1 OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 9/15/2015 Opening Wireless Security at the Open1X Project Matthew Gast TERENA NetConnect 2008, May
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access About me Founder and board member at the OpenSEA Alliance Author of Wireless Networks: The Definitive Guide (O’Reilly, 2005) IEEE member > Secretary of Task Group U (interworking with external networks) Vice Chair of Wi-Fi Alliance Security Marketing task group Principal Engineer at Trapeze Networks > Product architecture & design > Long range planning and evolution of wireless LAN technology
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access What is the OpenSEA Alliance? Non-profit organization developing edge network technologies > SEA stands for “secure edge access” Goal: Create market leading open- source solutions > Collaborative development & test > Both commercial and academic uses Strong corporate backing for the Open1X Project Founded by industry leaders in May 2007, joined by JANET(UK) Continued member growth Important note: I am speaking today on behalf of the organization, not my employer
4 OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 9/15/2015 The Open1X Project at Present
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access The Open1X Project Open source supplicant > The initial project of the OpenSEA Alliance > Project web site: Goal: To create a robust, multi-platform open-source 802.1X client Three major components > Multi-platform core engine technology (XSupplicant) > Multi-platform GUI > Plug-ins to extend engine’s functionality Project run by a “project management committee” (PMC) consisting of industry experts > Establish & maintain project roadmap > Coordinate development > Create project infrastructure (build & test environments, web site)
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access Open1X Architecture Network Medium System Abstraction & Integration Layer (SAIL) Core supplicant engine Open1X driver (IEEE 802.1X) EAP Methods crash reporting Plug ins Graphical User Interface IPC channel Operating system driver libtnc
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access New Modular Supplicant GUI Cross-platform GUI > Same look and feel across platforms – ideal for diverse computing environments Engine control & reporting channel is platform-independent and can be connected to any GUI Improved status monitoring over built- in supplicants
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access Supplicant GUI design Customizeable with QT Designer > Create any skin needed (an eduroam skin?) Engine plug-ins can automatically extend GUI displays with new configuration options
9 OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 9/15/2015 The Near Future of Open1X
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access Open1X Direction & Goals Content organized into releases > Release code names are alphabetical > SeaAnt, SeaBadger, SeaCow, and so on Roadmap maintained by PMC > Downloadable from Who contributes to the roadmap? > People on mailing lists (users, developers) – frequently short-term > People on the Open1X wiki – > OpenSEA Alliance members OpenSEA members also employ some engineers > No requirement to work on open source road map Updates > PMC updates road map at the end of release cycles > Open source road map defines feature set for next stable release
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access The Next Release (2.2.x), “Sea Ant” Major goal: platform support > Linux and Mac OS X getting feature parity with Windows > Extension of Windows support to Vista EAP method extension > PEAP version 1 with EAP-GTC (“Cisco PEAP”) > EAP-GTC support (RFC 3748, RFC 3748 with persistent passcode storage, and draft-zhou redefinition for EAP-FAST) > TLS configuration support in GUI Opportunistic Key Caching (OKC) > Sometimes called Proactive key caching (PKC) > Use a single key across multiple cooperating access points, such as a switch-based split-MAC network Much improved documentation, both developer and user Lots of clean-up work
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access Current Project Infrastructure Projects Library upgrades > Current versions of OpenSSL, libXML, libtnc, iconv, zlib, etc. Automatic build environment > Builds on demand > Nightly builds & packaging Automated QA testing & regression checking Debugging tool improvements
13 OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 9/15/2015 The Not-so-Near Future
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access How to Help, Part 1: code Writing code is the “classic” way to contribute to open source projects > Pick a roadmap item of interest to you > Or, write code for a feature that you need – we take all code that works! See the whole gory list of development tasks here >
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access How to Help, part 2: for non-coders Matthew is in this category! Development > OpenSEA may contract some development, but this requires detailed specifications Direction > Read the roadmap and provide comments > Suggest features or platforms for the roadmap Testing > Run the supplicant and provide feedback (the crash reporter should make this easy) > Develop automated test scripts, and either contribute results or scripts to community > Report things that work (or don’t work) Documentation > EAP method configuration > RADIUS server configuration Support > Join mailing lists to help answer questions
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access Future Developments Extending platform support > Dual-mode phones > Tighter integration with underlying operating systems Extending standards support > Plug-in architecture allows users to choose TNC, NAP, NAC, … > New wireless security standards such as r and w New deployment and troubleshooting tools > Centralized configuration support
17 OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 9/15/2015 Thanks for listening! Matthew Gast – Web site : XSupplicant Mailing lists: