ABSTRACT
Roaming is based on a major operation, called pre-registration procedure, during which a user establishes a special (including commercial) relationship with a unique wireless access network provider, called the home network (HN) of the mobile user, as explained in the previous chapters. During pre-registration, pre-shared credentials are established at the home network and the user’s mobile device or station
(MS) to allow the HN and the MS user to authenticate each other (or, for some networks, to authenticate the user to the HN only) when the pre-registered MS requests an access to a communication service offered by the HN. Typically, the mutual authentication between MS and HN requires an interaction with the user based on the provision of a username/password combination. Additionally, the credentials are managed at a Security Center (denoted by SCHN, or more simply SC) in the home network. The most largely used credential types in wireless access networks belong to three classes:
1. A secret key, which is a long-term secret key shared between the MS and the SC. As stated in Chapter 5, the GSM network utilizes this type of credentials;
2. A public-key certificate. With this type of credentials, both the MS and the HN are assumed to own a pair of public and secret keys. They both must own a public key certificate binding them to their public keys that they should store for verification needs; and
3. A public-key certificate mixed with a username/password. With this type of credentials, the HN has a public/secret-key pair and a certificate signed by a trusted certificate authority CA. The HN generates a username and password for the pre-registered user and keeps secret this pair in the SC. The MS stores the public-key certificate corresponding to CA that has signed the HN’s certificate.
