AAA Architecture and Authentication for Wireless Lan roaming

A wireless LAN service integration architecture based on current wireless LAN hotspots is proposed to make migrating to new service cost effective. The AAA (Authentication, Authorization and Accounting) based mobile terminal registration signaling process is discussed. An application layer end-to-end authentication and key negotiation protocol is proposed to overcome the open air connection problem existing in wireless LAN deployment. The protocol provides a general solution for Internet applications running on a mobile station under various authentication scenarios and keeps the communications private to other wireless LAN users and foreign networks. A functional demonstration of the protocol is also given. The research results should contribute to rapid deployment of wireless LANs hotspot service.

[1]  Kwok-Yan Lam,et al.  Mobile IP registration protocol: a security attack and new secure minimal public-key based authentication , 1999, Proceedings Fourth International Symposium on Parallel Architectures, Algorithms, and Networks (I-SPAN'99).

[2]  Ulf Carlsen Optimal privacy and authentication on a portable communications system , 1994, OPSR.

[3]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[4]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[5]  Charles E. Perkins,et al.  Mobile IP Network Access Identifier Extension for IPv4 , 2000, RFC.

[6]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[7]  Jari Arkko,et al.  The Network Access Identifier , 2005, RFC.

[8]  Andrea Westerinen,et al.  Terminology for Policy-Based Management , 2001, RFC.

[9]  Lein Harn,et al.  Authentication protocols with nonrepudiation services in personal communication systems , 1999, IEEE Communications Letters.

[10]  Natsume Matsuzaki,et al.  Key Distribution Protocol for Digital Mobile Communication Systems , 1989, CRYPTO.

[11]  P. Metzger,et al.  Network Working Group , 2000 .

[12]  David Carrel,et al.  The TACACS+ Protocol Version 1.78 , 1998 .

[13]  Robert W. Shirey,et al.  Internet Security Glossary , 2000, RFC.

[14]  Charles E. Perkins,et al.  IP Mobility Support , 1996, RFC.

[15]  Carl Rigney,et al.  RADIUS Accounting , 1997, RFC.

[16]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[17]  Andrew T. Campbell,et al.  IP micro-mobility protocols , 2000, MOCO.

[18]  Craig A. Finseth,et al.  An Access Control Protocol, Sometimes Called TACACS , 1993, RFC.

[19]  J. S. Stach,et al.  An enhanced authentication protocol for personal communication systems , 1998, Proceedings. 1998 IEEE Workshop on Application-Specific Software Engineering and Technology. ASSET-98 (Cat. No.98EX183).

[20]  Kaoru Kurosawa,et al.  On Key Distribution and Authentication in Mobile Radio Networks , 1994, EUROCRYPT.