Title: Wireless Campus project
1TNC 2003 Wireless Campus project
Elisa.Marchioro_at_csp.it Davide.Ferri_at_csp.it
2Content
- CSP profile
- Wireless Campus network
- User mobility
- Security
- Further activities
3Content
- CSP profile
- Wireless Campus network
- User mobility
- Security
- Further activities
4CSP in brief
Information-and-Communication-Technology Research
Centre non-profit consortium recognized by the
Italian Ministry of Education, University and
Scientific Research
5CSP in brief
- CSP runs research and professional consultancy
through permanent laboratories with the Turin
Polytechnic and University of Turin - INLab (Integrated Networks Laboratory)360 view
on ICT solutions Multimedia protocols (H323,
SIP, streaming), networking (IPv6, BGP), and
wireless technology as points of strength - SecureLab studies on ICT security aspects
application, network, system, and mobile security
- WTLab (Web Technology Laboratory)studies on
development and access to telematic applications
(standards, tools, new technologies)
6CSP in brief
- Technology focus
- IP-Based Technology Networks
- IPv6
- Gigabit Networking
- IP Telephony (H.323, SIP)
- Wireless LAN
- Satellite (DVB, DVB-RCS, MHP)
- Digital security
- Opensource
7Content
- CSP profile
- Wireless Campus network
- User mobility
- Security
- Further activities
8Wireless Campus
- Objectives
- Conjugate CSP RD activities on WLANs with
dissemination of competency - Promote the adoption of the wireless technologies
among local communities and enterprises (SMEs, PA)
9Wireless Campus
- The mean idea is realizing a WLAN network as
- Real test-bed for research activities on WLAN
technologies - Experimental field for end-user services to
prototype after RD results - Key issues
- State-of-the-art technology
- Multiple service scenarios
10Location
- The Wireless Campus project has been supported by
Environment Park Turin technology park that
combine technological innovation and
eco-efficiency, hosting several companies and
Research Institutes operating both in the
Environmental Protection field and the ICT field
11Location
- The park provides a ideal location for the
project for - Many SMEs and LABs are hosted
- Offers wide band connection to ISPs
- Provides private and public areas (conference
centre) in a mixed environment - Promotes projects that could fit well for
integration with wireless technologies (e.g.
domotic LAB)
12The network
- Technology is 802.11b (and Wi-Fi) compliant
- Architecture includes
- Access points centralized management server for
network infrastructure - Security servers
- Add-on services devices (e.g. e-mail, multimedia,
ecc.) - Two phases for network deployment
- Phase 1 First network core of 16 access points,
management server, security servers and base
services activation - Phase 2Advanced service activation and coverage
extension planning according to Phase1 results
13RF coverage
Phase 1 network deployment
14Site survey
- EM measurements
- Identify EM permeability of building materials
and structures at 2.4 GHz useful for future
deployments on building project phase - Simulation of EM field propagation indoor and
outdoor based on previous measured values - Verification with possible RF interference
sources (e.g. Bluetooth transmitters, other APs,
ecc.)
15The network
- Phase 1
- All access point on the same LAN
- Static IP addresses
- Service provided for internal users only
- Equipment (laptop, PDA)
- Phase 2
- Access point on different LANs
- DHCP server to provide terminals public IP
addresses - Service provided to visitors
- Rentable client equipment
16Network architecture
WLAN management
Security
Servicecentre
Shared services
CSP
Enviroment Park
SMEs
LABs
External networks(other hot-spots)
Telconetwork
Wireless Campus extensions
17Services
- Basic (active)
- E-mail
- Web navigation redirection to specific web
pages to promote initiatives and locate offices
in the park - Intranet access
- Advanced (to provide later)
- Video-surveillance from wireless webcams
- Instant messaging
- Presence services
- Streaming (radio, video)
18Issues
- A single network infrastructure providing
- Dedicated network access for some entities
- Shared environment in common places
- Services
- Targeted to different types of terminals (PDA,
laptop, PC) - Tailored on the user privileges (web access,
intranet resources availability)
19Challenges
- Main points
- User mobility
- Security
- QoS
- Interoperability
20Content
- CSP profile
- Wireless Campus network
- User mobility
- Security
- Further activities
21Mobility
- From network perspective
- Phase 1mobility among AP on the same WLAN ?
seamless handover - Phase 2mobility among different WLAN ?
planning to deploy Mobile IPv4 on some areas ?
