Electrical Engineering
      and Computer Sciences

Electrical Engineering and Computer Sciences

COLLEGE OF ENGINEERING

UC Berkeley

Secure Authentication System for Public WLAN Roaming

Ana Sanz Merino

EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-05-1398
May 2005

http://www.eecs.berkeley.edu/Pubs/TechRpts/2005/CSD-05-1398.pdf

A serious challenge for seamless roaming between independent wireless LANs (WLANs) is how best to confederate the various WLAN service providers, each having different trust relationships with individuals and each supporting their own authentication schemes, which may vary from one provider to the next. We have designed and implemented a comprehensive single sign-on (SSO) authentication architecture that confederates WLAN service providers through trusted identity providers. Users may automatically select the appropriate SSO authentication scheme from the authentication capabilities announced by the WLAN service provider, and can block the exposure of their sensitive information while roaming. In addition, we have developed a compound Layer 2 and Web authentication scheme that ensures cryptographically protected access while preserving pre-existing public WLAN payment models. Our experimental results, obtained from our prototype system, show that the total authentication delay is below 2 seconds in the worst case. This time is dominated primarily by our use of industry-standard XML-based protocols, yet is still small enough for practical use.


BibTeX citation:

@techreport{Sanz Merino:CSD-05-1398,
    Author = {Sanz Merino, Ana},
    Title = {Secure Authentication System for Public WLAN Roaming},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2005},
    Month = {May},
    URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2005/5540.html},
    Number = {UCB/CSD-05-1398},
    Abstract = {A serious challenge for seamless roaming between independent wireless LANs (WLANs) is how best to confederate the various WLAN service providers, each having different trust relationships with individuals and each supporting their own authentication schemes, which may vary from one provider to the next. We have designed and implemented a comprehensive single sign-on (SSO) authentication architecture that confederates WLAN service providers through trusted identity providers. Users may automatically select the appropriate SSO authentication scheme from the authentication capabilities announced by the WLAN service provider, and can block the exposure of their sensitive information while roaming. In addition, we have developed a compound Layer 2 and Web authentication scheme that ensures cryptographically protected access while preserving pre-existing public WLAN payment models. Our experimental results, obtained from our prototype system, show that the total authentication delay is below 2 seconds in the worst case. This time is dominated primarily by our use of industry-standard XML-based protocols, yet is still small enough for practical use.}
}

EndNote citation:

%0 Report
%A Sanz Merino, Ana
%T Secure Authentication System for Public WLAN Roaming
%I EECS Department, University of California, Berkeley
%D 2005
%@ UCB/CSD-05-1398
%U http://www.eecs.berkeley.edu/Pubs/TechRpts/2005/5540.html
%F Sanz Merino:CSD-05-1398