Towards a zero configuration authentication scheme for 802.11 based networks

Compared to many 802.11 based networks, GSM has an significant advantage. In contrast to 802.11, GSM provides a standardized authentication scheme, which requires no configuration on the end userpsilas side, but still allows international roaming. GSM does this by using a trusted module within each client: a subscriber identification module.In contrast to the comparable heavy GSM standard, the early 802.11 standards focused on data transmission within small local area networks, therefore omitting a secure and simple to use authentication mechanism. This caused several different and partly incompatible authentication schemes to evolve, ranging from simple password based login pages to certificate based mutual authentication protocols. While these protocols can provide state of the art secure authentication they are, from a user´s point of view, almost unacceptable complex, especially if used in an ad-hoc manner outside an corporate environment. Trusted platform modules, as part of any modern computer, can reduce the user´s overhead to establish a secure 802.11 based connection dramatically by providing secure, potentially anonymous identities. As shown in this paper this approach can be further extended by using an modified TLS handshake, allowing an automated, on-the-fly retrieval of required credentials. Together with the trusted platform modules, this extension can provide a full fledged zero configuration authentication for 802.11 networks.