OpenRoaming : Evaluation of the potential of e-ID as an Identity Provider in the OpenRoaming federation and implementation of a prototype

Abstract

In an era of growing need for network connectivity, the traditional public Wi-Fi infrastructures face major limitation as they are either insecure or inconvenient if they require manual logins. To address these security and accessibility challenges, many Wi-Fi networks are now integrating with Identity Providers (IDP) and Access Network Providers (ANP). The IDP securely manages user identities and credentials, enabling more reliable and secure Wi-Fi access using user authentication, while the ANP manages network resources. OpenRoaming is a federation that enables easy Wi-Fi access across IDPs and ANPs. The goal of this project is to evaluate how e-ID, the Belgian electronic identity card, can become an IDP in the OpenRoaming federation so that citizens can get seamless and secure Wi-Fi access using their e-ID credentials. This integration enables citizens who authenticate with their e-ID credentials via a mobile application to gain secure Wi-Fi access in government buildings and private venues without any manual configuration or interaction with their phone’s Wi-Fi settings. The project consists of three phases: (1) a theoretical study of OpenRoaming, e-ID, and related technologies, (2) the evaluation of potential approaches to integrate e-ID as an IDP, and finally (3) the development of a prototype. The components involved in this prototype include (a) a mobile application for the user to authenticate with e-ID, (b) an access point for managing Wi-Fi connections and forwarding authentication requests from the users, (c) a AAA server that includes an EAP/RADIUS server to communicate with the access point and a back-end server that will communicate with the IDP, and finally, (d) the IDP. The final prototype demonstrates a secure and user-friendly system in which an Android device, after successfully being authenticated via the mobile application, seamlessly connects to previously unknown Wi-Fi networks in a safe environment. This is achieved through a robust configuration involving WPA2 Enterprise, EAP-TTLS with PAP over a RADSEC tunnel, OpenID Connect, and the use of certificates across all components. This project successfully highlights how e-ID can become a reliable IDP in the OpenRoaming federation, addressing modern connectivity challenges while ensuring a secure user experience.