an architectural framework for providing wlan roaming
DESCRIPTION
An Architectural Framework for Providing WLAN Roaming. D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the Aegean Greece HET-NETs '03. Background Information. - PowerPoint PPT PresentationTRANSCRIPT
An Architectural Framework for Providing WLAN Roaming
D.Vassis
G.Kormentzas
Dept. of Information and Communication Systems Engineering
University of the Aegean
Greece
HET-NETs '03
2HETNETs’03, Ilkley, UK, July 2003
Background Information
• The adoption of Wireless Local Area Networks (WLANs) is growing rapidly in both corporate environments and public spaces.
• A significant number of different WLAN Internet Service Providers (WISPs) is anticipated to emerge in this setting.
• The provision of secure roaming for WISPs’ clients can constitute an important benefit for WISPs in order to strengthen their presence in the wireless market.
3HETNETs’03, Ilkley, UK, July 2003
Setting the WLAN Roaming Problem
• When a wireless user wants to join a WLAN, a subscription to the corresponding WISP is required.
• This can mainly be achieved either by a prepaid-time card, or a fixed account.
• The WLAN roaming problem concerns the fact that a wireless user subscription is valid only to WISP in which it has been initially activated.
• Conforming to the IEEE 802.11b (Wi-Fi) standard, the paper discusses an architectural framework for roaming on WLANs.
• The framework adopts standards-based WLAN authentication mechanisms allowing a wireless user to move across multiple WLAN settings administered by different WISPs.
4HETNETs’03, Ilkley, UK, July 2003
Outline of the Presentation
• Basic WLAN authentication mechanisms
• The proposed roaming framework
• Implementation issues of a prototype
• Conclusions & Future work
5HETNETs’03, Ilkley, UK, July 2003
WLAN Authentication Mechanisms
• EAP (Extensible Authentication Protocol) over 802.1X– 802.1X provides port authorisation– EAP messages are encapsulated in 802.11 frames
• RADIUS (Remote Authentication Dial In User Service)– Similar to EAP process– RADIUS messages are encapsulated in UDP messages,
an IP session is required
Wireless User AP
Authentication Server
EAP/802.1X RADIUS
6HETNETs’03, Ilkley, UK, July 2003
The Proposed Framework
• WLAN community: The group of WISPs, which are going to participate into the framework.
• WISPR (WISP serveR): A central database, which contains contact information records for all WISPs that participate in a particular WLAN community.
• Home ISP (HISP): The WLAN provider in which the wireless user has been originally subscribed. HISP includes its own RADIUS server and local database hosting WISPR records and profiling information records for the users currently served by HISP.
• Foreign ISP (FISP): The remote WLAN provider in which the wireless user desires to be connected. FISP includes its own RADIUS server and local database with the corresponding records.
AP
User
HISP RADIUS
WWW
FISPRADIUS
WISPR
WLAN Community
Registered WISPsFISP Users
Registered WISPsHISP Users
7HETNETs’03, Ilkley, UK, July 2003
WISPR
• WISPs must somehow know contact information for each other in order AAA procedures to be performed.
• WISPR provides credential information for all WISPs of a WLAN community– When a WISP desires to become member of the proposed
roaming framework, it must upload to WISPR its RADIUS server contact information.
– Simultaneously, the under registration WISP retrieves the contact information of the other registered WISPs.
– Periodically (e.g., every day), a registered WISP informs WISPR about its current status.
– A registered WISP receives new WISPR records.
8HETNETs’03, Ilkley, UK, July 2003
Communication between WISP and WISPR
Update_Retrieve
Update_Request
WISP WISPR
Registration_Challenge
Registration_RequestWISP WISPR
Registration_Response
Registration_Retrieve
Registration_ACK
Update_ACK
Periodic updateRegistration
9HETNETs’03, Ilkley, UK, July 2003
WISPR Database record
Name: The name of WISPCountry Code: The country code of WISPProvider Code: A code defined by WISPR. It
constitutes an abbreviation of the WISP name and facilitates the WISP identification
IP address: The IP address of the RADIUS server owned by the particular WISP. It is considered that RADIUS server includes also accounting information
Location: The location of WISP
Country Code Location
16 octets 4 octets 8 octets
IP Address
5 octets
Name Provider Code
3 octets
10HETNETs’03, Ilkley, UK, July 2003
WISP user profiling record
• Besides the retrieved WISPR records, each WISP participating in the WLAN roaming community, keeps for its own served users the corresponding profiling information records.
