GPRS∕UMTS-aided authentication protocol for wireless LANs

Abstract

Wireless local area network (WLAN) and cellular network are two important technologies for providing wireless communications. For user authentication of WLAN, the IEEE 802.1X standard provides an authentication framework that is based on the Extensible Authentication Protocol (EAP). When a roaming user wants to access WLANs provided by different operators, the user must remember multiple identities and the corresponding authentication credentials. Obviously, such an exercise is not user friendly. This problem is caused by the fact that a visited WLAN does not have the authentication credential of a roaming user. Previous proposals have studied the authentication of inter-network roaming across different WLANs, or across a cellular network and a WLAN. As is known, cellular networks provide wider service areas, ‘always-on’ and ubiquitous connectivity. The integration of WLAN and cellular networks has a management advantage that it can unify the subscriber identity and the corresponding credential. In this paper, we first propose a practical certificate distribution scheme. The certificate distribution scheme allows roaming users of a cellular network to obtain temporary certificates from their home cellular network. Afterward adopting certificate-based authentication protocol of the IEEE 802.1X standard, roaming users may use temporary certificates to access WLANs. The proposed solution achieves easy subscriber management and pervasive access. As demonstrated, the proposed solution also provides mutual authentication and strong identity protection, in addition to withstanding the man-in-the-middle attack and the eavesdropping attack. A performance evaluation shows that the proposed protocol is well suited for roaming users with mobile devices.