Publication Type

Journal Article

Version

publishedVersion

Publication Date

1-2010

Abstract

A secure roaming protocol allows a roaming user U to visit a foreign server V and establish a session key in an authenticated way such that U authenticates V and at the same time convinces V that it is a legitimate subscriber of some server H, called the home server of U. The conventional approach requires the involvement of all the three parties. In this paper, we propose a new approach which requires only two parties, U and V, to get involved. We propose two protocols: one provides better efficiency and supports user anonymity to an extent comparable to that provided by current mobile systems; and the other one achieves strong user anonymity that protects U's identity against both eavesdroppers and foreign servers and is currently the strongest notion of user anonymity defined for secure roaming. Both protocols are universal in the sense that the same protocol and signaling flows are used regardless of the domain (home or foreign) that U is visiting. This helps reducing the system complexity in practice. We also propose a practical user revocation mechanism, which is one of the most challenging problems for two-party roaming supporting strong user anonymity. Our solutions can be applied in various kinds of roaming networks such as cellular networks and interconnected wireless local area networks.

Discipline

Information Security

Research Areas

Information Systems and Management

Publication

IEEE Transactions on Wireless Communications

Volume

9

Issue

1

First Page

168

Last Page

174

ISSN

1536-1276

Identifier

10.1109/TWC.2010.01.081219

Publisher

Institute of Electrical and Electronics Engineers

Additional URL

http://doi.org/10.1109/TWC.2010.01.081219

Share

COinS