Seamless Yet Secure -Hotspot Roaming

Similar documents
Authentication and Security: IEEE 802.1x and protocols EAP based

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

ENHANCING PUBLIC WIFI SECURITY

Exam Questions CWSP-205

Wireless LAN Security. Gabriel Clothier

TopGlobal MB8000 Hotspots Solution

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

COPYRIGHTED MATERIAL. Contents

802.1x. ACSAC 2002 Las Vegas

Standard For IIUM Wireless Networking

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Securing Your Wireless LAN

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

What is Eavedropping?

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

FAQ on Cisco Aironet Wireless Security

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Cross-organisational roaming on wireless LANs based on the 802.1X framework Author:

TestsDumps. Latest Test Dumps for IT Exam Certification

Security in IEEE Networks

Securing Wireless LANs with Certificate Services

Achieving End-to-End Security in the Internet of Things (IoT)

Authentication and Security: IEEE 802.1x and protocols EAP based

Wireless Network Security Fundamentals and Technologies

Appendix E Wireless Networking Basics

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Access Connections 5.1 for Windows Vista: User Guide

Wireless technology Principles of Security

Wireless# Guide to Wireless Communications. Objectives

International Roaming Access Protocols (IRAP) Framework

802.1X: Deployment Experiences and Obstacles to Widespread Adoption

Configure Network Access Manager

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

802.1x Port Based Authentication

Agile Controller-Campus V100R002C10. Permission Control Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

1100 Dexter Avenue N Seattle, WA NetMotion Mobility Architecture A Look Under the Hood

CUA-854 Wireless-G Long Range USB Adapter with Antenna. User s Guide

Wireless Security i. Lars Strand lars (at) unik no June 2004

Copyright 2011 Nomadix, Inc. All Rights Reserved Agoura Road Suite 102 Agoura Hills CA USA White Paper

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

BYOD: BRING YOUR OWN DEVICE.

Wireless LAN, WLAN Security, and VPN

Implementing X Security Solutions for Wired and Wireless Networks

Configuring a VAP on the WAP351, WAP131, and WAP371

Open System - No/Null authentication, anyone is able to join. Performed as a two way handshake.

Cisco Desktop Collaboration Experience DX650 Security Overview

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Implementing Security in Windows 2003 Network (70-299)

Configuring the Client Adapter through Windows CE.NET

Radiator. EAP-SIM and EAP- AKA Support

Configuring FlexConnect Groups

ClearPass QuickConnect 2.0

Vendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo

Port-based authentication with IEEE Standard 802.1x. William J. Meador

Wireless MAXg Technology

Radiator. EAP-SIM and EAP- AKA Support

TABLE OF CONTENTS CHAPTER TITLE PAGE

AmbiCom WL11-SD Wireless LAN SD Card. User Manual

IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT

WLAN Roaming and Fast-Secure Roaming on CUWN

3/9/2015. Wi-Fi Offload, There s Nothing to Fear! Presentation Overview. What is Wi- Fi Offload?

Chapter 24 Wireless Network Security

Certified Wireless Network Administrator

Wireless Attacks and Countermeasures

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Configuring a Wireless LAN Connection

IPv6 Community Wifi. Unique IPv6 Prefix per Host. IPv6 Enhanced Subscriber Access for WLAN Access Gunter Van de Velde Public.

Wireless Network Security Spring 2016

WIT VoWiFi. Leverage Wi-Fi for voice calling. vowifi.wit-software.com

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Information Technology Policy Board Members. SUBJECT: Update to County WAN/LAN Wireless Standards

Cisco Exam Questions & Answers

802.11a g Dual Band Wireless Access Point. User s Manual

Configuring Authentication Types

C I S C O C O M P A T I B L E E X T E N S I O N S : C L I E N T B E N E F I T S O N A C I S C O W L A N

Securing a Wireless LAN

Chapter 17. Wireless Network Security

Configuring Cipher Suites and WEP

Lab Configuring LEAP/EAP using Cisco Secure ACS (OPTIONAL)

Wireless-N Business Notebook Adapter

Cisco 5G Vision Series: Vertical Value Creation

ilight/gigapop eduroam Discussion Campus Network Engineering

1.0 Basic RF Characteristics (15%) 1.1 Describe RF signal characteristics Frequency Amplitude Phase 1.1.

Configuring the Client Adapter through the Windows XP Operating System

802.1X: Background, Theory & Implementation

Your wireless network

LESSON 12: WI FI NETWORKS SECURITY

Product Brief: SDC-PE15N n PCIe Module with Antenna Connectors

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo

Wireless Gateways: Going beyond VPNs for WLAN security and management solutions

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

The Value of Cisco Compatible Extensions (CCX) for Mobile Computers

802.1X: Port-Based Authentication Standard for Network Access Control (NAC)

Transcription:

Seamless Yet Secure -Hotspot Roaming CDG Wi-Fi Summit 2003 Steve Reyes Product Management and Development 4501 Intelco Loop SE Olympia, WA 98507 913-814-6262 Sreyes@verisign.com 1

Vision: Mobile and Portable Computing Enterprise Public WLAN Service Provider AAA Servers xdsl/cable Broadband user Cable/DSL T1/T3 Internet T1/T3 Cable/DSL Public WLAN HotSpot Legacy and Web Enterpris e Applicati ons Billing/ Customer Care Servers T1 Small Manufacturing Site or Branch Office 2

