Part of Authorization in Wireless Network Security Pasi Eronen Jari Arkko November 3, 2004 This record has been delivered mostly with regards to the Ambient Networks extend. The Ambient Networks venture is a piece of the European Community's Sixth Framework Program for research and is in that capacity subsidized by the European Commission. All data in this archive is given "as seems to be" and no assurance or guarantee is given that the data is fit for a specific reason. The client thereof utilizes the data at its sole hazard and obligation. For the shirking of all questions, the European Commission has no obligation in regard of this archive, which is simply speaking to the creators' view.
Slide 2Background Main concentration zones of remote system security: Authentication & scratch trade Per-bundle encryption & honesty assurance Assumptions Authorization "happens" eventually Policy query in view of validated personality Not altogether precise picture… This is work in advance Issues that ought to be considered later on, not completed arrangements
Slide 3Business perspectives Enforcing approaches about cash is to some degree not the same as strategies about confirmed characters "Any individual who pays is permitted" "A, B, and C are permitted" In conventional "membership" demonstrate with disconnected bookkeeping these are very close But not in, e.g., charge card installment Or paid ahead of time with on-line "reservations" Much more than "verification issue" New implications for messages RADIUS Access-Accept = "Yes, give get to" (intra-administrator) "I consent to pay the expenses for this current client's session" (between administrator) Authentication After confirmation, AP does not really know any long haul identifier for the client
Slide 4Multiple players Not only "the system" Multiple substances/players required in approval WLAN get to point Access organize/WISP AAA + perhaps different elements Roaming agent/intervening system AAA Home system/ISP AAA + possibly different elements Enterprise purchasing the administration for its representatives
Slide 5Protocol limits Multi-party framework determined as a few two-party conventions Often grew independently Difficult to get the limits right And hard to change them when prerequisites change Current rundown 802.11 802.11i 802.1X-REV EAP structure EAP techniques RADIUS base (RFC2865) RADIUS EAP bolster (RFC3579) RADIUS EAP scratch transport (RFC2548) E.g., confirmation of get to point (or get to network) identifier to customer in the framework including the conventions recorded above We don't have a decent name for this framework… !
Slide 6( ) N 2 Lots of conventions, yet… System with N members has conceivably conceivable cooperations Do we have correspondence channels for every one of those? Customer – AP: 802.11, 11i, 1X Client – Home AAA: EAP system + techniques AP – AAA intermediaries – Home AAA: RADIUS
Slide 7Missing convention! Missing: correspondence channel amongst customer and AAA foundation (other than home AAA)! Current experience recommends this is required for data about the get to organize (not simply single AP) Roaming connections Services gave Handoff Current methodologies Modify non-respectability ensured fields in EAP messages Proprietary EAP strategy keep running between customer/get to arrange before the "genuine" verification "Program seize"
Slide 8Problems with current methodologies Not secure Who is the "specialist" for the data? Normally not the get to point… Very restricted measure of data can be exchanged "Program commandeer" breaks other system utilizes than perusing EAP-based strategies work just before all else Proprietary arrangements not broadly embraced Performance (conceivably)
Slide 9Authorization viewpoints in handoffs Scope Is the new AP secured by the house system's "guarantee to pay"? Does the new AP acknowledge this guarantee? Right now scope not conveyed unequivocally But rather incorporating the arrangement in Access-Accept implies just a few approaches can be communicated What sort of strategies are truly required? Are APs the ideal place to assess this strategy at any rate? Does the AP have the data expected to assess it?
Slide 10Authorization and handoffs Context exchange amongst old and new AP is insufficient Session end started by the system Upstream AAA intermediary should be told "Pursuing the fly around the room" utilize handoffs to escape detach messages draft-liu-aaa-width session-versatility 00 (terminated) Can e.g. cost be diverse in new AP?
Slide 11What can be scholarly? This is not (only) a "key administration issue" And handoffs are not (only) a "setting exchange issue" Design is frequently incremental Dial-up PPP with PAP/CHAP RADIUS amongst NAS and AAA server Inter-area RADIUS Per-parcel encryption/uprightness insurance EAP for client validation WLAN as "wired Ethernet substitution" Mutual verification in EAP Public WLAN systems Network disclosure/determination Three-party confirmation in EAP? "WLAN as 4G"??
Slide 12What can be scholarly? Business angles Avoid hardcoding plans of action and arrangements into conventions Cannot be maintained a strategic distance from absolutely, however Network-started messages in current AAA Difficult to course Problems with handoffs Credit card installment and 802.11i Reuse of existing client databases and certifications One thing EAP got right? Ascent of the "interceding system"
Slide 13What can be educated? Conventions Reusing existing parts is sound building hone But so is discarding segments that don't fit Be express about what is implied and expected of others E.g., NAS/AP does not tell what qualities it needs from the AAA server Get particular limits right Separating "security convention" and convention for "doing the genuine work" not generally a smart thought Create a convention for taking every necessary step safely rather Cf. 802.11 "system connection" and 11i/1X "secure system connection" … Not generally clear what the "genuine work" is? IKEv1 was intended for "key administration" "Genuine work" ended up being VPN get to
Slide 14Multi-party frameworks New uses may require new gatherings in the framework Do not plan singular segments in a vacuum Acknowledge that framework hosts various gatherings, not only 2 Make them "five star nationals": unequivocally recognize them Provide legitimate correspondence stations E.g., "go to this URL to take care of your approval" rather than "program seize" Prior, amid, and after system connection Network disclosure/determination data Notifications amid system get to Prepare for extensibility But in a way that fits to the general engineering
Slide 15Conclusions We don't know how to do multi-party frameworks well And no silver shots in this introduction either Challenges Incremental change Re-utilization of existing segments versus planning new ones Unexpected uses Component versus framework center "Business security" versus "data security" center?