Cryptology ePrint Archive: Report 2008/382

Authenticated Wireless Roaming via Tunnels: Making Mobile Guests Feel at Home

Mark Manulis and Damien Leroy and Francois Koeune and Olivier Bonaventure and Jean-Jacques Quisquater

Abstract: In wireless roaming a mobile device obtains a service from some foreign network while being registered for the similar service at its own home network. However, recent proposals try to keep the service provider role behind the home network and let the foreign network create a tunnel connection through which all service requests of the mobile device are sent to and answered directly by the home network. Such Wireless Roaming via Tunnels (WRT) offers several (security) benefits but states also new security challenges on authentication and key establishment, as the goal is not only to protect the end-to-end communication between the tunnel peers but also the tunnel itself.

In this paper we formally specify mutual authentication and key establishment goals for WRT and propose an efficient and provably secure protocol that can be used to secure such roaming session. Additionally, we describe some modular protocol extensions to address resistance against DoS attacks, anonymity of the mobile device and unlinkability of its roaming sessions, as well as the accounting claims of the foreign network in commercial scenarios.

Category / Keywords: Authentication, end-to-end security, key exchange, mobile networks, security model,

Publication Info: The shorter version of this full paper appears at ASIACCS 2009. Copyright ACM.

Date: received 9 Sep 2008, last revised 16 Dec 2008

Contact author: mark manulis at uclouvain be

Available format(s): PDF | BibTeX Citation

Note: This new revision contains some corrections, security proofs, restructuring, aditional examples and arguments, and remarks on the efficiency of the protocol.

Version: 20081216:114131 (All versions of this report)

Short URL: ia.cr/2008/382