Presentation is loading. Please wait.

Presentation is loading. Please wait.

Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future.

Published byGabriel King Modified over 8 years ago

Similar presentations

Presentation on theme: "Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future."— Presentation transcript:

1 Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Klaas.Wierenga@surfnet.nl Eduroam: past, present, and future

2 Connect. Communicate. Collaborate Contents What is Eduroam? Current status of Eduroam Is anything wrong with Eduroam? Eduroam-ng and Géant 2 Conclusion

3 Connect. Communicate. Collaborate Users are mobile Access Provid er Cable University A WLA N University B WLA N Access Provid er ADSL Internation al connectivit y Access Provid er WLAN Access Provide r GPRS/ UMTS SURFnet backbone Eduroam enables them to roam seamlessly

4 Connect. Communicate. Collaborate EduRoam architecture Security based on 802.1X (or web-based redirect) –Identity-based networking –Different authentication mechanisms possible –Prevents session hijacking –Mutual authentication possible –Protection of credentials –Integration with VLAN assignment –Provides basis for new wireless security standards WPA and 802.11i Roaming based on RADIUS proxying –Remote Authentication Dial In User Service –Transport-protocol for authentication information Trust fabric based on: –Technical: RADIUS hierarchy –Policy: Documents/contracts that define the responsibilities of user, institution, NREN and the EduRoam federation

5 Connect. Communicate. Collaborate EduRoam RADIUS server University B RADIUS server University A SURFnet Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant Gast piet@university_b.nl Student VLAN Commercial VLAN Employee VLAN data signaling Trust based on RADIUS plus policy documents 802.1X (VLAN assigment)

6 Connect. Communicate. Collaborate Tunneled authentication (PEAP/TTLS) Uses TLS/SSL tunnel to protect data –The TLS tunnel is set up using the server certificate, thus authenticating the server and preventing man-in-the-middle attacks –The user sends his credentials through the secure tunnel to the server, thus authenticating the user Can use dynamic session keys for ‘in the air’ encryption © Alfa&Ariss

7 Connect. Communicate. Collaborate Status of EduRoam Over 350 institutions in Europe and Australia USA will follow shortly

8 Connect. Communicate. Collaborate Limitations Technology –Static trust –Single points of failure –All authN and authZ traffic flows through hierarchy Policy –Not suitable for full service yet Usability –Eduroam comes in many flavours –Where are the access points? Management & Monitoring –Are all servers up and running? –Who is abusing the service? AAI –How to integrate with the European AAI

9 Connect. Communicate. Collaborate Eduroam-ng

10 Connect. Communicate. Collaborate Technology: bypassing the hierarchy overhead? European Server.nl uva.nl Access Point tomasz@uni.torun.pl Access Point.ac.uk….pl Uni.torun.pl User database AA traffic goes through all intermediate entries All links are peer-to-peer agreements / static routes / p2p secure DIAMETER? DNSsec? (See: Henk Eertink, Future directions in mobility)

11 Connect. Communicate. Collaborate Roaming policy Minimal security level Levels of assertion SLA’s Incident response Policy board

12 Connect. Communicate. Collaborate Usability: standardisation, localisation, expansion Standardisation –Limited set of encryption and SSID choices Encryption: 802.1X+WEP, WPA+TKIP, WPA2 SSID: eduroam Localisation –Eduroam-around-the-corner (See: Martijn Arts) Expansion –Integration with commercial roaming services (See: Martin Bech)

13 Connect. Communicate. Collaborate Managing&Monitoring: usertracking & weathermap (See also : Kostas Kalevras, Large scale WLAN deployments)

14 Connect. Communicate. Collaborate AAI Integration: offload AuthZ? European Server.nl uva.nl Access Point diego@uclm.es A-Select.ac.uk….es uclm.es PAPI UCLM user database How do all these applications communicate? (SAML?) Or should we do it inline? (See: Diego Lopez, AAI Infratructures)

15 Connect. Communicate. Collaborate Conclusions 802.1X plus RADIUS provide a secure and future proof solution for access to the institutional network Infra stucture not perfect yet but… –It works ™ –It is ready for the future –Géant2 JRA5 will make it even better Joining EduRoam is a small step for administrator-kind but a giant leap for the users, so…..

16 Connect. Communicate. Collaborate Time to join…..

17 Connect. Communicate. Collaborate More information EduRoam in SURFnet –http://www.eduroam.nlhttp://www.eduroam.nl EduRoam in Europa –http://www.eduroam.org TERENA TF-Mobility –http://www.terena.nl/mobilityhttp://www.terena.nl/mobility Géant2 Joint Research Activity 5 (authorisation and roaming) –http://www.geant2.net/ (click on research)http://www.geant2.net/ The unofficial IEEE802.11 security page –http://www.drizzle.com/~aboba/IEEE

Download ppt "Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future."

Similar presentations

Authentication.

Authentication.
Joining eduroam Wireless Roaming for Education and Research.

Joining eduroam Wireless Roaming for Education and Research.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.

Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.
Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,

Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,
Why eduroam sucks, and how to fix it.

Why eduroam sucks, and how to fix it.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
10 October 2003 Internet2 members meeting 1 An update on the work of JANET Wireless Advisory Group & The Terena Mobility Taskforce James Sankar UKERNA.

10 October 2003 Internet2 members meeting 1 An update on the work of JANET Wireless Advisory Group & The Terena Mobility Taskforce James Sankar UKERNA.
Www.ja.net/roaming Copyright JNT Association 2006 The JANET Roaming Service.

Copyright JNT Association 2006 The JANET Roaming Service.
TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS.

TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
EduRoam ESA workshop 17 December 2004 Utrecht.

EduRoam ESA workshop 17 December 2004 Utrecht.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Network Access and 802.1X Klaas Wierenga SURFnet

Network Access and 802.1X Klaas Wierenga SURFnet
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

Similar presentations

Ads by Google