Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMMUNICATION SYSTEMS, NETWORKS AND DIGITAL SIGNAL PROCESSING Fifth International Symposium 19-21 July, 2006, Patras, Greece Security in Wireless Networks:

Published byAgatha Fletcher Modified over 8 years ago

Similar presentations

Presentation on theme: "COMMUNICATION SYSTEMS, NETWORKS AND DIGITAL SIGNAL PROCESSING Fifth International Symposium 19-21 July, 2006, Patras, Greece Security in Wireless Networks:"— Presentation transcript:

1 COMMUNICATION SYSTEMS, NETWORKS AND DIGITAL SIGNAL PROCESSING Fifth International Symposium 19-21 July, 2006, Patras, Greece Security in Wireless Networks: The FlexiNET Approach G. Kostopoulos 1, C. Kavadias 2, C. Chrysoulas 3, S. Denazis 4, O. Koufopavlou 5 Electrical and Computer Engineering Department, University of Patras, GREECE {gkostop 1, cchrys 3, sdena 4, odysseas 5 }@ee.upatras.gr TELETEL S.A, 124, Kifisias Avenue, Athens, GREECE, E-mail: C.Kavadias@TELETEL.gr 2C.Kavadias@TELETEL.gr

2 21/07/2006, Patras, GreeceCSNDSP 2006 Outline FlexiNET Architecture Security Overview User Case Scenario AAA Proxy Module Authentication Scenarios

3 21/07/2006, Patras, GreeceCSNDSP 2006 FlexiNET Architecture The FlexiNET network architecture consists mainly of node instances, communication buses and data repositories. The FlexiNET UMTS Access Node (FUAN) provides to the FlexiNET interfaces, functions such as switching/routing control, access to applications data & service logic, etc. The FUAN complements existing access nodes (RNC, BSC) of UMTS networks. The FlexiNET WLAN Access Node (FWAN) acts as both a services access gateway (user authentication, service authorization, service discovery, etc.), and connection gateway between WLAN infrastructures and the FlexiNET WAN. The FlexiNET Data Gateway Node (DGWN) acts as the Gateway between the generic SAN infrastructures and the FlexiNET Network Architecture allowing for the realisation of the data-centric FlexiNET services approach. The Generic Applications Interface Bus is the central and most important mechanism for the interconnection of the FlexiNET instances. The FlexiNET Applications Server (FLAS) is the physical entity, which hosts the logic of the applications that the FlexiNET network architecture provides.

4 21/07/2006, Patras, GreeceCSNDSP 2006 FlexiNET Architecture The FlexiNET UMTS Access Node (FUAN) provides to the FlexiNET interfaces, functions such as switching/routing control, access to applications data & service logic, etc. The FUAN complements existing access nodes (RNC, BSC) of UMTS networks. The FlexiNET WLAN Access Node (FWAN) acts as both a services access gateway (user authentication, service authorization, service discovery, etc.), and connection gateway between WLAN infrastructures and the FlexiNET WAN The FlexiNET Data Gateway Node (DGWN) acts as the Gateway between the generic SAN infrastructures and the FlexiNET Network Architecture allowing for the realisation of the data-centric FlexiNET services approach The Generic Applications Interface Bus is the central and most important mechanism for the interconnection of the FlexiNET instances The FlexiNET Applications Server (FLAS) is the physical entity, which hosts the logic of the applications that the FlexiNET network architecture provides

5 21/07/2006, Patras, GreeceCSNDSP 2006 Security Overview FWAN Architecture

6 21/07/2006, Patras, GreeceCSNDSP 2006 Security Overview The necessary entities that are responsible for the security in FlexiNET’s Wireless LAN node are the FWAN module and the FLAS Server. A user will access the FWAN through an access point using either a laptop or a mobile phone. The FWAN is responsible for authenticating native and roaming users through the FLAS using the AAA proxy module. The Dynamic Service Deployment module must be deployed on the FWAN before boot-up. The bootstrap process is responsible for booting up the FWAN with the AAA proxy module. FLAS is the physical entity, which hosts the logic of the services that the FlexiNET network architecture provides. These services are called from other entities remotely and executed locally. FLAS provides services either to the other FlexiNET node instances or to Third Party applications servers. These services are exposed as Web Services via the Generic Applications Interface Bus

7 21/07/2006, Patras, GreeceCSNDSP 2006 User Case Scenario The FlexiNET Wireless Access Node supports two different kinds of authentication scenarios. The Login/Password scenario and the SIM based authentication scenario. Both scenarios have been deployed upon EAP and RADIUS protocols. The entities that are involved in the Authentication Scenarios are the following: – Client – Authenticator – AAA Proxy – FLAS

8 21/07/2006, Patras, GreeceCSNDSP 2006 AAA Proxy Architecture

9 21/07/2006, Patras, GreeceCSNDSP 2006 AAA Proxy Module The AAA Proxy is comprised of the following components: – the Web Services Server, – the Translator, – the Parser and – the User Manager. The Data Holders which the AAA Module includes are the EAP Packet Formats holder, the EAP Packet holder and the User State holder The AAA proxy module: – forwards the authentication packets to the FLAS Server, – encapsulates the EAP packets into XML messages that are passed over Web services and vice versa, to authenticate and authorize the user

10 21/07/2006, Patras, GreeceCSNDSP 2006 Login/Password Authentication Scenario

11 21/07/2006, Patras, GreeceCSNDSP 2006 SIM based Authentication Scenario

12 21/07/2006, Patras, GreeceCSNDSP 2006 Conclusions In this paper we present an alternative architecture providing authentication using Web Services for the exchange of authentication material. Using the proposed method we achieve to authenticate the user independently of its type. The user does not have to choose the authentication method. The system by itself, through the AAA Proxy, controls the security mechanism that has to be used for each user using the same infrastructure for each case.

13 21/07/2006, Patras, GreeceCSNDSP 2006 Thank You for Your Attention !

Download ppt "COMMUNICATION SYSTEMS, NETWORKS AND DIGITAL SIGNAL PROCESSING Fifth International Symposium 19-21 July, 2006, Patras, Greece Security in Wireless Networks:"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
IWAN 2005 1 A Web Service- and ForCES-based Programmable Router Architecture Evangelos Haleplidis 1, Robert Haas 2, Spyros Denazis 13, Odysseas Koufopavlou.

IWAN A Web Service- and ForCES-based Programmable Router Architecture Evangelos Haleplidis 1, Robert Haas 2, Spyros Denazis 13, Odysseas Koufopavlou.
SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
TNC 2003 Wireless Campus project Coletta Elisa Marchioro -

TNC 2003 Wireless Campus project Coletta Elisa Marchioro -
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.

Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.
An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
System Architecture for Billing of Multi- Player Games in a Wireless Environment using GSM/UMTS and WLAN Services Femi Adeyemo 11/21/02.

System Architecture for Billing of Multi- Player Games in a Wireless Environment using GSM/UMTS and WLAN Services Femi Adeyemo 11/21/02.
Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Computer Network Architecture and Programming

Computer Network Architecture and Programming
Www.planet.com.tw Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design 2006.9.28 Copyright © PLANET Technology.

Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design Copyright © PLANET Technology.
Omniran-13-0032-04-0000 1 IEEE 802 Scope of OmniRAN Date: 2013-05-16 Authors: NameAffiliationPhone Max RiegelNSN+49 173 293

Omniran IEEE 802 Scope of OmniRAN Date: Authors: NameAffiliationPhone Max RiegelNSN
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

Similar presentations

Ads by Google