Doc.: IEEE 802.11-04/751r0 Submission July 2004 Max Riegel, SiemensSlide 1 Selling network access Views from a business perspective Max Riegel Siemens.

Slides:

Advertisements

Similar presentations

RadSec – A better RADIUS protocol

Advertisements

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Encrypting Wireless Data with VPN Techniques

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Doc.: IEEE /688r0 Submission September 2003 Stephen McCann, Siemens Roke ManorSlide 1 Interworking Update II Stephen McCann, Siemens Roke Manor.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:

Secure Network Bootstrapping Infrastructure May 15, 2014.

Omniran IEEE 802 Enhanced Network Detection and Selection Date: Authors: NameAffiliationPhone Max RiegelNSN

Omniran OmniRAN Wi-Fi Hotspot Roaming Use Case Date: Authors: NameAffiliationPhone Max RiegelNSN

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Network Access and 802.1X Klaas Wierenga SURFnet

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Doc.: IEEE /0407r0 Submission Andrew Myers, BT Slide 1 March 2004 WLAN Backend System Security and WLAN Interworking Security Andrew Myers British.

An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

802.1x EAP Authentication Protocols

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

1 An overview Always Best Connected Networks Dênio Mariz Igor Chaves Thiago Souto Aug, 2004.

Secure Authentication System for Public WLAN Roaming Ana Sanz Merino Yasuhiko Matsunaga Manish Shah Takashi Suzuki Randy Katz.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Wireless Network Security Lab Last Update Copyright 2011 Kenneth M. Chipps Ph.D.

Omniran OmniRAN Wi-Fi Hotspot Roaming Use Case Date: Authors: NameAffiliationPhone Max RiegelNSN

Doc.: IEEE /0508r0 Submission May 2007 Matthew Gast, Trapeze NetworksSlide 1 EAP Method Requirements for Emergency Services Notice: This document.

Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.

WIRELESS LAN SECURITY Using

Wireless and Security CSCI 5857: Encoding and Encryption.

Doc.: IEEE /229r0 Submission Tan Pek-Yew, Panasonic Slide 1 March 2003 Interworking – QoS and Authorization Tan Pek Yew & Cheng Hong Panasonic.

Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011 Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011.

Submission doc.: IEEE wng May 2013 Max Riegel, NSNSlide 1 IEEE Accounting Extensions Date: Authors:

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.

OmniRAN Specification – Structuring the effort Document Number: Omniran Date Submitted: Source: Max Riegel

11/26 Integration of wireless LAN and 3G wireless - Interworking architecture between 3GPP and WLAN systems Ahmavaara, K.; Haverinen, H.; Pichna, R.; Communications.

Doc.: IEEE /223r0 Submission March 2004 Eleanor Hepworth, Siemens Roke ManorSlide 1 Interworking Requirements Eleanor Hepworth Siemens Roke Manor.

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.

KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.

Building Security into Your System Bill Major Gregory Ponto.

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.

Doc.: IEEE /0638r0 Submission May 2004 Bernard Aboba, MicrosoftSlide 1 Network Selection Bernard Aboba Microsoft

Doc.: IEEE /162r0 Submission March 2003 Stephen McCann & Max Riegel, SiemensSlide 1 Wireless Interworking Stephen McCann & Max Riegel, Siemens.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

Doc.: IEEE /345r0 Submission May 2002 Albert Young, Ralink TechnologySlide 1 Enabling Seamless Hand-Off Across Wireless Networks Albert Young.

Doc.: IEEE /0027r0 Submission January 2006 Slide 1 WiNOT Consortium: Proposal for online enrollment cluster Notice: This document has been prepared.

TOPIC: AUTHENTICITY CREATED BY SWAPNIL SAHOO AuthenticityAuthorisation Access Control Basic Authentication Apache BASIC AUTHENTICATIONDIGEST ACCESS AUTHENTICATIONDHCP.

Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.

Doc.: IEEE /0690r0 Submission Andrew Myers, BT Slide 1 July GPP SA3 Interworking Security Issues II Andrew Myers British Telecommunications.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Doc.: IEEE /182r0 Submission March 2002 Brüninghaus / Euscher / Kockmann, Siemens.Slide 1 Home Networking Requirements & Aspects for Next Generation.

