Visible to the public Concerns regarding service authorization by IP address using eduroam

Submitted by BrandonB on Tue, 05/05/2015 - 7:41am
TitleConcerns regarding service authorization by IP address using eduroam
Publication TypeConference Paper
Year of Publication2014
AuthorsTekeni, L., Thomson, K.-L., Botha, R.A.
Conference NameInformation Security for South Africa (ISSA), 2014
Date PublishedAug
Keywordsauthentication credentials, authorisation, Authorization, eduroam, firewall, firewalls, home credentials, home institution, home networks, IEEE Xplore, Internet, IP address, IP networks, IP-Based, legal agreements, proxy servers, secure Internet access, secure WLAN roaming service, Servers, service authorization, Service Level Agreement, visited institution, wireless LAN
Abstract

Eduroam is a secure WLAN roaming service between academic and research institutions around the globe. It allows users from participating institutions secure Internet access at any other participating visited institution using their home credentials. The authentication credentials are verified by the home institution, while authorization is done by the visited institution. The user receives an IP address in the range of the visited institution, and accesses the Internet through the firewall and proxy servers of the visited institution. However, access granted to services that authorize via an IP address of the visited institution may include access to services that are not allowed at the home institution, due to legal agreements. This paper looks at typical legal agreements with service providers and explores the risks and countermeasures that need to be considered when using eduroam.
DOI10.1109/ISSA.2014.6950495
Citation Key6950495
Groups: