Toward a Ubiquitous Mobile Access Model:

A roaming agreement-less approach

Abdullah Almuhaideb, Talal Alharbi, Mohammed Alhabeeb, Phu Dung Le, and Bala Srinivasan
Faculty of Information Technology, Monash University, Melbourne, Australia
{Amalm3, Tralh1, maal11}@student.monash.edu.au,{Phu.Dung.Le, Bala.Srinivasan}@infotech.monash.edu.au

AbstractThe development in mobile devices and wireless
technologies opens up unlimited choices of mobile services such
as mobile commerce. These advances make access services
available and convenient everywhere at any time. Since mobile
users usually move, accessing services becomes unavailable
especially in some locations that are not covered by their home
networks. Therefore, it becomes necessary to roam into foreign
networks in order to access such services. However,
authenticating visiting users by a foreign network results in some
security concerns. This challenge lies in the fact that a foreign
network provider does not initially have the authentication
credentials of the mobile users. The existing approaches are
either roaming agreement-based in exchanging authentication
information between the home network and a foreign network or
vulnerable to some security attacks. This paper proposes a
roaming agreement-less approach based on our ubiquitous
mobile access model. This approach consists of two tokens:
Passport (identification token) and Visa (authorisation token) to
provide a flexible authentication method for foreign network to
authenticate mobile users. The security analysis indicates that
our proposal is more secure and suitable for ubiquitous mobile
communications specially in roaming agreement-less enviroment.
Keywords: authentication, ubiquitous wireless access, security
protocols, roaming agreement, telecommunication security.
I. INTRODUCTION
The advanced capabilities of mobile devices and wireless
technologies facilitate accessing variety of services over the
Internet: e-mail, mobile commerce and mobile banking. It
becomes more desirable to mobile users (MU) to access these
services wirelessly while they are on the move without being
restricted to a specific location. It is estimated that half the
world population pay to use mobile services [1]. MUs always
ask for a higher speed at a lower cost, and demand to be
Always Best Connected [2]. However, due to the differences
in wireless technologies, it is hard to achieve both high data
rate and wide coverage at once. Moreover, different
technologies sometimes are operated by multiple network
providers. As a result, ubiquitous wireless network is not
feasible with a single technology and a single wireless
provider. That makes a MU always in need to connect to
different types of technologies and service providers depending
on his/her location and the target speed. However, there are
some security concerns raised from the MU and foreign
network (FN) perspectives as they cannot establish a
connection without being authentic to each other. The
traditional solution to such a problem is to have a roaming
agreement between the home network (HN) and FN for
verification process. Fig.1 illustrates the problem.


