SWISH: Secure WiFi sharing

1998

In this paper we discuss various security issues concerning MobileHosts using Mobile-IP or other mobility systems (DHCP standalone)and current firewall technology. We first present some recentattacks on the Internet and what they might mean for mobile systemslike Mobile-IP that rely on tunneling technologies. We point outthat tunnels are a security threat and suggest how mobile systems16may be made "less insecure"

2018

A severe contest for seamless roaming between inter-domain Wireless Fidelity technologies is to build a trust model in a milieu of several WLAN service providers with varying charging or billing options and authentication mechanisms. This study implements a comprehensive single sign-on prototype for the unification of various WLAN service providers. Users choose the suitable single sign-on verification scheme from the authentication abilities existing on the WLAN service providers that prevent the exposure of their information from illegitimate users while roaming. A composite layer 2 and web-based authentication method intended to ensure secure transmission of cryptographic keys while maintaining the prevailing WLAN charging options. The study deployed RADIUS and liberty based protocols to control unauthorized access to the WLAN network resources. In this paper, RADIUS simulation performed shows how authentication, authorization and accounting standards can be used to allow only th...

A new class of Virtual Private Networks (VPN), which supports both security and mobility, has recently emerged. Called mobile VPN, these systems provide not only secure tunnels but also session continuity mechanisms despite location change or connection disruptions. These mechanisms enable secure sessions to survive in dynamic/mobile environments without requiring a renegotiation of security keys during the session resumption phase. In this paper, we compare four open-source mobile VPNs in terms of functionality and performance.

In recent years, wireless Internet service providers (WISPs) have established Wi-Fi hotspots in increasing numbers at public venues, providing local coverage to traveling users and empowering them with the ability to access email, Web, and other Internet applications on the move. In this paper, we observe that while the mobile computing landscape has changed both in terms of number and type of hotspot venues, there are several technological and deployment challenges remaining before hotspots can become an ubiquitous infrastructure. These challenges include authentication, security, coverage, management, location services, billing, and interoperability. We discuss existing research, the work of standards bodies, and the experience of commercial hotspot providers in these areas, and then describe compelling open research questions that remain.

Mobility and security are major features for both current and future network infrastructures. Nevertheless, the integration of mobility in traditional virtual private networks is difficult due to the costs of re-establishing broken secure tunnels and restarting broken connections. Besides session recovery costs, renegotiation steps also present inherent vulnerabilities. In order to address these issues, we propose a new distributed mobile VPN system called SEcured MObile Session (SEMOS). Based upon our CLOAK peer-to-peer overlay architecture, SEMOS provides security services to the application layer connections of mobile users. Secure and resilient sessions allow user connections to survive network failures as opposed to regular transport layer secured connections used by traditional VPN protocols.

2003

In this work we design and implement ESCORT, a backward compatible, efficient, and secure access control system, to facilitate mobile wireless access to secured wireless LANs. In mobile environments, a mobile guest may frequently roam into foreign domains while demanding critical network services. ESCORT provides instant yet secure access to the mobile guest based on the concept of "escort", which refers to a special network object with four distinct properties: (1) The escort is already a trusted permanent or semi-permanent component of the secured wireless LAN; The mobile guest and the escort have established transient but mutual trust; (3) Communication between the escort and its guests is localized. The escort forwards data packets between the mobile guest and the LAN; (4) The implementation of escort can be mobile and tamper-resistant, thus it can roam with the mobile guest without being compromised. Existing network concepts (e.g., router, gateway) and security concepts (e.g., existing access control models and authorities) do not possess at least one of the four essential properties.

ACM SIGMOBILE Mobile Computing and Communications Review, 2005

The advent of the mobile wireless Internet has created the need for seamless and secure communication over heterogeneous access networks such as IEEE 802,11, WCDMA, cdma2000, and GPRS. An enterprise user desires to be reachable while outside one's enterprise networks and requires minimum interruption while ensuring that the signaling and data traffic is not compromised during one's movement within the enterprise and between enterprise and external networks. We describe the design, implementation and performance of a Secure Universal Mobility (SUM) architecture. It uses standard protocols, such as SIP and Mobile IP, to support mobility and uses standard virtual private network (VPN) technologies (e.g., IPsec) to support security (authentication and encryption.) It uses pre-processing and make-before-break handoff techniques to achieve seamless mobility across heterogeneous radio systems. It separates the handlings of initial mobility management and user application signaling ...

Proceedings of the 2nd ACM international workshop on Wireless mobile applications and services on WLAN hotspots - WMASH '04, 2004

In recent years, wireless Internet service providers (WISPs) have established thousands of WiFi hot spots in cafes, hotels and airports in order to offer to travelling Internet users access to email, web or other Internet service. However, two major problems still slow down the deployment of this kind of networks: the lack of a seamless roaming scheme and the variable quality of service experienced by the users. This paper provides a response to these two problems: We present a solution that, on the one hand, allows a mobile node to connect to a foreign WISP in a secure way while preserving its anonymity and, on the other hand, encourages the WISPs to provide the users with good QoS. We analyse the robustness of our solution against various attacks and we prove by means of simulations that our reputation model indeed encourages the WISPs to behave correctly.

IEEE Transactions on Consumer Electronics, 2000

We present the design of an apparatus that creates a protected personal communication channel over computer-embedded devices. The prototype implementation of the apparatus demonstrates that it can securely and intuitively link devices with no contact with an online server while imposing low overhead 1 .

Seventh IEEE International Symposium on Multimedia (ISM'05)

The increasing popularity and variety of consumer multimedia devices is driving the need for networked homes. Yet setting up a secure wireless network is a daunting task for most ordinary users. Recently, there have been several proposals for easing this process. However, none of the proposals consider the problem of how to make it easy to manage visitor access. In this paper, we motivate the requirements for visitor management, show the shortcomings of the current easy setup proposals in this regard, and propose a new setup procedure that makes it easy to manage visitor access to wireless networks. Our contributions are twofold: First we present an approach to assigning categories to client devices at admission time so that selective revocation of clients based on those categories becomes possible. Then we present the idea of admission tickets, a flexible and secure way to delegate conditional access rights. We report the results and experience of prototyping of the proposed procedure using the HostAP framework.