Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A VPN based approach to secure WLAN access John Floroiu

Published byNeil Newton Modified over 8 years ago

Similar presentations

Presentation on theme: "1 A VPN based approach to secure WLAN access John Floroiu"— Presentation transcript:

1 1 A VPN based approach to secure WLAN access John Floroiu floroiu@fokus.fhg.de

2 2 Goal Design and implementation of a protocol enabling mobile users visiting foreign WLAN domains to securely access network resources in Internet –Authenticating mobile users –Protecting the data traffic of the clients

3 3 Reason Various attacks (passive, active, man-in-the- middle) are easier to mount in a WLANs because potential attackers may be located on the same link Initial message exchange between visiting nodes and a foreign WLAN domain is unprotected

4 4 Reason Access Point Access Router Nomadic Nodes Campus Network

5 5 Possible approaches EAP-based protocols –Compound authentication methods aimed at securing legacy authentication protocols VPN-based methods –Provide an IPsec overlay to WLANs –More flexibility in negotiating cryptographic material (protocols, transforms, SPI)

6 6 Outline of the protocol High level requirements –Authenticate users in an inter-domain environment –Provide strong security mechanisms to support per-user encryption and cryptographic material to other potential applications/protocols (Mobile IP) –Exhibit robustness to DoS (resource depletion, reply attacks, computational DoS)

7 7 Outline of the protocol Sets up an IPsec tunnel over the wireless link Uses AAA for inter-domain authentication –Based on shared secrets, timestamps (similar to MIPv4) ISAKMP for key exchange –Phase 1 exchange piggybacked into the AAA authentication request/answer –Phase 2 takes place between the client and the access router

8 8 Future work Local mobility – a nomadic node moves between different access routers within the same administrative domain –Dynamic „update“ of the ends of an IPsec connection –Multihoming

9 9 Future work Access Point Access Router + Local Home Agent Nomadic Node Campus Network Access Point Access Router + Local Home Agent

10 10 Open issues Authentication of 802.11 management messages (beacon, association/re-association/disassociation request/reply)

11 11 Thank you!

Download ppt "1 A VPN based approach to secure WLAN access John Floroiu"

Similar presentations

Security Issues In Mobile IP

Security Issues In Mobile IP
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication

Secure Mobile IP Communication
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
1 Mobile IP Myungchul Kim Tel: 042-866-6127.

1 Mobile IP Myungchul Kim Tel:
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday 26.09.2005 C. Today I³SI³HIPHI³.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT 1 1 1 0 11 0.

Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.

Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.

Similar presentations

Ads by Google