Abstract

Existing handover schemes in wireless LANs, 3G/4G networks, and femtocells rely upon protocols involving centralized authentication servers and one or more access points. These protocols are invariably complex and use extensive signaling on the wireless backhaul since they aim to be be efficient (minimal handover latency) without sacrificing robustness. However, the mobile user has little involvement especially with the so-called <i xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">context transfer</i> stage; this stage involves the transfer of necessary state to the new access point as well as the enforcement of security goals such as user authentication and single point of access. We propose the incorporation of user <i xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">capabilities</i> , network-asserted proofs of user identity and access control, as a general mechanism to simplify the context transfer stage. To this end, we have designed <i xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">CapAuth</i> , a capability-based scheme that has reduced complexity, low overhead, high level of fault tolerance and is general enough to implement a range of security policies.