Figure 1. Roaming agreement-less challenge.
Problem Statement. A key challenge in such a
heterogeneous networks environment is the possibility of
roaming to administrative domains without a pre-established
roaming agreement with a MUs home domain [3]. In other
words, authenticating unknown users by FN providers and
preventing unauthorised access are critical concerns.
The rest of this paper is structured as follows. It starts with
a review of existing approaches to the problem (Section 2).
This will be followed by an overview of the ubiquitous mobile
access model and the roaming agreement-less approach
(Section 3), where Passport acquisition, Visa acquisition,
mobile service provision, Passport and Visa revocation are
illustrated. We then demonstrate the security analysis (Section
4). Then, the comparative evaluation with existing works will
be illustrated (Section 5). Finally, our conclusion of this paper
will be presented (Section 6).
II. RELATED WORKS
There are a number of related works in the area of
ubiquitous mobile access authentication. However, there are
some limitations in their works.
Lei, Quintero and Pierre [4] presented a reusable tickets for
accessing mobile services. In their proposal, lightweight
computational symmetric keys are used on the mobile device
side to support the limited capabilities of the MD. The major
disadvantage of this work is that a FN does not have a control
over granting the authorisation token, as the tickets are
approved by the ticket server. Therefore, their approach will
not work in case of there is no service level agreement with the
potential FN. For example, a MU wants to access network
services from a new FN that not yet established service
agreement with the ticket server or the FN is not large enough
2010 11th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing
978-0-7695-4088-7/10 $26.00 2010 IEEE
DOI 10.1109/SNPD.2010.30
143
to be approved by the ticket server. However, in our approach,
the FN has a full control whether or not to grant an
authorisation access (Visa) to this individual MU. Our
approach gives more freedom to the MU to choose the service
provider through direct negotiation with the services,
identification (Passport), and authorisation (Visa). In this
paper, the FN is an independent party, and it does not require a
service level agreement with the MUs HN to provide the
network services.
Akyildiz and Mohanty [5] have proposed an Architecture
for ubiquitous Mobile Communications (AMC). Their aim is to
provide ubiquitous high-data rate services to MUs by
integrating heterogeneous wireless systems. AMC eliminates
the need for direct roaming agreements among network
providers by using a third party network interoperating agent
(NIA). The NIA acts as a broker, and it requires network
providers to have pre-established roaming agreements. This
solution does not support the open market environment as MUs
depend on the NIA to access network providers, and there is no
direct negotiation between MUs and FN providers.
Droma and Ganchev [6] have proposed a Consumer-centric
Business Model (CBM) for wireless services. They argue that
their model is a better alternative to the subscriber based model
(SBM). In the CBM model, entities should have business
agreement only with the third-party authentication,
authorization, and accounting (3P-AAA) service provisions.
The 3P-AAA-SPs are independent entities and not wireless
access network providers (ANPs). This research has some
common goals with these of this paper such as ubiquitous
wireless access and more open marketplace. However, the 3P-
AAA-SP works as a broker, and it requires network providers
to have a pre-established service agreement.
Shi et al. [7] have introduced Service Agent (SA) to the
WLAN/cellular integrated network architecture to improve
service flexibility and deal with the roaming agreement issue
when the number of WLAN operators is large. The SA
provides cellular network and WLAN with a one-for-all
roaming agreement so that one-to-one roaming agreements are
no longer needed. In their proposed service model, the MU
does not have to be a customer of any physical network
operator. The SA can provide cellular/WLAN integrated
service itself. However, this approach has the same limitation
of the broker model, and it is also dependent on Wi-Fi and
cellular network technologies only.
Tuladhar et al. [3] have proposed proof tokens
authentication architecture and protocol. In their approach, they
tried to solve two problems. The first problem is that the
limited roaming agreement of the HN with FNs, and they
proposed to allow MUs to access the partners of previously
visited networks by that MU. The second problem is
authentication delays, which they identified as a major cause
for high latency. They propose the collaboration between
adjacent networks. However, this approach still relies on
roaming agreement for authentication, and does not support a
direct negotiation with the MU.
Matsunaga et al. [8] have proposed a single sign-on (SSO)
authentication architecture that confederates WLAN service
providers through trusted identity providers (IdPs). They argue
that the dynamic selection of authentication method, and IdP
will play a key role in confederating public wireless LAN
service providers under different trust levels and with
alternative authentication schemes. However, there are three
limitations to this approach. The first limitation in this
approach is the dependence on roaming agreement between
network providers and IdPs, which may limit the MU roaming
freedom. The second limitation is the dependency on a single
wireless technology. Lastly, it is limited to web-based
authentication using cookies [9].
III. THE PROPOSED SOLUTION
A. Ubiquitous Mobile Access Model
To achieve ubiquitous wireless access, MUs should be able
to have a direct negotiation with potential FNs regarding
service provision. IdPs are required to verify the MUs identity
and credentials. There should be more flexible ways to
establish trust without relying on service agreements. Fig. 2
below illustrates the proposed model based on direct
negotiation and flexible trust.
Figure 2. The Overview of the Proposed Authentication Model.
MU is pre-registered with IdP to get identification token.
The IdP role can be played by a trusted entity such as HN. To
simplify the example, in this paper the HN will be considered
as the IdP in this context. In this model, the MUs are able to
negotiate directly with potential FN providers to get the
authorization token. Also, FN providers are able to
communicate directly with potential MUs and make trust
decision whether or not to provide network service. For the FN
provider to trust a MU, HN is used to verify the claimed
identity of the MU. Certificate Authority (CA) can be
employed to establish a trust with HN. The relationships
between engaging parties are shown in Fig. 3 and also
described below:

