Presentation is loading. Please wait.

Presentation is loading. Please wait.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Similar presentations

Presentation on theme: "Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio."— Presentation transcript:

1 Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio

2 EUNIS05, Manchester 2 Content History What is eduroam? How does eduroam work? How to join eduroam? Eduroam now Future Conclusions

3 Licia Florio EUNIS05, Manchester 3 History TERENA Task Force on Mobility aimed to define an inter-NREN roaming infrastructure Requirements –Provide guests access to visited network –Restrict access to valid users –Easy to install –Based on open standards –Scalable Then the exploration started…

4 Licia Florio EUNIS05, Manchester 4 Available solutions Open access: easy, scalable, but..unsafe MAC-address: easy, not scalable and not safe WEP: easy, not scalable, not safe Used by the NRENs Web-based redirection: scalable, not safe VPN: not scalable, safe 802.1X: scalable, safe

5 Licia Florio EUNIS05, Manchester 5 802.1X security 802.1X is IEEE standard for wired and wireless authentication Different authentication mechanisms are possible through the use of EAP Credentials are protected (encrypted) by using tunneled authentication (PEAP or EAP-TTLS) or client certificates (EAP-TLS) Mutual authentication between client and server is possible Basis for new security standards WPA and WPA2/802.11i

6 Licia Florio EUNIS05, Manchester 6 What is eduroam? Eduroam = education roaming June 2003 first trail (with SURFnet, CARNET, UKERNA) eduroam is a roaming infrastructure based on –802.1X (secure technology) –RADIUS (infrastructure to transport credentials) –Trust fabric (RADIUS hierarchy and policy)

7 Licia Florio EUNIS05, Manchester 7 How eduroam works Eduroam - 802.1X RADIUS server University B RADIUS server University A SURFnet Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant Guest Student VLAN Commercial VLAN Employee VLAN data signaling Trust based on RADIUS plus policy documents Security based on 802.1X (VLAN assigment) © SURFnet

8 Licia Florio EUNIS05, Manchester 8 Mutual authentication (TTLS/PEAP) Server certificate used to set-up a secure (SSL/TLS) tunnel between the client and the server Users’ credentials travel from the users to the server through this tunnel where they are verified Man-in-the-middle attack is prevented by using SSL/TLS © Alfa&Ariss

9 Licia Florio EUNIS05, Manchester 9 Eduroam now 350 institutions connected in Europe and Australia, US about to join National sites available

10 Licia Florio EUNIS05, Manchester 10 How to join eduroam Set up 802.1X authentication at your campus including a RADIUS server that –Authenticates your own users’ requests –Proxies guest users’ requests to your national server Connect it to the national RADIUS server managed by your NREN

11 Licia Florio EUNIS05, Manchester 11 Eduroam in the future GN2- JRA5 will integrate eduroam into the AAI infrastructure that they will deliver Evaluate integration of new technologies like DIAMETER, DNSsec etc. Improving the policy framework Creating monitoring framework Standardising on SSID’s, encryption etc.

12 Licia Florio EUNIS05, Manchester 12 Conclusions Eduroam provides a secure and scalable way to allow for roaming Innovations are expected in the future, but it really works today Joining is simple once you have established your local infrastructure based on 802.1X

13 Licia Florio EUNIS05, Manchester 13 Links EduRoam in Europe – TERENA TF-Mobility – Géant2 Joint Research Activity 5 (authorisation and roaming) – (click on research)

Download ppt "Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio."

Similar presentations

Ads by Google