Access control protocols with two-layer architecture for wireless networks Zhiguo Wan a,c, * , Robert H. Deng b , Feng Bao c , Akkihebbal L. Ananda a a School of Computing, National University of Singapore, 3 Science Drive 2, Singapore 117543, Singapore b School of Information Systems, Singapore Management University, Singapore 259756, Singapore c Institute for Infocomm Research, 21 Heng Mui Keng Terrace, Singapore 119613, Singapore Received 24 November 2004; received in revised form 23 May 2006; accepted 31 May 2006 Responsible Editor: S. Kasera Abstract In this paper we study two access control protocols which have similar two-layer access control architectures for wire- less networks in public places. The first protocol, called the Lancaster protocol, employs user password for authentication and enforces access control at the IP layer; while the second protocol, referred to as the Stanford protocol, uses public key cryptosystems (PKC) for authentication and performs access control at the link layer. Although both protocols are intended to restrict access to wireless networks only to authorized users, our analysis shows that both protocols have seri- ous security flaws which make them vulnerable to attacks. Then we propose a password-based protocol and a PKC-based protocol for the Lancaster architecture and the Stanford architecture, respectively. Both of our protocols provide mutual authentication, perfect forward secrecy and access control for wireless networks. Moreover, they also provide DoS resis- tance and identity confidentiality for the client. We present detailed security and performance analysis for our protocols, and show that both of our protocols are secure and efficient for access control in wireless networks. Ó 2006 Elsevier B.V. All rights reserved. Keywords: Wireless networks; Access control; Security protocol 1. Introduction The demand for access to wireless networks in public places, such as airport lounges, college cam- puses and city centers, has surged dramatically over the recent few years. This is mainly due to the grow- ing popularity of mobile devices and the increasing pervasiveness of wireless technologies, such as IEEE 802.11, HomeRF, HIPERLAN/2 and Bluetooth. A major concern in wireless networking is security and in particular network access control. Since deploy- ment of wireless network technologies in public places bears the danger of unauthorized users gain- ing access to network services, it is extremely impor- tant to be able to restrict access to the network only 1389-1286/$ - see front matter Ó 2006 Elsevier B.V. All rights reserved. doi:10.1016/j.comnet.2006.05.009 * Corresponding author. Address: School of Computing, National University of Singapore, 3 Science Drive 2, Singapore 117543, Singapore. Tel.: +65 6874 8274. E-mail address: zhiguo@i2r.a-star.edu.sg (Z. Wan). Computer Networks xxx (2006) xxx–xxx www.elsevier.com/locate/comnet ARTICLE IN PRESS