Figure 3. The Relationship between Entities in the Model.
Trust: There are three types of trust in the proposed
model. The first type is No Trust, this type can exist
between a MU and potential FN provider as the first step
of communication. The second type is Partial Trust, this
type exists between a FN and a HN. The term partial trust
means that there is no roaming agreement between these
Check authentication
Return authenticated
Request access
Authorization token
144
two entities. The third type is the full trust which exists
between a MU and the HN (after the registration process)
and the FN (after the authentication process).
Negotiation: A MU negotiates with prospective FN
providers for the available services.
Identification & Verification: Identification is the
process of receiving credential from MU, and verification
is the process of checking credential with the users IdP.
Authorization: After verifying potential customer
identity, the FN provider decides whether or not to provide
the service, based on its policy on trust decision. The MU
may need to reduce the level of service to the appropriate
authentication credentials level s/he can provide. After the
first successful authentication, the MU could access the
FN provider resources using the issued authorization token
without any further communication with the IdP.
This paper proposes a roaming agreement-less
approach based on our ubiquitous mobile access model
[10] to address all the above limitations. The new features
about this proposed research are:
Roaming Agreement-less: In the current solutions
roaming agreement is used by cellular network to extend
its services using other networks. However, it is not likely
to set up formal roaming agreements with every possible
provider by MUs HN. Our approach on the other hand
does not depend on a roaming agreement between the FN
provider and the IdP. Alternatively, the FN provider uses
negotiation and trust decision whether or not to authorize
the MU.
Privacy and User Anonymity: The MUs personal details
are kept secretly with the HN. Therefore, when a MU
wants to roam into a FN, s/he only needs to send his or her
Passport without reveal any information related to his/her
ID. Moreover, the HN only returns the Pass
NO
to the FN if
the verification is true. This means that the FN has no idea
about the ID of the owner of this Passport.
Eliminate Re-authentication: Once FN verifies the MUs
Passport with the HN, s/he becomes an authentic user to
the FN, and there is no need to re-authenticate him/her for
each access.
Efficient Key Management: Since each Passport contains
the master key between the HN and MU, the HN can
obtain the master key once it decrypts the Passport. There
is thus no need to store the users master keys, which
eliminates the need of huge databases.
B. Roaming Agreement-less Approach
The roaming agreement-less approach was designed based
on the above described model. This technique can be used
when there is no roaming agreement between FNs and the
MUs HN. It consists of two tokens: Passport and Visa. The
Passport is an authentication token issued by the IdP to the
MU in order to identify and verify MU identity. The Passport
in itself does not grant any access, but provides a unique
binding between an identifier and the subject. The Visa is an
authorisation token that granted to a MU via a FN. The Visa
token can be used as an access control to ban individual users.
The followings are a set of protocols were developed to
achieve the approach objective.
1) Passport Acquisition
This protocol describes the MU registration process with
HN (Passport issuer); by completing this protocol MU will
receive a Passport (identification token). For any network
service request from a FN, s/he is required to have a Passport
that registered with the HN.
The registration with the HN takes place offline, and it
occurs once. When completed, the HN issues a Smart Card
(SC) to the MU. The SC information is encrypted with the
MUs biometric (such as finger print). Every SC consists of
three components:
1) A Symmetric Master Key ( K
MU-HN
): It is used as a
base to generate session keys between a MU and the HN using
the following formula:
SK
M0-HN
= b(K
M0-HN
, iJ
M0
, iJ
PN
) (1)
As we can see, to generate a new session key, there are
three factors involved: shared master key K
M0-HN
, MUs ID,
and FNs ID are hashed using one way hash function h(x).
2) Paxxpurt

MU
HN
: The MUs Possport

MU
HN
that was issued by
HN and encrypted with its public key (PK
HN
(X) denotes HNs
public key encryption). The Passport is given as:
Possport

MU
HN
= PK
HN
(Sig
HN
(iJ
M0
, Poss
No
, cxpiry, Joto, K
MU-HN
))

3) Pass
No
: The Passport number to be used by the MU as
an element in generation of the session keys. We will illustrate
that in service provision protocol.
In the Passport, Sig
HN
represents the digital signature of
the Passport using the HNs private key which can be verified
to ensure the integrity of the Passport. Inside the Passport, the
following information can be stored: the mobile users identity
iJ
M0
and the Passport number Poss
No
. The expiry field
which corresponds to the Passport expiry date. Finally, the field
data consists of all other relevant information such as type of
Passport, type of MU, MU name, MU date of birth, date of
issue, place of issue, issuer ID, and issuer name. This signature
is encrypted by the HNs public key to ensure the
confidentiality.
C. Visa Acquisition
The MU will receive the required Visa (authorisation
token) from the FN after completing the identification and
verification process with the HN successfully. When the MU
has his/her Passport (authentication token) in hand, the
authentication process can be started with the FN in order to
obtain the required Visa. The protocol is demonstrated as
follows:
Step 1: Hu - FN
Possport

