AU Thus, the authentiation proedure an be initiated between the new AU and the MN without the partiipation of AAAF, and the burden of the AAAF is redued However, aording to [8], the ontext transfer based authentiation protool will lead to the domino effet issue, in whih a ompromise of one AU will lead to a ompromise of another AU There is another ategory of publi ey based authentiation solutions suh as [10] However, the mobile node and the authentiator still need to onsult the AAAF for getting the publi ey of the other side The handover authentiation proedure will still put a heavy burden on the AAAF In one word, the two ey issues for urrent solutions are the heavy burden of AAAF and the domino effet This paper fouses on the intra-domain handover authentiation in the big-domain wireless environment and presents an new ellipti urve [9][12] based ey agreement protool with mutual authentiation property (ECCHO) for solving these two issues 2 ECCHO Arhiteture Our sheme aims to redue the burden of the AAAF when there are a lot of MNs roaming from one AU to another within the same AAAF domain The AAAF domain is defined as follow Definition 1: We assume that the AAAF manages mau AUs, and it has the apaity of managing mmn mau AUs and the mmn MNs Thus, the AAAF, the MNs form the AAAF domain Figure 1 shows the trust model for wireless environment, where PSA refers to pre-established seurity assoiation We extrat this trust model from [17] AAAF AU PSA PSA Seurity assoiation to be established AAAH PSA MN Figure 1 Trust Model for Wireless Aess Seurity The arhiteture of our sheme is summarized as follows: The AAAF initially generates and distributes some eying materials to the AU and MN During subsequent handover authentiation proedure, the AU and MN an authentiate eah other using those eying materials without the partiipation of the AAAF Sine the AAAF is not involved in the handover proess, its burden is redued Our sheme inludes the following five parts: the eying materials generating, ey distribution to AUs, ey distribution to MNs, handover proess and big numbers transporting 21 Keying Materials enerating The AAAF is the authentiation enter of the AAAF domain Only it an generate eying materials for the mobile nodes and authentiators The ey generating proess is based on the ellipti urve theory desribed in [9] Setion 31 of [9] defined the ellipti urve domain parameters over T= ( pab,,,, nh, ) 0 F p as follows: 87

3 Managing Handover Authentiation in Big-domain Wireless Environment Changsheng Wan, Aiqun Hu, Juan Zhang The AAAF reates four sets with different prime numbers alled MNPRIVATE, AUPRIVATE, MNPUBLIC and AUPUBLIC MNPRIVATE and MNPUBLIC eah has m mn elements AUPRIVATE and AUPUBLIC m eah has au elements The seurity strength of these prime numbers will be analyzed later on Then the AAAF alulates the produt M of MNPRIVATE, and the produt N of AUPRIVATE 22 Key Distribution to Authentiators After ey generating, the AAAF distributes eying materials to the authentiators within the AAAF domain This proess is independent of other proess, and is initiated by the AAAF and is proteted by the PSA between the AAAF and the AUs (Figure 2) Computes and AAAF AU {,,,, pabnh,,,, } Figure 2 Key Distribution to the Authentiators The ey distribution to AUs inludes three steps: Step 1) The AAAF omputes = 0 = ( mod p) 0, where i is an element of MNPUBLIC Step 2) The AAAF omputes = 0 = ( mod p) 0, where is an element of AUPRIVATE Step 3) The AAAF sends AUTHl = {,,,, pabnh,,,, } to the AU l Every AU should get a different i and Different from [9], the domain base point 0 is not distributed to AUs Instead, the AAAF eeps it seretly 23 Key Distribution to Mobile Nodes When the mobile node enters the AAAF domain for the first time, the full EAP proess is established as defined in [1] Sine only the AAAH an verify the mobile node, the pass through authentiator transports the authentiation messages to the AAAF, and the latter relays it to the AAAH for authentiation If the full EAP proedure is suess, the AAAH sends a message to the AAAF for requesting the eying materials for the MN Upon reeiving the request from AAAH, the AAAF generates eying materials for the mobile node as follows: Step 1) The AAAF omputes = r = ( r mod p) r 0 0 where r is an element of MNPRIVATE Step 2) The AAAF omputes sn = sn0 = ( sn mod p) 0 where s is an element of AUPUBILC Then the AAAF sends the eying materials MN = {, r, sn,, pabnh,,,, } t r sn to the AAAH under the protetion of their PSA as shown in figure 1, and the latter distributes MN t to the MN under the protetion of their PSA as shown in figure 1 Every mobile node should get a different r and s Different from [9], the domain base point 0 is not distributed to the mobile node Instead the AAAF eeps it seretly (Figure 3) MN AU AAAF AAAH EAP message exhanges Computes and r sn Sends MN to MN t along with MSK Request MN t Verifies the mobile node Figure 3 ey distribution to the mobile node 24 Handover Proess This subsetion disusses the handover authentiation proess We will present an authentiated ey agreement mehanism without the partiipation of the AAAF and the AAAH Our sheme is based on the following ellipti urve assumption [9]: Ellipti urve seurity Assumption: iving a base point on the ellipti urve, we an easily ompute K = ; on the other hand, giving K and, one an hardly ompute Thus an be used as private ey, and K an be used as publi ey Our sheme uses the following lemma: 88

4 Journal of Convergene Information Tehnoy Volume 4, Number 3, September 2009 <, K > Lemma 1: if publi-private ey pairs 1 1 <, K > are on the same ellipti urve, they and 2 2 have the same base point, and 1 2, then 2 / 1, K2 is a divisor of < > forms a new publi-private K ey pair with the base point 1 Proof of Lemsma 1: K = = / *( ) = / K When t hands over to l, l AUTH holds l and t MN holds t l and t establish the authentiated ey agreement proedure using the following three messages: t Message 1) l Q1 = {, } sends message Q Message 2) After reeiving 1, t omputes its = ( / r) mod p private ey mnr with the base Q point r, and then sends 2 = { sn, r, y1} mnr to y the AU, in whih 1 is the publi ey of the mobile node s ellipti urve Diffie-Hellman publi-private ey < x, y >, and Q2 pair 1 1 is integrity proteted by an ellipti urve signature mehanism suh as setion 4 in [9] Message 3) After getting the 2 message, the authentiator verifies the integrity of the message using the mobile node s publi ey point r au = ( sn / ) mod p Q3 = { y2} au sends Q to with the base Then it omputes its private ey with a base point, and to the mobile node to negotiate y < x, y >, and Q3 a shared ey, in whih 2 is the publi ey of the authentiator s ellipti urve Diffie-Hellman publiprivate ey pair 2 2 is integrity proteted by an ellipti urve signature mehanism suh as setion 4 in [9] After the 3-pass message exhanges, the AU and the MN an generate the shared ey respetively The shared ey generating proess is defined in [9], and this ey an be used as MSK for further ey generating(figure 4) Mobile node Computing MN s Q = {, } 1 Q = sn y mnr 2 r 1 Verifying message, enerating MSK {,, } mnr Q = { y } 3 2 au authentiator Verifying message and Computes enerating Figure 4 The Handover Proess 25 Big-Number Transporting There are two big numbers to be stored and transported in our sheme, ei and sn If the element of MNPRIVATE b is mn bits, then m mn + 1 b mn may be bits long For some senarios, the transport of long bits over wireless interfae may not be aeptable To solve this issue, an be expressed as follows: au (2 b mn ) (2 b b mn mn ) bmn = (2 ) + ( (2 ) ) By doing so, an be transported using the two numbers: bmn (2 ) (2 b mn ) (2 b mn ) bmn ( (2 ) ) with 2 bmn m mn bits and with bits However, this may add additional exponential alulation ost during handover 3 Seurity Analysis 31 Corretness Analysis of Our Sheme Our sheme inludes three independent message exhange proesses: the proess of authentiator ey distribution, the proess of mobile node ey distribution and the handover authentiation proess In the wireless environment, the proess of authentiator ey distribution is proteted by the PSA between the AAAF and the authentiator The proess of mobile node ey distribution is proteted by two PSAs: the PSA between AAAF and the AAAH; the PSA between AAAF and the mobile node The orretness of these two proesses is the same as that of [1] and [4] So this paper only proves the orretness of the handover authentiation proess The orretness of the handover authentiation proess is proved by the strand spae theory desribed 89

