Recently, ubiquitous Internet-access services have been provided by Internet service providers (ISPs) by deploying wireless local area networks (LANs) in public spaces including stations, hotels, and coffee shops. The IEEE802.1X protocol is usually used for user authentications to allow only authorized users to access services. Then, although user personal information of access locations, services, and operations can be easily collected by ISPs and thus, their strict management has been demanded, it becomes very difficult when multiple ISPs provide roaming services by their corporations. In this paper, we present an anonymous IEEE802.1X authentication system using a group signature scheme to allow user authentication without revealing their identities. Without user identities, ISPs cannot collect personal information. As an efficient revocable group signature scheme, we adopt the verifier-local revocation (VLR) type with some modifications for use of the fast pairing computation. We show the implementation of our proposal and evaluation results where the practicality of our system is confirmed for up to 1, 000 revoked users.
2010 by the Information Processing Society of Japan