MU
HN
, IisoRcq
PN
, {iJ
PN
, r
M0
, I
M0
]
SK
MU-HN
, Poss
No
, I
M0
,
Ccrt
HN
, r"
M0"

145
This protocol starts once the MU sends his/her Passport,
Visa request, and {iJ
PN
, r
M0
, I
M0
] where the foreign network ID
(iJ
PN
), MUs random number r
M0
, and MUs timestamp I
M0

are encrypted by the MU and the HN session key SK
M0-HN
.
This key is generated using the formula (1) to establish a
mutual authentication between the MU and the HN. The FNs
ID is used to enable the HN to verify the iJ
PN
with the one in
the FN certificate to make sure that it has not been modified by
an attacker. The r
M0
is used to authenticate the FN. The HNs
certificate Ccrt
HN
is sent to the FN for verification and
establishing trust with the HN using CA. Another MUs
random number r"
M0"
is sent to the FN to be used as a factor
in generating the MU and the FN session key SK
M0-PN
based
on the formula (2).
Step 2: FN - EN:
Possport

M0
HN
, {iJ
PN
, r
M0
, I
M0
]
SK
MU-HN
, I
M0
, Ccrt
FN
, I
PN
, PK
HN
(r
PN
)
Before processing the authentication with the HN, the FN
checks I
M0
whether it is fresh or not, and if so, it forwards the
MUs Passport, {iJ
PN
, r
M0
, I
M0
]
SK
MU-HN
and adds its certificate
Ccrt
FN
, timestamp I
PN
,

random number encrypted by HNs
public key (PK
HN
(r
PN
)) to the HN as illustrated in Step 3. The
FNs certificate Ccrt
FN
is sent to the HN for verification and
establishing trust using the CA. The FNs random number r
PN

used to authenticate the HN. All the timestamps I
M0
anu I
PN

are used to stop reply attacks.
Step S: EN - FN:
PK
FN
(Sig
HN
(Poss
Nc
, :oliJ
M0
, r
M0
, r
PN
)),
{iJ
PN
, :oliJ
PN
, r
PN
, r
M0
, I
HN
]
SK
MU-HN

After receiving the message from the FN, the HN ensures if
the timestamps of MU I
M0
and FN I
PN
are valid. If one of
them is not, the HN replies with un-fresh session and
terminates the request. Otherwise, the HN checks the validity
of the FN certificate Ccrt
FN
with the CA. If it was valid, the
HN decrypts the Passport with its private key and then verifies
the signature using the HNs public key. After the HN checks
that the MUs Passport is genuine and valid, it gets the shared
key (K
M0-HN
) and its relevant information such as the date of
expiry. The HN then generates the session key (SK
MU-HN
) to
decrypt the second part of the message {iJ
PN
, r
M0
, I
M0
]. The
HN compares the FNs ID in this message with the one in the
certificate to ensure the FN has not been changed. After
verifying the FN, the HN decrypts the FNs random number by
its private key. The HN gets the FNs random number r
PN
,
FNs ID from the certificate iJ
PN
, the indicator of the validity
of the FN :oliJ
PN
, the MUs random number r
M0
and its
timestamp {iJ
PN
, :oliJ
PN
, r
PN
, r
M0
, I
HN
]. The HN then
encrypts them with the MU-HN session key Sk
M0-HN
. Also,
as the HN authenticate the MU, the HN gets the MUs Passport
number Poss
Nc
, the indicator of the validity of MU :oliJ
M0
,
the MUs random number r
M0
, and the FNs random
number r
PN
( Poss
Nc
, :oliJ
M0
, r
M0
, r
PN
). The HN then
computes their digital signatures using its private key, then
encrypt them using the FNs public key. The HN then put the
FN authentication part and the MU authentication part in one
message and sends it to the FN.
Step 4: FN - Hu:
Iiso

MU
FN
, {iJ
PN
, :oliJ
PN
, r
PN
, r
M0
, I
HN
]
SK
MU-HN
,
{k
M0-PN
, Iiso
No
]
Sk
MU-FN
, r"
PN"

