COMMUNICATION SYSTEMS, NETWORKS AND DIGITAL SIGNAL PROCESSING Fifth International Symposium 19-21 July, 2006, Patras, Greece Security in Wireless Networks:

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

IWAN A Web Service- and ForCES-based Programmable Router Architecture Evangelos Haleplidis 1, Robert Haas 2, Spyros Denazis 13, Odysseas Koufopavlou.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

TNC 2003 Wireless Campus project Coletta Elisa Marchioro -

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.

An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

System Architecture for Billing of Multi- Player Games in a Wireless Environment using GSM/UMTS and WLAN Services Femi Adeyemo 11/21/02.

Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Computer Network Architecture and Programming

Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design Copyright © PLANET Technology.

Omniran IEEE 802 Scope of OmniRAN Date: Authors: NameAffiliationPhone Max RiegelNSN

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

Chapter 1: Overview Lecturer: Alias Mohd Telecommunications Department Faculty of Electrical Engineering UTM SET 4573: Data Communication and Switching.

Wireless Ad Hoc VoIP Thesis by: Patrick Stuedi & Gustavo Alonso Presentation by: Anil Kumar Marukala & Syed Khaja Najmuddin Ahmed.

Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.

Networks LANS,. FastPoll True Questions Answer A for True and B for False A wireless infrastructure network uses a centralized broadcasting device, such.

Interworking Architecture Between 3GPP and WLAN Systems 張憲忠, 何建民, 黃瑞銘, 紀嘉雄, 李有傑.

MagicNET: Security Architecture for Discovery and Adoption of Mobile Agents Presented By Mr. Muhammad Awais Shibli.

 Computer Networking Computer Networking  Networking terminology Networking terminology  Client Server Model Client Server Model  Types of Networks.

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Authors: Jiann-Liang Chenz, Szu-Lin Wuy,Yang-Fang Li, Pei-Jia Yang,Yanuarius Teofilus Larosa th International Wireless Communications and Mobile.

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

Presented by: Chaitanya K. Sambhara Paper by: Karl Mayer and Wolfgang Fritsche IABG mbH Germany - Instructor : Dr Yingshu Li.

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Living Online Module Lesson 23 — Networks and Telecommunication

11/26 Integration of wireless LAN and 3G wireless - Interworking architecture between 3GPP and WLAN systems Ahmavaara, K.; Haverinen, H.; Pichna, R.; Communications.

Quick Implementation of a WAP Push Gateway Wen-Hung Su Fu Jen Catholic University Computer Science and Information Engineering Department Moblie Communication.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks H. Haverinen, J. Mikkonen and T. Takamaki, Nokia Wei-Jen, Lin Advanced.

Media Translation Based on QoS Requirements of Devices and Services Jun’ichi Yura Faculty of Environmental Information, Keio Univ.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.

Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,

Secure Systems Research Group - FAU Patterns for Wireless Web Services Nelly Delessy January 19, 2006.

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

WLAN-GPRS Integration For Next-Generation Mobile Data Networks Wireless Communications IEEE 2002 報告者：陳崇凱.

Technology Layer. Technology Layer Metamodel Technology Layer Concepts.

Global Roaming in Next-Generation Networks Theodore B. Zahariadis, Konstantinos G. Vaxevanakis, Christos P. Tsantilas, and Nikolaos A. Zervos Ellemedia.

Living Online Module Lesson 23 — Networks and Telecommunication Computer Literacy BASICS.

Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks Haitham Cruickshank University of Surrey workshop on Ubiquitous.

IWAN A Web-Services based Architecture for Dynamic-Service Deployment Christos Chrysoulas 1, Evangelos Haleplidis 1, Robert Haas 2, Spyros Denazis.

Network Programming Chapter 1 Networking Concepts and Protocols.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Module 6: Network Policies and Access Protection.

Authors: Jiann-Liang Chenz, Szu-Lin Wuy, Yang-Fang Li, Pei-Jia Yang,

Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.

Architecture of the Flexinet ForCES-based Control Point Robert Haas, IBM Research, Zurich Research Lab, Toshiaki.

Source : 2014 IEEE Ninth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP) Auther : Nacer Khalil, Mohamed.

Class Notes CS403- Internet Technology Prepared by: Gulrez Alam Khan.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

Port Based Network Access Control

Mobile IP Aamir Sohail NGN MS(TN) IQRA UNIVERSITY ISLAMABAD.

MOBILE IP & IP MICRO-MOBILITY SUPPORT Presented by Maheshwarnath Behary Assisted by Vishwanee Raghoonundun Koti Choudary MSc Computer Networks Middlesex.

Presented by Edith Ngai MPhil Term 3 Presentation

Chapter 1 Introduction to Networking

Fundamentals of Information Systems, Sixth Edition

By Asma Hamad Alharbi.

Integration of and Third-Generation Wireless Data Networks

IEEE 802 OmniRAN Study Group: SDN Use Case

EA C451 Vishal Gupta.