• For each WISP, both WISPR records and user profiling records are stored in a respective local database.
Country Code
User Code PasswordProvider Code
Date Registered
Time Spend/ Remaining
3 Octs 8 Octs 5 Octs 32 Octs 8 Octs 8 Octs
Card Username
32 Octs
username
11HETNETs’03, Ilkley, UK, July 2003
WISP user profiling record
Country Code and Provider Code: The same fields as in the records of WISPR database.
User Code: The user code provided by WISP.Password: The user password provided by WISP.Date Registered: The date in which the user account (either a
prepaid-time card, or a permanent subscription) has been activated.
Time Spend/Remaining: The total time that the user has been connected in any of the WISPs participating in the roaming supported WLAN community or the user’s WLAN connection remaining time.
Card username: If the recorded username in the card does not follow the format of the adopted username, WISP keeps in the field Card Username the username of the card and assigns to the user a new username conventional to the defined format.
12HETNETs’03, Ilkley, UK, July 2003
An Example scenario of Roaming Operation
• When a user roams to a FISP and requests authentication:– FISP checks the provider code from the user’s
username. If it is not its own, it redirects the authentication request to the corresponding HISP.
• Extension of the RADIUS protocol is required for this purpose
– At the end of the session HISP performs accounting operations according to the information of FISP and the value of the field “Time spend/Remaining”.
13HETNETs’03, Ilkley, UK, July 2003
An Example scenario of Roaming Operation
EAP Success
Access Request/EAP Message/EAP Response (MyID)
EAP-Request OTP/OTP Challenge
Access Challenge/ EAP-Message/EAP-Request OTP/OTP Challenge
Access Challenge/ EAP-Message/EAP-Request OTP/OTP Challenge
EAP Response/ OTP, OTPpw
Access Request/ EAP-Message/EAP-Response OTPpw
Access Request/ EAP-Message/EAP-Response OTPpw
Access Accept/EAP Message/ EAP SuccessAccess Accept/
EAP Message/ EAP Success
Access Request/EAP Message/EAP Response(MyID)
EAP Request Auth
EAP Request Identity
14HETNETs’03, Ilkley, UK, July 2003
An Example scenario of Roaming Operation (Log off)
Client AP FISP HISP
EAP LOGOFF
Accounting Request
Accounting Request
Accounting Response
Accounting Response
15HETNETs’03, Ilkley, UK, July 2003
Implemented Prototype• A prototype of the proposed roaming framework is under development. • The prototype targets to include a WLAN community hosting two
“virtual” WLAN providers, each one consisting of an AP and a RADIUS server.
• The two RADIUS servers (emulating the roles of HISP and FISP RADIUS servers) and the prototype’s WISPR server will be statically interconnected in a wired Ethernet topology.
• Among the variety of RADIUS servers that have been developed by several vendors, the prototype under implementation will adopt the open source FreeRadius RADIUS server. It is planned that FreeRadius will be installed without any software changes in the APs of the prototype. Software modifications (according to the design guidelines) are anticipated for the installation of FreeRadius in the HISP and FISP servers.
• The 802.1X protocol will be implemented without any software changes.• Mysql database will be used for the WISPR implementation.
16HETNETs’03, Ilkley, UK, July 2003
Conclusions & Future Work
• Given that currently there is no established standard or industry practice for WLAN roaming, the paper proposes a simple architectural framework for roaming on WLANs.
• The proposed framework conforms to IEEE 802.11b (Wi-Fi) standard and adopts standards-based authentication mechanisms.
• A prototype of the proposed roaming framework is under development and is expected to be finalised in the near future.
• The prototype will validate both the functionality and the efficiency of the proposed framework.
Future Work • Comparison of the discussed roaming framework with
other similar undergoing activities performed by WECA (creator of WiFi standard), IETF, and 3GPP.