Presentation is loading. Please wait.

Presentation is loading. Please wait.

Requirements for Internet Access in Public Places Anand Balachandran University of California, San Diego

Published byJayson Heath Modified over 9 years ago

Similar presentations

Presentation on theme: "Requirements for Internet Access in Public Places Anand Balachandran University of California, San Diego"— Presentation transcript:

1 Requirements for Internet Access in Public Places Anand Balachandran University of California, San Diego http://www-cse.ucsd.edu/users/abalacha

2 03/20/200150 th IETF Meeting, Minneapolis Collaborators Anand Balachandran (UCSD) Allen Miu (MIT) Geoff Voelker (UCSD)

3 03/20/200150 th IETF Meeting, Minneapolis Computing in Public Places Current trend in Internet access –Ubiquitous network connectivity infrastructure Not restricted to offices and homes Access at airports, shopping malls, convention centers –Multiple access technologies (Ethernet, Wireless LANs, Bluetooth, DSL modems etc.) –Proliferation of lightweight portable mobile devices –Use and pay model; “shopping” for access

4 03/20/200150 th IETF Meeting, Minneapolis Security in Public-area Networks Current Schemes –MAC-level Filtering No protection against hardware address spoofing; does not scale –WEP Key Security Keys are hard-wired and cannot be changed flexibly WEP keys can be broken over time OK for small enterprises, but does not scale well –IEEE 802.1x port-based access control Access dependent – does not support APs that are not IEEE compliant (e.g. HIPERLAN, HomeRF, Bluetooth) Requires changes to existing AP hardware and software TLS-based authentication requires user certificates

5 03/20/200150 th IETF Meeting, Minneapolis Our Vision A protocol for network access should be: –Hardware agnostic independent of access technology –IP-version agnostic Works with both IPv4 and IPv6 –Individual-centric Allow network operators to track who is using the network and how it is being used Give user a choice on how they are authenticated -- protect their privacy –Support multiple authentication schemes AAA (DIAMETER), Global authenticators, E-cash systems (MasterCard, Visa) Support users who do not have a “home” domain –Enables “free” access Payment is implicit – drives resident business for the host organization

6 03/20/200150 th IETF Meeting, Minneapolis Service Models Model 1: Free access to local resources –Does not require authentication but needs a valid IP address –Allow access to the Intranet e.g. Mall portal, splash screens, indoor navigation service, Starbucks coffee ordering etc. Model 2: Authenticate and pay –Allow access to the Internet –Allow applications like location-based buddy list, spontaneous sales that are based on profiles etc. –Differentiated charging

7 03/20/200150 th IETF Meeting, Minneapolis Scope of Our Access Protocol User-network Interaction –User automatically discovers the existence of the network –User gets a valid IP address (e.g. through DHCP) –User verifies authenticity of the server (e.g. certificates) –User provides personal credentials to authentication server –Server provides user with a “key” upon successful authentication –Key is time bounded (e.g. access limited to 30 minutes.) –Protocol is not tied to any single encryption scheme Protocol is decoupled from routing and location updates for mobile hosts –Can use Mobile IP for this

8 03/20/200150 th IETF Meeting, Minneapolis Research Fallout User Registration and Authentication Protocol Multiple modes of authentication possible (including TLS) Handles simple aspects of user-network interaction Provides mutual client-server authentication Key management and renewal Network discovery Protocol agnostic mechanism based on broadcast beacons Complements existing standards mobility management and routing (mobile IP) AAA-type functionality on the NNI Network deployed and operational in a mall

9 03/20/200150 th IETF Meeting, Minneapolis Experiences Mall deployment –Operational for 7 months –Provides basic Internet access and location-based services Ongoing efforts for campus deployment at UCSD Related publications –A. Miu and P. Bahl, “Dynamic Host Configuration for Managing Mobility between Private and Public Networks,” In Proc. 3rd Usenix Symposium on Internet Technologies and Systems (USITS’01), San Francisco, CA, March 2001, to appear. –P. Bahl, A. Balachandran, and S. Venkatachary, “Secure Broadband Wireless Internet Access in Public Places,” In Proc. IEEE International Conference on Communications (ICC’01), Helsinki, Finland, June 2001, to appear.

10 03/20/200150 th IETF Meeting, Minneapolis Existing (Partial) Solutions for Access Mobile IP –Essentially a routing protocol; integrates the tasks of configuration and routing for mobile users in a foreign domain AAA –Addresses interaction between registration agents in different administrative domains (NNI) Authenticated DHCP (UC Berkeley) –Similar to port-based access control at Layer-3 Netbar System at CMU and InSite at Michigan –Hardware centric approaches

11 03/20/200150 th IETF Meeting, Minneapolis Network Architecture

12 03/20/200150 th IETF Meeting, Minneapolis Discovery Protocol Detects the existence of the network service –Decouple discovery from configuration protocol Remain protocol-agnostic –Server broadcasts service beacons in the local network Passive approach to avoid unwanted solicitation messages in the private network Better alternative to client polling (saves network bandwidth, especially the air interface) Beaconing can be used for network-wide load-balancing, fail-over, and location services

Download ppt "Requirements for Internet Access in Public Places Anand Balachandran University of California, San Diego"

Similar presentations

Always Best Connected Architecture and Design Rajesh Mishra Ericsson Berkeley Wireless Center.

Always Best Connected Architecture and Design Rajesh Mishra Ericsson Berkeley Wireless Center.
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Rev A8/8/021 ABC Networks

Rev A8/8/021 ABC Networks
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.

Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
1 Chapter 19 Networks. 2 What’s Inside and on the CD? In this chapter you’ll learn: –Basic network terminology –To identify network components –About.

1 Chapter 19 Networks. 2 What’s Inside and on the CD? In this chapter you’ll learn: –Basic network terminology –To identify network components –About.
1 An overview Always Best Connected Networks Dênio Mariz Igor Chaves Thiago Souto Aug, 2004.

1 An overview Always Best Connected Networks Dênio Mariz Igor Chaves Thiago Souto Aug, 2004.
1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.

1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Www.planet.com.tw Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design 2006.9.28 Copyright © PLANET Technology.

Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design Copyright © PLANET Technology.
Remote Networking Architectures

Remote Networking Architectures
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Similar presentations

Ads by Google