Browse > Article
http://dx.doi.org/10.6109/jkiice.2016.20.9.1730

Design and Implementation of eduroam Authentication-Delegation System  

Lee, KyoungMin (Korea Institute of Science and Technology Information, KISTI)
Jo, Jinyong (Korea Institute of Science and Technology Information, KISTI)
Kong, JongUk (Korea Institute of Science and Technology Information, KISTI)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.20, no.9, 2016 , pp. 1730-1740 More about this Journal
Abstract
This paper introduces a guest identity provider system for eduroam which is a global Wi-Fi service targeting users enrolled in higher education and research institutions. Developed eduroam AND (AutheNtication Delegation) system enables users to create their eduroam user accounts and to access eduroam regardless of their locations. Users with no organizational eduroam account therefore can freely access eduroam using the system. A federated authentication model is implemented in the system, and thus the system has merits of having high accessibility, indirectly verifying users and organizations possible, saving management overhead. Status monitoring is essential because authentication request and response messages are routed by eduroam network. eduroam AND performs active monitoring to check service availability and visualizes the results, which increases operational and management efficiency. We leveraged open-source libraries to implement eduroam AND and run the system on KREONET (Korea REsearch Open NETwork). Lastly, we present implementation details and qualitively evaluate the system.
Keywords
eduroam; Federated Identity Management; SAML; User Authentication; Wi-Fi Access Service;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 The Shibboleth Project [Internet]. Available: http://shibboleth.internet2.edu/
2 SimpleSAMLphp official homepage [Internet]. Available: https://simplesamlphp.org
3 OASIS Std. sstc-saml-tech-overview-2.0-draft-08, Security assertion markup language (saml) v2.0 technical overview, OASIS, Burlington, M.A., 2005.
4 IETF RFC 6749, The OAuth 2.0 Authorization Framework, IETF, Fremont, C.A., 2012.
5 David Recordon and Drummond Reed, "OpenID 2.0: a platform for user-centric identity management," in Proceedings of the second ACM workshop on Digital identity management, New York: NY, pp. 11-16, 2006.
6 IETF RFC 6338, Definition of a Uniform Resource Name (URN) Namespace for the Schema for Academia (SCHAC), IETF, 2011.
7 IETF RFC 2798, Definition of inetOrgPerson LDAP Object Class, IETF, 2000.
8 T. Chad and R. Svetlana, "The security of cryptographic hashes," in Proceedings of the 49th Annual Southeast Regional Conference, Kennesaw: GA, pp. 103-108, 2011.
9 FreeRADIUS official homepage [Internet]. Available: http://freeradius.org/
10 IETF RFC 3748, Extensible authentication protocol (EAP), IETF, Fremont, C.A., 2004.
11 Linux WPA/WPA2/IEEE 802.1X Supplicant [Internet]. Available: http://w1.fi/wpa_supplicant/
12 pChart-a PHP class to build charts [Internet]. Available: http://pchart.sourceforge.net
13 KAFE [Internet]. Available: https://coreen.kreonet.net
14 D. W. Chadwick, "Federated Identity Management," in Foundations of security analysis and design V, New York, NY: Springer pub., part. 2, pp. 96-120, 2009.
15 F. Licia and K. Wierenga, "Eduroam, providing mobility for roaming users," in Proceedings of the EUNIS 2005 Conference, Manchester, UK, 2005.
16 IETF RFC 2865, Remote authentication dial in user service (RADIUS), IETF, Fremont, C.A., 2000.
17 W. A. Arbaugh, N. Shankar, and Y. J. Wan, "Your 802.11 Wireless Network has No Clothes," IEEE Wireless Communications, vol. 9, pp. 44-51, Dec. 2002.   DOI
18 G. Wang, J. Cho, and G. Cho, "Global Wireless LAN Roaming Status in Korea and Its Development Methods," Journal of the Institute of Electronics and Information Engineers, Vol. 25, No. 7, pp. 1239-1245, July 2015.
19 T. Niizuma and H. Goto, "Centralized Online Sign-up and Client Certificate Issuing System for eduroam," in Proceedings of IEEE 38th Annual International Computers Software and Applications Conference Workshops, Vasteras, Sweden, pp.174-179, July 2014.
20 EduShib VA (Virtual Appliance) [Internet]. Available: http://infohub.sifulan.my/display/EV/EduShib+VA+Home