Once the FN received the message from the HN, it decrypts
its part using its private key and verifies it using the HNs
public key. If the FN received the validity of the Passport and
checks its random number, the Visa will be generated Iiso

MU
FN
as
follows:
Iiso

MU
FN
= PK
FN
(Sig
FN
(Poss
Nc
, Iiso
No
, cxpiry, Joto, K
MU-FN
))
The Poss
Nc
is the Passport number of the MU. The Visa
number Iiso
No
is the unique identity of the Visa and the
expiry is the Visa expiry date. The uata field includes all
detailed Visa information such as Visa type, number of access,
duration of access, issuer place, issuer ID, issuer name, issued
time, service type, service name, and times of access. The
signature of the FN Sig
FN
in the Visa is used to stop a forged
Visa. The Visa is encrypted with the FNs public key (PK
FN

(X) denotes the FNs public key encryption), which means that
only the FN can decrypt it.
The FN stores the Visa information for future verifications.
The field valid is set to FALSE once a Visa is revoked;
otherwise it is set to TRUE.
The following is an example:
{Poss
Nc
; Iiso
No
; cxpiry; valiu]
Besides the Visa, the shared master key K
M0-PN
is issued to
be used as a base for generating the next session keys SK
M0-PN

between the MU and the FN. However, the session key
SK
M0-PN
is generated using the following formula:
SK
M0-PN
= b(Poss
Nc
, iJ
PN
, r
M0
, r
PN
, r"
M0"
, r"
PN"
) (2)
Then the FN forwards{iJ
PN
, :oliJ
PN
, r
PN
, r
M0
, I
HN
]
SK
MU-HN
,
the Visa, K
M0-PN.
, and a new random number r"
PN"
to be used
by the MU to generate the session key.
After the MU receives the authorisation message
{iJ
PN
, :oliJ
PN
, r
PN
, r
M0
, I
HN
]
SK
MU-HN
from the HN through the
FN, the MU decrypts it using the SK
M0-HN
. The HNs
timestamps I
HN
, random number r
M0
,and foreign network ID
iJ
PN
correctness will be checked. If they were incorrect, the
Visa will be rejected, and if they were verified, the Visa will be
kept for future service requests. The MU computes the MU-FN
session key Sk
M0-PN
to deycrpt the shared master key
K
M0-PN
.
D. Mobile Service Provision
This protocol illustrates how a MU can be granted network
services from a FN in secure manner. When the MU obtains a
valid Visa, the MU will be eligible to request network services
from the FN. S/he needs to generate the first session key using
146
the hash function of three factors: last session keyK
MU-FN
,
Passport and Visa number (received with Visa) as follows:
SK'
MU-FN
= b(SK
MU-FN
, Iiso
No
, Poss
Nc
) (S)
Step1: Hu - FN:
ScrRcq, Iiso

MU
FN
, {r
M0"
, Iiso
No
]
SKi
MU-FN

To request an access to the FN services, the MU sends
ScrRcq , the Visa, and {r
M0"
, Iiso
No
] where r
M0"
is random
number and Iiso
No
is Visa number encrypted by the first
session key SK'
MU-FN
(formula 3).
Step2: FN - Hu:
{r
PN"
, Poss
No
]
SK"
MU-FN
, {Scr:icc]
SK"i
MU-FN