Goals Introduce the Windows Server 2003 family of operating systems

Presentation transcript:

COMMUNICATION SYSTEMS, NETWORKS AND DIGITAL SIGNAL PROCESSING Fifth International Symposium July, 2006, Patras, Greece Security in Wireless Networks: The FlexiNET Approach G. Kostopoulos 1, C. Kavadias 2, C. Chrysoulas 3, S. Denazis 4, O. Koufopavlou 5 Electrical and Computer Engineering Department, University of Patras, GREECE {gkostop 1, cchrys 3, sdena 4, odysseas 5 TELETEL S.A, 124, Kifisias Avenue, Athens, GREECE,

21/07/2006, Patras, GreeceCSNDSP 2006 Outline FlexiNET Architecture Security Overview User Case Scenario AAA Proxy Module Authentication Scenarios

21/07/2006, Patras, GreeceCSNDSP 2006 FlexiNET Architecture The FlexiNET network architecture consists mainly of node instances, communication buses and data repositories. The FlexiNET UMTS Access Node (FUAN) provides to the FlexiNET interfaces, functions such as switching/routing control, access to applications data & service logic, etc. The FUAN complements existing access nodes (RNC, BSC) of UMTS networks. The FlexiNET WLAN Access Node (FWAN) acts as both a services access gateway (user authentication, service authorization, service discovery, etc.), and connection gateway between WLAN infrastructures and the FlexiNET WAN. The FlexiNET Data Gateway Node (DGWN) acts as the Gateway between the generic SAN infrastructures and the FlexiNET Network Architecture allowing for the realisation of the data-centric FlexiNET services approach. The Generic Applications Interface Bus is the central and most important mechanism for the interconnection of the FlexiNET instances. The FlexiNET Applications Server (FLAS) is the physical entity, which hosts the logic of the applications that the FlexiNET network architecture provides.

21/07/2006, Patras, GreeceCSNDSP 2006 FlexiNET Architecture The FlexiNET UMTS Access Node (FUAN) provides to the FlexiNET interfaces, functions such as switching/routing control, access to applications data & service logic, etc. The FUAN complements existing access nodes (RNC, BSC) of UMTS networks. The FlexiNET WLAN Access Node (FWAN) acts as both a services access gateway (user authentication, service authorization, service discovery, etc.), and connection gateway between WLAN infrastructures and the FlexiNET WAN The FlexiNET Data Gateway Node (DGWN) acts as the Gateway between the generic SAN infrastructures and the FlexiNET Network Architecture allowing for the realisation of the data-centric FlexiNET services approach The Generic Applications Interface Bus is the central and most important mechanism for the interconnection of the FlexiNET instances The FlexiNET Applications Server (FLAS) is the physical entity, which hosts the logic of the applications that the FlexiNET network architecture provides

21/07/2006, Patras, GreeceCSNDSP 2006 Security Overview FWAN Architecture

21/07/2006, Patras, GreeceCSNDSP 2006 Security Overview The necessary entities that are responsible for the security in FlexiNET’s Wireless LAN node are the FWAN module and the FLAS Server. A user will access the FWAN through an access point using either a laptop or a mobile phone. The FWAN is responsible for authenticating native and roaming users through the FLAS using the AAA proxy module. The Dynamic Service Deployment module must be deployed on the FWAN before boot-up. The bootstrap process is responsible for booting up the FWAN with the AAA proxy module. FLAS is the physical entity, which hosts the logic of the services that the FlexiNET network architecture provides. These services are called from other entities remotely and executed locally. FLAS provides services either to the other FlexiNET node instances or to Third Party applications servers. These services are exposed as Web Services via the Generic Applications Interface Bus

21/07/2006, Patras, GreeceCSNDSP 2006 User Case Scenario The FlexiNET Wireless Access Node supports two different kinds of authentication scenarios. The Login/Password scenario and the SIM based authentication scenario. Both scenarios have been deployed upon EAP and RADIUS protocols. The entities that are involved in the Authentication Scenarios are the following: – Client – Authenticator – AAA Proxy – FLAS

21/07/2006, Patras, GreeceCSNDSP 2006 AAA Proxy Architecture

21/07/2006, Patras, GreeceCSNDSP 2006 AAA Proxy Module The AAA Proxy is comprised of the following components: – the Web Services Server, – the Translator, – the Parser and – the User Manager. The Data Holders which the AAA Module includes are the EAP Packet Formats holder, the EAP Packet holder and the User State holder The AAA proxy module: – forwards the authentication packets to the FLAS Server, – encapsulates the EAP packets into XML messages that are passed over Web services and vice versa, to authenticate and authorize the user

21/07/2006, Patras, GreeceCSNDSP 2006 Login/Password Authentication Scenario

21/07/2006, Patras, GreeceCSNDSP 2006 SIM based Authentication Scenario

21/07/2006, Patras, GreeceCSNDSP 2006 Conclusions In this paper we present an alternative architecture providing authentication using Web Services for the exchange of authentication material. Using the proposed method we achieve to authenticate the user independently of its type. The user does not have to choose the authentication method. The system by itself, through the AAA Proxy, controls the security mechanism that has to be used for each user using the same infrastructure for each case.

21/07/2006, Patras, GreeceCSNDSP 2006 Thank You for Your Attention !