Abstract
OpenRoaming allows a Wi-Fi device to automatically and securely connect/roam to any Wi-Fi access point that is supported by OpenRoaming Federation. OpenRoaming being adopted by emerging technologies such as Wi-Fi6, Wi-Fi7, 5G, etc., which in-turn provides automatic and seamless roaming across these technologies. Now OpenRoaming standard is the part of Wireless Broadband Alliance (WBA), and it is the foundation for "One Global Wi-Fi Network". OpenRoaming defines certificate based (i.e., PKI based) policy/access to the AAA server. Also, WBA defines RADSec i.e., Radius over TLS, which is also a PKI based method to provide authentication and encryption between access server (also called Network Access Server, NAS) and radius server. As OpenRoaming and RADSec operations are based on PKI methods, they are vulnerable to cryptanalysis attacks by quantum computing using Shor's or Grover's algorithms. The techniques presented herein propose method to establish quantum resistant RADSec session between Radius Server and Client, by extending the Radius protocol to allow Radius Server to distribute post-quantum identifier to the Radius Client. Subsequently, Radius Server and Radius Client will use the negotiated PQPSK ID to get the same post-quantum pre-shared key from Quantum Key Source, which will be used to derive TLS keys for encryption/decryption of the traffic between Radius Server and Client.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
M M, NIRANJAN, "QUANTUM RESISTANT RADSEC FOR OPENROAMING AND WIRELESS BROADBAND APPLIANCE OPERATIONS", Technical Disclosure Commons, (March 23, 2022)
https://www.tdcommons.org/dpubs_series/4992