Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 1 Selling network access Views from a business perspective Max Riegel Siemens.

Published byDaisy Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 1 Selling network access Views from a business perspective Max Riegel Siemens."— Presentation transcript:

1 doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 1 Selling network access Views from a business perspective Max Riegel Siemens

2 doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 2 Convention Center Airport Railway Station Campus Hotel Hospital Serving WLAN customers in public hot spots......often means selling network access in a competive environment.

3 doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 3 N Portal based access control also known as UAM auth IP Config (DHCP) Internet HLR AAA 3GPP MNO Access Controller Wireless Integration Platform AAA CRM Billing Portal Server auth html RADIUS client

4 doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 4 Portal based access control – not everybody’s darling! Portal based access control for public WLAN has been specified within the WiFi Alliance WISPr 1.0 Recommendation –Establish a common look-and-feel of the portal based access control. Portal based access control is currently used by all commercial public hotspots People in standardization depreciate the usage of UAM due to –No 2G/3G-like automatic network association –SIM support complicated –WLAN link unsecured weak mutual authentication, no over-the-air encryption, session hijacking –Browser redirect does not always work IEEE802.1X/EAP (Extensible Authentication Protocol) is seen as the best solution for public access. –has been adopted by IEEE802.11i

5 doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 5 IEEE802.11i adds EAP and data encryption into the WLAN access procedure Internet Association Access to service IP-Configuration (DHCP) Authorization EAP Identity Request EAP Identity Response EAP Request EAP Response EAP Success Access Request Access Challenge Access Request Access Accept Authentication Server Key Management Data Encryption Master-Key distribution Extensible Authentication Protocol IEEE802.11i

6 doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 6 Public WLAN access with 802.11i/EAP fixes the bugs but creates new issues 802.11i/EAP solves the issues for –2G/3G-like automatic network association w/ SIM –Secured WLAN connection... but creates new issues: Network Discovery and Selection Problem –details see: draft-ietf-eap-netsel-problem-00.txt –Access network discovery, identifier selection, AAA routing, payload routing; or: Discovery, Decision, and Selection User interaction and help in the case something goes wrong Support for more sophisticated business models, e.g. –Selection of different services during a particular session –Anonymous services, e.g. enrollment support... issues which are well supported by the UAM!

7 doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 7 Portal based access control is like a ‘Mall’ Open anonymous access Very attractive and flexible to the customer ‘Have fun, but it may take time’ Two approaches for selling (access) 802.11i/EAP is like a ‘Vending machine’ Put in the right coin, push the button and you are done. If something fails, you are lost. ‘Dont ask

8 doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 8 Combining EAP and UAM Both 802.11i/EAP as well as UAM are valuable approaches –802.11i/EAP for the experienced, repeating user –UAM for the ‘beginner’ and for exception cases Combining EAP & UAM is currently not possible. Why? Link establishment User authentication User security context IP-Configuration (DHCP) User authorization Access to service Establishment of communication channel Verification of user credentials No communication channel available prior to successful user authentication.

9 doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 9 Traditional 802.11i/EAP Link establishment User authentication User security context IP-Configuration (DHCP) User authorization Access to service Unified access scheme Link establishment User authentication Anonymous security context IP-Configuration (DHCP) Default authorization Access to service User authorization Negotiation o.k. An unified approach for network access control

10 doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 10 Conclusion UAM as well as EAP are valuable solutions for access control. ‘Secured’ UAM is currently not possible. An anonymous secured media-rich communication channel is needed before user authentication and authorization. There are several potential solutions for delayed authentication: –Enhanced EAP methods –Smart client based on https (see WISPr) –Layer-3 authentication protocol (PANA) Most urgent for public WLAN access, but may lead to a general solution later. Should become a topic in IEEE802.11 WIEN

Download ppt "Doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 1 Selling network access Views from a business perspective Max Riegel Siemens."

Similar presentations

RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Doc.: IEEE 802.11-03/688r0 Submission September 2003 Stephen McCann, Siemens Roke ManorSlide 1 Interworking Update II Stephen McCann, Siemens Roke Manor.

Doc.: IEEE /688r0 Submission September 2003 Stephen McCann, Siemens Roke ManorSlide 1 Interworking Update II Stephen McCann, Siemens Roke Manor.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Doc.: IEEE 802.11-12/0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: 2012-05-09 Authors:

Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
Www.opendaylight.org Secure Network Bootstrapping Infrastructure May 15, 2014.

Secure Network Bootstrapping Infrastructure May 15, 2014.
Omniran-13-0063-00-0000 1 IEEE 802 Enhanced Network Detection and Selection Date: 2013-08-26 Authors: NameAffiliationPhoneEmail Max RiegelNSN+49 173 293.

Omniran IEEE 802 Enhanced Network Detection and Selection Date: Authors: NameAffiliationPhone Max RiegelNSN
Omniran-13-0019-00-0000 1 OmniRAN Wi-Fi Hotspot Roaming Use Case Date: 2013-03-17 Authors: NameAffiliationPhone Max RiegelNSN+49 173 293

Omniran OmniRAN Wi-Fi Hotspot Roaming Use Case Date: Authors: NameAffiliationPhone Max RiegelNSN
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Network Access and 802.1X Klaas Wierenga SURFnet

Network Access and 802.1X Klaas Wierenga SURFnet
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Doc.: IEEE 802.11-04/0407r0 Submission Andrew Myers, BT Slide 1 March 2004 WLAN Backend System Security and WLAN Interworking Security Andrew Myers British.

Doc.: IEEE /0407r0 Submission Andrew Myers, BT Slide 1 March 2004 WLAN Backend System Security and WLAN Interworking Security Andrew Myers British.
An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

Similar presentations

Ads by Google