(Archived)

This article presents a fast, secure handover protocol for 802.11 networks. The protocol keeps the security functionalities of 802.1X but uses a new reauthentication protocol that promotes fast handovers during reassociations. The reauthentication protocol recovers the original 802.11 paradigm: authenticate first, reassociate next. Following this paradigm, we conceived two new 802.11 authentication and reassociation protocols, which allow a mobile station to perform 802.1X reauthentications before reassociations with the same functionality of a complete 802.1X authentication. Furthermore, reassociation protocols are authenticated, preventing denial-or-service scenarios that are not handled by 802.11i. Our new approach requires little from the environment, namely a new, central Reauthentication Service, for storing data used in the reauthentication of stations. The time of security-related tasks that contribute to handover delays was dramatically reduced to 1.5 ms, while an 802.1X fast resume takes more than 150 ms. Finally, our protocol addresses most design goals and problems stated by standards' working groups for fast, secure roaming in 802.11.