LAB activity on Mobile IPv6 - From service perspective
- Studies about user localization on WLAN
- Location Based Services
22WLAN GPRS
- Plan to connect Wireless Campus hot-spot with
GPRS Cellular operator network - Testing of WLAN-GPRS roaming features
- At present
- 802.11b client cards provided with SIM slot for
GPRS connectivity - Users can connect through WLAN under Wireless
Campus hot-spot coverage and through GPRS when
away
23User localization
- CSP and Politecnico of Turin (Telecommunication
Group) are investigating on WLAN mobile user
localization techniques - Currently indoor coverage of WLAN can provide
information about user location on AP Cell-id
each access point is associated with a section of
the building - Poor accuracy
- Localization can improve if the user is heard by
a set of beacons, then triangulation techniques
can be used - Hybrid solutions can be found combining different
pieces information available for the
communication interface
24Content
- CSP profile
- Wireless Campus network
- User mobility
- Security
- Further activities
25Security what we need
- Security Goals
- Enhanced user authentication mechanisms
- Class-based service differentiated access for
WLAN users - Security Mobility
26Radio medium weaknesses
- The Radio Medium is difficult to confine and
control - WLANs are exposed to different security threats
- Sniffing Interception and Eavesdropping
- Spoofing and Unauthorized Access
- Denial of Service and Flooding Attacks
- Network Hijacking and Modification
27WEP is not sufficient
Wired Equivalent Privacy (WEP) is in charge of
ciphering data and identifying users for
accounting but
it is not sufficient to guarantee a good
security level for the WLAN infrastructure, in
fact there are many security analysis that show
WEPs weaknesses and several tools realized to
break it
28So lets use 802.1x
802.1x standard is intended to provide strong
and mutual authentication between users and
WLAN elements, but also access control and key
management
For these reasons we adopt this standard in
conjunction with the Extensible Authentication
Protocol (EAP) to implement the security model of
Wireless Campus and permit a wide variety of
authentication mechanism
29802.1x scheme
enterprise edge
semi-public network
enterprise network
EAP over wireless
EAP over RADIUS
Supplicant
Authentication Server
Authenticator
Operates on client
EAP plug-in goes in RADIUS server
Operates on devices at network edge, like APs and
switches
Open port Authentication traffic
Controlled portData traffic
30Cellular operator side
- The parks WLAN has to be connected to a cellular
operator GPRS network - The two access technologies (802.11b and GPRS)
can integrate each other in a complementary way
but they need two different schemes for user
authentication - Therefore we will trial SIM based authentication
mechanism to let users move between public
operator hot-spots and roam as he/she was in
his/her home WLAN network
31Authentication
Authentication management
RADIUS proxy
Local Authentication
RADIUSEnvironment Park
RADIUSCSP
SMEs
LABs
Remote Authentication (SIM)
Telconetwork
32Content
- CSP profile
- Wireless Campus network
- User mobility
- Security
- Further activities
33Integration of the Open Source World
- Open source
- Tools to try and test new features as soon as
they are released through draft and proposals - Customize or deploy other enhancements
- Integration of open source with commercial
systems as part of interoperability studies - Tools
- Access point
- Authentication server
- Authentication client
34RD activity future enhancements
- Ad hoc networking
- Diffserv on 802.11b
- IPv6 and WLAN mobility (CSP is an IPv6 TLA)
- Streaming
- LBS
- VoIP over WLAN
- Performance measurements
35Finally
Thanks!
36Information
Center of Excellence for Research, Development
and Experimentation of Advanced Computer
Science and Information Technologies Via
Livorno 60 - 10144 Torino Italy Building
A1lab ? 39 011- 481 5111 ? 39 011- 481 5001 ?
Email info_at_csp.it
www.inlab.csp.it www.csp.it