Skip to main content
SpringerLink
Log in

Secure Authentication System for Public WLAN Roaming

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

A serious challenge for seamless roaming between independent wireless LANs (WLANs) is how best to confederate the various WLAN service providers, each having different trust relationships with individuals and each supporting their own authentication schemes, which may vary from one provider to the next. We have designed and implemented a comprehensive single sign-on (SSO) authentication architecture that confederates WLAN service providers through trusted identity providers. Users select the appropriate SSO authentication scheme from the authentication capabilities announced by the WLAN service provider, and can block the exposure of their privacy information while roaming. In addition, we have developed a compound Layer 2 and Web authentication scheme that ensures cryptographically protected access while preserving pre-existing public WLAN payment models. Our experimental results, obtained from our prototype system, show that the total authentication delay is about 2 seconds in the worst case. This time is dominated primarily by our use of industry-standard XML-based protocols, yet is still small enough for practical use.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. V. Bahl, A. Balachandran and S. Venkatachary, The CHOICE Network: Broadband wireless Internet access in public places, Microsoft Technical Report, MSR-TR-2000-21 (Feb. 2000).

  2. J. Bellardo and S. Savage, 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions”, in Proceedings of the USENIX Security Symposium (Aug. 2003).

  3. S. Hada and M. Kudo, Access control model with provisional actions, IEICE Trans. Fundamentals E84-A(1) (2001).

  4. HotSpotList.com, http://www.hotspotlist.com/

  5. http://srp.stanford.edu/

  6. http://www.open1x.org/

  7. IETF, RFC 2865, Remote authentication dial in user service (RADIUS) (June 2000).

  8. IETF, RFC 2716, PPP EAP TLS Authentication Protocol (Oct. 1999).

  9. IEEE Std 802.1X-2001, Port-Based Network Access Control (June 2001).

  10. IEEE Std 802.11i/D7.0, Medium Access Control (MAC) Security Enhancements (Oct. 2003).

  11. IETF RFC 2402, IP Authentication Header (Nov. 1998).

  12. IETF, RFC2759 Microsoft PPP CHAP extensions, Version 2 (Jan. 2000).

  13. Internet-Draft, EAP Tunneled TLS Authentication Protocol, draft-ietf-pppext-eap-ttls-03.txt, work in progress.

  14. D. Jablon, Strong password-only authenticated key exchange, Computer Communication Review 26 (1996).

  15. Liberty Alliance Project, Liberty ID-FF architecture overview, Version 1.2 (Nov. 2003).

  16. OASIS, Assertions and Protocol for the OASIS Assertion Markup Language (SAML), Committee Specification 01 (May 2002).

  17. OASIS, eXtensible Access Control Markup Language (XACML), Version 1.0, Feb. (2003).

  18. Wi-Fi Alliance, Best current practices for wireless internet service provider (WISP) roaming, ver. 1.0 (2003).

  19. N. C-Winget, R. Housley, D. Wagner and J. Walker, Security flaws in 802.11 data link protocols, Communications of the ACM 46(5) (2003) 35–39.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Division, University of California, Berkeley, CA, USA

    Ana Sanz Merino, Yasuhiko Matsunaga & Manish Shah

  2. Multimedia Laboratories, NTT DoCoMo, Inc., Yokosuka, Kanagawa, Japan

    Takashi Suzuki & Randy H. Katz

Authors
  1. Ana Sanz Merino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yasuhiko Matsunaga
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Manish Shah
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Takashi Suzuki
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Randy H. Katz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ana Sanz Merino.

Additional information

Ana Sanz Merino received her B.S. degree in Electrical Engineering from Universidad Politécnica de Madrid (Spain) in 1999. She was the recipient of the Fundación Telefónica award to the best final thesis in telecommunications networks and services published in Spain in the 1999–2000 academic year. Her area of expertise is data communications, a field in which she has worked in R&D since 1998, first at Universidad Politécnica de Madrid, and later for two companies in the telecom sector, Telefónica and Ericsson. Presently, she is a student of the M.S. in Computer Science and a researcher at University of California, Berkeley, where she works on wireless network security with Professor Randy H. Katz.

Yasuhiko Matsunaga is a researcher at NEC Corporation, Japan. He specializes in resource and security management in wireless and broadband networks. He received B.S and M.S degrees from the University of Tokyo in 1992 and 1994. He was a visiting researcher at the computer science division at the University of California, Berkeley from Dec. 2002 to Dec. 2003.

Manish Shah is a third year undergraduate student at University of California, Berkeley Computer Science Department. He has been doing research with Prof. Katz and the Sahara Group since May 2003. His research interests are networking related focusing on wireless systems and technologies. He has recently been involved in sensor network related research.

Takashi Suzuki received B.E and M.E. degrees in communication engineering from Osaka University, Japan, in 1994 and 1996, respectively. In 1996, he joined NTT DoCoMo, Japan, where he was engaged in research and development of mobile multimedia communication protocols. He was a visiting industrial fellow at University of California, Berkeley from 2001 to 2003, where he worked on web service security and WLAN security. He is now engaged in research on secure mobile terminal architecture at Multimedia Laboratories of NTT DoCoMo.

Randy Howard Katz received his undergraduate degree from Cornell University, and his M.S. and Ph.D. degrees from the University of California, Berkeley. He joined the faculty at Berkeley in 1983, where he is now the United Microelectronics Corporation Distinguished Professor in Electrical Engineering and Computer Science. He is a Fellow of the ACM and the IEEE, and a member of the National Academy of Engineering. He has published over 200 refereed technical papers, book chapters, and books. His hardware design textbook, Contemporary Logic Design, has sold over 85,000 copies worldwide, and has been in use at over 200 colleges and universities. He has supervised 35 M.S. theses and 21 Ph.D. dissertations, and leads a research team of over a dozen graduate students, technical staff, and industrial visitors. He has won numerous awards, including seven best paper awards, one “test of time” paper award, one paper selected for a 50 year retrospective on IEEE communications publications, three best presentation awards, the Outstanding Alumni Award of the Computer Science Division, the CRA Outstanding Service Award, the Berkeley Distinguished Teaching Award, the Air Force Exceptional Civilian Service Decoration, the IEEE Reynolds Johnson Information Storage Award, the ASEE Frederic E. Terman Award, and the ACM Karl V. Karlstrom Outstanding Educator Award. With colleagues at Berkeley, he developed Redundant Arrays of Inexpensive Disks (RAID), a $25 billion per year industry sector today. While on leave for government service in 1993–1994, he established whitehouse.gov and connected the White House to the Internet. His current research interests are Internet Services Architecture, Mobile Internet, and the technologies underlying the convergence of telecommunications and packet networks. Prior research interests have included: database management, VLSI CAD, and high performance multiprocessor and storage architectures.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Merino, A.S., Matsunaga, Y., Shah, M. et al. Secure Authentication System for Public WLAN Roaming. Mobile Netw Appl 10, 355–370 (2005). https://doi.org/10.1007/s11036-005-6428-y

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-005-6428-y

Keywords

Search

Navigation