Secure Fast Handover in an Open Broadband Access Network using Kerberos-style Tickets

  • Martin Gilje Jaatun
  • Inger Anne Tøndel
  • Frédéric Paint
  • Tor Hjalmar Johannessen
  • John Charles Francis
  • Claire Duranton
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 201)


In an Open Broadband Access Network consisting of multiple Internet Service Providers, delay due to multi-hop processing of authentication credentials is a major obstacle to fast handover between access points, effectively preventing delay-sensitive interactive applications such as Voice over IP. By exploiting existing trust relationships between service providers and access points, it is possible to pre-authenticate a mobile terminal to an access point, creating a Kerberos-style ticket that can be evaluated locally. The terminal can thus perform a handover and be authenticated to the new access point, without incurring communication and processing delays by involving other servers.


Access Point Shared Secret Authentication Protocol Extensible Authentication Protocol Fast Handover 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    OBAN Consortium. [Online]. Available: Scholar
  2. 2.
    J. F. Huber, D. Weiler, and H. Brand, “UMTS, the mobile multimedia vision for IMT 2000: a focus on standardization,” IEEE Communications Magazine, vol. 38, no. 9, pp. 129–136, 2000.CrossRefGoogle Scholar
  3. 3.
    IEEE Standard for Local and metropolitan area networks Part 16: Air Interface for Fixed Broadband Wireless Access Systems, IEEE Std. 802.16-2004, 2004.Google Scholar
  4. 4.
    F. Steuer, M. Elkotob, S. Albayrak, H. Bryhni, and T. Lunde, “Seamless Mobility over Broadband Wireless Networks,” in Proceedings of 14th 1ST Mobile & Wireless Communications Summit, 2005.Google Scholar
  5. 5.
    E. Edvardsen, T. G. Eskedal, and A. Årnes, “Open Access Networks,” in INTERWORKING, ser. IFIP Conference Proceedings, C. McDonald, Ed., vol. 247. Kluwer, 2002, pp. 91–107.Google Scholar
  6. 6.
    M. G. Jaatun, I. A. Tøndel, M. B. Dahl, and T. J. Wilke, “A Security Architecture for an Open Broadband Access Network,” in Proceedings of the 10th Nordic Workshop on Secure IT Systems (Nordsec), 2005.Google Scholar
  7. 7.
    C. Rigney, S. Willens, A. Rubens, and W. Simpson, “Remote Authentication Dial In User Service (RADIUS),” RFC 2865, June 2000.Google Scholar
  8. 8.
    J. F. Kurose and K. W. Ross, Computer Networking-A Top-Down Approach Featuring the Internet. Addison-Wesley, 2001.Google Scholar
  9. 9.
    Port-Based Network Access Control, IEEE Std. 802.1X-2001, 2001.Google Scholar
  10. 10.
    C. Neuman, T. Yu, S. Hartman, and K. Raeburn, “The Kerberos Network Authentication Service (V5),” RFC 4120, July 2005.Google Scholar
  11. 11.
    T. Aura and M. Roe, “Reducing Reauthentication Delay in Wireless Networks,” in Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm), 2005.Google Scholar
  12. 12.
    H. Haverinen and J. Salowey, “Extensible Authentication Protocol Method for Global System for Mobile Subscriber Identity Modules (EAP-SIM),” RFC 4186, January 2006.Google Scholar
  13. 13.
    D. Stanley, J. R. Walker, and B. Aboba, “Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs,” RFC 4017, March 2005.Google Scholar
  14. 14.
    H. Chaskar, D. Funato, M. Liebsch, E. Shim, and A. Singh, “Candidate Access Router Discovery (CARD),” RFC 4066, July 2005.Google Scholar
  15. 15.
    W. Stallings, Cryptography and Network Security-Principles and Practices. Prentice Hall, 2003.Google Scholar
  16. 16.
    B. Aboba, L. J. Blunk, J. R. Vollbrecht, J. Carlson, and H. Levkowetz, “Extensible authentication protocol (EAP),” RFC 3748, June 2004.Google Scholar
  17. 17.
    B. Aboba and P. R. Calhoun, “RADIUS (Remote Authentication Dial In User Service) support for Extensible Authentication Protocol (EAP),” RFC 2865, June 2000.Google Scholar
  18. 18.
    C. E. Perkins, “Mobile IP,” IEEE Communications Magazine, vol. 40, no. 5, pp. 66–82, 2002.CrossRefGoogle Scholar

Copyright information

© International Federation for Information Processing 2006

Authors and Affiliations

  • Martin Gilje Jaatun
    • 1
  • Inger Anne Tøndel
    • 1
  • Frédéric Paint
    • 2
  • Tor Hjalmar Johannessen
    • 2
  • John Charles Francis
    • 3
  • Claire Duranton
    • 4
  1. 1.SINTEF ICTTrondheimNorway
  2. 2.Telenor R&DFornebuNorway
  3. 3.Swisscom InnovationsBernSwitzerland
  4. 4.France Telecom R&DIssy-les-MoulineauxFrance

Personalised recommendations