An Authentication Protocol for Mobile Users

Mobile networks need additionnal security functions in contrast to traditional xed-topology static-user networks. In fact, a new problem involving mobility is that users are able to access the network at multiple points which can be separated by signiicant geographic distances and many diierent administrative boundaries. As these access points are not necessarily under the control of a single administrative authority, a new set of inter-domain mechanisms is needed in order to allow users to perform security operations in visited domains, providing they obtain an agreement from their home domain. Even if this requirement is obvious, the corresponding solutions should however take into account a somewhat contradictory security constraint that calls for strict partitioning of security domains in order to avoid sharing domain-speciic security information among several domains. In this paper, we suggest a generic solution for the authentication of users in visited domains that maintains the domain separation property. The advantage of the protocols described herein is they may be adapted to both wireless networks and traditional wireline networks supporting mobility.