In the near future, wireless local area networks (WLANs) will overlap to provide continuous coverage over a wide area. In such ubiquitous WLANs, a mobile node (MN) moving freely between multiple access points (APs) requires not only permanent access to the Internet but also continuous communication quality during handover. In order to satisfy these requirements, an MN needs to (1) select an AP with better performance and (2) execute a handover seamlessly. To satisfy requirement (2), we proposed a seamless handover method in a previous study. Moreover, in order to achieve (1), the Received Signal Strength Indicator (RSSI) is usually employed to measure wireless link quality in a WLAN system. However, in a real environment, especially if APs are densely situated, it is difficult to always select an AP with better performance based on only the RSSI. This is because the RSSI alone cannot detect the degradation of communication quality due to radio interference. Moreover, it is important that AP selection is completed only on an MN, because we can assume that, in ubiquitous WLANs, various organizations or operators will manage APs. Hence, we cannot modify the APs for AP selection. To overcome these difficulties, in the present paper, we propose and implement a proactive AP selection method considering wireless link condition based on the number of frame retransmissions in addition to the RSSI. In the evaluation, we show that the proposed AP selection method can appropriately select an AP with good wireless link quality, i.e., high RSSI and low radio interference.

In a large scale distributed environment or large open networks like WIDE Internet which is an academic and reserch network in Japan, the authentication system is the fundamental building block for providing security mechanisms. We have developed a trusted third-party authentication system called SPLICE|AS for the WIDE Interet. The authetication protocol adopted in SPLICE|AS is based on the public-key encryptosystem, originally proposed by Needham. We made several extensions to detct some sort of security attacks like replay attacks which were not considered in the original Needham's approach. Furthermore, the domain-based management scheme and protocol extensions are introduced to our system since management principals are scatterd across the WIDE Internet. The whole network is logically subdivided into several domains based on network management policies, and each domain is managed by a single authentication server. Then, the domain concept is applied in a hierarchical manner to provide the inter-domain access. An authentication server existing in an upper domain authorizes and controls inter-domain accesses between subdomains. This paper describes the design of SPLICE|AS, and its implementatins.