TAPI: Transactions for Accessing Public Infrastructure

This paper describes TAPI, an offline scheme intended for general Internet-based micropayments. TAPI, which extends and combines concepts from the KeyNote Microchecks and OTPCoins architectures, encodes risk management rules in bank-issued users' credentials which are in turn used to acquire small-valued payment tokens. The scheme has very low transaction overhead and can be tuned to use different risk strategies for different environments and clients

Greenpass Client Tools for Delegated Authorization in Wireless Networks

Dartmouth\u27s Greenpass project seeks to provide strong access control to a wireless network while simultaneously providing flexible guest access; to do so, it augments the Wi-Fi Alliance\u27s existing WPA standard, which offers sufficiently strong user authentication and access control, with authorization based on SPKI certificates. SPKI allows certain local users to delegate network access to guests by issuing certificates that state, in essence, he should get access because I said it\u27s okay. The Greenpass RADIUS server described in Kim\u27s thesis [55] performs an authorization check based on such statements so that guests can obtain network access without requiring a busy network administrator to set up new accounts in a centralized database. To our knowledge, Greenpass is the first working delegation-based solution to Wi-Fi access control. My thesis describes the Greenpass client tools, which allow a guest to introduce himself to a delegator and allow the delegator to issue a new SPKI certificate to the guest. The guest does not need custom client software to introduce himself or to connect to the Wi-Fi network. The guest and delegator communicate using a set of Web applications. The guest obtains a temporary key pair and X.509 certificate if needed, then sends his public key value to a Web server we provide. The delegator looks up her guest\u27s public key and runs a Java applet that lets her verify her guests\u27 identity using visual hashing and issue a new SPKI certificate to him. The guest\u27s new certificate chain is stored as an HTTP cookie to enable him to push it to an authorization server at a later time. I also describe how Greenpass can be extended to control access to a virtual private network (VPN) and suggest several interesting future research and development directions that could build on this work.My thesis describes the Greenpass client tools, which allow a guest to introduce himself to a delegator and allow the delegator to issue a new SPKI certificate to the guest. The guest does not need custom client software to introduce himself or to connect to the Wi-Fi network. The guest and delegator communicate using a set of Web applications. The guest obtains a temporary key pair and X.509 certificate if needed, then sends his public key value to a Web server we provide. The delegator looks up her guest\u27s public key and runs a Java applet that lets her verify her guests\u27 identity using visual hashing and issue a new SPKI certificate to him. The guest\u27s new certificate chain is stored as an HTTP cookie to enable him to push it to an authorization server at a later time. I also describe how Greenpass can be extended to control access to a virtual private network (VPN) and suggest several interesting future research and development directions that could build on this work

Investigating wireless network deployment configurations for marginalized areas

In recent years, immense effort has been channelled towards the Information and Technological development of rural areas. To support this development, telecommunication networks have been deployed. The availability of these telecommunication networks is expected to improve the way people share ideas and communicate locally and globally, reducing limiting factors like distance through the use of the Internet. The major problem for these networks is that very few of them have managed to stay in operation over long periods of time. One of the major causes of this failure is the lack of proper monitoring and management as, in some cases, administrators are located far away from the network site. Other factors that contribute to the frequent failure of these networks are lack of proper infrastructure, lack of a constant power supply and other environmental issues. A telecommunication network was deployed for the people of Dwesa by the Siyakhula Living Lab project. During this research project, frequent visits were made to the site and network users were informally interviewed in order to gain insight into the network challenges. Based on the challenges, different network monitoring systems and other solutions were deployed on the network. This thesis analyses the problems encountered and presents possible and affordable solutions that were implemented on the network. This was done to improve the network‟s reliability, availability and manageability whilst exploring possible and practical ways in which the connectivity of the deployed telecommunication network can be maintained. As part of these solutions, a GPRS redundant link, Nagios and Cacti monitoring systems as well as Simple backup systems were deployed. v Acronyms AC Access Concentrators AMANDA Automatic Marylyn Network Disk Archiver CDMA Code Divison Multiple Access CGI Common Gateway Interface

