Secure Authentication for WLAN Roaming using Delegated Validation System
Yan Adikusuma (0251133)
Rapid deployment of wireless technology has led to rapid growth of Wireless LAN (WLAN). Since workforce is
becoming increasingly mobile, roaming across WLANs infrastructure for global access is required. However,
some issues are impeding further adoption of the technology, in particular security problems include insufficient
security protection for authentication data exchange between different domains that is vulnerable to security
threats. These security threats include rogue proxies, message alteration, theft of password, connection hijacking,
etc. In addition, current model of roaming has limitation for global access that makes
users maintain multiple identities and credentials. In this thesis, I propose secure authentication system
for WLAN roaming based on digital certificate combined with delegated validation system. In this scheme, a user
is authenticated by presenting an X.509 identity certificate. Then service provider will grant or deny the user's
access request by delegating the validation process of certificate to specific validation-server. A prototype
is developed to prove the feasibility of the proposed system as well. By using this prototype, the measurement
result shows that the total authentication time was less than 0.2 ms, which can be considered small enough for
practical use. Although this scheme requires a user to
have digital certificate, it can prevent all the security threats listed above. Moreover, it also provides a
basis for independent model of WLAN roaming. It is important to note that this improvement can be realized by
simple addition to the existing authentication system for roaming.