Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrated Congnitive Management System-Hostapd 2014 YU-ANTL Seminal Hyun dong Hwang Advanced Networking Technology Lab. (YU-ANTL) Dept. of Information.

Similar presentations


Presentation on theme: "Integrated Congnitive Management System-Hostapd 2014 YU-ANTL Seminal Hyun dong Hwang Advanced Networking Technology Lab. (YU-ANTL) Dept. of Information."— Presentation transcript:

1 Integrated Congnitive Management System-Hostapd 2014 YU-ANTL Seminal Hyun dong Hwang Advanced Networking Technology Lab. (YU-ANTL) Dept. of Information & Comm. Eng, Graduate School, Yeungnam University, KOREA (Tel : ; Fax :

2 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 2 Outline  Integrated Cognitive Management System  Hostapd & Wpa_Supplicant  r Fast transition  Current procedure  Hostapd configuration  Reference

3 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 3 Integrated Cognitive Management System  Integrated Cognitive Management System Topology

4 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 4 Hostapd & Wpa_Supplicant  Hostapd hostapd is a user space daemon for access point and authentication servers. It implements IEEE access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. The current version supports Linux (Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211). hostapd is designed to be a "daemon" program that runs in the background and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text- based frontend, hostapd_cli, is included with hostapd.

5 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 5 Hostapd & Wpa_Supplicant  Hostapd features WPA-PSK (WIFI protected Access) WPA with EAP (with integrated EAP server or an external RADIUS backend authentication server) ("WPA-Enterprise") key management for CCMP, TKIP, WEP104, WEP40 WPA and full IEEE i/RSN/WPA2 RSN: PMKSA caching, pre-authentication IEEE r IEEE w RADIUS accounting RADIUS authentication server with EAP Wi-Fi Protected Setup (WPS)

6 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 6 Hostapd & Wpa_Supplicant  Wpa_supplicant wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE authentication/association of the wlan driver. wpa_supplicant is designed to be a "daemon" program that runs in the background and acts as the backend component controlling the wireless connection. wpa_supplicant supports separate frontend programs and a text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with wpa_supplicant.

7 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 7 Hostapd & Wpa_Supplicant  Wpa_supplicant features WPA-PSK ("WPA-Personal") WPA with EAP (e.g., with RADIUS authentication server) ("WPA- Enterprise") key management for CCMP, TKIP, WEP104, WEP40 WPA and full IEEE i/RSN/WPA2 RSN: PMKSA caching, pre-authentication IEEE r IEEE w Wi-Fi Protected Setup (WPS)

8 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 8 Current procedure  Current Problem If do not using Bridge port, Wpa_cli command ft_ds(run the Fast BSS Transition) is not transport to target AP If using Bridge port, network DNS server not working

9 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang r Fast transition  Key Hierarchy

10 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang r Fast transition  r Action Frame

11 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang r Fast trasition  r FT Request Frame

12 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang r Fast trasition  r FT Respone Frame

13 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang r Fast transition  FT Confirm frame

14 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang r Fast transition  FT ACK frame

15 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 15 Over-the-DS FT Protocol authentication in an RSN

16 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 16 Over-the-DS FT Protocol authentication in an RSN

17 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 17 Current procedure  Test Topology STA1 : WPA_Supplicant STA2 : WPA_Supplicant AP1 : Hostapd AP2 : Hostapd Bridge port Ethernet STA Wpa_ supplicant Wpa_cli AP Hostapd _cli

18 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 18 Current topology  Network dirver : ath9k(NL80211) Ethernet bridge Ubuntu LTS Kernel : generic Hostapd 2.0 LAN CARD : TP-LINK TL WDN4800 Ubuntu LTS Kernel : generic Hostapd 2.0 LAN CARD : TP-LINK TL WDN4800 Ubuntu LTS Kernel : generic Wpa_supplicant 2.0 LAN CARD : TP-LINK TL WDN4800

