From: Roland Hieber Date: Tue, 18 May 2010 01:07:05 +0000 (+0200) Subject: converted lit.bib to unix end lines, svg and pdf version of IEEE 802.1X diagram X-Git-Url: https://git.rohieb.name/seminar-bachelor.git/commitdiff_plain/79e8c695cc6645c02e8ec73d60a98a8de1ec53b6 converted lit.bib to unix end lines, svg and pdf version of IEEE 802.1X diagram --- diff --git a/8021X-Overview.pdf b/8021X-Overview.pdf new file mode 100644 index 0000000..68f3855 Binary files /dev/null and b/8021X-Overview.pdf differ diff --git a/8021X-Overview.png b/8021X-Overview.png deleted file mode 100644 index 0921528..0000000 Binary files a/8021X-Overview.png and /dev/null differ diff --git a/8021X-Overview.svg b/8021X-Overview.svg new file mode 100644 index 0000000..1547370 --- /dev/null +++ b/8021X-Overview.svg @@ -0,0 +1,316 @@ + + + + + + + + + + + + + + + + + + + + + + Wireless Network + + + Internet or otherLAN resources + + + + + + + + + + + + + + AS + + + Authentication Server(RADIUS, LDAP, …) + + + + AP + + Authenticator + + + + WN + + Supplicant + + + + + + + + 1 + + + + 2 + + + + 3 + + + + diff --git a/architektur.tex b/architektur.tex index d010189..1cb3a1c 100644 --- a/architektur.tex +++ b/architektur.tex @@ -7,12 +7,12 @@ Der sichere Netzzugang wird in eduroam durch den Standard \acr{IEEE 802.1X} \cite{IEEE802.1X} auf \acr{ISO/OSI}-Layer 2 realisiert. Dabei muss sich der Rechner, der Zugriff auf das physikalische Netz erlangen will (der sogenannte \emph{Supplicant}) bei einem Server (dem \emph{Authenticator} authentifizieren, bevor er Zugriff auf weitere Netzressourcen erhält. Die Methode der Authentifizierung kann dabei prinzipiell frei gewählt werden, innerhalb des eduroam-Verbundes werden allerdings aus Gründen der Sicherheit die Protokolle \acr{EAP-TLS}, \acr{EAP-TTLS}, oder \acr{EAP-PEAP} (weiteres dazu später) eingesetzt, die die Authentifizierung über eine gesicherte Verbindung abwickeln. -Der Authenticator wird vom Service Provider bereitgestellt und ist in dessen Netz eingebunden, es kann sich dabei je nach Integrationsgrad und Zugangsmedium um einen Access Point, einen Switch bzw. Router, oder einen dedizierten Server handeln. Er hat die Aufgabe, den Benutzer zu authentifizieren, indem er mit einen \emph{Authentication Server} (\acr{AS}) kommuniziert. Dieser wiederum kann sich im selben Netzwerk befinden, kann aber in der Netzwerktopologie auch beliebig weit entfernt sein. +Der Authenticator wird vom Service Provider bereitgestellt und ist in dessen Netz eingebunden, es kann sich dabei je nach Integrationsgrad und Zugangsmedium um einen Access Point oder einen Router handeln. Er hat die Aufgabe, den Benutzer zu authentifizieren, indem er mit einen \emph{Authentication Server} (\acr{AS}) kommuniziert. Dieser wiederum kann sich im selben Netzwerk befinden, kann aber in der Netzwerktopologie auch beliebig weit entfernt sein. \begin{figure} \centering - \includegraphics[width=0.6\textwidth]{8021X-Overview.png} - \caption{Netzzugang durch \acr{IEEE 802.1X} (Lizenz: \acr{CC-BY-SA 3.0 DE})} + \includegraphics[width=0.6\textwidth]{8021X-Overview.pdf} + \caption{Netzzugang durch \acr{IEEE 802.1X} (\cite{commons8021X}, Lizenz: \acr{CC-BY-SA 3.0})} \end{figure} \subsection{Benutzerauthentifizierung und -authorisierung (IEEE 802.1X, RADIUS)} diff --git a/lit.bib b/lit.bib index 23243c5..e1a70df 100644 --- a/lit.bib +++ b/lit.bib @@ -1,108 +1,114 @@ -@article{Lopez2007900, -title = "{A network access control approach based on the AAA