Experimental Study of a Network Access Server for a Public WLAN Access Network
Total Page:16
File Type:pdf, Size:1020Kb
Experimental Study of a Network Access Server for a public WLAN access network M.Sc. Thesis by Juan Caballero and Daniel Malmkvist Department of Microelectronics and Information Technology Royal Institute of Technology, KTH Stockholm, January 2002 Experimental Study of a Network Access Server for a public WLAN access network Abstract Wireless access networks have gained popularity due to the flexibility they allow to the users, who is able to move away from his or her desk while still being able to access information. Among the different Wireless LAN standards, the most widespread, by far, is IEEE 802.11. Public WLAN access networks are being set up in hotspots, i.e. areas expected to have high demand for bandwidth. Access to the Internet and to corporate networks is provided at these hotspots with limited coverage but high available bandwidth. Airports and hotels have often been the first targeted locations for these hotspots, but conference centres, cafes, and train stations will then follow. In the near future, any person who owns at least one access point and has a connection to the Internet can become a small operator and offer access to the Internet using these resources. Existing solutions for such WLAN access networks lack support for security, flexible accounting, mobility, multiaccess, roaming and user-friendly login. The aim of this Master’s Thesis was to study if it was possible to solve these problems and how to integrate all this new functionality into existing public WLAN access networks by building and evaluating a prototype of a public WLAN access network. System requirements were defined, currently available solutions analysed and a prototype was built. Most of the functionality of the prototype is placed in the Network Access Server, which is the main element providing security, mobility, and accounting. Flexible accounting, improvements in security, an easy and fast way to login the user, a feedback module to provide information about the current session and integration of the RADIUS architecture with the Mobile IP distribution have all been implemented. Juan Caballero and Daniel Malmkvist January 2002 Experimental Study of a Network Access Server for a public WLAN access network Acknowledgements We would like to thank our examiner, Professor Gerald Maguire Jr. for his invaluable answers to our questions and his assistance in the preparation of this manuscript. Special thanks, to our advisor George Liu for his advice and guidance during all the time working in the thesis. We would like to express also our most sincere thanks to Enrico Pelleta, for providing us with his IP-Login code, which saved us a lot of time. We also thank all the GNU community for creating great open software, especially the Dynamics, Netfilter, FreeSwan, Freeradius and mySQL teams; without their software this thesis would not have been possible. Thanks to R2M for providing us the opportunity to perform this thesis and to all the Elektrosmoggers for helpful input and interesting presentations. Finally and most specially thanks to our families and friends for supporting us all this time. Contact Information Examiner Advisor Professor Gerald Maguire Jr. George Liu, PhD IMIT, KTH IMIT, KTH [email protected] [email protected] Authors Juan Caballero Bayerri Daniel Malmkvist [email protected] [email protected] This thesis was performed as part of the requirements for the degree of Master of Science in Electrical Engineering at: Royal Institute of Technology, KTH Department of Microelectronics and Information Technology, IMIT KTH Electrum 229 164 40 Kista, Sweden This Master of Science thesis was performed at: R2M Meton AB Norgegatan 2 164 32 Kista, Sweden The thesis presentation was performed on the 22nd of January 2002. Juan Caballero and Daniel Malmkvist January 2002 Experimental Study of a Network Access Server for a public WLAN access network Table of Contents 1 Introduction .......................................................................................................................... 1 1.1 Background ..................................................................................................................... 1 1.2 Problem Statement .......................................................................................................... 2 1.3 Target Market.................................................................................................................. 2 1.4 Outline of the thesis ........................................................................................................ 3 2 Background........................................................................................................................... 4 2.1 Protocols.......................................................................................................................... 4 2.1.1 IEEE 802.11............................................................................................................. 4 2.1.1.1 Architecture Components................................................................................. 5 2.1.1.2 Physical layers.................................................................................................. 6 2.1.1.3 Data Rates......................................................................................................... 7 2.1.1.4 MAC layer........................................................................................................ 8 2.1.1.5 Communication exchange ................................................................................ 8 2.1.2 AAA......................................................................................................................... 9 2.1.2.1 RADIUS ......................................................................................................... 10 2.1.2.2 DIAMETER ................................................................................................... 12 2.1.3 IP Security ............................................................................................................. 13 2.1.3.1 Security protocols........................................................................................... 13 2.1.3.2 Modes of operation......................................................................................... 15 2.1.3.3 Key management in the IPSec framework ..................................................... 15 2.1.3.4 Internet Key Exchange ................................................................................... 15 2.1.4 Private addresses and Network Address Translation (NAT)................................. 15 2.2 Related work ................................................................................................................. 16 2.2.1 Research work ....................................................................................................... 16 2.2.2 Commercial work .................................................................................................. 17 3 Method................................................................................................................................. 19 3.1 Goal............................................................................................................................... 19 3.2 Scope............................................................................................................................. 19 3.3 Limitations .................................................................................................................... 20 3.4 System Requirements.................................................................................................... 20 3.4.1 General...................................................................................................................20 3.4.2 Login...................................................................................................................... 21 3.4.3 Security..................................................................................................................21 3.4.4 Accounting............................................................................................................. 22 4 System Architecture ...........................................................................................................24 4.1 System Overview .......................................................................................................... 24 4.2 User ............................................................................................................................... 25 4.3 Client............................................................................................................................. 25 4.4 NAS............................................................................................................................... 25 4.5 Authentication Server.................................................................................................... 26 4.6 Accounting Database .................................................................................................... 26 5 Analysis and Implementation............................................................................................ 27 5.1 Login ............................................................................................................................. 27 5.1.1 Wireless access overview ...................................................................................... 28 5.1.1.1 Basic user ......................................................................................................