The document below is included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright.
Carlos Ribeiro
CIIST/IST/INESC ID Lisboa
With the growing deployment of WLAN hot-spots there is a real need of a large-scale, easy-to-use authentication policy for enabling hot-spot providers to allow access to the Internet to authorized users. This paper presents an authentication schema based on asymmetric cryptography and public key certification. These mechanisms are used to establish IPSec tunnels between WLAN supplicants and gateways, providing both mutual authentication and secure communication in the WLAN link. The main novelty of the authentication policy is that we associate the authentication of users to the authentication of IPSec peers and we use highly flexible certification hierarchies to validate certificates. The management of user's certificates is also simplified, not requiring full-featured PKIs or complex management policies, such as distribution and checking of CRLs.