EAP-WAI Authentication Protocol

Similar documents
White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2

Huawei WLAN Authentication and Encryption

WLAN Access Security Technical White Paper. Issue 02. Date HUAWEI TECHNOLOGIES CO., LTD.

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

TLS and SRTP for Skype Connect. Technical Datasheet

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz

Agenda. What is Hybrid AP Fat AP vs. Thin AP Benefits of ZyXEL Hybrid AP How Managed AP finds the Controller AP Web GUI

Lecture 3. WPA and i

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Authentication and Security in IP based Multi Hop Networks

Chapter 2 Wireless Networking Basics

EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

MERA s competence in security design includes but is not limited to the following areas: Engineering and assessments for security solutions (e.g.

Network Access Control and Cloud Security

Lecture 4b AAA protocols (Authentication Authorization Accounting)

802.1X Client Software

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

Authentication, Authorization and Accounting (AAA) Protocols

How To Secure Wireless Networks

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

VoIP Security. Seminar: Cryptography and Security Michael Muncan

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Network Access Control and Cloud Security

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

SNMP -overview. Based on: W.Stallings Data and Computer Communications

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明

Extensible Authentication Protocol Transport Layer Security Deployment Guide for Wireless LAN Networks

Security in IEEE WLANs

Authentication in WLAN

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

CS 356 Lecture 29 Wireless Security. Spring 2013

Wireless LAN Security Mechanisms

Best Practices for SIP Security

Developing Network Security Strategies

Wireless Networking Basics. NETGEAR, Inc Great America Parkway Santa Clara, CA USA

Wireless Robust Security Networks: Keeping the Bad Guys Out with i (WPA2)

Computer Networks. Secure Systems

An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011

Wireless VPN White Paper. WIALAN Technologies, Inc.

CISCO WIRELESS SECURITY SUITE

Introduction to Security and PIX Firewall

IEEE 802.1X For Wireless LANs

A Novel Distributed Wireless VoIP Server Based on SIP

Bit Chat: A Peer-to-Peer Instant Messenger

Wireless security. Any station within range of the RF receives data Two security mechanism

Wireless Network Standard and Guidelines

Link Layer and Network Layer Security for Wireless Networks

IETF DPRIVE WG: Encrypting DNS

Belnet Networking Conference 2013

Chapter 7 Transport-Level Security

WIRELESS NETWORK SECURITY

Cisco Which VPN Solution is Right for You?

TECHNICAL CHALLENGES OF VoIP BYPASS

Network Authentication X Secure the Edge of the Network - Technical White Paper

Network Security. Lecture 3

MOBILE GAMING SYSTEM POLICIES

1 SIP Carriers Warnings Vendor Contact Vendor Web Site : Versions Verified SIP Carrier status as of 9/11/2011

Secured Communications using Linphone & Flexisip

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Network Access Security It's Broke, Now What? June 15, 2010

WLAN w Technology

Application Security: Threats and Architecture

White Paper: Librestream Security Overview

1 SIP Carriers. 1.1 Tele Warnings Vendor Contact Versions Verified Interaction Center 2015 R2 Patch

IP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Security Technology White Paper

Cisco Wireless Security Gateway R2

3GPP TS V6.3.0 ( )

HiPath Wireless Controller, Access Points and Convergence Software, V3.0. User Guide

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Network Security Essentials Chapter 5

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

How to Configure the NEC SV8100 for use with Integra Telecom SIP Solutions

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Understanding the Cisco VPN Client

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

Michal Ludvig, SUSE Labs, 01/30/2004, Secure networking, 1

802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS

Functional Specifications Document

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/ Semester 2

RadSec RADIUS improved. Stig Venaas

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Note: As of Feb 25, 2010 Priority Telecom has not completed FXS verification of fax capabilities. This will be updated as soon as verified.

Transcription:

EAP-WAI Authentication Protocol draft-richard-emu-wai-00 Richard 2009-07-26 Stockholm, IETF 75th

Preface WAPI is a WLAN security protocol and brought forward By a Standard Group in China. It was invited by the ISO/IEC/JTC1/SC6 to submit it as an international proposal in June, 2009 Although WAPI is independent to the AAA, I think WAPI should have a deployment model which would reuse the AAA architecture. The carriers in the China agree to my idea, and we wrote this draft together. The draft demonstrates that EAP protocol and Radius Protocol are very extensible.

Agenda WAPI Overview Benefits of the EAP-WAI Design Idea EAP-WAI Process

WAPI Overview (1/4) WAPI is the abbreviation of WLAN Authentication and Privacy Infrastructure WAPI mainly includes two parts: WLAN Authentication Infrastructure (WAI) To offer the function of authentication and key management WLAN Privacy Infrastructure (WPI) To provide the data protect (encryption) and data integration service.

WAPI Overview (2/4) WAI Protocol ASUE AE ASE WAI over 802.11 WAI over UDP Ethernet Type 0x88B4 UPD Port 3810 The WAI is a core part of the WAPI protocol. ASUE Authentication Supplicant Entity AE Authenticator Entity ASE Authentication Service Entity

WAPI Overview (3/4) The Highlight of WAPI Although it depends on the three entities, it is independent to AAA architecture; Supports the mutual authentication between station (ASUE) and the WLAN devices (AE); The public-key certificate is an important part of the construction of WAPI system. The identity of ASUE and AE can be uniquely identified by the certificate; During the authentication phase, both WLAN device (AE) and station (ASUE) would send their certificates to the ASE. The ASE verify the legality of both certificates and would send the result of verification to the station and WLAN devices.

WAPI Overview (4/4) The main process 802.11 Process Beacon Authentication Association Here is the key points to EAP-WAI WAPI Process Authentication Key Negotiation Trigger Authentication Authentication Request Authentication Reply Unicast key negotiation Request Unicast key negotiation Reply Unicast key Confirm Multicast key Notification Multicast key Reply Certificate Authentication Request Certificate Authentication Reply

Agenda WAPI Overview Benefits of the EAP-WAI Design Idea EAP-WAI Process

Benefits of the EAP-WAI If WAPI supports the deployment model of reusing AAA architecture, then: Independent software vendor (ISV) could easily make the current AAA server support the ASE function; As the deployment of the additional ASE server could be not required, it would reduce the costs of the WAPI infrastructure's deployment and maintenance The WAPI offers the link-level security to the ASUE, e.g., the authentication and confidentiality. Besides them, ASUE needs the authorization and accounting service. The AAA already supports such functions well, and the WAPI could easily reuse such services if it could reuse AAA architecture.

Agenda WAPI Overview Benefits of the EAP-WAI Design Idea EAP-WAI Process

Design Idea (1/2) In order to reuse the AAA architecture and avoid the influence to the station (ASUE), the EAP packet exchanged SHOULD be between the AE and the AAA server. As AAA server's peer is station (ASUE), the WLAN Device (AE) SHOULD mimic itself as a peer (ASUE). By this way, from the AAA server perspective, EAP-WAI is similar to the other authentication methods

Design Idea (2/2) NO Change AE would mimic itself as a peer (ASUE) to AAA For AAA, EAP-WAI is similar to the other authentication methods

Agenda WAPI Overview Benefits of the EAP-WAI Design Idea EAP-WAI Process

EAP-WAI Process As AE SHOULD mimic a peer (ASUE), there is no need to let AE send the EAP- Request/Identity to ASUE any more The EAP identity MAY be the subject [RFC3280] of ASUE's certificate.

Thank You Any Question?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information