TU Darmstadt / ULB / TUbiblio

Enhanced Wireless Roaming Security Using Three-Party Authentication and Tunnels

Leroy, Damien and Manulis, Mark and Bonaventure, Olivier (2009):
Enhanced Wireless Roaming Security Using Three-Party Authentication and Tunnels.
In: 5th ACM Conference on Emerging Network Experiment and Technology (CoNEXT 2009), ACM, [Conference or Workshop Item]

Abstract

Many organizations and many home users have deployed WiFi networks permitting external users to connect to the Internet through their networks. Such WiFi sharing poses many security risks for the visited network as well as for the visiting user. In this paper, we focus on the recently introduced con- cept for tunneled WiFi roaming in which the infrastructure of the visited network is considered as part of the security architecture. A secure layer-2 tunneling between the user's device and his home network is performed by the visited network only after the successful authentication of all three parties. The authentication protocol provides the mobile device and its home network with a secret key that protects their end-to-end communication. Additionally, it provides another tunnel key, shared with the visited network, that protects the actual traffic exchanged between the visited and home networks and prevents diverse resource consumption attacks against the latter. This concept encourages users to provide roaming service in a more secure and privacy- friendly way. We show how to implement this concept using the IEEE802.11i/EAP framework, based on existing infras- tructures and standard tunneling protocols.

Item Type: Conference or Workshop Item
Erschienen: 2009
Creators: Leroy, Damien and Manulis, Mark and Bonaventure, Olivier
Title: Enhanced Wireless Roaming Security Using Three-Party Authentication and Tunnels
Language: German
Abstract:

Many organizations and many home users have deployed WiFi networks permitting external users to connect to the Internet through their networks. Such WiFi sharing poses many security risks for the visited network as well as for the visiting user. In this paper, we focus on the recently introduced con- cept for tunneled WiFi roaming in which the infrastructure of the visited network is considered as part of the security architecture. A secure layer-2 tunneling between the user's device and his home network is performed by the visited network only after the successful authentication of all three parties. The authentication protocol provides the mobile device and its home network with a secret key that protects their end-to-end communication. Additionally, it provides another tunnel key, shared with the visited network, that protects the actual traffic exchanged between the visited and home networks and prevents diverse resource consumption attacks against the latter. This concept encourages users to provide roaming service in a more secure and privacy- friendly way. We show how to implement this concept using the IEEE802.11i/EAP framework, based on existing infras- tructures and standard tunneling protocols.

Title of Book: 5th ACM Conference on Emerging Network Experiment and Technology (CoNEXT 2009)
Publisher: ACM
Divisions: 20 Department of Computer Science
Date Deposited: 04 Aug 2016 11:51
Identification Number: TUD-CS-2009-0181
Export:

Optionen (nur für Redakteure)

View Item View Item