Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

Joining eduroam Wireless Roaming for Education and Research.

RadSec – A better RADIUS protocol

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Network Security.

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.

BYOD Security Maintaining a Secure Infrastructure Friday 15 th March 2013.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Why eduroam sucks, and how to fix it.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Information Security Workshop on Wireless Belgrade Wenche Backman-Kamila.

Copyright JNT Association 2006 The JANET Roaming Service.

EduRoam ESA workshop 17 December 2004 Utrecht.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

Network Access and 802.1X Klaas Wierenga SURFnet

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005

EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004

Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Protected Extensible Authentication Protocol

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Flexible Network Access Overview. Flexible Access an Integral part of Universal Access Policy Universal Access to Campus IT Resources Managed LAN portsFlexible.

802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Infrastructure Monitoring and Supplicants Workshop on Wireless Belgrade -

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

What about 802.1X? An overview of possibilities for safe access to fixed and wireless networks Amsterdam, October Erik Dobbelsteijn.

Windows 2003 and 802.1x Secure Wireless Deployments.

Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,

Wireless ambitions Frans Panken I2 Spring meeting 24 april 2012.

EduRoam Australia Project Experience in location independent wireless networking with international collaboration with TERENA EduRoam Project 19 th APAN.

OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.

Education roaming Secure Wireless Service for Research and Education.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

RIPE69 – MAT-WG – Wednesday, 5 November 2014 Brook Schofield, GÉANT Association eduroam: The Value of WLAN measurements for the R&E.

High-quality Internet for higher education and research Paul Dekkers April 4th, Turkey.

Michal Procházka, Jan Oppolzer CESNET.

A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.

High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005

Wireless Authentication & 802.1X By Gareth Ayres.

802.1X in SURFnet 22 May 2003.

TERENA TF-Mobility: Roaming for WLANs Tim Chown University of Southampton TF-Mobility WG & UKERNA Wireless Advisory Group.

EDUROAM Michael Helm ESnet/LBL 26 Mar EduroamTAGPMA 27 Mar What Is Eduroam? The Roaming Scholar vs the Restricted Wireless Network –I am in.

Eduroam.us Operational Experiment Kevin Miller Duke University Andy Rosenzweig Merit Network ESCC/Internet2 Joint.

May 17, 2006TNC 2006, Catania1 eduroam.us: past, present, future Philippe Hanset University of Tennessee, Knoxville.

Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future.

Security for (Wireless) LANs 802.1X workshop 30 & 31 March 2004 Amsterdam.

Workshop roaming services: eduroam / govroam

Wireless security Wi–Fi (802.11) Security

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.

Deploying Authorization Mechanisms for Federated Services in eduroam Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007.

19 May 2003 © The JNT Association Terena Technical Advisory Council Terena Mobility Task Force

Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.

Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.

10 Years of eduroam (from an idea to a product)

Preparing Tips For CompTIA SY0-501 Final Exam | CompTIA SY0-501 Dumps PDF Dumps4download

TF-Mobility update TF-EMC2, Barcelona 9 September 2005.

The DAMe’s First Steps: eduroam and NAS-SAML

UT Gert Meijerink Service Departement for Information Technology, Library and Education (ITBE) TERENA 2004.

GN2 JRA5 Roaming and Authorisation Jürgen Rauschenbach, DFN-Verein

Presentation transcript:

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio

EUNIS05, Manchester 2 Content History What is eduroam? How does eduroam work? How to join eduroam? Eduroam now Future Conclusions

Licia Florio EUNIS05, Manchester 3 History TERENA Task Force on Mobility aimed to define an inter-NREN roaming infrastructure Requirements –Provide guests access to visited network –Restrict access to valid users –Easy to install –Based on open standards –Scalable Then the exploration started…

Licia Florio EUNIS05, Manchester 4 Available solutions Open access: easy, scalable, but..unsafe MAC-address: easy, not scalable and not safe WEP: easy, not scalable, not safe Used by the NRENs Web-based redirection: scalable, not safe VPN: not scalable, safe 802.1X: scalable, safe

Licia Florio EUNIS05, Manchester X security 802.1X is IEEE standard for wired and wireless authentication Different authentication mechanisms are possible through the use of EAP Credentials are protected (encrypted) by using tunneled authentication (PEAP or EAP-TTLS) or client certificates (EAP-TLS) Mutual authentication between client and server is possible Basis for new security standards WPA and WPA2/802.11i

Licia Florio EUNIS05, Manchester 6 What is eduroam? Eduroam = education roaming June 2003 first trail (with SURFnet, CARNET, UKERNA) eduroam is a roaming infrastructure based on –802.1X (secure technology) –RADIUS (infrastructure to transport credentials) –Trust fabric (RADIUS hierarchy and policy)

Licia Florio EUNIS05, Manchester 7 How eduroam works Eduroam X RADIUS server University B RADIUS server University A SURFnet Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant Guest Student VLAN Commercial VLAN Employee VLAN data signaling Trust based on RADIUS plus policy documents Security based on 802.1X (VLAN assigment) © SURFnet

Licia Florio EUNIS05, Manchester 8 Mutual authentication (TTLS/PEAP) Server certificate used to set-up a secure (SSL/TLS) tunnel between the client and the server Users’ credentials travel from the users to the server through this tunnel where they are verified Man-in-the-middle attack is prevented by using SSL/TLS © Alfa&Ariss

Licia Florio EUNIS05, Manchester 9 Eduroam now 350 institutions connected in Europe and Australia, US about to join National sites available

Licia Florio EUNIS05, Manchester 10 How to join eduroam Set up 802.1X authentication at your campus including a RADIUS server that –Authenticates your own users’ requests –Proxies guest users’ requests to your national server Connect it to the national RADIUS server managed by your NREN

Licia Florio EUNIS05, Manchester 11 Eduroam in the future GN2- JRA5 will integrate eduroam into the AAI infrastructure that they will deliver Evaluate integration of new technologies like DIAMETER, DNSsec etc. Improving the policy framework Creating monitoring framework Standardising on SSID’s, encryption etc.

Licia Florio EUNIS05, Manchester 12 Conclusions Eduroam provides a secure and scalable way to allow for roaming Innovations are expected in the future, but it really works today Joining is simple once you have established your local infrastructure based on 802.1X

Licia Florio EUNIS05, Manchester 13 Links EduRoam in Europe – TERENA TF-Mobility – Géant2 Joint Research Activity 5 (authorisation and roaming) – (click on research)