Seamless authentication across heterogeneous networks using Generic Bootstrapping systems

With the increasing demand for mobile data services and increased availability of multimode devices with multiple wireless interfaces, seamless mobility and service continuity across heterogeneous networks has become a differentiating service for Operators to offer users an enhanced mobile experience. In recent years, the Federated Identity Management (IdM) standards and technologies have rapidly evolved to address security, user experience, and privacy needs from an application layer perspective or as seen from the end user. As a result of these Federated IdM activities, a Single Sign-On (SSO) concept has been created in which a user may use a single set of authentication credentials to gain access to multiple independent Application Services. This paper provides an overview of the various layers of security in a communications protocol stack and then presents an approach to achieve seamless mobility across heterogeneous networks based on Federated Identity systems. By leveraging a pre-established application layer security association, access layer authentication credentials may be generated using a bootstrapping mechanism to enable authentication and setup of a secure channel in an on-demand, automated and seamless manner may be carried out whilst roaming across disparate networks. A comparison of the proposed scheme and state-of-the-art techniques is included.