Requirements for Internet Access in Public Places Anand Balachandran University of California, San Diego

Slides:

Advertisements

Similar presentations

Always Best Connected Architecture and Design Rajesh Mishra Ericsson Berkeley Wireless Center.

Advertisements

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Security in Wireless Networks Juan Camilo Quintero D

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

High Performance Computing Course Notes Grid Computing.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

Rev A8/8/021 ABC Networks

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

1 Chapter 19 Networks. 2 What’s Inside and on the CD? In this chapter you’ll learn: –Basic network terminology –To identify network components –About.

1 An overview Always Best Connected Networks Dênio Mariz Igor Chaves Thiago Souto Aug, 2004.

1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Internet Protocol Security (IPSec)

Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design Copyright © PLANET Technology.

Remote Networking Architectures

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

Introduction to Networking Concepts. Introducing TCP/IP Addressing Network address – common portion of the IP address shared by all hosts on a subnet/network.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Networks LANS,. FastPoll True Questions Answer A for True and B for False A wireless infrastructure network uses a centralized broadcasting device, such.

1 10 THE INTERNET AND THE NEW INFORMATION TECHNOLOGY INFRASTRUCTURE.

Common Devices Used In Computer Networks

70-411: Administering Windows Server 2012

Implementing Network Access Protection

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Doc.: IEEE /462r0 IEEE / San Francisco / July 2003 July 2003 Jean-Michel Lauriol, AlcatelSlide 1 TIA TR-41 VoIP over WLAN projects.

1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

ITU-T Workshop on Multimedia Convergence Broadband Delivery and In-home Distribution Geneva, Switzerland 12 – 15 March 2002 Doug Jones Chief Architect,

Module 8: Configuring Network Access Protection

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.

Configuring Network Access Protection

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

1 A VPN based approach to secure WLAN access John Floroiu

Components of wireless LAN & Its connection to the Internet

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Remote Access for Mobile Computing Andrew Jessett NT Support and Development Group (a.k.a. PC Support) Business and Information.

Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation.

Network Components Basics!. Network HUB  Used to connect multiple Ethernet devices together  Layer 1 of the OSI model  Not used much today.

Doc.: IEEE /345r0 Submission May 2002 Albert Young, Ralink TechnologySlide 1 Enabling Seamless Hand-Off Across Wireless Networks Albert Young.

Module 6: Network Policies and Access Protection.

1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.

Module 5: Network Policies and Access Protection

Windows Vista Configuration MCTS : Advanced Networking.

Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.

Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 

Introduction Wireless devices offering IP connectivity

Instructor Materials Chapter 6 Building a Home Network

Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks

Implementing Network Access Protection

Configuring and Troubleshooting Routing and Remote Access

Goals Introduce the Windows Server 2003 family of operating systems

Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Instructor Materials Chapter 8: Applied Networking

Presentation transcript:

Requirements for Internet Access in Public Places Anand Balachandran University of California, San Diego

03/20/ th IETF Meeting, Minneapolis Collaborators Anand Balachandran (UCSD) Allen Miu (MIT) Geoff Voelker (UCSD)

03/20/ th IETF Meeting, Minneapolis Computing in Public Places Current trend in Internet access –Ubiquitous network connectivity infrastructure Not restricted to offices and homes Access at airports, shopping malls, convention centers –Multiple access technologies (Ethernet, Wireless LANs, Bluetooth, DSL modems etc.) –Proliferation of lightweight portable mobile devices –Use and pay model; “shopping” for access

03/20/ th IETF Meeting, Minneapolis Security in Public-area Networks Current Schemes –MAC-level Filtering No protection against hardware address spoofing; does not scale –WEP Key Security Keys are hard-wired and cannot be changed flexibly WEP keys can be broken over time OK for small enterprises, but does not scale well –IEEE 802.1x port-based access control Access dependent – does not support APs that are not IEEE compliant (e.g. HIPERLAN, HomeRF, Bluetooth) Requires changes to existing AP hardware and software TLS-based authentication requires user certificates

03/20/ th IETF Meeting, Minneapolis Our Vision A protocol for network access should be: –Hardware agnostic independent of access technology –IP-version agnostic Works with both IPv4 and IPv6 –Individual-centric Allow network operators to track who is using the network and how it is being used Give user a choice on how they are authenticated -- protect their privacy –Support multiple authentication schemes AAA (DIAMETER), Global authenticators, E-cash systems (MasterCard, Visa) Support users who do not have a “home” domain –Enables “free” access Payment is implicit – drives resident business for the host organization

03/20/ th IETF Meeting, Minneapolis Service Models Model 1: Free access to local resources –Does not require authentication but needs a valid IP address –Allow access to the Intranet e.g. Mall portal, splash screens, indoor navigation service, Starbucks coffee ordering etc. Model 2: Authenticate and pay –Allow access to the Internet –Allow applications like location-based buddy list, spontaneous sales that are based on profiles etc. –Differentiated charging

03/20/ th IETF Meeting, Minneapolis Scope of Our Access Protocol User-network Interaction –User automatically discovers the existence of the network –User gets a valid IP address (e.g. through DHCP) –User verifies authenticity of the server (e.g. certificates) –User provides personal credentials to authentication server –Server provides user with a “key” upon successful authentication –Key is time bounded (e.g. access limited to 30 minutes.) –Protocol is not tied to any single encryption scheme Protocol is decoupled from routing and location updates for mobile hosts –Can use Mobile IP for this

03/20/ th IETF Meeting, Minneapolis Research Fallout User Registration and Authentication Protocol Multiple modes of authentication possible (including TLS) Handles simple aspects of user-network interaction Provides mutual client-server authentication Key management and renewal Network discovery Protocol agnostic mechanism based on broadcast beacons Complements existing standards mobility management and routing (mobile IP) AAA-type functionality on the NNI Network deployed and operational in a mall

03/20/ th IETF Meeting, Minneapolis Experiences Mall deployment –Operational for 7 months –Provides basic Internet access and location-based services Ongoing efforts for campus deployment at UCSD Related publications –A. Miu and P. Bahl, “Dynamic Host Configuration for Managing Mobility between Private and Public Networks,” In Proc. 3rd Usenix Symposium on Internet Technologies and Systems (USITS’01), San Francisco, CA, March 2001, to appear. –P. Bahl, A. Balachandran, and S. Venkatachary, “Secure Broadband Wireless Internet Access in Public Places,” In Proc. IEEE International Conference on Communications (ICC’01), Helsinki, Finland, June 2001, to appear.

03/20/ th IETF Meeting, Minneapolis Existing (Partial) Solutions for Access Mobile IP –Essentially a routing protocol; integrates the tasks of configuration and routing for mobile users in a foreign domain AAA –Addresses interaction between registration agents in different administrative domains (NNI) Authenticated DHCP (UC Berkeley) –Similar to port-based access control at Layer-3 Netbar System at CMU and InSite at Michigan –Hardware centric approaches

03/20/ th IETF Meeting, Minneapolis Network Architecture

03/20/ th IETF Meeting, Minneapolis Discovery Protocol Detects the existence of the network service –Decouple discovery from configuration protocol Remain protocol-agnostic –Server broadcasts service beacons in the local network Passive approach to avoid unwanted solicitation messages in the private network Better alternative to client polling (saves network bandwidth, especially the air interface) Beaconing can be used for network-wide load-balancing, fail-over, and location services