IP Mobility in Wireless Operator Networks

Wireless network access is gaining increased heterogeneity in terms of the types of IP capable access technologies. The access network heterogeneity is an outcome of incremental and evolutionary approach of building new infrastructure. The recent success of multi-radio terminals drives both building a new infrastructure and implicit deployment of heterogeneous access networks. Typically there is no economical reason to replace the existing infrastructure when building a new one. The gradual migration phase usually takes several years. IP-based mobility across different access networks may involve both horizontal and vertical handovers. Depending on the networking environment, the mobile terminal may be attached to the network through multiple access technologies. Consequently, the terminal may send and receive packets through multiple networks simultaneously. This dissertation addresses the introduction of IP Mobility paradigm into the existing mobile operator network infrastructure that have not originally been designed for multi-access and IP Mobility. We propose a model for the future wireless networking and roaming architecture that does not require revolutionary technology changes and can be deployed without unnecessary complexity. The model proposes a clear separation of operator roles: (i) access operator, (ii) service operator, and (iii) inter-connection and roaming provider. The separation allows each type of an operator to have their own development path and business models without artificial bindings with each other. We also propose minimum requirements for the new model. We present the state of the art of IP Mobility. We also present results of standardization efforts in IP-based wireless architectures. Finally, we present experimentation results of IP-level mobility in various wireless operator deployments.Erilaiset langattomat verkkoyhteydet lisääntyvät Internet-kykyisten teknologioiden muodossa. Lukuisten eri teknologioiden päällekkäinen käyttö johtuu vähitellen ja tarpeen mukaan rakennetusta verkkoinfrastruktuurista. Useita radioteknologioita (kuten WLAN, GSM ja UMTS) sisältävien päätelaitteiden (kuten älypuhelimet ja kannettavat tietokoneet) viimeaikainen kaupallinen menestys edesauttaa uuden verkkoinfrastruktuurin rakentamista, sekä mahdollisesti johtaa verkkoteknologioiden kirjon lisääntymiseen. Olemassa olevaa verkkoinfrastruktuuria ei kaupallisista syistä kannata korvata uudella teknologialla yhdellä kertaa, vaan vaiheittainen siirtymävaihe kestää tyypillisesti useita vuosia. Internet-kykyiset päätelaitteet voivat liikkua joko saman verkkoteknologian sisällä tai eri verkkoteknologioiden välillä. Verkkoympäristöstä riippuen liikkuvat päätelaitteet voivat liittyä verkkoon useiden verkkoyhteyksien kautta. Näin ollen päätelaite voi lähettää ja vastaanottaa tietoliikennepaketteja yhtäaikaisesti lukuisia verkkoja pitkin. Tämä väitöskirja käsittelee Internet-teknologioiden liikkuvuutta ja näiden teknologioiden tuomista olemassa oleviin langattomien verkko-operaattorien verkkoinfrastruktuureihin. Käsiteltäviä verkkoinfrastruktuureita ei alun perin ole suunniteltu Internet-teknologian liikkuvuuden ja monien yhtäaikaisten yhteyksien ehdoilla. Tässä työssä ehdotetaan tulevaisuuden langattomien verkkojen arkkitehtuurimallia ja ratkaisuja verkkovierailujen toteuttamiseksi. Ehdotettu arkkitehtuuri voidaan toteuttaa ilman mittavia teknologisia mullistuksia. Mallin mukaisessa ehdotuksessa verkko-operaattorin roolit jaetaan selkeästi (i) verkko-operaattoriin, (ii) palveluoperaattoriin ja (iii) yhteys- sekä verkkovierailuoperaattoriin. Roolijako mahdollistaa sen, että kukin operaattorityyppi voi kehittyä itsenäisesti, ja että teennäiset verkkoteknologiasidonnaisuudet poistuvat palveluiden tuottamisessa. Työssä esitetään myös alustava vaatimuslista ehdotetulle mallille, esimerkiksi yhteysoperaattorien laatuvaatimukset. Väitöskirja esittelee myös liikkuvien Internet-teknologioiden viimeisimmän kehityksen. Työssä näytetään lisäksi standardointituloksia Internet-kykyisissä langattomissa arkkitehtuureissa