Submission doc.: IEEE /313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date:

Authentication and Upper-Layer Messaging

IEEE 802 OmniRAN EC SG July 2013 Conclusion

IEEE 802 OmniRAN EC SG July 2013 Conclusion

Configuring and Troubleshooting Routing and Remote Access

Network side issues in WLAN Interworking

3GPP2-WLAN Interworking update

Stephen McCann, Siemens Roke Manor

3GPP WLAN Interworking Security Issues

IETF Network Discovery and Selection Overview

Stephen McCann, Siemens Roke Manor

3GPP2-WLAN Interworking update

Presentation transcript:

doc.: IEEE /751r0 Submission July 2004 Max Riegel, SiemensSlide 1 Selling network access Views from a business perspective Max Riegel Siemens

doc.: IEEE /751r0 Submission July 2004 Max Riegel, SiemensSlide 2 Convention Center Airport Railway Station Campus Hotel Hospital Serving WLAN customers in public hot spots......often means selling network access in a competive environment.

doc.: IEEE /751r0 Submission July 2004 Max Riegel, SiemensSlide 3 N Portal based access control also known as UAM auth IP Config (DHCP) Internet HLR AAA 3GPP MNO Access Controller Wireless Integration Platform AAA CRM Billing Portal Server auth html RADIUS client

doc.: IEEE /751r0 Submission July 2004 Max Riegel, SiemensSlide 4 Portal based access control – not everybody’s darling! Portal based access control for public WLAN has been specified within the WiFi Alliance WISPr 1.0 Recommendation –Establish a common look-and-feel of the portal based access control. Portal based access control is currently used by all commercial public hotspots People in standardization depreciate the usage of UAM due to –No 2G/3G-like automatic network association –SIM support complicated –WLAN link unsecured weak mutual authentication, no over-the-air encryption, session hijacking –Browser redirect does not always work IEEE802.1X/EAP (Extensible Authentication Protocol) is seen as the best solution for public access. –has been adopted by IEEE802.11i

doc.: IEEE /751r0 Submission July 2004 Max Riegel, SiemensSlide 5 IEEE802.11i adds EAP and data encryption into the WLAN access procedure Internet Association Access to service IP-Configuration (DHCP) Authorization EAP Identity Request EAP Identity Response EAP Request EAP Response EAP Success Access Request Access Challenge Access Request Access Accept Authentication Server Key Management Data Encryption Master-Key distribution Extensible Authentication Protocol IEEE802.11i

doc.: IEEE /751r0 Submission July 2004 Max Riegel, SiemensSlide 6 Public WLAN access with i/EAP fixes the bugs but creates new issues i/EAP solves the issues for –2G/3G-like automatic network association w/ SIM –Secured WLAN connection... but creates new issues: Network Discovery and Selection Problem –details see: draft-ietf-eap-netsel-problem-00.txt –Access network discovery, identifier selection, AAA routing, payload routing; or: Discovery, Decision, and Selection User interaction and help in the case something goes wrong Support for more sophisticated business models, e.g. –Selection of different services during a particular session –Anonymous services, e.g. enrollment support... issues which are well supported by the UAM!

doc.: IEEE /751r0 Submission July 2004 Max Riegel, SiemensSlide 7 Portal based access control is like a ‘Mall’ Open anonymous access Very attractive and flexible to the customer ‘Have fun, but it may take time’ Two approaches for selling (access) i/EAP is like a ‘Vending machine’ Put in the right coin, push the button and you are done. If something fails, you are lost. ‘Dont ask

doc.: IEEE /751r0 Submission July 2004 Max Riegel, SiemensSlide 8 Combining EAP and UAM Both i/EAP as well as UAM are valuable approaches –802.11i/EAP for the experienced, repeating user –UAM for the ‘beginner’ and for exception cases Combining EAP & UAM is currently not possible. Why? Link establishment User authentication User security context IP-Configuration (DHCP) User authorization Access to service Establishment of communication channel Verification of user credentials No communication channel available prior to successful user authentication.

doc.: IEEE /751r0 Submission July 2004 Max Riegel, SiemensSlide 9 Traditional i/EAP Link establishment User authentication User security context IP-Configuration (DHCP) User authorization Access to service Unified access scheme Link establishment User authentication Anonymous security context IP-Configuration (DHCP) Default authorization Access to service User authorization Negotiation o.k. An unified approach for network access control

doc.: IEEE /751r0 Submission July 2004 Max Riegel, SiemensSlide 10 Conclusion UAM as well as EAP are valuable solutions for access control. ‘Secured’ UAM is currently not possible. An anonymous secured media-rich communication channel is needed before user authentication and authorization. There are several potential solutions for delayed authentication: –Enhanced EAP methods –Smart client based on https (see WISPr) –Layer-3 authentication protocol (PANA) Most urgent for public WLAN access, but may lead to a general solution later. Should become a topic in IEEE WIEN