An EAP-EHash authentication method adapted to resource constrained terminals

In the era of mobile and wireless networks, the growing complexity of end devices and the accentuated tendency towards miniaturization of them raise new security challenges. Authentication is a crucial concern in resource constrained environments, and despite the great number of existing EAP methods, as explained in the article, we are still in need for EAP methods tightly adapted to wireless environments and satisfying heterogeneity of terminals and their limitations of resources. After a first comparative analysis of existing EAP methods, this article presents a new EAP-EHash method (EHash for encrypted hash) that is adapted to the highly vulnerable wireless environment by supporting mutual authentication and session key derivation and offering simplicity, rapidity, and easy-to-deploy features. This EAP-EHash was formally proven to satisfy the claimed security properties, thanks to the AVISPA tool. Implementation of it on an 802.11 testbed platform gave realistic authentication delays averaging 26 ms and thus proved that EAP-EHash is competitive to EAP-MD5 that is known to be the simplest of the EAP methods. Features of EAP-EHash include short execution delays and low bandwidth consumption, and as such, it appears attractive for wireless.