1 / 13

Security in Wireless Networks: The FlexiNET Approach

Security in Wireless Networks: The FlexiNET Approach. G. Kostopoulos 1 , C. Kavadias 2 , C. Chrysoulas 3 , S. Denazis 4 , O. Koufopavlou 5. Electrical and Computer Engineering Department, University of Patras, GREECE {gkostop 1 , cchrys 3 , sdena 4 , odysseas 5 }@ee.upatras.gr

tahlia
Télécharger la présentation

Security in Wireless Networks: The FlexiNET Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Wireless Networks: The FlexiNET Approach G. Kostopoulos1, C. Kavadias2, C. Chrysoulas3, S. Denazis4, O. Koufopavlou5 Electrical and Computer Engineering Department, University of Patras, GREECE {gkostop1, cchrys3, sdena4, odysseas5}@ee.upatras.gr TELETEL S.A, 124, Kifisias Avenue, Athens, GREECE, E-mail: C.Kavadias@TELETEL.gr2 COMMUNICATION SYSTEMS, NETWORKS AND DIGITAL SIGNAL PROCESSINGFifth International Symposium 19-21 July, 2006, Patras, Greece

  2. Outline • FlexiNET Architecture • Security Overview • User Case Scenario • AAA Proxy Module • Authentication Scenarios CSNDSP 2006

  3. FlexiNET Architecture • The FlexiNET network architecture consists mainly of node instances, communication buses and data repositories. • The FlexiNET UMTS Access Node (FUAN) provides to the FlexiNET interfaces, functions such as switching/routing control, access to applications data & service logic, etc. The FUAN complements existing access nodes (RNC, BSC) of UMTS networks. • The FlexiNET WLAN Access Node (FWAN) acts as both a services access gateway (user authentication, service authorization, service discovery, etc.), and connection gateway between WLAN infrastructures and the FlexiNET WAN. • The FlexiNET Data Gateway Node (DGWN) acts as the Gateway between the generic SAN infrastructures and the FlexiNET Network Architecture allowing for the realisation of the data-centric FlexiNET services approach. • The Generic Applications Interface Busis the central and most important mechanism for the interconnection of the FlexiNET instances. • The FlexiNET Applications Server (FLAS) is the physical entity, which hosts the logic of the applications that the FlexiNET network architecture provides. CSNDSP 2006

  4. FlexiNET Architecture The FlexiNET UMTS Access Node (FUAN) provides to the FlexiNET interfaces, functions such as switching/routing control, access to applications data & service logic, etc. The FUAN complements existing access nodes (RNC, BSC) of UMTS networks. The FlexiNET WLAN Access Node (FWAN) acts as both a services access gateway (user authentication, service authorization, service discovery, etc.), and connection gateway between WLAN infrastructures and the FlexiNET WAN The FlexiNET Data Gateway Node (DGWN) acts as the Gateway between the generic SAN infrastructures and the FlexiNET Network Architecture allowing for the realisation of the data-centric FlexiNET services approach The Generic Applications Interface Busis the central and most important mechanism for the interconnection of the FlexiNET instances The FlexiNET Applications Server (FLAS) is the physical entity, which hosts the logic of the applications that the FlexiNET network architecture provides CSNDSP 2006

  5. Security Overview FWAN Architecture CSNDSP 2006

  6. Security Overview • The necessary entities that are responsible for the security in FlexiNET’s Wireless LAN node are the FWAN module and the FLAS Server. • A user will access the FWAN through an access point using either a laptop or a mobile phone. • The FWAN is responsible for authenticating native and roaming users through the FLAS using the AAA proxy module. • The Dynamic Service Deployment module must be deployed on the FWAN before boot-up. • The bootstrap process is responsible for booting up the FWAN with the AAA proxy module. • FLAS is the physical entity, which hosts the logic of the services that the FlexiNET network architecture provides. These services are called from other entities remotely and executed locally. • FLAS provides services either to the other FlexiNET node instances or to Third Party applications servers. These services are exposed as Web Services via the Generic Applications Interface Bus CSNDSP 2006

  7. User Case Scenario • The FlexiNET Wireless Access Node supports two different kinds of authentication scenarios. • The Login/Password scenario and the SIM based authentication scenario. Both scenarios have been deployed upon EAP and RADIUS protocols. • The entities that are involved in the Authentication Scenarios are the following: • Client • Authenticator • AAA Proxy • FLAS CSNDSP 2006

  8. AAA Proxy Architecture CSNDSP 2006

  9. AAA Proxy Module • The AAA Proxy is comprised of the following components: • the Web Services Server, • the Translator, • the Parser and • the User Manager. • The Data Holders which the AAA Module includes are the EAP Packet Formats holder, the EAP Packet holder and the User State holder • The AAA proxy module: • forwards the authentication packets to the FLAS Server, • encapsulates the EAP packets into XML messages that are passed over Web services and vice versa, to authenticate and authorize the user CSNDSP 2006

  10. Login/Password Authentication Scenario CSNDSP 2006

  11. SIM based Authentication Scenario CSNDSP 2006

  12. Conclusions • In this paper we present an alternative architecture providing authentication using Web Services for the exchange of authentication material. • Using the proposed method we achieve to authenticate the user independently of its type. • The user does not have to choose the authentication method. The system by itself, through the AAA Proxy, controls the security mechanism that has to be used for each user using the same infrastructure for each case. CSNDSP 2006

  13. Thank You for Your Attention ! CSNDSP 2006

More Related