Secure mobile authentication in ubiquitous networking environments

Mobile users desire to have connectivity anywhere and at anytime even in heterogeneous networks where different wireless technologies provided by different network providers. Several approaches have been proposed to allow ubiquitous networking. However, limitations still exist in those approaches, especially authentication. This research project first investigates the existing mobile authentication approaches for ubiquitous networking and then proposes a secure hybrid authentication solution with high flexibility and good performance to facilitate users’ mobility. The proposed model combines the advantages of both centralised and distributed authentication models in terms of security and performance while still achieving flexibility. The authentication process not only identifies the important and essential properties of mobile authentication, but also clarifies the relationships between the problems in mobile authentication and system properties. The proposed model can also serve as a guideline for system designers and implementers to design mobile authentication systems. The identified key solution requirements facilitate the analysis and evaluation of mobile authentication approaches. In order to realise the model, the project proposes a Passport and Visa authentication approach with protocols that possess the required properties, namely flexibility, security, and efficiency. In terms of the flexibility requirement, the Passport/Visa approach allows mobile users to access the best available wireless service with a single authentication credential to simplify the wireless network access process. Also, a mobile user can directly negotiate with potential foreign network providers for more coverage and services. In terms of the security requirement, the Passport/Visa approach provides mutual authentication and resists common attacks. This helps a foreign network ensure that the service will get paid for and also helps the mobile user ensure that the foreign network is a legitimate and trusted provider. Moreover, the proposed approach can ensure a joint key control between a foreign network and the mobile user in order to protect against the communication interception by the home network. The Passport and Visa tokens provide practical key management, user anonymity and un-traceability. In terms of the efficiency requirement, the Passport/Visa approach minimises computation, communication and storage costs. Since the proposed hybrid mobile authentication model combines the advantages of both distributed and centralised models it assists the distribution of the authentication load among engaging authentication servers. In addition, the proposed model provides a new efficient technique using recent evidence to tackle the problem of user revocation status check. The analysis and evaluation show that the proposed model, along with its realisation, offers flexible, efficient strong authentication for ubiquitous networking compared to existing approaches.