architecture and -authorization attributes}", -journal = "Journal of Network and Computer Applications", -volume = "30", -number = "3", -pages = "900 - 919", -year = "2007", -note = "", -issn = "1084-8045", -doi = "DOI: 10.1016/j.jnca.2005.07.010", -howpublished = "http://www.sciencedirect.com/science/article/B6WKB-4H3Y8R1-2/2/88b43ba7f229ab0fb00316f6032a1e4a", -author = "Gabriel López and Oscar Cánovas and Antonio F. Gómez and Jesús D. Jiménez and Rafael Marín", -keywords = "Authorization", -keywords = "Access control", -keywords = "Attributes", -keywords = "SAML", -keywords = "XACML" -} - -@article{Lopez2008418, -title = "A proposal for extending the eduroam infrastructure with authorization -mechanisms", -journal = "Computer Standards \& Interfaces", -volume = "30", -number = "6", -pages = "418 - 423", -year = "2008", -note = "Special Issue: State of standards in the information systems security -area", -issn = "0920-5489", -doi = "DOI: 10.1016/j.csi.2008.03.010", -howpublished = -"http://www.sciencedirect.com/science/article/B6TYV-4S0YXPG-B/2/0c98447f805fc208 -08a35c3d64804eb4", -author = "Gabriel López and Óscar Cánovas and Antonio F. Gómez-Skarmeta and -Manuel Sánchez", -keywords = "NAS-SAML", -keywords = "eduroam", -keywords = "eduGAIN", -keywords = "Authorization", -keywords = "AAA" -} - -@article{10.1109/NSS.2009.47, -author = {Fernando Bernal and Manuel Sánchez and Gabriel López and Antonio F. -Gómez-Skarmeta and Óscar Cánovas}, -title = {Trusted Network Access Control in the Eduroam Federation}, -journal ={International Conference on Network and System Security}, -volume = {0}, -isbn = {978-0-7695-3838-9}, -year = {2009}, -pages = {170-175}, -howpublished = {http://doi.ieeecomputersociety.org/10.1109/NSS.2009.47}, -publisher = {IEEE Computer Society}, -address = {Los Alamitos, CA, USA}, -} - -@Misc{cookbook, -title = {{Deliverable DJ5.1.5,3: Inter-NREN Roaming Infrastructure and Service - Support Cookbook}}, -author = {S. Winter and T. Kersting and P. Dekkers and L. Guido and S. - Papageorgiou and Janos Mohacsi and R. Papez and M. Milinovic and D. Penezic - and J. Rauschenbach and J. Tomasek and K. Wierenga and T. Wolniewicz and - José-Manuel Macias-Luna and I. Thomson and {JRA5 group}}, -edition = {Third}, -month = {Oct}, -year = {2008}, -howpublished = {http://www.eduroam.org/downloads/docs/GN2-08-230-DJ5.1.5.3-eduroamCookbook.pdf}, -} - -@Misc{RFC2865, -author = "C. Rigney and S. Willens and A. Rubens and W. Simpson", -year = 2000, -title = "{RFC 2865}: Remote Authentication Dial In User Service ({RADIUS})" -} - -@Misc{RFC1994, -author = "W. Simpson", -year = 1996, -title = "{RFC 1994}: {PPP} Challenge Handshake Authentication Protocol ({CHAP})" -} - -@Misc{RFC1334, -author = "B. Loyd and W. Simpson", -year = 1993, -title = "{RFC 1334}: {PPP} Authentication Protocols" -} - -@Misc{RFC3748, -author = "B. Aboba and L. Blunk and J. Vollbrecht and J. Carlson and H. - Levkowetz", -year = 2004, -title = "{RFC 3748}: Extensible Authentication Protocol ({EAP})" -} - -@Misc{IEEE802.1X, -author = "{IEEE Computer Society}", -year = 2004, -title= "{802.1X IEEE Standard for Local and metropolitan area networks, - Port-Based Network Access Control}" -} - -@Misc{eduroam.org, -author = "eduroam {SA}", -title = "eduroam Website", -howpublished = "http://www.eduroam.org" -} \ No newline at end of file +@article{Lopez2007900, +title = "{A network access control approach based on the AAA architecture and +authorization