Trustworthy Accounting for Wireless LAN Sharing Communities Elias C. Efstathiou and George C. Polyzos Department of Computer Science Athens University of Economics and Business Athens 104 34, Greece {efstath, polyzos}@aueb.gr Abstract. The Peer-to-Peer Wireless Network Confederation (P2PWNC) is de- signed to be an open self-organizing Wireless LAN (WLAN) roaming associa- tion where users from one WLAN can access all other WLANs belonging to the same P2PWNC. Unlike other WLAN roaming schemes, P2PWNC is open to all types of WLANs and particularly to residential networks owned by individual householders. Without an identity certifying authority, trustworthy accounting of transactions in the P2PWNC is challenging, but accounting is necessary in order to enforce the basic P2PWNC ‘rule of reciprocity’. We show that even though the P2PWNC accounting mechanism and its purpose-built Public Key Infrastructure are open to Sybil attacks, there exists a user authentication algo- rithm that excludes all free riders and that can also make the percentage of un- fair exclusions it causes very small simply by using more system memory. Keywords. self-organized security, WLAN roaming, Sybil attack, peer-to-peer 1 Introduction 1.1 Wireless LAN Roaming Today Wireless LAN (WLAN) technology based on the IEEE 802.11 family of standards is a success. Newer laptops and PDAs are commonly WLAN-enabled and 802.11 radios are also becoming part of consumer electronics devices such as digital cameras, MP3 players, and cellular phones [1]. Nevertheless, the economic value of these devices is greatly reduced because WLAN coverage is still not ubiquitous. This is unfortunate because it is relatively easy to set up a WLAN ‘hotspot’, i.e., an area where wireless Internet connectivity is provided: one only requires a WLAN access point / router and a broadband Internet connection, both of which are extremely small investments nowadays. However, the lack of universal roaming standards has resulted in a frag- mented market of commercial public WLAN operators. Without roaming support, op- erators can provide only limited coverage, which makes it difficult to attract new cus- tomers and to fund additional investments in infrastructure. On the non-commercial