After the FN receives the service request, it decrypts the
Visa with its private key to check its validity with the by its
public key. If the Visa is considered as valid, the FN gets the
Iiso
No
and searches in its database to see if the Visa is used
for the first time. The Iiso
No
is used by the FN to detect if the
holder is genuine. However, the FN has to compute the
SK'
MU-FN
to verify the Iiso
No
, and to get the new random
number r
M0"
. The new random number will be used to generate
the second session key SK"
MU-FN
as follows (formula 4):
SK"
MU-FN
= b(SK
i
MU-FN
, K
MU-FN
, r
M0"
) (4)
The third session key will be used by the FN to encrypt its
random number r
PN"
and the Passport number Poss
Nc
. Finally,
the third session key will be generated SK"'
MU-FN
using the
new FN random number r
PN"
, the first and second session keys
(formula 5).
SK"'
MU-FN
= b(SK''
MU-FN
, SK'
MU-FN
, r
PN"
) (S)
By having the third session key in hand both parties know
that mutual authentication has been realized, and the service
can be started. However, for the next access the MU is required
to generate a new session keys.
E. Passport and Visa Revocation
This protocol will be used to stop requesting services with a
stolen Passport or Visa. If a Passport or Visa is considered to
be revoked (e.g., the mobile users shared keys K
MU-HN
or
K
MU-FN
expires, or the MU notices the FN revoking a Visa or
the HN to revoke a Passport).
The Passport revocation can be illustrated as:
EN - FN: PK
PN
_
Poss
No
, Rc:0kc,
Sig
HN
( Poss
No
, Rc:0kc)
]
The protocol starts when the HN sends the RevOke
message (which has been encrypted with the FNs public key
and signed by the HNs private key) to the corresponding FN.
The FN decrypts the message with its private key and verifies
the signature with the HNs public key. The FN checks if the
Passport number Poss
No
is already stored. If not, it means that
there is no Visa issued with this Passport number. If it was
stored, it stores the revoked Passport information and updates
the status of the Visa as RevOke.
The Visa revocation can be illustrated as:
Hu - FN: _
Poss
Nc
, Iiso
No
, Rc:0kc,
{Poss
Nc
, Iiso
No
, Rc:0kc]
SKi
MU-FN
_
SK
MU-FN

When FN receives a RevOke message from MU, the FN
decrypts the message with the last session key SK
M0-PN
. It
then verifies by decrypting the other part of the message with
the first session key SK'
M0-PN
(illustrated in (3)). The FN
updates the status of the Visa as RevOke. Once a MU requests
network services, the FN checks if the Visa was revoked. If it
is revoked the service request will be rejected.
IV. SYSTEM SECURITY ANALYSIS
In this section, we will analyse the security of the proposed
protocol with respect to some common attacks:
(1) Forge Passport-Visa: Since the Passport and the Visa
contain the signature of the issuer, they cannot be
generated by attackers in the name of the HN or FN.
So it is impossible to fabricate or fake a Passport or a
Visa as the issuer will check the integrity by verifying
the signature.
(2) Mutual authentication: In the mobile service
provision phase, the MU sends a message that consists
of two parts: a Visa, and the encrypted new random
numbei r
M0"
.The FN decrypts the Visa with its public
key and gets the shared key. Also as the FN signed the
Visa, it can check the validation of the Visa. The FN
uses the previous session key with Poss
Nc
and Iiso
No

to generate the first session key which will be used to
decrypt the second part of the message and get a new
random number. The shared master key with the first
session key, an J r
M0"
will be used to generate the
second session key. By decrypting the FN message, the
MU can get the FNs random number. Now, both
parties are able to generate the third session key and
mutual authenticate each other.
(3) Replay and man-in-the-middle attacks: An attacker
may sniff a valid Visa, however, the K
MU-FN
, Pass
No
,
anu visa
No
cannot be obtained as they are encrypted in
the Visa. The only party that can get the K
MU-FN
,
Poss
Nc
and Iiso
No
from the Visa is the FN. In
addition, timestamps are used in each communication
between the three entities: MU, FN and HM to ensure
the message has not been replayed.
(4) Impersonation attacks: In our protocol, the stored
information in SC (e.g. Passport) is encrypted with the
MU fingerprint. Thus, when the SC has been stolen, it
is infeasible for attackers to impersonate the MU to
have an access.
(5) Spoofing: Since a FN cannot get any information
regarding to the MU unless the HN authenticates the
FN, it is impossible for a malicious entity to
masquerade as a legitimate FN to get the MU
information. In other word, the MU can ensure that
147
s/he is indeed communicating with a real service
provider and not with a bogus entity.
(6) Key freshness: Only the MU and the FN know the
shared master key K
MU-FN
. In addition, it is not used to
encrypt any message. In every service request, a new
session key is generated, but it is valid only in that
session. This key is established by contributing the
random numbers provided both by the MU and the FN.
So the key freshness is guaranteed.
V. COMPARATIVE EVALUATION WITH EXISTING WORKS
We have identified three key requirements for a flexible
ubiquitous authentication as follows:
A. Wireless Technology Independence: The proposed
authentication solution is not designed for a specific
underlying wireless technology. It is aimed to be
designed at the network layer of the OSI to avoid the
differences in the link and physical layer.
B. Roaming Agreement-less: It does not depend on
roaming agreement between FN providers and the HN.
Alternatively, FN providers use negotiation and trust
decision on whether to authorize the MU or not.
C. Home Network Independent: MUs can get the
benefits of the HN partners and more. They could get
more network service in areas not covered by the HNs
partners with full freedom of choice. The proposed
solution supports direct negotiation with the MU, but
not with the HN, which will increase the satisfaction of
the user.
The following table indicates that our proposed approach
can satisfy these requirements while the other related
approaches cannot (Table. 1):
TABLE I. A COMPARATIVE EVALUATION BETWEEN THE EXISTING
APPROACHES AND OUR APPROACH.
Approach A B C
Ticket Model [4]