5 Managing Handover Authentiation in Big-domain Wireless Environment Changsheng Wan, Aiqun Hu, Juan Zhang in [22]The symbols used here are the same as that of [22] Different from the NSL strand spae defined in [22], the handover authentiation proess has the following initial eying materials: The mobile node holds: MN = {, r, sn,, pabnh,,,, } t r sn The authentiator holds: AUTH = {,,,, pabnh,,,, } l Our strand spae Σ is defined as follows: Penetrator strands s P s Init[,, y, y ] r 1 2 The "initiator strands" {{ +, y }, { y } } r 1 2 with trae mnr aur, where, r Tname y, 1, y2 T but y1 Tname The "responder strands" s Re sp[,, y, y ] r 1 2 {{, y}, + { y } } r 1 mnr 2 aur y1, y2 T r, where but y2 Tname The mapping in our strand spae: r with, T trae r name, and Similar to [22], the authentiation results and serey results an be proved using the following four propositions: Proposition 52, 58, 510 and 513 defined in [22] The proving of our sheme is similar to the NSL protool, so this paper will not rewrite it There are two differenes between our sheme and the Q NSL protool: (1) The 2 and Q3 messages are proteted by the private ey of the mobile node and the authentiator using the signature mehanism defined in [9]; (2) Sine only the one who holds the private ey an sign the message, the mobile node and the authentiator need not send the nones ba for authentiation Thus in our sheme, 32 Seurity Strength Analysis C height = 2 Our sheme generates the rmsk using the ellipti urve tehnique, so we refer to [18] for analyzing the seurity strength of our sheme The rmsk length is not defined by [4] or any other doument So, as an example, this paper assumes the ey length of rmsk is 112bits To negotiate a 112-bit rmsk, our sheme needs to deide the following three ategories of data that will affet the seurity strength: the finite field size p for the ellipti urve T, the length of the four sets of prime numbers defined in setion IIA, and the DH ey material length Aording to [18], modular exponentiation related algorithm with a 2100-bit module size will have about the same resistane against atta as a 112-bit 3DES ey Thus, fatoring a 2100-bit integer (whih is the produt of two big prime numbers) will need the same time as attaing a 112-bit symmetri ey So, the length of 2100 / bits will be enough for the four sets of prime numbers Aording to [18], an ellipti urve group with equivalent seurity as 2048-bit modular exponentiation has about 200 bits This paper uses the 193-bit ellipti urve group defined in [9] for p The DH algorithm is used for generating the rmsk Aording to [18], the exponents will have at least twie as many bits as the symmetri eys that will be x derived from them So, the length of 1 and x2 should be at least 112 bits* 2 = 224bits Similar to the prime number restrition, to get equal seurity strength to the rmsk, the module used in the Diffie- Hellman exhange should be at least 2048bits too 33 Domino Effet Analysis The domino effet desribed in [8] refers to the fat that ompromise of one authentiator will lead to ompromise of another This setion proves our sheme is immune to the domino effet issue Assuming there are two authentiators: AUTH = { 1,, 1,, pabnh,,,, } AUTH = { 2,, 2,, pabnh,,,, } AUTH & If is ompromised, the attaer will get the first authentiator s eying material { 1,, 1,,,,,, } 1 1 pabnh However it an not get 2 from the first authentiator s eying material, thus it an not derypts the message 2 defined in setion IID Similarly, ompromise of one mobile node will not lead to ompromise of another in our sheme 4 Effiieny Analysis 41 Effiieny Comparison 90

