Distributed user authentication in wireless LANs

Author

Kuptsov, Dmitriy ; Khurri, Andrey ; Gurtov, Andrei

Author_Institution

Helsinki Inst. for Inf. Technol., Helsinki Univ. of Technol., Helsinki, Finland

fYear

2009

Firstpage

1

Lastpage

9

Abstract

An increasing number of mobile devices, including smartphones, use WLAN for accessing the Internet. Existing WLAN authentication mechanisms are either disruptive, such as presenting a captive web page prompting for password, or unreliable, enabling a malicious user to attack a part of operator´s infrastructure. In this paper, we present a distributed authentication architecture for WLAN users providing instant network access without manual interactions. It supports terminal mobility across WLAN access points with the Host Identity Protocol (HIP), at the same time protecting the operator´s infrastructure from external attacks. User data sent over a wireless link is protected by the IPsec ESP protocol. We present our architecture design and implementation experience on two OpenWrt WLAN access points, followed by measurement results of the working prototype. The system is being deployed into pilot use in the city-wide panOULU WLAN.

Keywords

IP networks; Internet; protocols; security of data; wireless LAN; IPsec ESP protocol; Internet; OpenWrt WLAN access points; WLAN authentication; distributed authentication; distributed user authentication; host identity protocol; instant network access; terminal mobility; wireless LAN; Access protocols; Authentication; Electrostatic precipitators; Hip; Internet; Protection; Smart phones; Web pages; Wireless LAN; Wireless application protocol;

fLanguage

English

Publisher

ieee

Conference_Titel

World of Wireless, Mobile and Multimedia Networks & Workshops, 2009. WoWMoM 2009. IEEE International Symposium on a

Conference_Location

Kos

Print_ISBN

978-1-4244-4440-3

Electronic_ISBN

978-1-4244-4439-7

Type

conf

DOI

10.1109/WOWMOM.2009.5282469

Filename

5282469