Authenticated wireless roaming via tunnels

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback
Take a look at the new version of this page: [ beta version ]. Tell us what you think.

Authenticated wireless roaming via tunnels: making mobile guests feel at home

Full text

Pdf (832 KB)

Source

ASIAN ACM Symposium on Information, Computer and Communications Security archive
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security table of contents

Sydney, Australia

SESSION: Network security-II table of contents

Pages: 92-103

Year of Publication: 2009

ISBN:978-1-60558-394-5

Authors

Mark Manulis	Université catholique de Louvain, Louvain-la-Neuve, Belgium
Damien Leroy	Université catholique de Louvain, Louvain-la-Neuve, Belgium
Francois Koeune	Université catholique de Louvain, Louvain-la-Neuve, Belgium
Olivier Bonaventure	Université catholique de Louvain, Louvain-la-Neuve, Belgium
Jean-Jacques Quisquater	Université catholique de Louvain, Louvain-la-Neuve, Belgium

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 25, Downloads (12 Months): 169, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1533057.1533072 What is a DOI?

ABSTRACT

In wireless roaming a mobile device obtains a service from some foreign network while being registered for the similar service at its own home network. However, recent proposals try to keep the service provider role behind the home network and let the foreign network create a tunnel connection through which all service requests of the mobile device are sent to and answered directly by the home network. Such Wireless Roaming via Tunnels (WRT) offers several (security) benefits but states also new security challenges on authentication and key establishment, as the goal is not only to protect the end-to-end communication between the tunnel peers but also the tunnel itself.