6 Journal of Convergene Information Tehnoy Volume 4, Number 3, September 2009 Our effiieny goals inlude reduing the burden of the AAAF and the total seurity ost Sine the AAAF is not involved in the handover authentiation proess, its burden is redued This setion analyzes the seurity ost of our sheme and [4] Then ompares them The seurity ost of [4] an be analyzed from the following three fators: time of ey generating using C sg HMAC-SHA256 algorithm ( ), time of enryption C using a symmetri ey ( se ), time of deryption using C a symmetri ey ( sd ) Aording to setion 713 in [1], the onversation between AAAF and AAAH are proteted by their pre-established seurity assoiations The seurity ost desribed at setion 52 in [4] is listed in table 1 Table 1 seurity ost of fast re-authentiation protool + + MN sg se sd AU se + sd AAAF sg se sd Here we still tae 112-bit 3DES as the enryption and deryption algorithm Aording to [16], the enryption for one ash line input (64bits) will need about 7364 pu yles The messages to be enrypted in the fast re-authentiation protool are usually several hundred bits So this paper taes 512-bit messages as an example Thus the enryption time using 3DES algorithm will be se = 7364 puyles *(512 / 64) 59, 000puyles The 3DES deryption algorithm is similar to = 59, 000puyles enryption, so sd The fast re-authentiation protool [4] uses the HMAC- SHA256 algorithm for ey generating Aording to Figure III12 in [13], the energy onsumption for HMAC-SHA256 is about 07uJ Then we an ompute the per-byte pu yles for HMAC-SHA256 as follows (using the energy onsumption equation defined in [13]): 6 (07 uj )*(800*10 ) /(16 V *02 A) = 1750 puyles / byte Aording to [4], the input of rmsk ey generating equation inludes 40bytes Thus, we an ompute the ey generating time as follows: = 1750 puyles / byte*40bytes = 70,000puyles sg So the pu yles of fast re-authentiation protool is alulated in table 2 Table 2 pu yles of fast re-authentiation protool MN AU AAAF total 188, , , ,000 The seurity ost of our sheme an be analyzed using the following fators: time of signing using the ps private ey ( ), time of verifiation using the publi pv ey ( ), time of ey generating using DH algorithm pg ( ) and time of big-number omputing( pt ) Aording to setion II in this paper, the seurity ost of our sheme is listed in table 3 Table 3 seurity ost of our sheme MN pg + ps + pv + pt AU pg + ps + pv + pt AAAF 0 This paper taes the pu yles for 2048-bit modular exponentiation alulated in [18] as the referene for our sheme That is referene = 450, 000puyles Aording to [18], the relative time between the 2048-bit modular exponentiation and around 200-bit ellipti urve is 5 So we assume = 450,000 puyles / 5 = 90,000puyles, ps = 450,000 puyles / 5 = 90,000puyles pv, and = 450,000 puyles / 5 = 90,000puyles pg m = 10 9 m mn < 30 If we assume mn,then 2 Aording to [18], if you double the size of the Diffie- Hellman modular exponentiation group, you quadruple the number of operations needed for the omputation Sine pt = 0, we assume So the pu yles of our sheme is alulated in table 4 Table 4 pu yles of our sheme MN AU AAAF total 270, , ,000 Comparing table 4 with table 2, we an see that our sheme doubles seurity osts on the mobile node and the authentiator But the total seurity ost is redued by around 10% Also our sheme redued the seurity ost of AAAF by around 306,000 pu yles Note that this result is based on the 64-bit pu environment On 91

7 Managing Handover Authentiation in Big-domain Wireless Environment Changsheng Wan, Aiqun Hu, Juan Zhang the 32-bit pu, our sheme is still more ostly than symmetri ey based shemes 42 Big Domain Analysis Now, let s fous on the domain in definition 1 We assume the average handover rate on every authentiator is m per seond, and the pu yles used for seurity omputing is s per seond Then the seurity ost rate on the AAAF should follow the equation: 306,000 puyles * m * / 1 mau m s < for the fast re-authentiation protool We refer to the 1024-bit RSA signature time [3] as the exeuting time for 450,000 pu yles, thus 8 ms = (450,000 puyles / 475 ms) = 10 puyles / s Then we get the following equation: m * m < 300 au authentiators (ei m = 6 m If the AAAF manages 50 m = 50 au ), then an