IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Selection of EAP-authentication methods in WLANs

IEEE 802.1X is a key part of IEEE802.11i. By employing Extensible Authentication Protocol (EAP) it supports a variety of upper layer authentication methods each with different benefits and drawbacks. Any one of these authentication methods can be the ideal choice for a specific networking environment. The fact that IEEE 802.11i leaves the selection of the most suitable authentication method to system implementers makes the authentication framework more flexible, but on the other hand leads to the question of how to select the authentication method that suits an organisation’s requirements and specific networking environment. This paper gives an overview of EAP authentication methods and provides a table comparing their properties. It then identifies the crucial factors to be considered when employing EAP authentication methods in WLAN environments. The paper presents algorithms that guide the selection of an EAP-authentication method for a WLAN and demonstrates their application through three examples

Classification of EAP methods and Some Major Attacks on EAP

This paper presents an overview of authentication protocol and analysis of Extensible Authentication Protocol (EAP) and its place in securing network. In general, authentication procedure adds extra messages to the original message flow and results in throughput reduction/ increase in processing time. Extensible Authentication Protocol (EAP) is a framework which aims to provide a flexible authentication for wireless networks. A number of specific widely used EAP methods are examined and evaluated for their advantages and susceptibility to types of attack. In addition, we evaluate how we communicate between two entities over the network

WI-FI ALLIANCE HOTSPOT 2.0 SPECIFICATION BASED NETWORK DISCOVERY, SELECTION, AUTHENTICATION, DEPLOYMENT AND FUNCTIONALITY TESTS.

The demand for high mobile data transmission has been dramatically enlarged since there is a significant increase at the number of mobile communication devices that capable of providing high data rates. It is clearly observed that even the next generation cellular networks are not able to respond to this demand to provide the required level of mobile data transmission capacity. Although, WLAN responses to this demand by providing upwards of 600 Mbps data rates it is not convenient in terms of cellular like mobility and requires user intervention anytime of reconnection to a hotspot. Therefore, the need for a new technology took place and IEEE has introduced a new amendment to IEEE 802.11 standards family which is called as IEEE 802.11u. Based on IEEE 802.11u amendment, WFA developed WFA Hotspot 2.0 Specification and started to certify the Wi-Fi devices under Passpoint certification program. This new technology developed to provide Wi-Fi capable devices simply identify, select and associate to a Hotspot without any user intervention in a highly secure manner. As Hotspot 2.0 Specification is quite new in the market it has been a challenging work to reach some academic papers; however, IEEE 802.11u standard, Internet sources, white papers published by different companies/organizations and discussions with telecommunication experts have made this master thesis to achieve its goals. This thesis work provides a great resource for the network operators to have a great understanding of the Hotspot 2.0 Specification in terms of theory, network element requirements and deployment by providing a good understanding of the system functionality. In this paper, a comprehensive theoretical background that addresses to WLAN technology, Passpoint elements, and IEEE 802.11u based network discovery, selection and authentication is provided. Besides, Hotspot 2.0 network deployment scenarios with network core element requirements are designed and Passpoint functionality tests are performed under different scenarios by describing a comprehensive setup for the testing.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Security protocols for networks and Internet: a global vision

This work was supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You), by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks), which is co-funded by European Funds (FEDER), and by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV—Security mechanisms for fog computing: advanced security for devices)

Inter-Domain Authentication for Seamless Roaming in Heterogeneous Wireless Networks

The convergence of diverse but complementary wireless access technologies and inter-operation among administrative domains have been envisioned as crucial for the next generation wireless networks that will provide support for end-user devices to seamlessly roam across domain boundaries. The integration of existing and emerging heterogeneous wireless networks to provide such seamless roaming requires the design of a handover scheme that provides uninterrupted service continuity while facilitating the establishment of authenticity of the entities involved. The existing protocols for supporting re-authentication of a mobile node during a handover across administrative domains typically involve several round trips to the home domain, and hence introduce long latencies. Furthermore, the existing methods for negotiating roaming agreements to establish inter-domain trust rely on a lengthy manual process, thus, impeding seamless roaming across multiple domains in a truly heterogeneous wireless network. In this thesis, we present a new proof-token based authentication protocol that supports quick re-authentication of a mobile node as it moves to a new foreign domain without involving communication with the home domain. The proposed proof-token based protocol can also support establishment of spontaneous roaming agreements between a pair of domains that do not already have a direct roaming agreement, thus allowing flexible business models to be supported. We describe details of the new authentication architecture, the proposed protocol, which is based on EAP-TLS and compare the proposed protocol with existing protocols

Managing Access Control in Virtual Private Networks

Virtual Private Network technology allows remote network users to benefit from resources on a private network as if their host machines actually resided on the network. However, each resource on a network may also have its own access control policies, which may be completely unrelated to network access. Thus users� access to a network (even by VPN technology) does not guarantee their access to the sought resources. With the introduction of more complicated access privileges, such as delegated access, it is conceivable for a scenario to arise where a user can access a network remotely (because of direct permissions from the network administrator or by delegated permission) but cannot access any resources on the network. There is, therefore, a need for a network access control mechanism that understands the privileges of each remote network user on one hand, and the access control policies of various network resources on the other hand, and so can aid a remote user in accessing these resources based on the user\u27s privileges. This research presents a software solution in the form of a centralized access control framework called an Access Control Service (ACS), that can grant remote users network presence and simultaneously aid them in accessing various network resources with varying access control policies. At the same time, the ACS provides a centralized framework for administrators to manage access to their resources. The ACS achieves these objectives using VPN technology, network address translation and by proxying various authentication protocols on behalf of remote users