A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks
1. 28th TF-Mobility and Network Middleware
Meeting
A4-Mesh: Authentication, Authorization,
Accounting, and Auditing in
Wireless Mesh Networks
Torsten Braun
Communication and Distributed Systems
Institute of Computer Science and Applied Mathematics
Universität Bern
braun@iam.unibe.ch
http://cds.unibe.ch, http://a4-mesh.unibe.ch
2. Overview
> Project Introduction
> Application Scenario
> Wireless Mesh Network
> Authentication and Authorization
> Accounting
> Conclusions and Outlook
Zürich, 26.06.2012 2
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
7. AAAA for WMNs
> Authentication and Authorization of
1. wireless mesh nodes entering the WMN
2. mobile users accessing the Internet via the WMN
(using SWITCH AAI mechanisms)
> Accounting of traffic generated by
1. wireless mesh nodes and sensors
2. individual mobile users
(for charging and monitoring purposes)
> Auditing functions
— detect inconsistent or erroneous node states
— perform recovery mechanisms or trigger alarms
> Indoor testbed and pilot networks at
1. Crans Montana
2. University campuses at Bern and Neuchâtel
Zürich, 26.06.2012 7
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
9. Requirements by Environmental Monitoring
> Support of scientists (hydrology researchers) to collect
sensor data from environmental measurements.
> Scientists use data for generating and verifying models of the
environment.
> Specific measurements to cover certain areas or to collect
specific sensor data are needed.
Zürich, 26.06.2012 9
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
12. Weather Stations and Rain Gauges
wind velocity &
direction
air temperature &
relative humidity
solar radiation
rainfall
Zürich, 26.06.2012 12
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
13. Runoff Station
Zürich, 26.06.2012 13
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
15. Data Transfer Alternatives
GSM Modem
for weather stations
lost GSM Signal
GPRS Modem
for weather stations
data access only via
server of producer
of weather station
Manually
for rain gauges,
runoff gauges,
weather station
Zürich, 26.06.2012 15
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
16. Serial Port Tunneling
Zürich, 26.06.2012 16
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
17. Benefits for Scientists
> Real-time access on logger (software up-dates, failure checking)
→ reduced frequency of maintenance
> Real-time data access (data verification, monitoring of sensors)
> Data stored on server at University and logger in the field
→ reduction of data loss risk (destruction of sensors/loggers)
→ independent of GSM/GPRS network availability
→ high data-transfer rates (web cam)
Zürich, 26.06.2012 17
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
18. Sensor Readings
Zürich, 26.06.2012 18
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
27. Authentication and Authorisation
> Network resources can only be accessed by authenticated
and authorized end users and wireless mesh nodes:
— Wireless mesh nodes entering the WMN
– Mechanism tailored to WMNs supporting easy and secure inter-
organizational access to network resources using a separate
Shibboleth federation.
— Mobile users accessing the Internet via the WMN
– Implementation based on web-based captive portal protected by
SWITCHaai
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
27
28. A4-Mesh AAAA Architecture
Zürich, 26.06.2012 28
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
29. Machine Authentication and Authorization
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
29
Request VPN key
Authentication request with X.509 certificate
Machine
attributes
is authorized ?
authorized
VPN key
Open firewall
VPN tunnel establishment
30. User Authentication and Authorization
(Captive Portal)
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
30
32. Accounting
> Traffic monitoring at each mesh node (NetFlow, RFC 3954)
> Central storage of flow statistics at A4-Mesh gateway
> Data enrichment at A4-Mesh gateway (IP, IPNAT, time, UniqueID)
Zürich, 26.06.2012 32
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
34. Network Monitoring
> Monitoring agent at each mesh node (Zabbix agent)
> Central server at A4-Mesh gateway (Zabbix server)
Zürich, 26.06.2012 34
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
36. Conclusions
> WMN is valuable for researchers working in the field.
> Implementation of SWITCHaai-based authentication and
authorization for WMN nodes and end users
> Implementation of monitoring functions for WMN nodes
> Outlook: integration and tests
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
36
location of area under investigation
south faced hill-slope of Bernese Alps between Sion and Sierre
-> complex hydrological model
2 types of weather stations
left -> Austrian producer
right -> assembled by GIUB
2 possibilities:
others do the work: OFEN, MeteoSwiss, WSL, SLF, Universities, Engineering Offices, Privates
you measure yourself (if u have no other spear time activities)
2 possibilities:
others do the work: OFEN, MeteoSwiss, WSL, SLF, Universities, Engineering Offices, Privates
you measure yourself (if u have no other spear time activities)