Shared secret key update scheme between RADIUS server and access point using PUFs

Abstract

The existing AP and Radius Server used the SSK(Shared Secret Key) to authenticate the accounting messages between devices. This SSK had the vulnerability of easy exposure because of the lack of encryption and difficulty of administration for the AP and RADIUS Server due to the requirement of direct input by the administrator. After the SSK is exposed, a billing problem may be induced by sending a user's counterfeit accounting information which is possible by creating a Rouge AP with a forged MAC address and connecting to the server. This paper attempts to resolve this issue by creating SSK with the characteristic of Physical Uncloneable Functions (PUFs) and propose the method of periodic automatic update through the server. A more secure and powerful protocol will be provided by adding the PUF hardware to the AP which creates a non-duplicable key that not only protects the AP but also encrypts the message and additionally assures its integrity. Furthermore, the proposed protocol will have a centralized administration through batch updates and it will eliminate the inconvenience of the administrator which in existing methods required manually configuration of each SSK values in the AP and RADIUS server. Conclusively, this paper adds PUF to the protocol to protect the SSK with augmented security and proposes the centralized administration of the SSK value in replacement of the current administration method of direct input.