Secure Authentication for WLAN Roaming using Delegated Validation System

Yan Adikusuma (0251133)

Rapid deployment of wireless technology has led to rapid growth of Wireless LAN (WLAN). Since workforce is becoming increasingly mobile, roaming across WLANs infrastructure for global access is required. However, some issues are impeding further adoption of the technology, in particular security problems include insufficient security protection for authentication data exchange between different domains that is vulnerable to security threats. These security threats include rogue proxies, message alteration, theft of password, connection hijacking, etc. In addition, current model of roaming has limitation for global access that makes users maintain multiple identities and credentials. In this thesis, I propose secure authentication system for WLAN roaming based on digital certificate combined with delegated validation system. In this scheme, a user is authenticated by presenting an X.509 identity certificate. Then service provider will grant or deny the user's access request by delegating the validation process of certificate to specific validation-server. A prototype is developed to prove the feasibility of the proposed system as well. By using this prototype, the measurement result shows that the total authentication time was less than 0.2 ms, which can be considered small enough for practical use. Although this scheme requires a user to have digital certificate, it can prevent all the security threats listed above. Moreover, it also provides a basis for independent model of WLAN roaming. It is important to note that this improvement can be realized by simple addition to the existing authentication system for roaming.