2026-03-16T12:36:51Z
https://ipsj.ixsq.nii.ac.jp/oai
oai:ipsj.ixsq.nii.ac.jp:02002163
2025-05-14T02:04:34Z
1164:6390:11883:1747187263263
Secure Sharing of User Information via RADIUS in Inter-Regional Public WLAN Roaming
Secure Sharing of User Information via RADIUS in Inter-Regional Public WLAN Roaming
Yasuo,Okabe
Takenori,Hirose
Ayaka,Kurosawa
Eisaku,Sakane
Hideaki,Goto
Yasuo Okabe
Takenori Hirose
Ayaka Kurosawa
Eisaku Sakane
Hideaki Goto
In RADIUS-based public Wi-Fi roaming services such as eduroam and OpenRoaming, users are identified using a temporary pseudonym called CUI (Chargeable User Identity) issued by the IdP. Neither the IdP nor the ANP (Access Network Provider) can independently determine “who is where”, which structurally ensures location privacy. However, due to this structure, even when users consent, providing location-aware services while identifying the user remains challenging. In this study, we propose a new architecture that separates the IdP, ANP, and LB (Location Broker) into three distinct entities. The IdP generates a CUI by combining the real ID and a pseudo ID but does not know the location. The ANP holds the location and CUI but does not know the real ID nor the pseudo ID. Only the neutral LB combines the pseudo ID and location information for sessions with explicit user consent and securely supplies it to LSPs (Location-aware Service Providers). By strictly limiting the entity responsible for binding real IDs and location information, this architecture demonstrates the ability to maintain location privacy while providing location-aware services resistant to location spoofing. We will also discuss business use cases for inter-regional collaboration utilizing this architecture, such as its application to tourism promotion and its use in evacuation shelters during disasters.
In RADIUS-based public Wi-Fi roaming services such as eduroam and OpenRoaming, users are identified using a temporary pseudonym called CUI (Chargeable User Identity) issued by the IdP. Neither the IdP nor the ANP (Access Network Provider) can independently determine “who is where”, which structurally ensures location privacy. However, due to this structure, even when users consent, providing location-aware services while identifying the user remains challenging. In this study, we propose a new architecture that separates the IdP, ANP, and LB (Location Broker) into three distinct entities. The IdP generates a CUI by combining the real ID and a pseudo ID but does not know the location. The ANP holds the location and CUI but does not know the real ID nor the pseudo ID. Only the neutral LB combines the pseudo ID and location information for sessions with explicit user consent and securely supplies it to LSPs (Location-aware Service Providers). By strictly limiting the entity responsible for binding real IDs and location information, this architecture demonstrates the ability to maintain location privacy while providing location-aware services resistant to location spoofing. We will also discuss business use cases for inter-regional collaboration utilizing this architecture, such as its application to tourism promotion and its use in evacuation shelters during disasters.
情報処理学会
2025-05-22
eng
technical report
https://ipsj.ixsq.nii.ac.jp/records/2002163
2188-8604
AA12628327
研究報告コンシューマ・デバイス&システム(CDS)
2025-CDS-43
2
1
6
https://ipsj.ixsq.nii.ac.jp/record/2002163/files/IPSJ-CDS25043002.pdf
application/pdf
691.7 KB
2027-05-22