On Securing Wireless LANs and Supporting Nomadic Users with Microsoft’s IPSec Implementation

نویسندگان

  • Rodrigo Blanco Rincon
  • Günter Schäfer
چکیده

Wireless LANs, like the IEEE 802.11 WLANs, are more vulnerable than their wired counterparts. The IEEE 802.11 specification includes an encryption protocol, WEP (Wired Equivalent Protocol), but this protocol inhibits severe weaknesses: there is no automatic key distribution protocol and WEP’s security itself has been shown to be seriously flawed. As a result, many of today’s IEEE 802.11 networks are relatively easy for outside attackers to break into. Predictions point at the fact that home and small to medium-sized office WLAN environments will be of great importance in the near future of the wireless market. A security system taylored for them and their “average” users should include a series of particular features: strong security, simplicity of installation and use, password management policies, user roaming capabilities and no special software or hardware requirements. The approach presented in this paper1 consists in building a Virtual Private Network (VPN) over the WLAN, using IPSec as underlying security protocol. The proposed configuration solution performs Mobile Node authentication, automatic IPSec policy configuration and automatic generation of IPsec authentication keys (IKE’s “Preshared Keys”). In order to support nomadic users, a policy negotiation protocol has been developed that allows to dynamically adjust the IPSec policies in mobile devices and the security gateway of a WLAN. The approach has been validated for the Windows 2000 / XP operating system with a prototypical implementation that is available for free download [2]. 1This work has been supported with a grant from Micosoft Research, Cambridge, UK.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Mobile Agent Based Architecture for Securing WLANs

Wireless LANs are open and are vulnerable to various attacks. Techniques available to prevent Wireless LANs from these attacks are not comprehensive. In this paper we discuss the drawbacks of the existing security mechanisms and we provide a security architecture which uses Mobile agents as a security facilitator. Using this architecture, users have freedom to choose from a variety of encryptio...

متن کامل

Mobile Multilayer IPsec protocol

A mobile user moves around and switches between wireless cells, subnets and domains, it needs to maintain the session continuity. At the same time security of signaling and transport media should not be compromised. A multi-layer security framework involving user authentication, packet based encryption and access control mechanism can provide the desired level of security to the mobile users. S...

متن کامل

Secure Mobile IP Communication

This paper describes a solution called Secure Mobile IP (SecMIP) to provide mobile IP users secure access to their company’s firewall protected virtual private network. The solution requires neither introducing new protocols nor to insert or modify network components. It only requires a slight adaptation of the end system communication software in order to adapt Mobile IP and IP Security protoc...

متن کامل

Transparent Network Security Policy Enforcement

Recent work in the area of network security, such as IPsec, provides mechanisms for securing the traÆc between any two interconnected hosts. However, it is not always possible, economical, or even practical from an administration and operational point of view to upgrade the software and con guration of all the nodes in a network to support such security protocols. One apparent solution to this ...

متن کامل

A new SDN-based framework for wireless local area networks

Nowadays wireless networks are becoming important in personal and public communication andgrowing very rapidly. Similarly, Software Dened Network (SDN) is an emerging approach to over-come challenges of traditional networks. In this paper, a new SDN-based framework is proposedto ne-grained control of 802.11 Wireless LANs. This work describes the benets of programmableAcc...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2002