Delegated Validation System for Secure Authentication in WLAN Roaming

摘要

Rapid deployment of wireless technology has led to rapid growth of Wireless LAN (WLAN). Since workforce is becoming increasingly mobile, roaming across WLAN infrastructures, which gives attractive features both for user and service provider, is required. However, some issues are impeding further adoption of the technology, in particular insufficient security protection for authentication data exchange between different domains that vulnerables to attack. Therefore, we propose secure authentication system for WLAN roaming based on digital certificate combined with delegated validation system. In our scheme, a user is authenticated by presenting an X.509 identity certificate. Then service provider will grant or deny the user's access request by delegating the validation process of certificate to specific validation-server. Although our system requires a user to have digital certificate, it can prevent all the security threats listed above. Moreover, it also provides a basis for independent model of WLAN roaming.