19 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 19 Hostapd 2.0  Ubuntu 일때 필수 설치 라이브러리 libnl-1, libnl-2, libnl-1-dev, libnl-2-dev, bridge-utils, iw, openssl(libssl-dev) Compat wireless module(for ath9k driver) 은 더 이상 지원 안함  Ubuntu 일때는 Compat wireless module 을 이용한 ath9k 설치가 필요 하지만 Hostapd 2.0 의 openssl 1.0.1f 를 지원하지 안 고 드라이버에 인증서가 설치가 안됨.  Hostapd 2.0 이상의 버전에서는 openssl 1.01f 이상의 버전 지원 이 필수  Iptable 을 통한 포트 포워딩  dhcp3-server 를 설치하여 동적 네트워크 IP 를 할당 및 후에 RSN 구성

20 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 20 Hostapd configuration  /etc/network/interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address netmask gateway auto wlan0 iface wlan0 inet static address netmask No Bridge auto lo iface lo inet loopback auto eth0 iface eth0 inet static auto br0 iface br0 inet static address netmask gateway bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off auto wlan0 iface wlan0 inet static address netmask Using Bridge

21 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 21 Hostapd configuration  /etc/dhcp/dhcpd.conf : DHCP server 설정 ddns-update-style none; ignore client-updates; authoritative; option local-wpad code 252 = text; subnet netmask { range ; option domain-name-servers , ; option routers ; }

22 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 22 Hostapd configuration  /etc/default/isc-dhcp-server : DHCP server init script # Defaults for dhcp initscript # sourced by /etc/init.d/dhcp # installed at /etc/default/isc-dhcp-server by the maintainer scripts # # This is a POSIX shell fragment # # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACES="wlan0"

23 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 23 Hostapd configuration  실행 Script 파일 ifconfig wlan0 up netmask sleep 2 if [ "$(ps -e | grep dhcpd)" == "" ]; then dhcpd wlan0 & fi ######### #Enable NAT iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUER ADE iptables --append FORWARD --in-interface wlan0 -j ACCEPT sysctl -w net.ipv4.ip_forward=1./hostapd -dd./hostapd.conf killall dhcpd

24 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 24 Hostapd configuration  Hostapd.conf interface=wlan0 driver=nl80211 #bridge=br0 ctrl_interface=/var/run/hostapd ctrl_interface=0 hw_mode=g channel=5 auth_algs=1 ieee80211n=1 ssid=yuantl wpa=2 wpa_key_mgmt=FT-PSK wpa_pairwise=CCMP TKIP rsn_pairwise=CCMP TKIP wpa_passphrase= wpa_group_rekey=3600 #iapp_interface=eth0 own_ip_addr= rsn_preauth=1 rsn_preauth_interfaces=eth0 okc=1 nas_identifier=nas2.kir.nu mobility_domain=a1b2 r0_key_lifetime=10000 r1_key_holder= reassociation_deadline=1000 pmk_r1_push=1 r0kh=64:66:b3:0b:c0:94 nas.kir.nu a0b0c0d0e0f r0kh=64:70:02:07:ad:c4 nas2.kir.nu 0f0e0d0c0b0a r1kh=64:66:b3:0b:c0:94 00:01:02:03:04:05 0f0e0d0c0b0a r1kh=64:70:02:07:ad:c4 00:01:02:03:04: a0b0c0d0e0f

25 Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 25 Reference [1] 김진욱, 김영탁, “IEEE 환경에서 Network Initiated Roaming 기반의 로드밸런싱을 이용한 인지형 무선 LAN 관리 시스 템 ”, JCCI, [2] IEEE Standard , “Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specification,” June [3] Devin Akin, David Coleman, “Robust Security Network(RSN) Fast BSS Transition(FT)” white paper, Setember 2008 [4] [5]


Download ppt "Integrated Congnitive Management System-Hostapd 2014 YU-ANTL Seminal Hyun dong Hwang Advanced Networking Technology Lab. (YU-ANTL) Dept. of Information."

Similar presentations


Ads by Google