Upload
darryl-worsley
View
218
Download
3
Embed Size (px)
Citation preview
28th TF-Mobility and Network Middleware Meeting
A4-Mesh: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks
Torsten BraunCommunication and Distributed SystemsInstitute of Computer Science and Applied Mathematics Universität [email protected]://cds.unibe.ch, http://a4-mesh.unibe.ch
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
2
Overview
> Project Introduction > Application Scenario> Wireless Mesh Network> Authentication and Authorization> Accounting> Conclusions and Outlook
Zürich, 26.06.2012
Project Introduction
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
4
Project Partners
> Institut für Informatik und Angewandte Mathematik
> Geographisches Institut> Informatikdienste
> Institut d’Informatique> Service Informatique et
Télématique
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
5
Project Goals and Objectives
> Goal— Provide low-cost broadband network access to researchers and
students at remote locations> Objectives
— Cost-efficient network access— Easily deployable wireless mesh network (WMN)— Integrated into regular authentication and authorization
infrastructure of Swiss higher education (SWITCHaai)
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
6
Wireless Mesh Networks (WMNs)
Application Scenarios
1. Environmental Monitoring
2. Campus Network Extension
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
7
AAAA for WMNs
> Authentication and Authorization of1. wireless mesh nodes entering the WMN2. mobile users accessing the Internet via the WMN
(using SWITCH AAI mechanisms)> Accounting of traffic generated by
1. wireless mesh nodes and sensors2. individual mobile users(for charging and monitoring purposes)
> Auditing functions — detect inconsistent or erroneous node states — perform recovery mechanisms or trigger alarms
> Indoor testbed and pilot networks at1. Crans Montana2. University campuses at Bern and Neuchâtel
Zürich, 26.06.2012
Application Scenario: MontanAqua
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
9
Requirements by Environmental Monitoring
> Support of scientists (hydrology researchers) to collect sensor data from environmental measurements.
> Scientists use data for generating and verifying models of the environment.
> Specific measurements to cover certain areas or to collect specific sensor data are needed.
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
10
MontanAqua Investigation Area
Sion
Sierre
Tseuzierstorage lake
Plaine Morte glacier
© Weingartner
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
11
Modelling Water Resources
PIHM - Penn State Integrated Hydrologic Model
cc scenarios
2050
WATERRESOURCES
2010
LAND USELAND USE
© M
art
ina
Kau
zlar
ic
module GLACIERmodule
GLACIER
module KARST
Jeannin
ice thickness
0 m 100 m 200 m
© M
att
hias
Hu
ss
© Weingartner
PHIM
high data demand for modelling water balance and fluxes
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
12
Weather Stations and Rain Gauges
wind velocity & direction
air temperature &relative humidity
solar radiation
rainfall
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
13
Runoff Station
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
14
Soil Measurements
soil moisture sensors tensiometers
lysimeter
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
15
Data Transfer Alternatives
GSM Modem
for weather stationslost GSM Signal
GPRS Modem
for weather stationsdata access only viaserver of producerof weather station
Manually
for rain gauges, runoff gauges, weather station
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
16
Serial Port Tunneling
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
17
Benefits for Scientists
> Real-time access on logger (software up-dates, failure checking)→ reduced frequency of maintenance
> Real-time data access (data verification, monitoring of sensors)> Data stored on server at University and logger in the field
→ reduction of data loss risk (destruction of sensors/loggers) → independent of GSM/GPRS network availability → high data-transfer rates (web cam)
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
18
Sensor Readings
Zürich, 26.06.2012
Wireless Mesh Network
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
20
MontanAqua Sensors and A4-Mesh Network
webcam2
7
3
4
1
84
5 6
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
21
A4-Mesh Topology
© Atlas of Switzerland 3
2
7
3
41
84
5 6
Plaine Morte Glacier
Sion
Sierre
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
22
Wireless Mesh Node Technology
• IP66 steel enclosure
• 1-2x Alix 3D2 system boards
• 1x Alix 6F2 system board
• 1-4x 802.11n mini PCI cards
• 1x 802.11g mini PCI card
• 1x UMTS mini PCI-Express card
• I2C twin relay
• 2x2 MIMO, 25dBi, dual polarization panel antennas
• ADAM Linux
• Optimized Link State Routing / 802.11 s
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
23
Deployment of Nodes 4a/b
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
24
Deployment of Nodes 3/7
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
25
Deployment of Node 8
Zürich, 26.06.2012
Authentication and Authorization
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
27
Authentication and Authorisation
> Network resources can only be accessed by authenticated and authorized end users and wireless mesh nodes: — Wireless mesh nodes entering the WMN
– Mechanism tailored to WMNs supporting easy and secure inter-organizational access to network resources using a separate Shibboleth federation.
— Mobile users accessing the Internet via the WMN– Implementation based on web-based captive portal protected by
SWITCHaai
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
28
A4-Mesh AAAA Architecture
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
29
Machine Authentication and Authorization
Zürich, 26.06.2012
Request VPN key
Authentication request with X.509 certificate
Machineattributes
is authorized ?authorizedVPN key
Open firewall
VPN tunnel establishment
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
30
User Authentication and Authorization (Captive Portal)
Zürich, 26.06.2012
Accounting
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
32
Accounting
> Traffic monitoring at each mesh node (NetFlow, RFC 3954)> Central storage of flow statistics at A4-Mesh gateway> Data enrichment at A4-Mesh gateway (IP, IPNAT, time, UniqueID)
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
33
Accounting Aggregator
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
34
Network Monitoring
> Monitoring agent at each mesh node (Zabbix agent)> Central server at A4-Mesh gateway (Zabbix server)
Zürich, 26.06.2012
Conclusions and Outlook
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
36
Conclusions
> WMN is valuable for researchers working in the field. > Implementation of SWITCHaai-based authentication and
authorization for WMN nodes and end users> Implementation of monitoring functions for WMN nodes> Outlook: integration and tests
Zürich, 26.06.2012
Torsten Braun: A4-Mesh: Authentication, Authorization, Accounting and Auditing in Wireless Mesh Networks
37
a4-mesh.unibe.ch
Zürich, 26.06.2012