average of will rash the AAAF So we an see that our sheme will be very helpful to big domains As an example, let s fous on how the handover authentiation lateny influenes the VOIP servie If m we assume there are h handover proedures to be solved by the AAAF at the same time, then the AAAF needs around 8 h*306,000 /(10 / ) = 3 h( ) m puyles puyles s m ms time to solve all the handover authentiation m > 17 proedures So if h, the lateny of the last handover authentiation proedure will be 3 m ( ms) = 3*17ms = 51ms h This means one of these mobile nodes will get a lateny of over 50ms This annot meet the requirement of VOIP 5 Conlusion In this paper, we have presented an ellipti urve based authentiated ey agreement protool for wireless handover authentiation It has a lower seurity ost than urrent solutions and an redue the burden of the authentiation server during handover Also our sheme an avoid the domino effet issue 6 Anowledgement This paper was supported by the China 863 Plan (No2007AA01Z433) 7 Referenes [1] B Aboba Et al, "Extensible Authentiation Protool(EAP) ", RFC3748, IETF, June 2004 [2] KSethom, HAfifi, "Requirements and Adaptation Solutions for Transparent Handover", IEEE ICC 2004 [3] KSethom Et al, "A Distributed and Seured Arhiteture to Enhane Smooth Handoffs in Wide Area Wireless IP Infrastrutures", ACM SIMOBILE Mobile Computing and ommuniations Review, Volume 10, Number 3, July 2006 [4] V Narayanan, L Dondeti, "EAP Extensions for EAP Reauthentiation Protool (ERP) ", IETF, draft-ietfhoey-erx-08, November 2007 [5] Institute of Eletrial and Eletronis Engineers, "Supplement to Standard for Teleommuniations and Information Exhange Between Systems - LAN/MAN Speifi Requirements - Part 11: Wireless LAN Medium Aess Control (MAC) and Physial Layer (PHY) Speifiations: Speifiation for Enhaned Seurity", IEEE 80211i/D1, 2001 [6] Y Ohba, "EAP Pre-authentiation Problem Statement", IETF, draft-ietf-hoey-preauth-ps-00, September 2007 [7] Institute of Eletrial and Eletronis Engineers, "Reommended Pratie for Multi-Vendor Aess Point Interoperability via an Inter-Aess Point Protool Aross Distribution Systems Supporting IEEE Operation", IEEE 80211F, July 2003 (now depreated) [8] R Housley, B Aboba, "uidane for Authentiation, Authorization, and Aounting (AAA) Key Management", IETF, RFC4962, July 2007 [9] SEC, "Ellipti Curve Cryptography", SEC 1, 2000 [10] avin Lowe, Breaing and fixing the Needham- Shroeder publi-ey protool using FDR In Proeeedings of taas, volume 1055 of Leture Notes in Computer Siene, Springer Verlag, 1996 [11] M Nahiri and Y Ohba, "Derivation, delivery and management of EAP based eys for handover and reauthentiation", IETF, draft-ietf-hoey-ey-mgm-01, November 2007 [12] N Koblitz, "Ellipti urve ryptosystems", MathComp, 48, 1987 [13] MDormale, "Low-Cost Ellipti Curve Digital Signature Coproessor for Smart Cards", IEEE ASAP, 2006 [14] P Eronen, Et Al, "Diameter Extensible Authentiation Protool (EAP) Appliation", IETF RFC4072, August 2005 [15] J Salowey, Et Al, "Speifiation for the Derivation of Root Keys from an Extended Master Session Key (EMSK) ", IETF, draft-ietf-hoey-ems-hierarhy-03, January 2008 [16] Praveen Dongara, T N Viayumar, "Aelerating Private-Key Cryptography via Multithreading on Symmetri Multiproessors", IEEE ISPASS, 2003 [17] Madid Nahiri & Mahsa Nahiri, "AAA and networ seurity for mobile aess", WILEY, 2005 [18] H Orman, P Hoffman, "Determining Strengths For Publi Keys Used For Exhanging Symmetri Keys", IETF, RFC3766, April

8 Journal of Convergene Information Tehnoy Volume 4, Number 3, September 2009 [19] B Aboba and D Simon, "PPP EAP TLS Authentiation Protool", IETF, RFC2716, Otober 1999 [20] International Communiation Union, "eneral Charateristis of International Telephone Connetions and International Telephone Ciruits", ITU-T114, 1988 [21] Arunesh Mishra, Minho Shin, and William Arbaugh, "An Empirial Analysis of the IEEE MAC Layer Handoff Proess", ACM Computer Communiation Review, vol 33, Apr 2003 [22] Fabrega F J T, Herzog J C, uttman J D "St rand spaes : Proving seurity protools orret", Journal of Computer Seurity,