PROOF-OF-CONCEPT SOLUTION FOR RE-CENT SERVICE METHOD DESIGN

Με την αύξηση των κινητών συσκευών και παράλληλα του όγκου δεδομένων που λαμβάνονται και μεταδίδονται από αυτές, η τωρινή αρχιτεκτονική του κινητού δικτύου αντιμετωπίζει προκλήσεις στην προσαρμογή τους. Τα τελευταία χρόνια, εμφανίζονται καινοτόμες αρχιτεκτονικές δικτύου που παρέχουν λύσεις στα προβλήματα που υπάρχουν στην τωρινή αρχιτεκτονική δικτύου. Μία τέτοια μέθοδος είναι η προσέγγιση σχεδίασης υπηρεσιών RE-CENT. Σε αυτήν τη διατριβή, παρουσιάζουμε μία λύση προσέγγισης απόδειξης βασισμένη στη μέθοδο υπηρεσίας RE-CENT, χρησιμοποιώντας ευρέως διαθέσιμο υλικό και λογισμικό. Αναλύουμε i) την αρχιτεκτονική αυτής της λύσης, διαχωρίζοντας τα κύρια της συστατικά καθώς και τις τεχνολογίες που χρησιμοποιούνται τόσο στο επίπεδο του δικτύου όσο και της εφαρμογής, ii) τα βήματα του πρωτοκόλλου που σχεδιάστηκε για την επικοινωνία τους και iii) τις περιπτώσεις δοκιμών που μετρούν την αποτελεσματικότητα της λύσης. Μέσω των αποτελεσμάτων μας, αποδείξαμε την εφικτότητα της λύσης, χωρίς καμία ποινή στην απόδοση, ανεξαρτήτως αριθμού ταυτόχρονων κινητών χρηστών και ποσότητας δεδομένων που αιτούνται και μεταδίδονται μέσω του δικτύου.With the increase in mobile devices and simultaneously the volume of data received and transmitted by them, the current mobile network architecture faces challenges in accommodating them. In recent years, innovative network architectures have emerged, providing solutions to the issues present in the current network architecture. One such method is the RE-CENT service design approach. In this thesis, we present a proof-of-concept solution based on the RE-CENT service method, by utilizing widely available hardware and software. We analyze i) the architecture of this solution by breaking it down to its main components as well as the technologies used for both the network and application layer, ii) the steps of the protocol designed for their communications and iii) the test cases that measure the effectiveness of the solution. Through our results we showed the viability of the proof-of-concept solution, having no penalty in performance no matter the number of concurrent mobile users and amount of data requested and transmitted through the network

Journal of Telecommunications and Information Technology, 2014, nr 3

kwartalni

Authorization and charging in public wlans using freebsd and 802.1x

The IEEE 802.1x standard defines a link-layer level authentication protocol for local area networks. While originally designed to authenticate users in a switched Ethernet environment, it looks like the most important need for 802.1x lies in wireless networks, especially IEEE 802.11b based Wireless LANs. Furthermore, due to the flexibility of the Extensible Authentication Protocol (EAP), the heart of 802.1x, it looks like 802.1x could be used for many purposes its original designers have not foreseen. In this paper, we describe an FreeBSD-based open source 802.1x implementation, and show how it can be used to implement different authorization and charging systems for public WLANs, including a pre-paid, pay-per-use charging system and another one based on community membership. The implementation is based on the netgraph facility, resulting in a surprisingly flexible and simple implementation.