310 likes | 614 Views
2014 YU- ANTL Seminal. Integrated Congnitive Management System- Hostapd. Hyun dong Hwang Advanced Networking Technology Lab. (YU-ANTL) Dept. of Information & Comm. Eng, Graduate School, Yeungnam University, KOREA (Tel : + 82-53-810-3940; Fax : +82-53-810-4742
E N D
2014 YU-ANTL Seminal Integrated Congnitive Management System-Hostapd Hyun dong Hwang Advanced Networking Technology Lab. (YU-ANTL) Dept. of Information & Comm. Eng, Graduate School, Yeungnam University, KOREA (Tel : +82-53-810-3940; Fax : +82-53-810-4742 http://antl.yu.ac.kr/; E-mail : mch2d@hotmail.com)
Outline • Integrated Cognitive Management System • Hostapd & Wpa_Supplicant • 802.11r Fast transition • Current procedure • Hostapd configuration • Reference
Integrated Cognitive Management System • Integrated Cognitive Management System Topology
Hostapd & Wpa_Supplicant • Hostapd • hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, • IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. • The current version supports Linux (Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211). • hostapd is designed to be a "daemon" program that runs in the background and acts as the backend component controlling authentication. • hostapdsupports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd.
Hostapd & Wpa_Supplicant • Hostapd features • WPA-PSK (WIFI protected Access) • WPA with EAP (with integrated EAP server or an external RADIUS backend authentication server) ("WPA-Enterprise") • key management for CCMP, TKIP, WEP104, WEP40 • WPA and full IEEE 802.11i/RSN/WPA2 • RSN: PMKSA caching, pre-authentication • IEEE 802.11r • IEEE 802.11w • RADIUS accounting • RADIUS authentication server with EAP • Wi-Fi Protected Setup (WPS)
Hostapd & Wpa_Supplicant • Wpa_supplicant • wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). • Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. • It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. • wpa_supplicant is designed to be a "daemon" program that runs in the background and acts as the backend component controlling the wireless connection. • wpa_supplicantsupports separate frontend programs and a text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with wpa_supplicant.
Hostapd & Wpa_Supplicant • Wpa_supplicant features • WPA-PSK ("WPA-Personal") • WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise") • key management for CCMP, TKIP, WEP104, WEP40 • WPA and full IEEE 802.11i/RSN/WPA2 • RSN: PMKSA caching, pre-authentication • IEEE 802.11r • IEEE 802.11w • Wi-Fi Protected Setup (WPS)
Current procedure • Current Problem • If do not using Bridge port, Wpa_clicommand ft_ds(run the Fast BSS Transition) is not transport to target AP • If using Bridge port, network DNS server not working
802.11r Fast transition • 802.11 Key Hierarchy
802.11r Fast transition • 802.11r Action Frame
802.11r Fast trasition • 802.11r FT Request Frame
802.11r Fast trasition • 802.11r FT Respone Frame
802.11r Fast transition • FT Confirm frame
802.11r Fast transition • FT ACK frame
Current procedure • Test Topology AP Hostapd Hostapd _cli Bridge port Ethernet AP1 : Hostapd AP2 : Hostapd STA1 : WPA_Supplicant STA2 : WPA_Supplicant STA Wpa_ supplicant Wpa_cli
Current topology • Network dirver : ath9k(NL80211) Ethernet Ethernet Ubuntu 12.04 LTS Kernel : 2.6.38-8-generic Hostapd 2.0 LAN CARD : TP-LINK TL WDN4800 Ubuntu 12.04 LTS Kernel : 2.6.38-8-generic Hostapd 2.0 LAN CARD : TP-LINK TL WDN4800 bridge Ubuntu 12.04 LTS Kernel : 2.6.38-8-generic Wpa_supplicant 2.0 LAN CARD : TP-LINK TL WDN4800
Hostapd 2.0 • Ubuntu 12.04 일때 필수 설치 라이브러리 • libnl-1, libnl-2, libnl-1-dev, libnl-2-dev, bridge-utils, iw, openssl(libssl-dev) • Compat wireless module(for ath9k driver)은 더 이상 지원 안함 • Ubuntu 11.04일때는Compat wireless module을 이용한 ath9k설치가 필요 하지만 Hostapd 2.0의 openssl1.0.1f를 지원하지 안고 드라이버에 인증서가 설치가 안됨. • Hostapd 2.0 이상의 버전에서는 openssl1.01f이상의 버전 지원이 필수 • Iptable을 통한 포트 포워딩 • dhcp3-server를 설치하여 동적 네트워크 IP를 할당 및 후에 RSN구성
Hostapd configuration • /etc/network/interface No Bridge Using Bridge
Hostapd configuration • /etc/dhcp/dhcpd.conf : DHCP server 설정
Hostapd configuration • /etc/default/isc-dhcp-server : DHCP server init script
Hostapd configuration • 실행 Script 파일
Hostapd configuration • Hostapd.conf
Reference [1] 김진욱, 김영탁, “IEEE 802.11환경에서 Network Initiated Roaming 기반의 로드밸런싱을 이용한 인지형 무선 LAN 관리 시스 템”, JCCI, 2013. [2] IEEE Standard 802.11-2007, “Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specification,” June 2007. [3] Devin Akin, David Coleman, “Robust Security Network(RSN) Fast BSS Transition(FT)” white paper, Setember 2008 [4] http://hostap.epitest.fi/wpa_supplicant/devel/ [5] http://wireless.kernel.org/en/users/Documentation/hostapd