CapAuth: A Capability-based Handover Scheme

Liang Cai, Sridhar Machiraju, and Hao Chen

Existing handover schemes in wireless LANs, 3G/4G networks, and
femtocells rely upon protocols involving centralized authentication
servers and one or more access points.These protocols are invariably
complex and use extensive signaling on the wireless backhaul since
they aim to be be efficient (minimal handover latency) without
sacrificing robustness. However, the mobile user has little
involvement especially with the so-called context transfer stage; this
stage involves the transfer of necessary state to the new access point
as well as the enforcement of security goals such as user
authentication and single point of access.  We propose the
incorporation of user capabilities, network-asserted proofs of user
identity and access control, as a general mechanism to simplify the
context transfer stage. To this end, we have designed CapAuth, a
capability-based scheme that has reduced complexity, low overhead,
high level of fault tolerance and is general enough to implement a
range of security policies.