Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.

Slides:

Advertisements

Similar presentations

Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000.

Advertisements

Joining eduroam Wireless Roaming for Education and Research.

RadSec – A better RADIUS protocol

Internet Protocol Security (IP Sec)

Trust Router Overview IETF 86, Orlando, FL Trust Router Bar BOF Margaret Wasserman

Enhancing international roaming performance : NAPTR Records in DNS

Research on Networks Report on session on Grids & access Klaas Wierenga SURFnet Middleware Services Utrecht, 29 April 2004.

Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.

High-quality Internet for higher education and research 5 th of April, Eurocamp, Ljubljana eduroam, security and authentication Paul Dekkers.

Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,

Why eduroam sucks, and how to fix it.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

Key Negotiation Protocol & Trust Router draft-howlett-radsec-knp ABFAB, IETF March, Prague.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005

EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004

Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman

20101 The Application Layer Domain Name System Chapter 7.

IEEE Wireless Local Area Networks (WLAN’s).

Deploying eduroam Deyan Stoykov, BREN E-infrastructure Autumn Workshops 8 September, 2014.

Chapter 8 Web Security.

PKI To The Masses IPCCC 2004 Dan Massey USC/ISI. 1 March PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an.

DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

John Dyer Business & Technology Strategist TERENA Business & Technology Strategist December 2013 European NRENs Evolution.

Connect. Communicate. Collaborate Combining RADIUS with Secure DNS for Dynamic Trust Establishment between Domains Henk Eertink †, Arjan Peddemors †, Roy.

High-quality Internet for higher education and research Paul Dekkers April 4th, Turkey.

Michal Procházka, Jan Oppolzer CESNET.

IETF82, TAIWAN Meilian LU, Xiangyang GONG, Wendong WANG

September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.

Security Through Publicity Eric Osterweil Dan Massey Batsukh Tsendjav Beichuan Zhang Lixia Zhang.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.

AIMS’99 Workshop Heidelberg, May 1999 P805: Internet Roaming Giuseppe Sisto - Telecom Italia / CSELT Project participants:

Russ Housley IETF Chair Internet2 Spring Member Meeting 28 April 2009 Successful Protocol Development.

Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman

Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.

DNS SRV and NAPTR Use for SPEERMINT - Tom Creighton, Gaurav Khandpur Comcast SPEERMINT Intermin Meeting Philadelphia Sept

EDUROAM Michael Helm ESnet/LBL 26 Mar EduroamTAGPMA 27 Mar What Is Eduroam? The Roaming Scholar vs the Restricted Wireless Network –I am in.

High-quality Internet for higher education and research TF-Mobility, Zagreb, 2 February 2006 eduroam-ng architecture Test results and way forward

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Workshop roaming services: eduroam / govroam

DNS Security Extension 1. Implication of Kaminsky Attack Dramatically reduces the complexity and increases the effectiveness of DNS cache poisoning –No.

Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.

Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.

Govroam Belnet – 19/11/2015 Els Lemmens, Belnet Federation Manager Nicolas Loriau, Belnet Technical Advisor.

Deploying Authorization Mechanisms for Federated Services in eduroam Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007.

The Tech that supports the Net Net Tech for CBIS.

August 2, 2005 IETF 63 – Paris, France Media Independent Handover Services and Interoperability Ajay Rajkumar Chair, IEEE WG.

Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.

University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.

Networking (Cont’d). Congestion Control l Is achieved by informing nodes along a route that congestion has occurred and asking them to reduce their packet.

Module 9: Configuring Network Access

DNS Security Advanced Network Security Peter Reiher August, 2014

RADEXT WG RADIUS Attributes for WLAN Draft-aboba-radext-wlan-00.txt

University of Stuttgart University of Murcia

TF-Mobility update TF-EMC2, Barcelona 9 September 2005.

Security Req. related to Authentication

Transport Layer Security (TLS)

Presentation transcript:

Eduroam-ng TF-Mobility, Barcelona, 6 September 2005

2 The current hierarchy Toplevel server.nl uva.nl…rug.nl ….au AA traffic goes through all intermediate entries All links are peer-to-peer agreements / static routes Authentication = authorization

3 Authenticate for everything? Toplevel server.nl uva.nl…rug.nlT-mobile.comKindergarten.nl ….au

4 Service attributes Provider-id –SURFnet.nl –UVA.nl Service-id –SVP –A-Select –WLAN –Dial-Up –Is this too fine-grained?

5 The tudelft.net/es.net/alfa-ariss.com case Toplevel server.nl uva.nl…rug.nltudelft.net ….au Where to connect? Who is going to manage that?

6 Towards p2p trust Diameter –Implementations not ready for production, or are they? DNSsec –New, hardly tested, requires adaptions to RADIUS servers DNSROAM+RadSec –New, limited testing experience, supported in Radiator, not (yet?) in FreeRADIUS

7 RadSec + DNSROAM RadSec: Secure Reliable Transport for RADIUS requests over TCP/IP using TLS –Encryption –Security –Message integrity –Strong mutual authentication DNSROAM –Use DNS service records to locate the peer

8 DNS-Roam? “eduroam PKI”.nl RA uva.nl ….au RA qut.edu.au RADSEC DNSsec instead?

9 DNS-Roam transition phase “eduroam PKI”.nl RA uva.nl ….au RA qut.edu.au RADSEC