Yasuhiko Matsunaga
Randy H. Katz
ABSTRACT
A serious impediment for seamless roaming between independent wireless LANs (WLANs) is how best to confederate the various WLAN service providers, each having different trust relationships with individuals and each supporting their own authentication schemes which may vary from one provider to the next. We have designed and implemented a comprehensive single sign-on (SSO) authentication architecture that confederates WLAN service providers through trusted identity providers. Users select the appropriate SSO authentication scheme from the authentication capabilities announced by the WLAN service provider, and can block the exposure of their privacy information while roaming. In addition, we have developed a compound layer 2 and Web authentication scheme that ensures cryptographically protected access while preserving pre-existing public WLAN payment models. Our experimental results, obtained from our prototype system, show the total authentication delay are well within 2 seconds. This is dominated primarily by our use of industry-standard XML-based protocols, yet are still small enough for practical use.
- HotSpotList.com, http://www.hotspotlist.com/Google Scholar
- IETF, RFC 2865 "Remote Authentication Dial In User Service (RADIUS)", June 2000.Google Scholar
- Liberty Alliance Project, "Liberty Architecture Overview", version 1.1, January 2003.Google Scholar
- Wi-Fi Alliance, "Best Current Practices for Wireless Internet Service Provider (WISP) Roaming", ver. 1.0, 2003.Google Scholar
- S. Hada and M. Kudo, "Access Control Model with Provisional Actions", IEICE Trans. Fundamentals, Vol. E84-A, No.1, Jan. 2001.Google Scholar
- OASIS eXtensible Access Control Markup Language, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.Google Scholar
- IEEE Std 802.1X-2001, "Port-Based Network Access Control", June 2001.Google Scholar
- IEEE Std 802.11i/D4.0, "Medium Access Control (MAC) Security Enhancements", May 2003.Google Scholar
- IETF, RFC 2716, "PPP EAP TLS Authentication Protocol", Oct. 1999.Google Scholar
- Internet-Draft, "EAP Tunneled TLS Authentication Protocol", draft-ietf-pppext-eap-ttls-02.txt, work in progress.Google Scholar
- IETF RFC 2402, "IP Authentication Header", Nov. 1998.Google Scholar
- D. Jablon, "Strong Password-Only Authenticated Key Exchange", Computer Communication Review, Vol.26, 1996. Google ScholarDigital Library
- http://srp.stanford.edu/Google Scholar
- V. Bahl, A. Balachandran, S. Venkatachary, "The CHOICE Network: Broadband Wireless Internet Access In Public Places", Microsoft Technical Report, MSR-TR-2000-21, Feb. 2000.Google Scholar
- OASIS, "Assertions and Protocol for the OASIS Assertion Markup Language (SAML)", Committee Specification 01, May 2002.Google Scholar
- http://www.open1x.org/Google Scholar
- N. C-Winget, R. Housley, D. Wagner, J. Walker, "Security flaws in 802.11 data link protocols", Communications of the ACM, 46(5), May 2003, pp. 35--39 Google ScholarDigital Library
- J. Bellardo and S. Savage, "802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions", to appear in Proceedings of the USENIX Security Symposium, August 2003. Google ScholarDigital Library
- IETF, RFC2759 "Microsoft PPP CHAP Extensions, Version 2", Jan. 2000.Google Scholar
Index Terms
- Secure authentication system for public WLAN roaming
Recommendations
Secure authentication system for public WLAN roaming
Special issue: Wireless mobile wireless applications and services on WLAN hotspotsA serious challenge for seamless roaming between independent wireless LANs (WLANs) is how best to confederate the various WLAN service providers, each having different trust relationships with individuals and each supporting their own authentication ...
A peer-to-peer approach to wireless LAN roaming
WMASH '03: Proceedings of the 1st ACM international workshop on Wireless mobile applications and services on WLAN hotspotsWe make the case for a Global Confederation of Peer-to-Peer (P2P) Wireless Local Area Networks. A P2P Wireless Network Confederation (P2PWNC) is a community of administrative domains that offer wireless Internet access to each other's registered users. ...
Comments