Presentation is loading. Please wait.

Presentation is loading. Please wait.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Published byJennifer Jacobs Modified over 9 years ago

Similar presentations

Presentation on theme: "Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio."— Presentation transcript:

1 Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio

2 EUNIS05, Manchester 2 Content History What is eduroam? How does eduroam work? How to join eduroam? Eduroam now Future Conclusions

3 Licia Florio EUNIS05, Manchester 3 History TERENA Task Force on Mobility aimed to define an inter-NREN roaming infrastructure Requirements –Provide guests access to visited network –Restrict access to valid users –Easy to install –Based on open standards –Scalable Then the exploration started…

4 Licia Florio EUNIS05, Manchester 4 Available solutions Open access: easy, scalable, but..unsafe MAC-address: easy, not scalable and not safe WEP: easy, not scalable, not safe Used by the NRENs Web-based redirection: scalable, not safe VPN: not scalable, safe 802.1X: scalable, safe

5 Licia Florio EUNIS05, Manchester 5 802.1X security 802.1X is IEEE standard for wired and wireless authentication Different authentication mechanisms are possible through the use of EAP Credentials are protected (encrypted) by using tunneled authentication (PEAP or EAP-TTLS) or client certificates (EAP-TLS) Mutual authentication between client and server is possible Basis for new security standards WPA and WPA2/802.11i

6 Licia Florio EUNIS05, Manchester 6 What is eduroam? Eduroam = education roaming June 2003 first trail (with SURFnet, CARNET, UKERNA) eduroam is a roaming infrastructure based on –802.1X (secure technology) –RADIUS (infrastructure to transport credentials) –Trust fabric (RADIUS hierarchy and policy)

7 Licia Florio EUNIS05, Manchester 7 How eduroam works Eduroam - 802.1X RADIUS server University B RADIUS server University A SURFnet Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant Guest piet@university_b.nl Student VLAN Commercial VLAN Employee VLAN data signaling Trust based on RADIUS plus policy documents Security based on 802.1X (VLAN assigment) © SURFnet

8 Licia Florio EUNIS05, Manchester 8 Mutual authentication (TTLS/PEAP) Server certificate used to set-up a secure (SSL/TLS) tunnel between the client and the server Users’ credentials travel from the users to the server through this tunnel where they are verified Man-in-the-middle attack is prevented by using SSL/TLS © Alfa&Ariss

9 Licia Florio EUNIS05, Manchester 9 Eduroam now 350 institutions connected in Europe and Australia, US about to join National sites available

10 Licia Florio EUNIS05, Manchester 10 How to join eduroam Set up 802.1X authentication at your campus including a RADIUS server that –Authenticates your own users’ requests –Proxies guest users’ requests to your national server Connect it to the national RADIUS server managed by your NREN

11 Licia Florio EUNIS05, Manchester 11 Eduroam in the future GN2- JRA5 will integrate eduroam into the AAI infrastructure that they will deliver Evaluate integration of new technologies like DIAMETER, DNSsec etc. Improving the policy framework Creating monitoring framework Standardising on SSID’s, encryption etc.

12 Licia Florio EUNIS05, Manchester 12 Conclusions Eduroam provides a secure and scalable way to allow for roaming Innovations are expected in the future, but it really works today Joining is simple once you have established your local infrastructure based on 802.1X

13 Licia Florio EUNIS05, Manchester 13 Links EduRoam in Europe –http://www.eduroam.org TERENA TF-Mobility –http://www.terena.nl/mobilityhttp://www.terena.nl/mobility Géant2 Joint Research Activity 5 (authorisation and roaming) –http://www.geant2.net/ (click on research)http://www.geant2.net/

Download ppt "Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio."

Similar presentations

Authentication.

Authentication.
Joining eduroam Wireless Roaming for Education and Research.

Joining eduroam Wireless Roaming for Education and Research.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Network Security.

Network Security.
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.

Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.
BYOD Security Maintaining a Secure Infrastructure Friday 15 th March 2013.

BYOD Security Maintaining a Secure Infrastructure Friday 15 th March 2013.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
Why eduroam sucks, and how to fix it.

Why eduroam sucks, and how to fix it.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Information Security Workshop on Wireless Belgrade - 12.09.2011 Wenche Backman-Kamila.

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Information Security Workshop on Wireless Belgrade Wenche Backman-Kamila.
Www.ja.net/roaming Copyright JNT Association 2006 The JANET Roaming Service.

Copyright JNT Association 2006 The JANET Roaming Service.
EduRoam ESA workshop 17 December 2004 Utrecht.

EduRoam ESA workshop 17 December 2004 Utrecht.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
Network Access and 802.1X Klaas Wierenga SURFnet

Network Access and 802.1X Klaas Wierenga SURFnet
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005

High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005

Similar presentations

Ads by Google