• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks

on

  • 589 views

http://www.terena.org/activities/tf-mobility/meetings/28/

http://www.terena.org/activities/tf-mobility/meetings/28/

Statistics

Views

Total Views
589
Views on SlideShare
588
Embed Views
1

Actions

Likes
0
Downloads
10
Comments
0

1 Embed 1

http://www.slashdocs.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • location of area under investigation south faced hill-slope of Bernese Alps between Sion and Sierre
  • ->complex hydrological model
  • 2 types of weather stationsleft -> Austrian producerright -> assembled by GIUB
  • 2 possibilities: others do the work: OFEN, MeteoSwiss, WSL, SLF, Universities, Engineering Offices, Privatesyou measure yourself (if u have no other spear time activities)
  • 2 possibilities: others do the work: OFEN, MeteoSwiss, WSL, SLF, Universities, Engineering Offices, Privatesyou measure yourself (if u have no other spear time activities)

A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Presentation Transcript

  • 28th TF-Mobility and Network MiddlewareMeetingA4-Mesh: Authentication, Authorization,Accounting, and Auditing inWireless Mesh NetworksTorsten BraunCommunication and Distributed SystemsInstitute of Computer Science and Applied MathematicsUniversität Bernbraun@iam.unibe.chhttp://cds.unibe.ch, http://a4-mesh.unibe.ch
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Overview > Project Introduction > Application Scenario > Wireless Mesh Network > Authentication and Authorization > Accounting > Conclusions and Outlook Zürich, 26.06.2012 2
  • Project Introduction
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Project Partners > Institut für Informatik und Angewandte Mathematik > Geographisches Institut > Informatikdienste > Institut d’Informatique > Service Informatique et Télématique Zürich, 26.06.2012 4
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Project Goals and Objectives > Goal — Provide low-cost broadband network access to researchers and students at remote locations > Objectives — Cost-efficient network access — Easily deployable wireless mesh network (WMN) — Integrated into regular authentication and authorization infrastructure of Swiss higher education (SWITCHaai) Zürich, 26.06.2012 5
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Wireless Mesh Networks (WMNs) Application Scenarios 1. Environmental Monitoring 2. Campus Network Extension Zürich, 26.06.2012 6
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks AAAA for WMNs > Authentication and Authorization of 1. wireless mesh nodes entering the WMN 2. mobile users accessing the Internet via the WMN (using SWITCH AAI mechanisms) > Accounting of traffic generated by 1. wireless mesh nodes and sensors 2. individual mobile users (for charging and monitoring purposes) > Auditing functions — detect inconsistent or erroneous node states — perform recovery mechanisms or trigger alarms > Indoor testbed and pilot networks at 1. Crans Montana 2. University campuses at Bern and Neuchâtel Zürich, 26.06.2012 7
  • Application Scenario: MontanAqua
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Requirements by Environmental Monitoring > Support of scientists (hydrology researchers) to collect sensor data from environmental measurements. > Scientists use data for generating and verifying models of the environment. > Specific measurements to cover certain areas or to collect specific sensor data are needed. Zürich, 26.06.2012 9
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks MontanAqua Investigation Area Plaine Morte glacier Tseuzier storage lake Sierre Sion © Weingartner Zürich, 26.06.2012 10
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Modelling Water Resources module Jeannin module cc scenarios KARST GLACIER © Martina Kauzlaric © Matthias Huss high data demand for modelling water balance and fluxes ice thickness 0m 100 m 200 m 2010 2050 WATER RESOURCES PIHM - Penn State Integrated Hydrologic Model PHIM LAND USE Zürich, 26.06.2012 © Weingartner 11
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Weather Stations and Rain Gauges wind velocity & direction air temperature & relative humidity solar radiation rainfall Zürich, 26.06.2012 12
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Runoff Station Zürich, 26.06.2012 13
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Soil Measurements lysimetersoil moisture sensors tensiometers Zürich, 26.06.2012 14
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Data Transfer Alternatives GSM Modem GPRS Modem Manually for weather stations for weather stations for rain gauges, lost GSM Signal data access only via runoff gauges, server of producer weather station of weather station Zürich, 26.06.2012 15
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Serial Port Tunneling Zürich, 26.06.2012 16
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Benefits for Scientists > Real-time access on logger (software up-dates, failure checking) → reduced frequency of maintenance > Real-time data access (data verification, monitoring of sensors) > Data stored on server at University and logger in the field → reduction of data loss risk (destruction of sensors/loggers) → independent of GSM/GPRS network availability → high data-transfer rates (web cam) Zürich, 26.06.2012 17
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Sensor Readings Zürich, 26.06.2012 18
  • Wireless Mesh Network
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks MontanAqua Sensors and A4-Mesh Network webcam Zürich, 26.06.2012 20
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks A4-Mesh Topology Sierre Sion Zürich, 26.06.2012 21
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Wireless Mesh Node Technology • IP66 steel enclosure • 1-2x Alix 3D2 system boards • 1x Alix 6F2 system board • 1-4x 802.11n mini PCI cards • 1x 802.11g mini PCI card • 1x UMTS mini PCI-Express card • I2C twin relay • 2x2 MIMO, 25dBi, dual polarization panel antennas • ADAM Linux • Optimized Link State Routing / 802.11 s Zürich, 26.06.2012 22
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Deployment of Nodes 4a/b Zürich, 26.06.2012 23
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Deployment of Nodes 3/7 Zürich, 26.06.2012 24
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Deployment of Node 8 Zürich, 26.06.2012 25
  • Authentication and Authorization
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Authentication and Authorisation > Network resources can only be accessed by authenticated and authorized end users and wireless mesh nodes: — Wireless mesh nodes entering the WMN – Mechanism tailored to WMNs supporting easy and secure inter- organizational access to network resources using a separate Shibboleth federation. — Mobile users accessing the Internet via the WMN – Implementation based on web-based captive portal protected by SWITCHaai Zürich, 26.06.2012 27
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks A4-Mesh AAAA Architecture Zürich, 26.06.2012 28
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Machine Authentication and Authorization VPN key VPN tunnel establishment authorized is authorized ? Machine Request VPN key attributes Open firewall Authentication request with X.509 certificate Zürich, 26.06.2012 29
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks User Authentication and Authorization (Captive Portal) Zürich, 26.06.2012 30
  • Accounting
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Accounting > Traffic monitoring at each mesh node (NetFlow, RFC 3954) > Central storage of flow statistics at A4-Mesh gateway > Data enrichment at A4-Mesh gateway (IP, IPNAT, time, UniqueID) Zürich, 26.06.2012 32
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Accounting Aggregator Zürich, 26.06.2012 33
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Network Monitoring > Monitoring agent at each mesh node (Zabbix agent) > Central server at A4-Mesh gateway (Zabbix server) Zürich, 26.06.2012 34
  • Conclusions and Outlook
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Conclusions > WMN is valuable for researchers working in the field. > Implementation of SWITCHaai-based authentication and authorization for WMN nodes and end users > Implementation of monitoring functions for WMN nodes > Outlook: integration and tests Zürich, 26.06.2012 36
  • Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks a4-mesh.unibe.ch Zürich, 26.06.2012 37