Broker

Ubiquitous Mobile
Communications [5]


Broker


Ubiquitous Consumer
Wireless World [6]


Broker

Service-Agent-Based [7]

(WWAN/
WLAN)

Broker

Proof-Token [3]
SSO architecture [8]

(WLAN)

Proposed Approach
VI. CONCLUSION
This paper has highlighted that the existing authentication
models in a ubiquitous wireless access environment are not
flexible enough. Thus, as a flexible and practical solution, we
introduced the roaming agreement-less approach to enable
MUs to authenticate themselves to FN providers through direct
negotiation. Moreover, in this model, the FNs have full control
over the authorisation process. In contrast to the existing
models, we believe that our approach is more flexible and
eliminates the need for roaming agreements. The security
analysis indicates that our proposal is resistant to well-known
attacks, while it efficiently ensures the security for mobile
users and service provides.
As for future work, we aim to increase the security of
Passport and Visa protocols and usability. A very promising
enhancement is the limited-used key theory to be employed
[11-13]. The main idea behind this theory is that one-time use
of symmetric cryptographic key will significantly improve the
security of the cryptographic system. Since every message in
dynamic keys system is encrypted with a different key, even if
the attacker finds out the key for one message, it still cannot
decrypt the whole message as s/he needs to have the other
encryption keys.
ACKNOWLEDGMENT
Grateful acknowledgement for proofreading and correcting
the English edition go to Noriaki Sato (Australia).
REFERENCES
[1] GSM Association. 20 Facts for 20 Years of Mobile Communications.
Date Accessed: 20/8/2009 ,http://www.gsmtwenty.com/20facts.pdf .
[2] E. Gustafsson and A. Jonsson, "Always best connected," IEEE Wireless
Communications, vol. 10, pp. 49-55, 2003.
[3] S. Tuladhar, et al., "Inter-Domain Authentication for Seamless Roaming
in Heterogeneous Wireless Networks," 2008, pp. 249-255.
[4] Y. Lei, et al., "Mobile services access and payment through reusable
tickets," Computer Communications, 2008.
[5] I. Akyildiz, et al., "A ubiquitous mobile communication architecture for
next-generation heterogeneous wireless systems," IEEE
Communications Magazine, vol. 43, pp. S29-S36, 2005.
[6] M. O'Droma and I. Ganchev, "Toward a ubiquitous consumer wireless
world," IEEE Wireless Communications, vol. 14, pp. 52-63, 2007.
[7] M. Shi, et al., "A Service-Agent-Based Roaming Architecture for
WLAN/Cellular Integrated Networks," IEEE Transactions on Vehicular
Technology, vol. 56, pp. 3168-3181, 2007.
[8] Y. Matsunaga, et al., "Secure authentication system for public WLAN
roaming," 2003, pp. 113-121.
[9] M. Shin, et al., "The Design of Efficient Internetwork Authentication for
Ubiquitous Wireless Communications," Network, vol. 3, p. 1, 2004.
[10] A. Almuhaideb, et al., "Flexible Authentication Technique for
Ubiquitous Wireless Communication using Passport and Visa Tokens,"
Journal of Telecommunications, vol. 1, pp. 1-10, March 2010.
[11] A. Rubin and R. Wright, "Off-line generation of limited-use credit card
numbers," Lecture Notes in Computer Science, vol. 2339, pp. 196-209,
2001.
[12] S. Kungpisdan, et al., "A limited-used key generation scheme for
internet transactions," Lecture Notes in Computer Science, vol. 3325, pp.
302-316, 2005.
[13] X. Wu, et al., "Dynamic Keys Based Sensitive Information System," in
The 9th International Conference for Young Computer Scientists (ICYCS
2008), Zhang Jia Jie, Hunan, China, 2008, pp. 1895-1901.

148