SWISH: Secure WiFi sharing

The fast increase of mobile Internet use motivates the need for WiFi sharing solutions, where a mobile user connects to the Internet via a nearby foreign network while its home network is far away. This situation creates security challenges which are only partially solved by existing solutions like VPNs. Such solutions neglect the security of the visited network, and private users or organizations are thus reluctant to share their connection. In this paper, we present and implement SWISH, an efficient, full scale solution to this problem. SWISH is based on establishing a tunnel from the visited network to the user's home network. All the data from the mobile is then forwarded through this tunnel. Internet access is therefore provided without endangering the visited network. We also propose protocol extensions that allow the visited network to charge for the data it forwards, and to protect the privacy of the mobile user while preventing abuse. SWISH was successfully deployed on university networks, demonstrating that it can be conveniently implemented in existing networks with a minimal impact on performance.

[1]  Diana K. Smetters,et al.  Secret handshakes from pairing-based key agreements , 2003, 2003 Symposium on Security and Privacy, 2003..

[2]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[3]  Daithí Mac Síthigh Law in the Last Mile: Sharing Internet Access through WiFi , 2009 .

[4]  Hossein Bidgoli,et al.  Handbook of Information Security, Information Warfare, Social, Legal, and International Issues and Security Foundations (Handbook of Information Security) , 2006 .

[5]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[6]  Robert V. Hale Wi-Fi Liability: Potential Legal Risks in Accessing and Operating Wireless Internet , 2005 .

[7]  Charles E. Perkins,et al.  IP Mobility Support for IPv4 , 2002, RFC.

[8]  Pekka Nikander,et al.  Host Identity Protocol (HIP) Architecture , 2006, RFC.

[9]  Burkhard Stiller,et al.  Non-repudiation of consumption of mobile Internet services with privacy support , 2005, WiMob'2005), IEEE International Conference on Wireless And Mobile Computing, Networking And Communications, 2005..

[10]  정희영,et al.  IETF에서의 빠른 핸드오프 기술 표준화 동향 , 2002 .

[11]  Simon Blake-Wilson,et al.  Funk Request for Comments : 5281 Unaffiliated Category : Informational , 2008 .

[12]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[13]  Olivier Bonaventure,et al.  Enhanced wireless roaming security using three-party authentication and tunnels , 2009, U-NET '09.

[14]  A. Botta,et al.  Multi-protocol and Multi-platform Traffic Generation and Measurement , 2010 .

[15]  Jon Crowcroft,et al.  Architecting Citywide Ubiquitous Wi-Fi Access , 2007, HotNets.

[16]  NikanderP.,et al.  Host Identity Protocol (HIP) , 2008 .

[17]  Jianying Zhou,et al.  An intensive survey of fair non-repudiation protocols , 2002, Comput. Commun..

[18]  Lee Johnson,et al.  Deploying and Troubleshooting Cisco Wireless LAN Controllers , 2009 .

[19]  Andreas Noack,et al.  Efficient Authenticated Wireless Roaming via Tunnels , 2009, QSHINE.

[20]  Hesham Soliman,et al.  Mobile IPv6: Mobility in a Wireless Internet , 2004 .

[21]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[22]  Olivier Bonaventure,et al.  Authenticated wireless roaming via tunnels: making mobile guests feel at home , 2009, ASIACCS '09.

[23]  Keith Swiat The travelling menace: rogue hotspots , 2006 .

[24]  Klaus Wehrle,et al.  Secure Wi-Fi sharing at global scales , 2008, 2008 International Conference on Telecommunications.

[25]  Paul Francis,et al.  The IP Network Address Translator (NAT) , 1994, RFC.