UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko Matsunaga, Manish Shah, Takashi Suzuki, Randy H. Katz Presented by Dustin Christmann April 20, 2009
29
Embed
Secure Authentication System for Public WLAN Roaming
Secure Authentication System for Public WLAN Roaming. Ana Sanz Merino, Yasuhiko Matsunaga, Manish Shah, Takashi Suzuki, Randy H. Katz Presented by Dustin Christmann April 20, 2009. Outline. Introduction Current Approaches Single Sign-On Confederation Model - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Secure Authentication System for Public WLAN
RoamingAna Sanz Merino, Yasuhiko
Matsunaga, Manish Shah, Takashi Suzuki, Randy H. Katz
Presented by Dustin ChristmannApril 20, 2009
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Outline• Introduction• Current Approaches• Single Sign-On Confederation Model• Authentication Flow Adaption Framework• Policy Engine• Securing Web-Based Authentication• Evaluation• Conclusion
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Introduction• WLAN hotspots becoming ubiquitous• Most WLAN hotspot providers small and
can’t provide enough coverage• Needed: An inter-network WLAN
roaming infrastructure
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Introduction• Similar problem to cellular roaming• Main differences:
– Cellular equipment contains identification tied to provider
• GSM/UMTS (AT&T and T-Mobile): Contained in SIM card
• CDMA (Sprint, Verizon, Alltel): Contained in phone firmware
– Both GSM/UMTS and CDMA protocols include inter-system authentication protocols
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Current ApproachesLink layer authentication• IEEE 802.1X standard• Shared session key between user and
network• Provides for encryption of packets, as well
as authentication• Certificate-based• Not suitable for most public WLAN
networks
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
A brief aside about 802.1XA brief aside about 802.1X• Port-based authentication• Three parts:
– Supplicant: wireless user– Authenticator: base station– Authentication server
• Extensible Authentication Protocol (EAP)• Implemented in 802.11i standard
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
802.1X Architecture802.1X Architecture
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
RADIUSRADIUS
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
LibertyLiberty
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
authentication capabilities• Way for users to select identity providerSolution: Authentication Negotiation Protocol• XML web-based protocol• Web browser not needed• Thin client
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering