Paper 2008/382

Authenticated Wireless Roaming via Tunnels: Making Mobile Guests Feel at Home

Mark Manulis, Damien Leroy, Francois Koeune, Olivier Bonaventure, and Jean-Jacques Quisquater


In wireless roaming a mobile device obtains a service from some foreign network while being registered for the similar service at its own home network. However, recent proposals try to keep the service provider role behind the home network and let the foreign network create a tunnel connection through which all service requests of the mobile device are sent to and answered directly by the home network. Such Wireless Roaming via Tunnels (WRT) offers several (security) benefits but states also new security challenges on authentication and key establishment, as the goal is not only to protect the end-to-end communication between the tunnel peers but also the tunnel itself. In this paper we formally specify mutual authentication and key establishment goals for WRT and propose an efficient and provably secure protocol that can be used to secure such roaming session. Additionally, we describe some modular protocol extensions to address resistance against DoS attacks, anonymity of the mobile device and unlinkability of its roaming sessions, as well as the accounting claims of the foreign network in commercial scenarios.

Note: This new revision contains some corrections, security proofs, restructuring, aditional examples and arguments, and remarks on the efficiency of the protocol.

Available format(s)
Publication info
Published elsewhere. The shorter version of this full paper appears at ASIACCS 2009. Copyright ACM.
Authenticationend-to-end securitykey exchangemobile networkssecurity model
Contact author(s)
mark manulis @ uclouvain be
2008-12-16: last of 2 revisions
2008-09-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mark Manulis and Damien Leroy and Francois Koeune and Olivier Bonaventure and Jean-Jacques Quisquater},
      title = {Authenticated Wireless Roaming via Tunnels: Making Mobile Guests Feel at Home},
      howpublished = {Cryptology ePrint Archive, Paper 2008/382},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.