Download presentation
Presentation is loading. Please wait.
1
Integrated Congnitive Management System-Hostapd 2014 YU-ANTL Seminal Hyun dong Hwang Advanced Networking Technology Lab. (YU-ANTL) Dept. of Information & Comm. Eng, Graduate School, Yeungnam University, KOREA (Tel : +82-53-810-3940; Fax : +82-53-810-4742 http://antl.yu.ac.kr/http://antl.yu.ac.kr/; E-mail : mch2d@hotmail.com)
2
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 2 Outline Integrated Cognitive Management System Hostapd & Wpa_Supplicant 802.11r Fast transition Current procedure Hostapd configuration Reference
3
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 3 Integrated Cognitive Management System Integrated Cognitive Management System Topology
4
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 4 Hostapd & Wpa_Supplicant Hostapd hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. The current version supports Linux (Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211). hostapd is designed to be a "daemon" program that runs in the background and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text- based frontend, hostapd_cli, is included with hostapd.
5
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 5 Hostapd & Wpa_Supplicant Hostapd features WPA-PSK (WIFI protected Access) WPA with EAP (with integrated EAP server or an external RADIUS backend authentication server) ("WPA-Enterprise") key management for CCMP, TKIP, WEP104, WEP40 WPA and full IEEE 802.11i/RSN/WPA2 RSN: PMKSA caching, pre-authentication IEEE 802.11r IEEE 802.11w RADIUS accounting RADIUS authentication server with EAP Wi-Fi Protected Setup (WPS)
6
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 6 Hostapd & Wpa_Supplicant Wpa_supplicant wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. wpa_supplicant is designed to be a "daemon" program that runs in the background and acts as the backend component controlling the wireless connection. wpa_supplicant supports separate frontend programs and a text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with wpa_supplicant.
7
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 7 Hostapd & Wpa_Supplicant Wpa_supplicant features WPA-PSK ("WPA-Personal") WPA with EAP (e.g., with RADIUS authentication server) ("WPA- Enterprise") key management for CCMP, TKIP, WEP104, WEP40 WPA and full IEEE 802.11i/RSN/WPA2 RSN: PMKSA caching, pre-authentication IEEE 802.11r IEEE 802.11w Wi-Fi Protected Setup (WPS)
8
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 8 Current procedure Current Problem If do not using Bridge port, Wpa_cli command ft_ds(run the Fast BSS Transition) is not transport to target AP If using Bridge port, network DNS server not working
9
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 9 802.11r Fast transition 802.11 Key Hierarchy
10
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 10 802.11r Fast transition 802.11r Action Frame
11
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 11 802.11r Fast trasition 802.11r FT Request Frame
12
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 12 802.11r Fast trasition 802.11r FT Respone Frame
13
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 13 802.11r Fast transition FT Confirm frame
14
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 14 802.11r Fast transition FT ACK frame
15
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 15 Over-the-DS FT Protocol authentication in an RSN
16
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 16 Over-the-DS FT Protocol authentication in an RSN
17
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 17 Current procedure Test Topology STA1 : WPA_Supplicant STA2 : WPA_Supplicant AP1 : Hostapd AP2 : Hostapd Bridge port Ethernet STA Wpa_ supplicant Wpa_cli AP Hostapd _cli
18
