Our approach consist of two tokens, Passport (identification token) and Visa (authorisation token) to provide the mobile user with a flexible authentication method ...
JOURNAL OF TELECOMMUNICATIONS, VOLUME 1, ISSUE 2, MARCH 2010 1
Flexible Authentication Technique for Ubiquitous Wireless Communication using Passport and Visa Tokens Abdullah M.Almuhaideb, Mohammed A. Alhabeeb, Phu D.Le, and Bala Srinivasan Abstract— The development of mobile devices (CPU, memory, and storage) and the introduction of mobile networks (Ad-Hoc, Wi-Fi, WiMAX, and 3.5G) have opened new opportunities for next generation of mobile services. It becomes more convenience and desirable for mobile internet users to be connected everywhere. However, ubiquitous mobile access connectivity faces interoperation issues between wireless network providers and wireless network technologies. Although mobile users would like to get as many services as possible while they travel, there is a lack of technology to identify visited users in current foreign network authentication systems. This challenge lies in the fact that a foreign network provider does not initially have the authentication credentials of a mobile user. Existing approaches use roaming agreement to exchange authentication information between home network and foreign network. This paper proposes a roaming agreement-less approach designed based on our ubiquitous mobile access model. Our approach consist of two tokens, Passport (identification token) and Visa (authorisation token) to provide the mobile user with a flexible authentication method to access foreign network services. The security analysis indicates that our proposal is more suitable for ubiquitous mobile communication especially in roaming agreement-less environment. Index Terms— Authentication, Wireless communication, Protocol architecture, Mobile environments.
—————————— � ——————————
1
INTRODUCTION
T
HE development of mobile devices has grown significantly over the last decade from a simple mobile phone to a pocket size-computing device with the capability to access the Internet via various wireless systems such as Wi-Fi and 3.5G networks. The advanced capabilities of mobile devices allow mobile users (MUs) to pay for products, surf the internet, buy and sell stocks, transfer money and manage bank accounts on the move without being restricted to a specific location. This fact keeps attracting many MUs to be connected wirelessly. It is estimated that half the world’s population now pays to use mobile devices[1]. A MU always asks for a higher speed at lower prices, and demands to be “Always Best Connected” [2]. The MU also wants a ubiquitous wireless coverage to network resources from anywhere, anytime. Yet, it is hard to achieve both high data rate and wide coverage at once. For a smaller coverage, it is easier to provide higher data rates. For instance, a 3.5G networks have a wider coverage but slower speeds; while Wi-Fi networks have higher speeds but smaller coverage. A key challenge in such heterogeneous networks is the possibility of roaming to ad————————————————
• A.M Almuhaideb is with the Faculty of Information Technology, Monash University, Melbourne, Australia. • M.A. Alhabeeb is with the Faculty of Information Technology, Monash University, Melbourne, Australia. • P.D Le is with the Faculty of Information Technology, Monash University , Melbourne, Australia. • B.Srinivasan is with the Faculty of Information Technology, Monash University, Melbourne, Australia.
ministrative domains with which a MU’s home domain does not have a pre-established roaming agreement [3]. Therefore ubiquitous wireless network coverage with high data rates is not feasible with a single technology and a single wireless provider. A heterogeneous wireless network will be composed of wireless networks of multiple technologies operated by multiple network providers. Most of the current mobile devices are built with multiple wireless interfaces. They have built-in chipsets for IEEE 802.11 based Wireless LAN (WLAN) and interfaces for data connectivity using cellular networks. Nowadays, university campuses and company offices are supported by WLAN allowing their students or employees to have free access to the wireless networks. Hotspot operators offer wireless Internet in public places like cafés, restaurants, hotels and airports. A Wi-Fi community called FON has more than 250,000 hotspots worldwide [4], operated by individuals sharing their home Wi-Fi connection with other FON community members. An increasing number of wireless technologies and growing number of wireless providers of different sizes have in fact built a heterogeneous wireless network towards a worldwide coverage. Problem Statement. This growing number of wireless technologies and providers, as well as users' increasing need and desire to be connected and reached at all times, call for the development of ubiquitous wireless access. However, authenticating unknown users by foreign network (FN) providers is still a challenge. Fig.1 shows that a MU cannot get network service from FN if there is no roaming agreement with the MU’s
© 2010 JOT http://sites.google.com/site/journaloftelecommunications/
2
home network (HN) for verification process. Traditionally, for MUs to be able to roam into FNs, the FN and the MU’s HN must trust each other and have a roaming agreement established beforehand. However, HN cannot establish service agreement with all FNs. Therefore, MUs will not be able to get the service unless they could identify themselves to the FN.
Fig. 1. Roaming agreement-less challenge.
Our Approach and Contributions. This research proposes the Passport-Visa technique based on our ubiquitous mobile access model. The “Passport” is an authentication token that issued by identity provider (IdP: certificate authority or HN) to MU in order to identify and verify MU identity. The Passport in itself does not grant any access, but provides a unique binding between an identifier and the subject. The “Visa” is an authorisation token that granted to a MU via a FN. The Visa token can be used as an access control to ban individual users. The contribution of this proposed approach is that: •
•
•
•
It is wireless technology independence: it is not feasible to achieve ubiquitous mobile access with single wireless technology. Therefore, the authentication solution should enable access to the core network regardless of the wireless technology. The proposed authentication solution is not designed for specific underlying wireless technology. It is aimed to be designed at the network layer of the OSI to avoid the differences in the link and physical layer. Support direct negotiation: MUs should be able to choose and select the appropriate network based on direct negotiation of services and authentication. The proposed solution supports direct negotiate with the MU not with the IdP, which will increase the satisfaction of the user. Support Open Marketplace (Home Network Independent): MU should be able to access FN without the control of the HN. MUs can get the benefit of HN partners and more. They could get more network services in area not covered by HN’s partners with full freedom of choice. It is roaming agreement independence: A current solution by a visited MU’s cellular HN is based on a roaming agreement to establish trust with other cellular network providers to extend services for their users. It is not likely to set up formal roaming agreements with every possible provider by MU’s HN. Our approach does not depend on roaming
agreement between FN provider and IdP. Alternatively, FN provider use negotiation and trust decision to either authorize the MU or not. • The MU holds a global identification token (Passport) to be authenticated everywhere by FNs. • The FN service owner grants the network service authorisation token (Visa) to MU, which support the access control role of FN. • FNs can use our technique to authenticate visited MU, although service level agreement between FN and MU’s HN does not exist. As our approach does not rely on static agreement in providing services, Passport-Visa technique will offer a flexible way to authenticate and authorise MU. • The proposed technique is lightweight for mobile devices as their side employs only symmetric keys, while the more powerful servers side used asymmetric keys. Organization of this paper. The rest of this paper is structured as follows. This paper will start with an overview of the ubiquitous mobile access model, flexible authentication architecture and the Passport and Visa protocols (Section 2), where Passport acquisition, Visa acquisition, mobile service provision, Passport and Visa revocation are illustrated. We will then demonstrate the security analysis (Section 3), which followed by a review of existing approaches to the problem (Section 4).Finally, our conclusion of this paper will be presented (Section 5).
2
THE PROPOSED MODEL
2.1 Ubiquitous Mobile Access Model To achieve ubiquitous wireless access, MUs should be able to have a direct negotiation with potential FNs regarding service provision. IdPs are required to verify the MU’s identity and credentials. There should be more flexible ways to establish trust without relying on service agreements. Figure 2 below illustrates the proposed model based on direct negotiation and flexible trust. MU is pre-registered with IdP to get identification token. In this model, MUs are able to negotiate directly with potential FN providers to get the authorization token. Also, FN providers are able to communicate directly with potential MUs and make trust decision whether or not to provide network service. For a FN provider to trust MU, IdP is used to verify the claimed identity of the MU. Certificate authority can be employed to establish trust with this IdP. The relationships between engaging parties can be described as follow: • Trust: there are three type of trust in the proposed model. The first type is “No Trust”, this type can exist between MU and potential foreign network provider as a first step of communication. The second type is “Partial Trust”, this type exists between FN and IdP. The term partial trust means that there is no roaming agreement between these two entities. The third type is the full trust and this one exists between MU and IdP (after the registration process) and FN (after the authentication process).
3
Fig. 2. The Proposed Model.
• •
•
Negotiation: a MU negotiates with prospective FN providers’ the available services. Identification & Verification: Identification is the process of receiving credential from MU, and verification is the process of checking credential with the user’s IdP. Authorization: after verifying potential customer identity, the FN provider decides whether to provide the service or not, based on its policy on trust decision. The MU may need to reduce the level of service to the appropriate authentication credentials level s/he may be able to provide. After the first successful authentication, MU could access the FN provider resources using the issued authorization token without any further communication with IdP.
2.2 Flexible Authentication Architecture In order to achieve a flexible way to authenticate and trust a MU, a Flexible Authentication Architecture (FAA) is introduced, it is based on three components namely negotiation, trust, and policy managers, as shown in Figure 19. The following subsections introduce these three components.
Fig. 3. Flexible Authentication Architecture.
