Enhanced wireless roaming security using three-party authentication and tunnels

U-NET '09 Pub Date : 2009-12-01 DOI:10.1145/1659029.1659032

Damien Leroy, M. Manulis, O. Bonaventure

{"title":"Enhanced wireless roaming security using three-party authentication and tunnels","authors":"Damien Leroy, M. Manulis, O. Bonaventure","doi":"10.1145/1659029.1659032","DOIUrl":null,"url":null,"abstract":"Many organizations and many home users have deployed WiFi networks permitting external users to connect to the Internet through their networks. Such WiFi sharing poses many security risks for the visited network as well as for the visiting user.\n In this paper, we focus on the recently introduced concept for tunneled WiFi roaming in which the infrastructure of the visited network is considered as part of the security architecture. A secure layer-2 tunneling between the user's device and his home network is performed by the visited network only after the successful authentication of all three parties. The authentication protocol provides the mobile device and its home network with a secret key that protects their end-to-end communication. Additionally, it provides another tunnel key, shared with the visited network, that protects the actual traffic exchanged between the visited and home networks and prevents diverse resource consumption attacks against the latter. This concept encourages users to provide roaming service in a more secure and privacy-friendly way. We show how to implement this concept using the IEEE802.11i/EAP framework, based on existing infrastructures and standard tunneling protocols.","PeriodicalId":378194,"journal":{"name":"U-NET '09","volume":"2010 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"U-NET '09","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1659029.1659032","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Many organizations and many home users have deployed WiFi networks permitting external users to connect to the Internet through their networks. Such WiFi sharing poses many security risks for the visited network as well as for the visiting user. In this paper, we focus on the recently introduced concept for tunneled WiFi roaming in which the infrastructure of the visited network is considered as part of the security architecture. A secure layer-2 tunneling between the user's device and his home network is performed by the visited network only after the successful authentication of all three parties. The authentication protocol provides the mobile device and its home network with a secret key that protects their end-to-end communication. Additionally, it provides another tunnel key, shared with the visited network, that protects the actual traffic exchanged between the visited and home networks and prevents diverse resource consumption attacks against the latter. This concept encourages users to provide roaming service in a more secure and privacy-friendly way. We show how to implement this concept using the IEEE802.11i/EAP framework, based on existing infrastructures and standard tunneling protocols.

查看原文本刊更多论文

使用三方认证和隧道增强无线漫游安全性

许多组织和许多家庭用户已经部署了WiFi网络，允许外部用户通过他们的网络连接到互联网。这种WiFi共享给被访问网络和访问用户带来了很多安全风险。在本文中，我们关注最近引入的隧道WiFi漫游概念，其中被访问网络的基础设施被视为安全架构的一部分。只有在三方认证通过后，被访问网络才会在用户的设备和家庭网络之间建立安全的二层隧道。身份验证协议为移动设备及其家庭网络提供了保护端到端通信的密钥。此外，它还提供另一种隧道密钥，与被访问网络共享，保护被访问网络与家庭网络之间实际交换的流量，防止针对家庭网络的各种资源消耗攻击。这一概念鼓励用户以更安全和隐私友好的方式提供漫游服务。我们将展示如何使用基于现有基础设施和标准隧道协议的IEEE802.11i/EAP框架实现此概念。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

U-NET '09

自引率

0.00%

发文量