1. 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun Communication and Distributed Systems Institute of Computer Science and Applied Mathematics Universität Bern braun@iam.unibe.ch http://cds.unibe.chhttp://cds.unibe.ch, http://a4-mesh.unibe.chhttp://a4-mesh.unibe.ch

2. Overview  Project Introduction  Application Scenario  Wireless Mesh Network  Authentication and Authorization  Accounting  Conclusions and Outlook Zürich, 26.06.20122 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

3. Project Introduction

4. Project Partners  Institut für Informatik und Angewandte Mathematik  Geographisches Institut  Informatikdienste  Institut d’Informatique  Service Informatique et Télématique Zürich, 26.06.20124 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

5. Project Goals and Objectives  Goal —Provide low-cost broadband network access to researchers and students at remote locations  Objectives —Cost-efficient network access —Easily deployable wireless mesh network (WMN) —Integrated into regular authentication and authorization infrastructure of Swiss higher education (SWITCHaai) Zürich, 26.06.20125 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

6. Wireless Mesh Networks (WMNs) Application Scenarios 1. Environmental Monitoring 2. Campus Network Extension Zürich, 26.06.20126 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

7. AAAA for WMNs  Authentication and Authorization of 1.wireless mesh nodes entering the WMN 2.mobile users accessing the Internet via the WMN (using SWITCH AAI mechanisms)  Accounting of traffic generated by 1.wireless mesh nodes and sensors 2.individual mobile users (for charging and monitoring purposes)  Auditing functions —detect inconsistent or erroneous node states —perform recovery mechanisms or trigger alarms  Indoor testbed and pilot networks at 1.Crans Montana 2.University campuses at Bern and Neuchâtel Zürich, 26.06.20127 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

8. Application Scenario: MontanAqua

9. Requirements by Environmental Monitoring  Support of scientists (hydrology researchers) to collect sensor data from environmental measurements.  Scientists use data for generating and verifying models of the environment.  Specific measurements to cover certain areas or to collect specific sensor data are needed. Zürich, 26.06.20129 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

10. MontanAqua Investigation Area Sion Sierre Tseuzier storage lake Plaine Morte glacier © Weingartner Zürich, 26.06.201210 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

11. Modelling Water Resources PIHM - Penn State Integrated Hydrologic Model cc scenarios 2050 WATER RESOURCES 2010 LAND USE © Martina Kauzlaric module GLACIER module KARST Jeannin ice thickness 0 m 100 m 200 m © Matthias Huss © Weingartner PHIM high data demand for modelling water balance and fluxes Zürich, 26.06.201211 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

12. Weather Stations and Rain Gauges wind velocity & direction air temperature & relative humidity solar radiation rainfall Zürich, 26.06.201212 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

13. Runoff Station Zürich, 26.06.201213 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

14. Soil Measurements soil moisture sensorstensiometers lysimeter Zürich, 26.06.201214 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

15. Data Transfer Alternatives GSM Modem for weather stations lost GSM Signal GPRS Modem for weather stations data access only via server of producer of weather station Manually for rain gauges, runoff gauges, weather station Zürich, 26.06.201215 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

16. Serial Port Tunneling Zürich, 26.06.201216 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

17. Benefits for Scientists  Real-time access on logger (software up-dates, failure checking) →reduced frequency of maintenance  Real-time data access (data verification, monitoring of sensors)  Data stored on server at University and logger in the field →reduction of data loss risk (destruction of sensors/loggers) →independent of GSM/GPRS network availability →high data-transfer rates (web cam) Zürich, 26.06.201217 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

18. Sensor Readings Zürich, 26.06.201218 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

19. Wireless Mesh Network

20. MontanAqua Sensors and A4-Mesh Network webcam Zürich, 26.06.201220 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

21. A4-Mesh Topology © Atlas of Switzerland 3 Plaine Morte Glacier Sion Sierre Zürich, 26.06.201221 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

22. Wireless Mesh Node Technology IP66 steel enclosure 1-2x Alix 3D2 system boards 1x Alix 6F2 system board 1-4x 802.11n mini PCI cards 1x 802.11g mini PCI card 1x UMTS mini PCI-Express card I 2 C twin relay 2x2 MIMO, 25dBi, dual polarization panel antennas ADAM Linux Optimized Link State Routing / 802.11 s Zürich, 26.06.201222 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

23. Deployment of Nodes 4a/b Zürich, 26.06.201223 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

24. Deployment of Nodes 3/7 Zürich, 26.06.201224 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

25. Deployment of Node 8 Zürich, 26.06.201225 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

26. Authentication and Authorization

27. Authentication and Authorisation  Network resources can only be accessed by authenticated and authorized end users and wireless mesh nodes: —Wireless mesh nodes entering the WMN – Mechanism tailored to WMNs supporting easy and secure inter- organizational access to network resources using a separate Shibboleth federation. —Mobile users accessing the Internet via the WMN – Implementation based on web-based captive portal protected by SWITCHaai Zürich, 26.06.2012 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks 27

28. A 4 -Mesh AAAA Architecture Zürich, 26.06.201228 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

29. Machine Authentication and Authorization Zürich, 26.06.2012 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks 29 Request VPN key Authentication request with X.509 certificate Machine attributes is authorized ?authorized VPN key Open firewall VPN tunnel establishment

30. User Authentication and Authorization (Captive Portal) Zürich, 26.06.2012 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks 30

31. Accounting

32.  Traffic monitoring at each mesh node (NetFlow, RFC 3954)  Central storage of flow statistics at A 4 -Mesh gateway  Data enrichment at A 4 -Mesh gateway (IP, IP NAT, time, UniqueID) Zürich, 26.06.201232 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

33. Accounting Aggregator Zürich, 26.06.201233 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

34. Network Monitoring  Monitoring agent at each mesh node (Zabbix agent)  Central server at A 4 -Mesh gateway (Zabbix server) Zürich, 26.06.201234 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks

35. Conclusions and Outlook

36. Conclusions  WMN is valuable for researchers working in the field.  Implementation of SWITCHaai-based authentication and authorization for WMN nodes and end users  Implementation of monitoring functions for WMN nodes  Outlook: integration and tests Zürich, 26.06.2012 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks 36

37. a4-mesh.unibe.ch Zürich, 26.06.201237 Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks