Secure Authentication System for Public WLAN Roaming
Tóm tắt
A serious challenge for seamless roaming between independent wireless LANs (WLANs) is how best to confederate the various WLAN service providers, each having different trust relationships with individuals and each supporting their own authentication schemes, which may vary from one provider to the next. We have designed and implemented a comprehensive single sign-on (SSO) authentication architecture that confederates WLAN service providers through trusted identity providers. Users select the appropriate SSO authentication scheme from the authentication capabilities announced by the WLAN service provider, and can block the exposure of their privacy information while roaming. In addition, we have developed a compound Layer 2 and Web authentication scheme that ensures cryptographically protected access while preserving pre-existing public WLAN payment models. Our experimental results, obtained from our prototype system, show that the total authentication delay is about 2 seconds in the worst case. This time is dominated primarily by our use of industry-standard XML-based protocols, yet is still small enough for practical use.
Tài liệu tham khảo
V. Bahl, A. Balachandran and S. Venkatachary, The CHOICE Network: Broadband wireless Internet access in public places, Microsoft Technical Report, MSR-TR-2000-21 (Feb. 2000).
J. Bellardo and S. Savage, 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions”, in Proceedings of the USENIX Security Symposium (Aug. 2003).
S. Hada and M. Kudo, Access control model with provisional actions, IEICE Trans. Fundamentals E84-A(1) (2001).
HotSpotList.com, http://www.hotspotlist.com/
http://srp.stanford.edu/
http://www.open1x.org/
IETF, RFC 2865, Remote authentication dial in user service (RADIUS) (June 2000).
IETF, RFC 2716, PPP EAP TLS Authentication Protocol (Oct. 1999).
IEEE Std 802.1X-2001, Port-Based Network Access Control (June 2001).
IEEE Std 802.11i/D7.0, Medium Access Control (MAC) Security Enhancements (Oct. 2003).
IETF RFC 2402, IP Authentication Header (Nov. 1998).
IETF, RFC2759 Microsoft PPP CHAP extensions, Version 2 (Jan. 2000).
Internet-Draft, EAP Tunneled TLS Authentication Protocol, draft-ietf-pppext-eap-ttls-03.txt, work in progress.
D. Jablon, Strong password-only authenticated key exchange, Computer Communication Review 26 (1996).
Liberty Alliance Project, Liberty ID-FF architecture overview, Version 1.2 (Nov. 2003).
OASIS, Assertions and Protocol for the OASIS Assertion Markup Language (SAML), Committee Specification 01 (May 2002).
OASIS, eXtensible Access Control Markup Language (XACML), Version 1.0, Feb. (2003).
Wi-Fi Alliance, Best current practices for wireless internet service provider (WISP) roaming, ver. 1.0 (2003).
N. C-Winget, R. Housley, D. Wagner and J. Walker, Security flaws in 802.11 data link protocols, Communications of the ACM 46(5) (2003) 35–39.