attributes}", +journal = "Journal of Network and Computer Applications", +volume = "30", +number = "3", +pages = "900 - 919", +year = "2007", +note = "", +issn = "1084-8045", +doi = "DOI: 10.1016/j.jnca.2005.07.010", +howpublished = "http://www.sciencedirect.com/science/article/B6WKB-4H3Y8R1-2/2/88b43ba7f229ab0fb00316f6032a1e4a", +author = "Gabriel López and Oscar Cánovas and Antonio F. Gómez and Jesús D. Jiménez and Rafael Marín", +keywords = "Authorization", +keywords = "Access control", +keywords = "Attributes", +keywords = "SAML", +keywords = "XACML" +} + +@article{Lopez2008418, +title = "A proposal for extending the eduroam infrastructure with authorization +mechanisms", +journal = "Computer Standards \& Interfaces", +volume = "30", +number = "6", +pages = "418 - 423", +year = "2008", +note = "Special Issue: State of standards in the information systems security +area", +issn = "0920-5489", +doi = "DOI: 10.1016/j.csi.2008.03.010", +howpublished = +"http://www.sciencedirect.com/science/article/B6TYV-4S0YXPG-B/2/0c98447f805fc208 +08a35c3d64804eb4", +author = "Gabriel López and Óscar Cánovas and Antonio F. Gómez-Skarmeta and +Manuel Sánchez", +keywords = "NAS-SAML", +keywords = "eduroam", +keywords = "eduGAIN", +keywords = "Authorization", +keywords = "AAA" +} + +@article{10.1109/NSS.2009.47, +author = {Fernando Bernal and Manuel Sánchez and Gabriel López and Antonio F. +Gómez-Skarmeta and Óscar Cánovas}, +title = {Trusted Network Access Control in the Eduroam Federation}, +journal ={International Conference on Network and System Security}, +volume = {0}, +isbn = {978-0-7695-3838-9}, +year = {2009}, +pages = {170-175}, +howpublished = {http://doi.ieeecomputersociety.org/10.1109/NSS.2009.47}, +publisher = {IEEE Computer Society}, +address = {Los Alamitos, CA, USA}, +} + +@Misc{cookbook, +title = {{Deliverable DJ5.1.5,3: Inter-NREN Roaming Infrastructure and Service + Support Cookbook}}, +author = {S. Winter and T. Kersting and P. Dekkers and L. Guido and S. + Papageorgiou and Janos Mohacsi and R. Papez and M. Milinovic and D. Penezic + and J. Rauschenbach and J. Tomasek and K. Wierenga and T. Wolniewicz and + José-Manuel Macias-Luna and I. Thomson and {JRA5 group}}, +edition = {Third}, +month = {Oct}, +year = {2008}, +howpublished = {http://www.eduroam.org/downloads/docs/GN2-08-230-DJ5.1.5.3-eduroamCookbook.pdf}, +} + +@Misc{RFC2865, +author = "C. Rigney and S. Willens and A. Rubens and W. Simpson", +year = 2000, +title = "{RFC 2865}: Remote Authentication Dial In User Service ({RADIUS})" +} + +@Misc{RFC1994, +author = "W. Simpson", +year = 1996, +title = "{RFC 1994}: {PPP} Challenge Handshake Authentication Protocol ({CHAP})" +} + +@Misc{RFC1334, +author = "B. Loyd and W. Simpson", +year = 1993, +title = "{RFC 1334}: {PPP} Authentication Protocols" +} + +@Misc{RFC3748, +author = "B. Aboba and L. Blunk and J. Vollbrecht and J. Carlson and H. + Levkowetz", +year = 2004, +title = "{RFC 3748}: Extensible Authentication Protocol ({EAP})" +} + +@Misc{IEEE802.1X, +author = "{IEEE Computer Society}", +year = 2004, +title= "{802.1X IEEE Standard for Local and metropolitan area networks, + Port-Based Network Access Control}" +} + +@Misc{eduroam.org, +author = "eduroam {SA}", +title = "eduroam Website", +howpublished = "http://www.eduroam.org" +} + +@Misc{commons8021X, +author = "Benutzer Rohieb", +title = "{Wikimedia Commons: File:8021X-Overview.svg}", +howpublished = "http://commons.wikimedia.org/wiki/File:8021X-Overview.svg" +}