1 opensea alliance – enabling ubiquitous secure network access | 9/15/2015 opening wireless...

1

OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 04/19/23

Opening Wireless Security at the Open1X Project

Matthew [email protected]

TERENA NetConnect 2008, May 2008

http://www.open1x.org/http://www.openseaalliance.org/

OpenSEA Alliance | Enabling Ubiquitous Secure Network Access - www.openseaalliance.net 2

About me

Founder and board member at the OpenSEA Alliance

Author of 802.11 Wireless Networks: The Definitive Guide (O’Reilly, 2005)

IEEE 802.11 member> Secretary of Task Group U (interworking with

external networks)

Vice Chair of Wi-Fi Alliance Security Marketing task group

Principal Engineer at Trapeze Networks> Product architecture & design> Long range planning and evolution of wireless

LAN technology


What is the OpenSEA Alliance?

Non-profit organization developing edge network technologies

> SEA stands for “secure edge access”

Goal: Create market leading open-source solutions

> Collaborative development & test> Both commercial and academic uses

Strong corporate backing for the Open1X Project

Founded by industry leaders in May 2007, joined by JANET(UK)

Continued member growth Important note:

I am speaking today on behalf of the organization, not my employer

4


The Open1X Project at Present


The Open1X Project

Open source supplicant> The initial project of the OpenSEA Alliance> Project web site: http://open1x.org/

Goal: To create a robust, multi-platform open-source 802.1X client

Three major components> Multi-platform core engine technology (XSupplicant)> Multi-platform GUI> Plug-ins to extend engine’s functionality

Project run by a “project management committee” (PMC) consisting of industry experts

> Establish & maintain project roadmap> Coordinate development> Create project infrastructure (build & test environments, web site)


Open1X Architecture

Network Medium

System Abstraction & Integration Layer (SAIL)

Core supplicant engine

Open1X driver (IEEE 802.1X)

EAP MethodsEAP MethodsEAP MethodsEAP Methods

crash reporting

Plug ins

Graphical User InterfaceIPC channel

Operating system driver

libtnc


New Modular Supplicant GUI

Cross-platform GUI> Same look and feel

across platforms – ideal for diverse computing environments

Engine control & reporting channel is platform-independent and can be connected to any GUI

Improved status monitoring over built-in supplicants


Supplicant GUI design

Customizeable with QT Designer

> Create any skin needed (an eduroam skin?)

Engine plug-ins can automatically extend GUI displays with new configuration options

9


The Near Future of Open1X


Open1X Direction & Goals

Content organized into releases> Release code names are alphabetical> SeaAnt, SeaBadger, SeaCow, and so on

Roadmap maintained by PMC> Downloadable from http://www.open1x.org/roadmap/

Who contributes to the roadmap?> People on mailing lists (users, developers) – frequently short-term> People on the Open1X wiki – http://wiki.open1x.org/> OpenSEA Alliance members

OpenSEA members also employ some engineers> No requirement to work on open source road map

Updates> PMC updates road map at the end of release cycles> Open source road map defines feature set for next stable release


The Next Release (2.2.x), “Sea Ant”

Major goal: platform support> Linux and Mac OS X getting feature parity with Windows> Extension of Windows support to Vista

EAP method extension> PEAP version 1 with EAP-GTC (“Cisco PEAP”)> EAP-GTC support (RFC 3748, RFC 3748 with persistent

passcode storage, and draft-zhou redefinition for EAP-FAST)> TLS configuration support in GUI

Opportunistic Key Caching (OKC)> Sometimes called Proactive key caching (PKC)> Use a single key across multiple cooperating access points, such

as a switch-based split-MAC network

Much improved documentation, both developer and user Lots of clean-up work


Current Project Infrastructure Projects

Library upgrades> Current versions of OpenSSL, libXML, libtnc, iconv, zlib, etc.

Automatic build environment> Builds on demand> Nightly builds & packaging

Automated QA testing & regression checking Debugging tool improvements

13


The Not-so-Near Future


How to Help, Part 1: code

Writing code is the “classic” way to contribute to open source projects

> Pick a roadmap item of interest to you> Or, write code for a feature that you need – we take all code that

works!

See the whole gory list of development tasks here> http://open1x.org/roadmap/SeaAnt/


How to Help, part 2: for non-coders

Matthew is in this category! Development

> OpenSEA may contract some development, but this requires detailed specifications

Direction> Read the roadmap and provide comments> Suggest features or platforms for the roadmap

Testing> Run the supplicant and provide feedback (the crash reporter should make

this easy)> Develop automated test scripts, and either contribute results or scripts to

community> Report things that work (or don’t work)

Documentation> EAP method configuration> RADIUS server configuration

Support> Join mailing lists to help answer questions


Future Developments

Extending platform support> Dual-mode phones> Tighter integration with underlying operating systems

Extending standards support> Plug-in architecture allows users to choose TNC, NAP,

NAC, …> New wireless security standards such as 802.11r and

802.11w

New deployment and troubleshooting tools> Centralized configuration support

17

OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 04/19/23OpenSEA Alliance – Enabling Ubiquitous Secure Network Access | 04/19/23

Thanks for listening!

Matthew Gast – [email protected]

Web site : http://www.open1x.org

XSupplicant Mailing lists:

[email protected]

[email protected]

1 opensea alliance – enabling ubiquitous secure network access | 9/15/2015 opening wireless...

Documents