In this paper we formally specify mutual authentication and key establishment goals for WRT and propose an efficient and provably secure protocol that can be used to secure such roaming session. Additionally, we describe some modular protocol extensions to address resistance against DoS attacks, anonymity of the mobile device and unlinkability of its roaming sessions, as well as the accounting claims of the foreign network in commercial scenarios.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	802.1X-2004 IEEE Standard for Local and Metropolitan Area Networks --- Port-Based Network Access Control. IEEE, 2004.
	2	3GPP. Group Core Network and Terminals; Handover Procedures (Release 7). Technical report, 2007.
	3	Michel Abdalla , Mihir Bellare , Phillip Rogaway, The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES, Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA, p.143-158, April 08-12, 2001
	4	B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz. Extensible Authentication Protocol (EAP). RFC 3748, IETF, 2004.
	5	B. Anton, B. Bullock, and J. Short. Best Current Practices for Wireless Internet Service Provider (WISP) Roaming. Wi-Fi Alliance - Wireless ISP Roaming (WISPr), Feb. 2003.
	6	Kpatcha Bayarou , Matthias Enzmann , Elli Giessler , Michael Haisch , Brian Hunter , Mohammad Ilyas , Sebastian Rohr , Markus Schneider, Towards Certificate-Based Authentication for Future Mobile Communications, Wireless Personal Communications: An International Journal, v.29 n.3-4, p.283-301, June 2004 [doi>10.1023/B:WIRE.0000047067.12167.67]
	7	M. Bellare. New Proofs for NMAC and HMAC: Security without Collision-Resistance. In CRYPTO'06, LNCS 4117, pp. 602--619. Springer, 2006.
	8	Mihir Bellare , Ran Canetti , Hugo Krawczyk, Keying Hash Functions for Message Authentication, Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, p.1-15, August 18-22, 1996
	9	Mihir Bellare , Chanathip Namprempre, Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm, Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.531-545, December 03-07, 2000
	10	Mihir Bellare , Phillip Rogaway, Entity authentication and key distribution, Proceedings of the 13th annual international cryptology conference on Advances in cryptology, p.232-249, January 1994, Santa Barbara, California, United States
	11	M. Bellare and P. Rogaway. Optimal Asymmetric Encryption --- How to Encrypt with RSA. In EUROCRYPT'94, LNCS 950, pp. 92--111. Springer, 1994.
	12	M. Bellare and P. Rogaway. The Exact Security of Digital Signatures - How to Sign with RSA and Rabin. In EUROCRYPT'96, LNCS 1070, pp. 399--416. Springer, 1996.
	13	Dan Boneh, The Decision Diffie-Hellman Problem, Proceedings of the Third International Symposium on Algorithmic Number Theory, p.48-63, June 21-25, 1998
	14	D. Boneh, E. Shen, and B. Waters. Strongly Unforgeable Signatures Based on Computational Diffie-Hellman. In PKC'06, LNCS 3958, pp. 229--240. Springer, 2006.
	15	Emmanuel Bresson , Olivier Chevassut , David Pointcheval, The Group Diffie-Hellman Problems, Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography, p.325-338, August 15-16, 2002
	16	Emmanuel Bresson , Olivier Chevassut , David Pointcheval , Jean-Jacques Quisquater, Provably authenticated group Diffie-Hellman key exchange, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA [doi>10.1145/501983.502018]
	17	C. Kaufman, Ed. Internet Key Exchange (IKEv2) Protocol. RFC 4306, IETF, 2005.
	18	Ran Canetti , Hugo Krawczyk, Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, p.453-474, May 06-10, 2001
	19	K.-K. R. Choo, C. Boyd, and Y. Hitchcock. Examining Indistinguishability-Based Proof Models for Key Establishment Protocols. In ASIACRYPT'05, LNCS 3788, pp. 585--604. Springer, 2005.
	20	Jean-Sébastien Coron , Marc Joye , David Naccache , Pascal Paillier, Universal Padding Schemes for RSA, Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology, p.226-241, August 18-22, 2002
	21	Ronald Cramer , Victor Shoup, A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack, Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, p.13-25, August 23-27, 1998
	22	W. Diffie and M. E. Hellman. New Directions in Cryptography. IEEE Trans. on Information Theory, IT-22(6):644--654, 1976.
	23	Marcel Dischinger , Andreas Haeberlen , Krishna P. Gummadi , Stefan Saroiu, Characterizing residential broadband networks, Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, October 24-26, 2007, San Diego, California, USA [doi>10.1145/1298306.1298313]
