Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Joining eduroam Wireless Roaming for Education and Research.
RadSec – A better RADIUS protocol
Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.
Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,
Why eduroam sucks, and how to fix it.
TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
10 October 2003 Internet2 members meeting 1 An update on the work of JANET Wireless Advisory Group & The Terena Mobility Taskforce James Sankar UKERNA.
Copyright JNT Association 2006 The JANET Roaming Service.
TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS.
Wireless and Switch Security NETS David Mitchell.
EduRoam ESA workshop 17 December 2004 Utrecht.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Network Access and 802.1X Klaas Wierenga SURFnet
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005
EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004
Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Lecture 12: WLAN Roaming Communities EDUROAM TM. eduroam TM eduroam (education roaming) is the secure, world-wide roaming access service developed for.
What about 802.1X? An overview of possibilities for safe access to fixed and wireless networks Amsterdam, October Erik Dobbelsteijn.
Windows 2003 and 802.1x Secure Wireless Deployments.
Wireless ambitions Frans Panken I2 Spring meeting 24 april 2012.
EduRoam Australia Project Experience in location independent wireless networking with international collaboration with TERENA EduRoam Project 19 th APAN.
(From Radius Hierarchy to AAI) Miroslav Milinović University Computing Centre - Srce EuroCAMP Ljubljana, March 2006.
Connect. Communicate. Collaborate Combining RADIUS with Secure DNS for Dynamic Trust Establishment between Domains Henk Eertink †, Arjan Peddemors †, Roy.
Education roaming Secure Wireless Service for Research and Education.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
RIPE69 – MAT-WG – Wednesday, 5 November 2014 Brook Schofield, GÉANT Association eduroam: The Value of WLAN measurements for the R&E.
Connect. Communicate. Collaborate First steps in federation peering: eduGAIN and eduroam Diego R. Lopez - RedIRIS.
High-quality Internet for higher education and research Paul Dekkers April 4th, Turkey.
Michal Procházka, Jan Oppolzer CESNET.
A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.
High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005
KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of.
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.
802.1X in SURFnet 22 May 2003.
WLAN-GPRS Integration For Next-Generation Mobile Data Networks Wireless Communications IEEE 2002 報告者:陳崇凱.
EDUROAM Michael Helm ESnet/LBL 26 Mar EduroamTAGPMA 27 Mar What Is Eduroam? The Roaming Scholar vs the Restricted Wireless Network –I am in.
輔大資工所 在職研一 報告人:林煥銘 學號: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao.
High-quality Internet for higher education and research TF-Mobility, Zagreb, 2 February 2006 eduroam-ng architecture Test results and way forward
Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.
Eduroam.us Operational Experiment Kevin Miller Duke University Andy Rosenzweig Merit Network ESCC/Internet2 Joint.
Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,
May 17, 2006TNC 2006, Catania1 eduroam.us: past, present, future Philippe Hanset University of Tennessee, Knoxville.
Connect. Communicate. Collaborate Federated peering the NREN way: eduGAIN and eduroam Diego R. Lopez (RedIRIS) Klaas Wierenga (SURFnet)
Presentation Culture around the Corner Thursday 14th of April 2005 Martijn Arts ZaPPWeRK.
Security for (Wireless) LANs 802.1X workshop 30 & 31 March 2004 Amsterdam.
Workshop roaming services: eduroam / govroam
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.
6 June 2004TF-Mobility meeting 6 June TF-Mobility meeting Agenda TF-Mobility Meeting, June Welcome and Update on TF-Mobility to date Discussion.
Deploying Authorization Mechanisms for Federated Services in eduroam Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007.
19 May 2003 © The JNT Association Terena Technical Advisory Council Terena Mobility Task Force
Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.
Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.
Connect. Communicate. Collaborate Applying eduGAIN to network operations The perfSONAR case Diego R. Lopez (RedIRIS) Maurizio Molina (DANTE)
Port Based Network Access Control
10 Years of eduroam (from an idea to a product)
First steps in federation peering: eduGAIN and eduroam
TF-Mobility update TF-EMC2, Barcelona 9 September 2005.
The DAMe’s First Steps: eduroam and NAS-SAML
GN2 JRA5 Roaming and Authorisation Jürgen Rauschenbach, DFN-Verein
Presentation transcript:

Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future

Connect. Communicate. Collaborate Contents What is Eduroam? Current status of Eduroam Is anything wrong with Eduroam? Eduroam-ng and Géant 2 Conclusion

Connect. Communicate. Collaborate Users are mobile Access Provid er Cable University A WLA N University B WLA N Access Provid er ADSL Internation al connectivit y Access Provid er WLAN Access Provide r GPRS/ UMTS SURFnet backbone Eduroam enables them to roam seamlessly

Connect. Communicate. Collaborate EduRoam architecture Security based on 802.1X (or web-based redirect) –Identity-based networking –Different authentication mechanisms possible –Prevents session hijacking –Mutual authentication possible –Protection of credentials –Integration with VLAN assignment –Provides basis for new wireless security standards WPA and i Roaming based on RADIUS proxying –Remote Authentication Dial In User Service –Transport-protocol for authentication information Trust fabric based on: –Technical: RADIUS hierarchy –Policy: Documents/contracts that define the responsibilities of user, institution, NREN and the EduRoam federation

Connect. Communicate. Collaborate EduRoam RADIUS server University B RADIUS server University A SURFnet Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant Gast Student VLAN Commercial VLAN Employee VLAN data signaling Trust based on RADIUS plus policy documents 802.1X (VLAN assigment)

Connect. Communicate. Collaborate Tunneled authentication (PEAP/TTLS) Uses TLS/SSL tunnel to protect data –The TLS tunnel is set up using the server certificate, thus authenticating the server and preventing man-in-the-middle attacks –The user sends his credentials through the secure tunnel to the server, thus authenticating the user Can use dynamic session keys for ‘in the air’ encryption © Alfa&Ariss

Connect. Communicate. Collaborate Status of EduRoam Over 350 institutions in Europe and Australia USA will follow shortly

Connect. Communicate. Collaborate Limitations Technology –Static trust –Single points of failure –All authN and authZ traffic flows through hierarchy Policy –Not suitable for full service yet Usability –Eduroam comes in many flavours –Where are the access points? Management & Monitoring –Are all servers up and running? –Who is abusing the service? AAI –How to integrate with the European AAI

Connect. Communicate. Collaborate Eduroam-ng

Connect. Communicate. Collaborate Technology: bypassing the hierarchy overhead? European Server.nl uva.nl Access Point Access Point.ac.uk….pl Uni.torun.pl User database AA traffic goes through all intermediate entries All links are peer-to-peer agreements / static routes / p2p secure DIAMETER? DNSsec? (See: Henk Eertink, Future directions in mobility)

Connect. Communicate. Collaborate Roaming policy Minimal security level Levels of assertion SLA’s Incident response Policy board

Connect. Communicate. Collaborate Usability: standardisation, localisation, expansion Standardisation –Limited set of encryption and SSID choices Encryption: 802.1X+WEP, WPA+TKIP, WPA2 SSID: eduroam Localisation –Eduroam-around-the-corner (See: Martijn Arts) Expansion –Integration with commercial roaming services (See: Martin Bech)

Connect. Communicate. Collaborate Managing&Monitoring: usertracking & weathermap (See also : Kostas Kalevras, Large scale WLAN deployments)

Connect. Communicate. Collaborate AAI Integration: offload AuthZ? European Server.nl uva.nl Access Point A-Select.ac.uk….es uclm.es PAPI UCLM user database How do all these applications communicate? (SAML?) Or should we do it inline? (See: Diego Lopez, AAI Infratructures)

Connect. Communicate. Collaborate Conclusions 802.1X plus RADIUS provide a secure and future proof solution for access to the institutional network Infra stucture not perfect yet but… –It works ™ –It is ready for the future –Géant2 JRA5 will make it even better Joining EduRoam is a small step for administrator-kind but a giant leap for the users, so…..

Connect. Communicate. Collaborate Time to join…..

Connect. Communicate. Collaborate More information EduRoam in SURFnet – EduRoam in Europa – TERENA TF-Mobility – Géant2 Joint Research Activity 5 (authorisation and roaming) – (click on research) The unofficial IEEE security page –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.