For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Easy-to-Deploy Wireless Mesh Network System with User Authentication and WLAN Roaming Features
Tomo NIIZUMA Hideaki GOTO
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2017/03/01
Online ISSN: 1745-1361
Type of Manuscript: PAPER
Category: Information Network
wireless mesh networks, WLAN roaming, RADIUS, RadSec, EAP-TLS, eduroam,
Full Text: PDF(1.9MB)>>
Wireless LAN (WLAN) roaming systems, such as eduroam, enable the mutual use of WLAN facilities among multiple organizations. As a consequence of the strong demand for WLAN roaming, it is utilized not only at universities and schools but also at the venues of large events such as concerts, conferences, and sports events. Moreover, it has also been reported that WLAN roaming is useful in areas afflicted by natural disasters. This paper presents a novel WLAN roaming system over Wireless Mesh Networks (WMNs) that is useful for the use cases shown above. The proposed system is based on two methods as follows: 1) Automatic authentication path generation method decreases the WLAN roaming system deployment costs including the wiring cost and configuration cost. Although the wiring cost can be reduced by using WMN technologies, some additional configurations are still required if we want to deploy a secure user authentication mechanism (e.g. IEEE 802.1X) on WLAN systems. In the proposed system, the Access Points (APs) can act as authenticators automatically using RadSec instead of RADIUS. Therefore, the network administrators can deploy 802.1X-based authentication systems over WMNs without additional configurations on-site. 2) Local authentication method makes the system deployable in times of natural disasters, in particular when the upper network is unavailable or some authentication servers or proxies are down. In the local authentication method, users and APs can be authenticated at the WMN by locally verifying the digital certificates as the authentication credentials.