	24	Y. Dodis, R. Gennaro, J. Håstad, H. Krawczyk, and T. Rabin. Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes. In CRYPTO'04, LNCS 3152, pp. 494--510. Springer, 2004.
	25	eduroam. http://www.eduroam.org.
	26	ETSI Technical Specification. Digital Cellular Telecommunications System (Phase 2+); Security Related Network Function. TS 100 929, ETSI, 2008.
	27	Eiichiro Fujisaki , Tatsuaki Okamoto , David Pointcheval , Jacques Stern, RSA-OAEP Is Secure under the RSA Assumption, Journal of Cryptology, v.17 n.2, p.81-104, March 2004 [doi>10.1007/s00145-002-0204-y]
	28	P. Funk and S. Blake-Wilson. Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0). RFC 5281, IETF, 2008.
	29	J. Gu, S. Park, O. Song, J. Lee, J. Nah, and S. W. Sohn. Mobile PKI: A PKI-Based Authentication Framework for the Next Generation Mobile Communications. In ACISP'03, LNCS 2727, pp. 180--191. Springer, 2003.
	30	Qiong Huang , Duncan S. Wong , Yiming Zhao, Generic Transformation to Strongly Unforgeable Signatures, Proceedings of the 5th international conference on Applied Cryptography and Network Security, June 05-08, 2007, Zhuhai, China [doi>10.1007/978-3-540-72738-5_1]
	31	ITU-T. One-Way Transmission Time. G. 114, 2003.
	32	S. Kent and K. Seo. Security Architecture for the Internet Protocol. RFC 4301, IETF, 2005.
	33	S. Kim, H. Cho, H. Hahm, S. Lee, and M. S. Lee. Interoperability between UMTS and CDMA 2000 Networks. IEEE Wireless Communications, 10(1):22--28, 2003.
	34	Karthik Lakshminarayanan , Venkata N. Padmanabhan, Some findings on the network performance of broadband hosts, Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, October 27-29, 2003, Miami Beach, FL, USA [doi>10.1145/948205.948212]
	35	B. A. LaMacchia, K. Lauter, and A. Mityagin. Stronger Security of Authenticated Key Exchange. In ProvSec'07, LNCS 4789, pp. 1--16. Springer, 2007.
	36	M. Long, C.-H. Wu, and J. D. Irwin. Localised Authentication for Inter-Network Roaming across Wireless LANs. IEE Proceedings Communications, 151(5):496--500, 2004.
	37	Ana Sanz Merino , Yasuhiko Matsunaga , Manish Shah , Takashi Suzuki , Randy H. Katz, Secure authentication system for public WLAN roaming, Mobile Networks and Applications, v.10 n.3, p.355-370, June 2005 [doi>10.1007/s11036-005-6428-y]
	38	U. Meyer. Secure Roaming and Handover Procedures in Wireless Access Networks. PhD thesis, TU Darmstadt, 2005.
	39	Ulrike Meyer , Jared Cordasco , Susanne Wetzel, An approach to enhance inter-provider roaming through secret sharing and its application to WLANs, Proceedings of the 3rd ACM international workshop on Wireless mobile applications and services on WLAN hotspots, September 02-02, 2005, Cologne, Germany [doi>10.1145/1080730.1080732]
	40	R. Molva, D. Samfat, and G. Tsudik. Authentication of Mobile Users. IEEE Network, 8:26--34, 1994.
	41	NIST. Digital Signature Standard (DSS). FIPS PUB 186--2, 2000.
	42	Charles Rackoff , Daniel R. Simon, Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack, Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, p.433-444, August 11-15, 1991
	43	C. Ribeiro, F. Silva, and A. Zúquete. A Roaming Authentication Solution for Wifi using IPsec VPNs with Client Certificates. In TERENA Networking Conf., 2004.
	44	C. Rigney , S. Willens , A. Rubens , W. Simpson, Remote Authentication Dial In User Service (RADIUS), RFC Editor, 2000
	45	R. Robert, M. Manulis, F. De Villenfagne, D. Leroy J. Jost, F. Koeune, C. Ker, J.-M. Dinant, Y. Poullet, O. Bonaventure, and J.-J. Quisquater. WiFi Roaming: Legal Implications and Security Constraints. Int. J. of Law and Inf. Technology, 16(3):205--241. Oxford University Press, 2008.
	46	G. Rose and G. Koien. Access Security in CDMA2000, including a Comparison with UMTS Access Security. IEEE Wireless Commmunications, 11(1):19--25, 2004.
	47	L. Salgarelli, M. Buddhikot, J. Garay, S. Patel, and S. Miller. Efficient Authentication and Key Distribution in Wireless IP Networks. IEEE Wireless Communications, 10(6):52--61, 2003.
	48	N. Sastry, K. Sollins, and J. Crowcroft. Architecting Citywide Ubiquitous Wi-Fi Access. In HotNets-VI, 2007. available at http://conferences.sigcomm.org/ hotnets/2007/papers/hotnets6-final88.pdf.
	49	Adi Shamir, How to share a secret, Communications of the ACM, v.22 n.11, p.612-613, Nov. 1979 [doi>10.1145/359168.359176]
	50	D. Simon, B. Aboba, and R. Hurst. The EAP-TLS Authentication Protocol. RFC 5216, IETF, 2008.
	51	S. Stamm, Z. Ramzan, and M. Jakobsson. Drive-By Pharming. In ICICS'07, LNCS 4861, pp. 495--506. Springer, 2007.
	52	W. Townsley , A. Valencia , A. Rubens , G. Pall , G. Zorn , B. Palter, Layer Two Tunneling Protocol "L2TP", RFC Editor, 1999