28 th tf-mobility and network middleware meeting a4-mesh: authentication, authorization, accounting,...
TRANSCRIPT
![Page 1: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/1.jpg)
28th TF-Mobility and Network Middleware Meeting
A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks
Torsten BraunCommunication and Distributed SystemsInstitute of Computer Science and Applied Mathematics Universität [email protected]://cds.unibe.ch, http://a4-mesh.unibe.ch
![Page 2: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/2.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
2
Overview
> Project Introduction > Application Scenario> Wireless Mesh Network> Authentication and Authorization> Accounting> Conclusions and Outlook
Zürich, 26.06.2012
![Page 3: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/3.jpg)
Project Introduction
![Page 4: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/4.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
4
Project Partners
> Institut für Informatik und Angewandte Mathematik
> Geographisches Institut> Informatikdienste
> Institut d’Informatique> Service Informatique et
Télématique
Zürich, 26.06.2012
![Page 5: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/5.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
5
Project Goals and Objectives
> Goal— Provide low-cost broadband network access to researchers and
students at remote locations> Objectives
— Cost-efficient network access— Easily deployable wireless mesh network (WMN)— Integrated into regular authentication and authorization
infrastructure of Swiss higher education (SWITCHaai)
Zürich, 26.06.2012
![Page 6: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/6.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
6
Wireless Mesh Networks (WMNs)
Application Scenarios
1. Environmental Monitoring
2. Campus Network Extension
Zürich, 26.06.2012
![Page 7: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/7.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
7
AAAA for WMNs
> Authentication and Authorization of1. wireless mesh nodes entering the WMN2. mobile users accessing the Internet via the WMN
(using SWITCH AAI mechanisms)> Accounting of traffic generated by
1. wireless mesh nodes and sensors2. individual mobile users(for charging and monitoring purposes)
> Auditing functions — detect inconsistent or erroneous node states — perform recovery mechanisms or trigger alarms
> Indoor testbed and pilot networks at1. Crans Montana2. University campuses at Bern and Neuchâtel
Zürich, 26.06.2012
![Page 8: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/8.jpg)
Application Scenario: MontanAqua
![Page 9: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/9.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
9
Requirements by Environmental Monitoring
> Support of scientists (hydrology researchers) to collect sensor data from environmental measurements.
> Scientists use data for generating and verifying models of the environment.
> Specific measurements to cover certain areas or to collect specific sensor data are needed.
Zürich, 26.06.2012
![Page 10: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/10.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
10
MontanAqua Investigation Area
Sion
Sierre
Tseuzierstorage lake
Plaine Morte glacier
© Weingartner
Zürich, 26.06.2012
![Page 11: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/11.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
11
Modelling Water Resources
PIHM - Penn State Integrated Hydrologic Model
cc scenarios
2050
WATERRESOURCES
2010
LAND USELAND USE
© M
art
ina
Kau
zlar
ic
module GLACIERmodule
GLACIER
module KARST
Jeannin
ice thickness
0 m 100 m 200 m
© M
att
hias
Hu
ss
© Weingartner
PHIM
high data demand for modelling water balance and fluxes
Zürich, 26.06.2012
![Page 12: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/12.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
12
Weather Stations and Rain Gauges
wind velocity & direction
air temperature &relative humidity
solar radiation
rainfall
Zürich, 26.06.2012
![Page 13: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/13.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
13
Runoff Station
Zürich, 26.06.2012
![Page 14: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/14.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
14
Soil Measurements
soil moisture sensors tensiometers
lysimeter
Zürich, 26.06.2012
![Page 15: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/15.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
15
Data Transfer Alternatives
GSM Modem
for weather stationslost GSM Signal
GPRS Modem
for weather stationsdata access only viaserver of producerof weather station
Manually
for rain gauges, runoff gauges, weather station
Zürich, 26.06.2012
![Page 16: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/16.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
16
Serial Port Tunneling
Zürich, 26.06.2012
![Page 17: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/17.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
17
Benefits for Scientists
> Real-time access on logger (software up-dates, failure checking)→ reduced frequency of maintenance
> Real-time data access (data verification, monitoring of sensors)> Data stored on server at University and logger in the field
→ reduction of data loss risk (destruction of sensors/loggers) → independent of GSM/GPRS network availability → high data-transfer rates (web cam)
Zürich, 26.06.2012
![Page 18: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/18.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
18
Sensor Readings
Zürich, 26.06.2012
![Page 19: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/19.jpg)
Wireless Mesh Network
![Page 20: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/20.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
20
MontanAqua Sensors and A4-Mesh Network
webcam2
7
3
4
1
84
5 6
Zürich, 26.06.2012
![Page 21: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/21.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
21
A4-Mesh Topology
© Atlas of Switzerland 3
2
7
3
41
84
5 6
Plaine Morte Glacier
Sion
Sierre
Zürich, 26.06.2012
![Page 22: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/22.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
22
Wireless Mesh Node Technology
• IP66 steel enclosure
• 1-2x Alix 3D2 system boards
• 1x Alix 6F2 system board
• 1-4x 802.11n mini PCI cards
• 1x 802.11g mini PCI card
• 1x UMTS mini PCI-Express card
• I2C twin relay
• 2x2 MIMO, 25dBi, dual polarization panel antennas
• ADAM Linux
• Optimized Link State Routing / 802.11 s
Zürich, 26.06.2012
![Page 23: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/23.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
23
Deployment of Nodes 4a/b
Zürich, 26.06.2012
![Page 24: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/24.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
24
Deployment of Nodes 3/7
Zürich, 26.06.2012
![Page 25: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/25.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
25
Deployment of Node 8
Zürich, 26.06.2012
![Page 26: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/26.jpg)
Authentication and Authorization
![Page 27: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/27.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
27
Authentication and Authorisation
> Network resources can only be accessed by authenticated and authorized end users and wireless mesh nodes: — Wireless mesh nodes entering the WMN
– Mechanism tailored to WMNs supporting easy and secure inter-organizational access to network resources using a separate Shibboleth federation.
— Mobile users accessing the Internet via the WMN– Implementation based on web-based captive portal protected by
SWITCHaai
Zürich, 26.06.2012
![Page 28: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/28.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
28
A4-Mesh AAAA Architecture
Zürich, 26.06.2012
![Page 29: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/29.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
29
Machine Authentication and Authorization
Zürich, 26.06.2012
Request VPN key
Authentication request with X.509 certificate
Machineattributes
is authorized ?authorizedVPN key
Open firewall
VPN tunnel establishment
![Page 30: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/30.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
30
User Authentication and Authorization (Captive Portal)
Zürich, 26.06.2012
![Page 31: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/31.jpg)
Accounting
![Page 32: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/32.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
32
Accounting
> Traffic monitoring at each mesh node (NetFlow, RFC 3954)> Central storage of flow statistics at A4-Mesh gateway> Data enrichment at A4-Mesh gateway (IP, IPNAT, time, UniqueID)
Zürich, 26.06.2012
![Page 33: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/33.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
33
Accounting Aggregator
Zürich, 26.06.2012
![Page 34: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/34.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
34
Network Monitoring
> Monitoring agent at each mesh node (Zabbix agent)> Central server at A4-Mesh gateway (Zabbix server)
Zürich, 26.06.2012
![Page 35: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/35.jpg)
Conclusions and Outlook
![Page 36: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/36.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
36
Conclusions
> WMN is valuable for researchers working in the field. > Implementation of SWITCHaai-based authentication and
authorization for WMN nodes and end users> Implementation of monitoring functions for WMN nodes> Outlook: integration and tests
Zürich, 26.06.2012
![Page 37: 28 th TF-Mobility and Network Middleware Meeting A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks Torsten Braun](https://reader036.vdocument.in/reader036/viewer/2022062511/551b866a550346167e8b4d01/html5/thumbnails/37.jpg)
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
37
a4-mesh.unibe.ch
Zürich, 26.06.2012