1 opensea alliance – enabling ubiquitous secure network access | 9/15/2015 opening wireless...
TRANSCRIPT
1
OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 04/19/23
Opening Wireless Security at the Open1X Project
Matthew [email protected]
TERENA NetConnect 2008, May 2008
http://www.open1x.org/http://www.openseaalliance.org/
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 2
About me
Founder and board member at the OpenSEA Alliance
Author of 802.11 Wireless Networks: The Definitive Guide (O’Reilly, 2005)
IEEE 802.11 member> Secretary of Task Group U (interworking with
external networks)
Vice Chair of Wi-Fi Alliance Security Marketing task group
Principal Engineer at Trapeze Networks> Product architecture & design> Long range planning and evolution of wireless
LAN technology
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 3
What is the OpenSEA Alliance?
Non-profit organization developing edge network technologies
> SEA stands for “secure edge access”
Goal: Create market leading open-source solutions
> Collaborative development & test> Both commercial and academic uses
Strong corporate backing for the Open1X Project
Founded by industry leaders in May 2007, joined by JANET(UK)
Continued member growth Important note:
I am speaking today on behalf of the organization, not my employer
4
OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 04/19/23
The Open1X Project at Present
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 5
The Open1X Project
Open source supplicant> The initial project of the OpenSEA Alliance> Project web site: http://open1x.org/
Goal: To create a robust, multi-platform open-source 802.1X client
Three major components> Multi-platform core engine technology (XSupplicant)> Multi-platform GUI> Plug-ins to extend engine’s functionality
Project run by a “project management committee” (PMC) consisting of industry experts
> Establish & maintain project roadmap> Coordinate development> Create project infrastructure (build & test environments, web site)
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 6
Open1X Architecture
Network Medium
System Abstraction & Integration Layer (SAIL)
Core supplicant engine
Open1X driver (IEEE 802.1X)
EAP MethodsEAP MethodsEAP MethodsEAP Methods
crash reporting
Plug ins
Graphical User InterfaceIPC channel
Operating system driver
libtnc
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 7
New Modular Supplicant GUI
Cross-platform GUI> Same look and feel
across platforms – ideal for diverse computing environments
Engine control & reporting channel is platform-independent and can be connected to any GUI
Improved status monitoring over built-in supplicants
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 8
Supplicant GUI design
Customizeable with QT Designer
> Create any skin needed (an eduroam skin?)
Engine plug-ins can automatically extend GUI displays with new configuration options
9
OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 04/19/23
The Near Future of Open1X
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 10
Open1X Direction & Goals
Content organized into releases> Release code names are alphabetical> SeaAnt, SeaBadger, SeaCow, and so on
Roadmap maintained by PMC> Downloadable from http://www.open1x.org/roadmap/
Who contributes to the roadmap?> People on mailing lists (users, developers) – frequently short-term> People on the Open1X wiki – http://wiki.open1x.org/> OpenSEA Alliance members
OpenSEA members also employ some engineers> No requirement to work on open source road map
Updates> PMC updates road map at the end of release cycles> Open source road map defines feature set for next stable release
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 11
The Next Release (2.2.x), “Sea Ant”
Major goal: platform support> Linux and Mac OS X getting feature parity with Windows> Extension of Windows support to Vista
EAP method extension> PEAP version 1 with EAP-GTC (“Cisco PEAP”)> EAP-GTC support (RFC 3748, RFC 3748 with persistent
passcode storage, and draft-zhou redefinition for EAP-FAST)> TLS configuration support in GUI
Opportunistic Key Caching (OKC)> Sometimes called Proactive key caching (PKC)> Use a single key across multiple cooperating access points, such
as a switch-based split-MAC network
Much improved documentation, both developer and user Lots of clean-up work
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 12
Current Project Infrastructure Projects
Library upgrades> Current versions of OpenSSL, libXML, libtnc, iconv, zlib, etc.
Automatic build environment> Builds on demand> Nightly builds & packaging
Automated QA testing & regression checking Debugging tool improvements
13
OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 04/19/23
The Not-so-Near Future
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 14
How to Help, Part 1: code
Writing code is the “classic” way to contribute to open source projects
> Pick a roadmap item of interest to you> Or, write code for a feature that you need – we take all code that
works!
See the whole gory list of development tasks here> http://open1x.org/roadmap/SeaAnt/
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 15
How to Help, part 2: for non-coders
Matthew is in this category! Development
> OpenSEA may contract some development, but this requires detailed specifications
Direction> Read the roadmap and provide comments> Suggest features or platforms for the roadmap
Testing> Run the supplicant and provide feedback (the crash reporter should make
this easy)> Develop automated test scripts, and either contribute results or scripts to
community> Report things that work (or don’t work)
Documentation> EAP method configuration> RADIUS server configuration
Support> Join mailing lists to help answer questions
OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 16
Future Developments
Extending platform support> Dual-mode phones> Tighter integration with underlying operating systems
Extending standards support> Plug-in architecture allows users to choose TNC, NAP,
NAC, …> New wireless security standards such as 802.11r and
802.11w
New deployment and troubleshooting tools> Centralized configuration support
17
OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 04/19/23OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 04/19/23
Thanks for listening!
Matthew Gast – [email protected]
Web site : http://www.open1x.org
XSupplicant Mailing lists: