IEEE Wireless Communications • October 2007 21 1536-1284/07/$20.00 © 2007 IEEE Authentication server (AS) Phas INTRODUCTION In a wireless network, a lack of a defined geo- graphical border makes the network subject to attacks from enemies outside the area of control of the administrator of the network. To meet this problem, modern wireless communication standards include security functions directly in the medium access control (MAC) layer. Mobili- ty introduces new challenges, because users roam across networks that are managed by dif- ferent entities, and the same local area network (LAN) could be composed of clients not trusted by each other. Then, security protocols in the MAC layer also must be as resistant as possible to attacks coming from inside of the network. To manage access control at the MAC layer, standards such as WiFi (IEEE 802.11i; see [1]) and WiMax (IEEE 802.16e; see [2]) introduced the IEEE 802.1X [3] model that guarantees a high robustness and manageability to the net- work. However, the IEEE 802.1X authentication phase introduces long delays and does not scale well in mobile networks, where clients often per- form handoffs between different access points and must re-authenticate on each handoff. Both WiFi and WiMax have an ad hoc/mesh mode of use. WiFi ad hoc networks are the most widely used today, but there also are great expec- tations for WiMax for mesh mode (see [4]). If applied to mobile ad hoc networks (MANET), IEEE 802.1X affects the handover phase even more, because authentication must be performed over a multihop path with long delays. In this article, we give an overview of the IEEE 802.1X security protocol, focus on its appli- cation to mobile ad hoc networks, and approach the problem of secure handovers. We describe common problems that must be faced when designing security re-authentication protocols, with special attention to issues related to ad hoc networks. We outline guidelines for a developer to produce protocols that offer a secure design. Lastly, we introduce an example of a scheme for re-authentication in ad hoc IEEE 802.1X net- works that was designed and implemented and has demonstrated good performance results, while maintaining a high level of security. SECURITY PARADIGM OF IEEE 802.1X NETWORKS In this section, we describe the IEEE 802.1X standard, introduce its terminology, and illus- trate how it has been applied to IEEE 802.11i . We also describe how this model was imported into IEEE 802.16e and the difficulties of using it in a MANET due to the loss of performance it produces. IEEE 802.1X specifies the following three roles for agents that are involved in an authenti- cation process: ROMANO F ANTACCI, LEONARDO MACCARI, AND TOMMASO PECORELLA, UNIVERSITY OF FLORENCE FEDERICO FROSALI, TELECOM ITALIA LAB ABSTRACT The handover procedure in secure communi- cation wireless networks is an extremely time- consuming phase, and it represents a critical issue in relation to the time constraints required by certain real-time traffic applications. In par- ticular, in the case of the IEEE 802.1X model, most of the time required for a handover is used for packet exchanges that are required for authentication protocols, such as Extensible Authentication Protocol Transport Layer Securi- ty (EAP-TLS), that require an eight-way hand- shake. Designing secure re-authentication protocols to reduce the number of packets required during a handover is an open issue that is gaining interest with the advent of a pervasive model of networking that requires real-time traf- fic and mobility. This article presents the 802.1X model and evaluates its application to ad hoc networks based on IEEE 802.11i or IEEE 802.16e standards, focusing on the problems that must be evaluated when designing handover pro- cedures, and suggesting guidelines for securing handover procedures. It also presents a novel protocol to perform secure handovers that is respectful of the previous analysis and that has been implemented in a mesh environment. A NALYSIS OF S ECURE H ANDOVER FOR IEEE 802.1X- BASED W IRELESS A D H OC N ETWORKS The authors present the 802.1X model and evaluate its application to ad hoc networks based on IEEE 802.11i or IEEE 802.16e standards, focusing on the problems that must be evaluated when designing handover procedures, and suggesting guidelines for securing handover procedures. S ECURITY IN W IRELESS M OBILE A D H OC AND S ENSOR N ETWORKS