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 18 Current topology Network dirver : ath9k(NL80211) Ethernet bridge Ubuntu 12.04 LTS Kernel : 2.6.38-8-generic Hostapd 2.0 LAN CARD : TP-LINK TL WDN4800 Ubuntu 12.04 LTS Kernel : 2.6.38-8-generic Hostapd 2.0 LAN CARD : TP-LINK TL WDN4800 Ubuntu 12.04 LTS Kernel : 2.6.38-8-generic Wpa_supplicant 2.0 LAN CARD : TP-LINK TL WDN4800
19
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 19 Hostapd 2.0 Ubuntu 12.04 일때 필수 설치 라이브러리 libnl-1, libnl-2, libnl-1-dev, libnl-2-dev, bridge-utils, iw, openssl(libssl-dev) Compat wireless module(for ath9k driver) 은 더 이상 지원 안함 Ubuntu 11.04 일때는 Compat wireless module 을 이용한 ath9k 설치가 필요 하지만 Hostapd 2.0 의 openssl 1.0.1f 를 지원하지 안 고 드라이버에 인증서가 설치가 안됨. Hostapd 2.0 이상의 버전에서는 openssl 1.01f 이상의 버전 지원 이 필수 Iptable 을 통한 포트 포워딩 dhcp3-server 를 설치하여 동적 네트워크 IP 를 할당 및 후에 RSN 구성
20
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 20 Hostapd configuration /etc/network/interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 165.229.185.233 netmask 255.255.255.0 gateway 165.229.185.1 auto wlan0 iface wlan0 inet static address 10.10.0.1 netmask 255.255.255.0 No Bridge auto lo iface lo inet loopback auto eth0 iface eth0 inet static auto br0 iface br0 inet static address 165.229.185.233 netmask 255.255.255.0 gateway 165.229.185.1 bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off auto wlan0 iface wlan0 inet static address 10.10.0.1 netmask 255.255.255.0 Using Bridge
21
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 21 Hostapd configuration /etc/dhcp/dhcpd.conf : DHCP server 설정 ddns-update-style none; ignore client-updates; authoritative; option local-wpad code 252 = text; subnet 10.0.0.0 netmask 255.255.255.0 { range 10.0.0.2 10.0.0.16; option domain-name-servers 8.8.4.4, 208.67.222.222; option routers 10.0.0.1; }
22
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 22 Hostapd configuration /etc/default/isc-dhcp-server : DHCP server init script # Defaults for dhcp initscript # sourced by /etc/init.d/dhcp # installed at /etc/default/isc-dhcp-server by the maintainer scripts # # This is a POSIX shell fragment # # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACES="wlan0"
23
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 23 Hostapd configuration 실행 Script 파일 ifconfig wlan0 up 10.0.0.1 netmask 255.255.255.0 sleep 2 if [ "$(ps -e | grep dhcpd)" == "" ]; then dhcpd wlan0 & fi ######### #Enable NAT iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUER ADE iptables --append FORWARD --in-interface wlan0 -j ACCEPT sysctl -w net.ipv4.ip_forward=1./hostapd -dd./hostapd.conf killall dhcpd
24
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 24 Hostapd configuration Hostapd.conf interface=wlan0 driver=nl80211 #bridge=br0 ctrl_interface=/var/run/hostapd ctrl_interface=0 hw_mode=g channel=5 auth_algs=1 ieee80211n=1 ssid=yuantl wpa=2 wpa_key_mgmt=FT-PSK wpa_pairwise=CCMP TKIP rsn_pairwise=CCMP TKIP wpa_passphrase=12345678 wpa_group_rekey=3600 #iapp_interface=eth0 own_ip_addr=165.229.185.233 rsn_preauth=1 rsn_preauth_interfaces=eth0 okc=1 nas_identifier=nas2.kir.nu mobility_domain=a1b2 r0_key_lifetime=10000 r1_key_holder=000102030406 reassociation_deadline=1000 pmk_r1_push=1 r0kh=64:66:b3:0b:c0:94 nas.kir.nu 000102030405060708090a0b0c0d0e0f r0kh=64:70:02:07:ad:c4 nas2.kir.nu 0f0e0d0c0b0a09080706050403020100 r1kh=64:66:b3:0b:c0:94 00:01:02:03:04:05 0f0e0d0c0b0a09080706050403020100 r1kh=64:70:02:07:ad:c4 00:01:02:03:04:06 000102030405060708090a0b0c0d0e0f
25
Advanced Networking Tech. Lab. Yeungnam University (YU-ANTL) YU-ANTL Lab Seminal Hyun dong Hwang 25 Reference [1] 김진욱, 김영탁, “IEEE 802.11 환경에서 Network Initiated Roaming 기반의 로드밸런싱을 이용한 인지형 무선 LAN 관리 시스 템 ”, JCCI, 2013. [2] IEEE Standard 802.11-2007, “Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specification,” June 2007. [3] Devin Akin, David Coleman, “Robust Security Network(RSN) Fast BSS Transition(FT)” white paper, Setember 2008 [4] http://hostap.epitest.fi/wpa_supplicant/devel/http://hostap.epitest.fi/wpa_supplicant/devel/ [5] http://wireless.kernel.org/en/users/Documentation/hostapd
Similar presentations