2.2.1 Trust Manager Trust is an essential component required for cooperation between ubiquitous mobile access entities. Without prior agreements, establishing trust among parties is the driving factor for inter-working. Without trust, there is no assurance that services will be delivered and paid for. Trust Manager will be responsible for making the trust decision in collaboration with Negotiation Manager based on the rules that are controlled by the Policy manager. Existing trust models will be used by Trust Manager in making trust decision. An overview of the trust management, and decision concept is described below. Trust Management: Trust is a relationship between two
parties, and trust management can be described from two points of view [5]: Firstly, it enables relying parties to make assessments and decisions regarding the dependability of potential remote parties, which may involve transaction risk. Secondly, it allows parties to increase the level of trust and the reliability of their own, and appropriately represent and communicate them to other players. Trust decision: Trust decision can be defined as the level to which a given party is ready to depend on another party in a given situation with a feeling of security to some extent, although negative consequences are possible [5]. FN providers play as a relying party that depends on IdPs to trust MU. However, FN providers require an approach to trust IdPs in the same way. As the state of trust can change, the relying party uses assessment parameters to make the trust decision. Trust decision can be affected by a number of factors such as reputation, risk, importance, and tolerance level [6]. Other factors can also be considered such as utility (of possible outcomes), environmental factors (law enforcement, contracts, security mechanisms etc.) and risk attitude (risk taking, risk averse, etc.) [5].
2.2.2 Negotiation Manager Negotiation is an essential part in doing business as one negotiates in buying and selling. Negotiation is the protocol used by engaging parties to reach an agreement that meet every one’s interests, and can be done using a simple request/response protocol. Negotiation is needed when the selling service can vary along several parameters, and when the provider is willing to offer a competitive price. The parties want to agree on a number of values at which an exchange can take place. Negotiation Manager enables engaging parties to negotiate to achieve the following [7] goals: • Establish Trust: The two parties negotiate and agree on methods for identification and authentication to establish trust. With the mutual trust, FN provider ensures that the service will get paid and MU ensures that the FN provider is a legitimate and trusted provider. • Agree on Session Profile: The two parties negotiate and agree on per-session features, such as what type of QoS is provided for which services. Agree on pricing and other billing related features. • Agree on Session Security: The two parties negotiate and agree on mechanisms for protecting their traffic. 2.2.3 Policy Manager Engaging parties use policies to govern the trust and negotiation. Policy Manager maintains the rules that meet the objective of every party in the negotiation and trust decision factors with the involving risk. At an abstract level, before conducting the negotiation each party prepares and specifies their own sets of policies that meet their own interests. The policies should include at least the following: • Trust policy: the identification and credentials that
4
• •
2.3
can be trusted. Identification, authentication, and authorization policies. Other policies governing per-session features, such as QoS, security, and billing settings.
Passport and Visa Protocol
This technique can be used when there is no roaming agreement between FN and MU’s HN. It consists of two tokens Passport and Visa. The “Passport” is an authentication token that is issued by identity provider (IdP: HN or certificate authority) to MU in order to identify and verify MU identity. The Passport in itself does not grant any access, but provides a unique binding between an identifier and the subject. The “Visa” is an authorisation token that is granted to a MU via a FN. The Visa token can be used as an access control to ban individual users. The following are a set of protocols were developed to achieve the approach objective.
2.3.1 Passport Acquisition This protocol will describe the MU registration process with HN (Passport issuer); by completing this protocol MU will receive a Passport (identification token). For a MU to get network services from a FN, this MU required to register with the HN to obtain a Passport. The registration with the HN takes place offline. The registration with the HN occurs once and when completed, the HN issues a smart card (SC) to the MU. Every SC has a unique ID, which is combined with MU’s biometric (such as finger print) to generate a symmetric master Key ( � � denotes the shared key encryption between MU and HN). Key master is manually distributed, shared and stored on both parties’ sides (HN and MU’s SC) directly after issuing the SC. The HN’s generate the MU’s �������� which is encrypted with the home network’s public key (PK �� (X) denotes HN’s public key encryption) and stored in the SC. The Passport is given as:
�
�
� �������� � �� � � ����� , ����!" , #$���%, ����, � � , &�' � ����� , ����!" , #$���%, ����, � � (( ) (1)
In the Passport, &�' � represents the digital signature of the Passport using the HN’s private key which can be verified using the public key. Inside the Passport, “���� ” is the mobile user’s identity and “����!" ” is the Passport number. The “expiry” field corresponds to the Passport expiry date. Finally, the field “data” consists of all other relevant information such as type of Passport, type of MU, MU name, MU date of birth, date of issue, place of issue, issuer ID, and issuer name etc.
2.3.2 Visa Acquisition A MU will receive the required Visa (authorisation token) from the FN after completing the identification and verification process successfully. When the MU has his Passport (authentication token) in hand, the authentication process can be started with the FN in order to obtain
the required Visa. The protocol is demonstrated as follows:
� *+ , -. / �������� � ,0��1! , ��� , 2�� 345 � � , ����!" , 2�� ,
6#�� � , 7���8#91! , �"��"
�2(
>! -. , ! ��1! (
�3(
