Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks

983 views

Published on

http://www.terena.org/activities/tf-mobility/meetings/28/

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks

  1. 1. 28th TF-Mobility and Network MiddlewareMeetingA4-Mesh: Authentication, Authorization,Accounting, and Auditing inWireless Mesh NetworksTorsten BraunCommunication and Distributed SystemsInstitute of Computer Science and Applied MathematicsUniversität Bernbraun@iam.unibe.chhttp://cds.unibe.ch, http://a4-mesh.unibe.ch
  2. 2. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Overview > Project Introduction > Application Scenario > Wireless Mesh Network > Authentication and Authorization > Accounting > Conclusions and Outlook Zürich, 26.06.2012 2
  3. 3. Project Introduction
  4. 4. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Project Partners > Institut für Informatik und Angewandte Mathematik > Geographisches Institut > Informatikdienste > Institut d’Informatique > Service Informatique et Télématique Zürich, 26.06.2012 4
  5. 5. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Project Goals and Objectives > Goal — Provide low-cost broadband network access to researchers and students at remote locations > Objectives — Cost-efficient network access — Easily deployable wireless mesh network (WMN) — Integrated into regular authentication and authorization infrastructure of Swiss higher education (SWITCHaai) Zürich, 26.06.2012 5
  6. 6. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Wireless Mesh Networks (WMNs) Application Scenarios 1. Environmental Monitoring 2. Campus Network Extension Zürich, 26.06.2012 6
  7. 7. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks AAAA for WMNs > Authentication and Authorization of 1. wireless mesh nodes entering the WMN 2. mobile users accessing the Internet via the WMN (using SWITCH AAI mechanisms) > Accounting of traffic generated by 1. wireless mesh nodes and sensors 2. individual mobile users (for charging and monitoring purposes) > Auditing functions — detect inconsistent or erroneous node states — perform recovery mechanisms or trigger alarms > Indoor testbed and pilot networks at 1. Crans Montana 2. University campuses at Bern and Neuchâtel Zürich, 26.06.2012 7
  8. 8. Application Scenario: MontanAqua
  9. 9. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Requirements by Environmental Monitoring > Support of scientists (hydrology researchers) to collect sensor data from environmental measurements. > Scientists use data for generating and verifying models of the environment. > Specific measurements to cover certain areas or to collect specific sensor data are needed. Zürich, 26.06.2012 9
  10. 10. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks MontanAqua Investigation Area Plaine Morte glacier Tseuzier storage lake Sierre Sion © Weingartner Zürich, 26.06.2012 10
  11. 11. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Modelling Water Resources module Jeannin module cc scenarios KARST GLACIER © Martina Kauzlaric © Matthias Huss high data demand for modelling water balance and fluxes ice thickness 0m 100 m 200 m 2010 2050 WATER RESOURCES PIHM - Penn State Integrated Hydrologic Model PHIM LAND USE Zürich, 26.06.2012 © Weingartner 11
  12. 12. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Weather Stations and Rain Gauges wind velocity & direction air temperature & relative humidity solar radiation rainfall Zürich, 26.06.2012 12
  13. 13. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Runoff Station Zürich, 26.06.2012 13
  14. 14. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Soil Measurements lysimetersoil moisture sensors tensiometers Zürich, 26.06.2012 14
  15. 15. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Data Transfer Alternatives GSM Modem GPRS Modem Manually for weather stations for weather stations for rain gauges, lost GSM Signal data access only via runoff gauges, server of producer weather station of weather station Zürich, 26.06.2012 15
  16. 16. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Serial Port Tunneling Zürich, 26.06.2012 16
  17. 17. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Benefits for Scientists > Real-time access on logger (software up-dates, failure checking) → reduced frequency of maintenance > Real-time data access (data verification, monitoring of sensors) > Data stored on server at University and logger in the field → reduction of data loss risk (destruction of sensors/loggers) → independent of GSM/GPRS network availability → high data-transfer rates (web cam) Zürich, 26.06.2012 17
  18. 18. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Sensor Readings Zürich, 26.06.2012 18
  19. 19. Wireless Mesh Network
  20. 20. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks MontanAqua Sensors and A4-Mesh Network webcam Zürich, 26.06.2012 20
  21. 21. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks A4-Mesh Topology Sierre Sion Zürich, 26.06.2012 21
  22. 22. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Wireless Mesh Node Technology • IP66 steel enclosure • 1-2x Alix 3D2 system boards • 1x Alix 6F2 system board • 1-4x 802.11n mini PCI cards • 1x 802.11g mini PCI card • 1x UMTS mini PCI-Express card • I2C twin relay • 2x2 MIMO, 25dBi, dual polarization panel antennas • ADAM Linux • Optimized Link State Routing / 802.11 s Zürich, 26.06.2012 22
  23. 23. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Deployment of Nodes 4a/b Zürich, 26.06.2012 23
  24. 24. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Deployment of Nodes 3/7 Zürich, 26.06.2012 24
  25. 25. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Deployment of Node 8 Zürich, 26.06.2012 25
  26. 26. Authentication and Authorization
  27. 27. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Authentication and Authorisation > Network resources can only be accessed by authenticated and authorized end users and wireless mesh nodes: — Wireless mesh nodes entering the WMN – Mechanism tailored to WMNs supporting easy and secure inter- organizational access to network resources using a separate Shibboleth federation. — Mobile users accessing the Internet via the WMN – Implementation based on web-based captive portal protected by SWITCHaai Zürich, 26.06.2012 27
  28. 28. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks A4-Mesh AAAA Architecture Zürich, 26.06.2012 28
  29. 29. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Machine Authentication and Authorization VPN key VPN tunnel establishment authorized is authorized ? Machine Request VPN key attributes Open firewall Authentication request with X.509 certificate Zürich, 26.06.2012 29
  30. 30. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks User Authentication and Authorization (Captive Portal) Zürich, 26.06.2012 30
  31. 31. Accounting
  32. 32. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Accounting > Traffic monitoring at each mesh node (NetFlow, RFC 3954) > Central storage of flow statistics at A4-Mesh gateway > Data enrichment at A4-Mesh gateway (IP, IPNAT, time, UniqueID) Zürich, 26.06.2012 32
  33. 33. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Accounting Aggregator Zürich, 26.06.2012 33
  34. 34. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Network Monitoring > Monitoring agent at each mesh node (Zabbix agent) > Central server at A4-Mesh gateway (Zabbix server) Zürich, 26.06.2012 34
  35. 35. Conclusions and Outlook
  36. 36. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks Conclusions > WMN is valuable for researchers working in the field. > Implementation of SWITCHaai-based authentication and authorization for WMN nodes and end users > Implementation of monitoring functions for WMN nodes > Outlook: integration and tests Zürich, 26.06.2012 36
  37. 37. Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks a4-mesh.unibe.ch Zürich, 26.06.2012 37

×