1 A VPN based approach to secure WLAN access John Floroiu

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

Encrypting Wireless Data with VPN Techniques

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

Internet Protocol Security (IP Sec)

Secure Mobile IP Communication

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

1 Mobile IP Myungchul Kim Tel:

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.

Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Internet Protocol Security (IPSec)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.

Security Data Transmission and Authentication

Host Identity Protocol

Industrial Strength Security for an Insecure World

Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Security in MobileIP Fahd Ahmad Saeed. Wireless Domain Problem Wireless domain insecure Data gets broadcasted to everyone, and anyone hearing this can.

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

1 Mohamed M Khalil Mobile IPv4 & Mobile IPv6. 2 Mohamed M Khalil Mobile IP- Why ? IP based Network Sub-network A Sub-network B Mobile workforce carry.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

1 © 1999, Cisco Systems, Inc. AAA/Mobile IP For 3G CDMA Systems Gopal Dommety and Allen Long.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Module 11: Remote Access Fundamentals

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

1 Julien Laganier MEXT WG, IETF-79, Nov Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

Virtual Private Network Benefits Classification Tunneling technique, PPTP, L2TP, IPSec Encryption Technology Key Management Technology Authentication Settings.

1 Local Security Association (LSA) The Temporary Shared Key (TSK) draft-le-aaa-lsa-tsk-00.txt Stefano M. Faccin, Franck Le.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.

Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.

Lecture 24 Wireless Network Security

MOBILITY Beyond Third Generation Cellular Feb

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Doc.: IEEE /345r0 Submission May 2002 Albert Young, Ralink TechnologySlide 1 Enabling Seamless Hand-Off Across Wireless Networks Albert Young.

Draft-ietf-aaa-diameter-mip-15.txt Tom Hiller et al Presented by Pete McCann.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

Security Data Transmission and Authentication Lesson 9.

Mobile IP Aamir Sohail NGN MS(TN) IQRA UNIVERSITY ISLAMABAD.

Mobile IP Security Konidala M. Divyan International Research Center for Information Security Network Security (ICE 615) Term Project – 2002 Autumn.

11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.

CSCI 465 Data Communications and Networks Lecture 26

Introduction Wireless devices offering IP connectivity

Virtual Private Network

Security Issues With Mobile IP

Microsoft Windows NT 4.0 Authentication Protocols

Chapter 18 IP Security  IP Security (IPSec)

EA C451 Vishal Gupta.

2002 IPv6 技術巡迴研討會 IPv6 Mobility

Virtual Private Networks

Mobile IP Presented by Team : Pegasus Kishore Reddy Yerramreddy Jagannatha Pochimireddy Sampath k Bavipati Spandana Nalluri Vandana Goyal.

Presentation transcript:

1 A VPN based approach to secure WLAN access John Floroiu

2 Goal Design and implementation of a protocol enabling mobile users visiting foreign WLAN domains to securely access network resources in Internet –Authenticating mobile users –Protecting the data traffic of the clients

3 Reason Various attacks (passive, active, man-in-the- middle) are easier to mount in a WLANs because potential attackers may be located on the same link Initial message exchange between visiting nodes and a foreign WLAN domain is unprotected

4 Reason Access Point Access Router Nomadic Nodes Campus Network

5 Possible approaches EAP-based protocols –Compound authentication methods aimed at securing legacy authentication protocols VPN-based methods –Provide an IPsec overlay to WLANs –More flexibility in negotiating cryptographic material (protocols, transforms, SPI)

6 Outline of the protocol High level requirements –Authenticate users in an inter-domain environment –Provide strong security mechanisms to support per-user encryption and cryptographic material to other potential applications/protocols (Mobile IP) –Exhibit robustness to DoS (resource depletion, reply attacks, computational DoS)

7 Outline of the protocol Sets up an IPsec tunnel over the wireless link Uses AAA for inter-domain authentication –Based on shared secrets, timestamps (similar to MIPv4) ISAKMP for key exchange –Phase 1 exchange piggybacked into the AAA authentication request/answer –Phase 2 takes place between the client and the access router

8 Future work Local mobility – a nomadic node moves between different access routers within the same administrative domain –Dynamic „update“ of the ends of an IPsec connection –Multihoming

9 Future work Access Point Access Router + Local Home Agent Nomadic Node Campus Network Access Point Access Router + Local Home Agent

10 Open issues Authentication of management messages (beacon, association/re-association/disassociation request/reply)

11 Thank you!