Market Forecasts All Over the Map #Hot Spots 100,000 $ Billions IDC June 2002 Forecast Analysys Research Pyramid 80,000 60,000 40,000 20,000 30 25 20 15 10 5 0 0 2002 2003 2004 2005 2006 3 Analysys U.S. Hotspots 9.5 Actual/Forecast as announced Goldman Sachs Global PwLAN Service Revenues Alexander Resources 2007 2006 30 TeleAnalytics $ Billions Consensus View Gold man Sach s Global Wi-Fi Equipment Sales Low $4.0 $3.5 $3.0 $2.5 $2.0 $1.5 $1.0 $0.5 $0.0 30% IDC Home Synergy Home IDC Enterprise Synergy Enterprise IDC Public Access 5% % Broadband Connections 10 % 2002 2003 2004 2005 2006 U.S. Wi-Fi Penetration High 50 % 3

Key Market Inhibitors There are two major barriers holding back significantly higher levels of Wi-Fi adoption. 1 Security Concerns Enterprises have been slow to build out WLAN due to concerns over network security (e.g., unauthorized access) Fewer enterprise deployments. Lower carryover of users into hotspots and homes. 4 2 Lack of standard roaming infrastructure The lack of a broadly accessible roaming standards fosters closed networks and significantly reduces the value proposition to end users, hotspot operators and network service providers. Economies of scale not realized End-user inconvenience lowers demand

Evolution Realizable Market Opportunity Today Phase I Phase II (2003) Phase III (2005) Time Closed and non- secure Closed but secure Open and secure 5

Requirements of Major Constituents! ROI Enterprise Customers! Unwilling to deploy until WLAN security properly addressed! Require complete solution bundle for WLAN network design, portability and mobility WLAN Service Providers! Broadband ISPs looking for new revenue streams! 3G Networks need to seed wireless data services usage Unleash the Opportunity WLAN Infrastructure Vendors Consumers/ SMB Customers! Want to deploy low TCO LAN! Want public WLAN roaming capabilities! Need to solve WLAN security issues in order to grow market 6

The Security Conundrum! SSID association NOT a security mechanism Sniffing possible (desirable) OR limited interoperability! MAC address control lists not maintainable! Authorization all or nothing problem! WEP (privacy control) Vulnerable Key management headache! VPN Requires client software Install/configuration effort Expensive 7

The Security Conundrum! Vendor security frameworks Proprietary May impact interoperability May limit choice of vendors! Cisco s LEAP Mutual authentication of clients and AP s Per session WEP key for encryption! Agere s Advanced Mobile Security Architecture (AMSA) RC4 per session encryption with Diffie Helman key exchange Supports EAP-TLS with WEP encryption and key refresh! Symbol Based on Kerberos Mutual authentication, end-to-end encryption Per session dynamic key distribution 8

Web-Based Security! Browser-based authentication via username/password through encrypted browser window! Typically employs Access Controller located between the wireless AP and internal LAN or Internet! Best suited for guest services! Vulnerable to session hijacking Reasonable general access control Not solid assurance of privacy 9

IPSec/VPN! Place WLAN outside firewall! Provide WLAN users VPN client! Forces users through VPN concentrator 10

Wired Equivalent Protocol! Standard configurable feature of most leading AP s! Objective to ensure privacy by encrypting each 802.11 packet via RC4 cipher stream! Relies on pre-shared static keys (typically manually configured)! Weaknesses: No key management specified Keys too small (40 bits) and easily broken Initialization Vector (IV) is too small and easily broken (sent in the clear) RC4 algorithm is weak! WEP is bad, but better than nothing if keys are changed frequently 11

802.1X Security! 802.1X Standard Framework for providing compatible authentication & authorization mechanisms for devices interconnected by 802.11 LANs! 802.1X Security Entities Identifies 3 entities: " Client (Supplicant) " Access Point (Authenticator) " Authentication Server (AS) AP-to-AS communication using EAPOL 12

Secure WLAN Roaming Internet Enterprise Public WLAN Hotspot Home network AS AS AS AS Authentication Clearinghouse Public WLAN Carrier/ISP routes all Authentication requests to Authentication Clearinghouse. 13 Clearinghouse opens outer EAP-TTLS tunnel and pass-on Username/Password to Enterprise s RADIUS Server; manages Accounting & Billing

CA Hierarchy Wi-Fi Root CA WISPr CA Wi-Fi CA W-ISP #1 W-ISP #2 W-ISP #n Device Vendor #1 Device Vendor #2 Device Vendor #N User#1-456 AP #1-678 PAC #1-765 User #n-123 User #n-456 AP Serial# 2xyz... AP Serial# 2abc... User#2-456 AP #2-123 AAA #2-897 NIC/STA Serial# 1pqr... NIC/STA Serial# 1stv... AAA Serial# 5cde... AAA Serial# 5fgh... 14

Industry Trust Model! PKI model ensures highest level of trust! Digital certificates based! Utilizes 802.1x/EAP-TLS! Trusted Certificate Authority network! Portable across home, enterprise and public venues 15

Wireless Carrier Paradigm 3G Access Networks Users profile HLR Cellular Network Apps. Revenue Hot spots Mediation Services Services Billing WLANs 16

Targeted Architecture Residential ISP Wireless carrier (Service Provider) AAA Servers Clearinghouse (optional) AAA Servers GW Public WLAN Hotspot / WISP operations AAA Servers Direct exchange xdsl/cable Broadband user Wireless user Cable/DSL Internet SS7 T1 Billing/ Customer Care Servers AAA Servers HLR Billing/ Customer Care Servers Mobile carriers Roaming user 17

18 Thank You!!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback