Abstract

Authentication for inter-network roaming across wireless LANs is an important issue for achieving the goal of pervasive access and computing. The technical challenge lies in the fact that a visited network does not initially have the authentication credentials of a roaming user. Previous proposals have suggested that a visited network obtain the credentials of a roaming user and then forward them to the user's home network for authentication. A public key certificate structure is proposed, tailored to the business model of wireless Internet service providers (ISPs). In this manner, the mutual authentication between a visited network and a roaming user can be performed locally without any contact with user's home network. As a result, the time overhead incurred by communication between the ISPs' authentication, authorisation and accounting (AAA) servers can be avoided. A concrete protocol is proposed for the initial roaming authentication, which modifies the secure socket layer (SSL) v3.0 handshake protocol in order to encrypt a roaming user's identity, thus preventing any leaks in the wireless medium. A visited network can a posteriori use a portion of the protocol execution transcript as evidence to obtain revenue from a roaming user's home network. As demonstrated, the proposed solution provides a high level of security and is computationally efficient.