From: Roland Hieber Date: Mon, 28 Jun 2010 13:35:54 +0000 (+0200) Subject: präsentatiopn inkl grafiken X-Git-Url: https://git.rohieb.name/seminar-bachelor.git/commitdiff_plain/881358e6e4d28ff7c4467e1675dd813203a00ba9?hp=e7e145726ad4de7e2ebbe9bdc2671cc61230a463 präsentatiopn inkl grafiken --- diff --git a/8021X-ports.png b/8021X-ports.png new file mode 100644 index 0000000..5f06002 Binary files /dev/null and b/8021X-ports.png differ diff --git a/beamerouterthemetubs.sty b/beamerouterthemetubs.sty new file mode 100644 index 0000000..6f2c2e4 --- /dev/null +++ b/beamerouterthemetubs.sty @@ -0,0 +1,183 @@ +% Copyright of original theme (miniframe theme): + +% Copyright 2003 by Till Tantau +% +% This program can be redistributed and/or modified under the terms +% of the GNU Public License, version 2. + +% +% Changes 2005, 2006 by Jens Brandt +% + +\setbeamercolor{section in head/foot}{parent=palette tertiary} +\setbeamercolor{subsection in head/foot}{parent=palette secondary} +\setbeamercolor{author in head/foot}{parent=subsection in head/foot} +\setbeamercolor{title in head/foot}{parent=section in head/foot} + + +\def\beamer@theme@footline@empty{} +\def\beamer@theme@footline@authorinstitute{ + \defbeamertemplate*{footline}{tubs theme} + {% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}\usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } +} +\def\beamer@theme@footline@authortitle{ + \defbeamertemplate*{footline}{tubs theme} + {% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + \leavevmode{\usebeamerfont{title in head/foot}\insertshorttitle}% + \hfill% + {\usebeamerfont{author in head/foot}\usebeamercolor[fg]{author in head/foot}\insertshortauthor}% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } +} +\def\beamer@theme@footline@institutetitle{ + \defbeamertemplate*{footline}{tubs theme} + {% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + \leavevmode{\usebeamerfont{title in head/foot}\insertshorttitle}% + \hfill% + {\usebeamerfont{institute in head/foot}\usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } +} +\def\beamer@theme@footline@authorinstitutetitle{ + \defbeamertemplate*{footline}{tubs theme} + {% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}\usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + {\usebeamerfont{title in head/foot}\insertshorttitle}% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } +} + +\def\beamer@theme@footline@authorinstitutetitleframenumber{ + \defbeamertemplate*{footline}{tubs theme} + {% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}\usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + {\usebeamerfont{title in head/foot}\insertshorttitle}% + \hfill% + {\usebeamerfont{title in head/foot}\insertframenumber}% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } +} + +\def\beamer@theme@footline@authorinstituteframenumber{ + \defbeamertemplate*{footline}{tubs theme} + {% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}\insertshortinstitute}% + \hfill% + {\usebeamerfont{title in head/foot}\insertframenumber}% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } +} + +\newif\ifbeamer@theme@subsection +\beamer@theme@subsectiontrue + +\DeclareOptionBeamer{footline}{\csname beamer@theme@footline@#1\endcsname} +\DeclareOptionBeamer{subsection}[true]{\csname beamer@theme@subsection#1\endcsname} +\ProcessOptionsBeamer + + +\mode + +\pgfdeclaremask{my-tu-logo-mask}{tu-logo-mask} +\pgfdeclareimage[interpolate=true,mask=my-tu-logo-mask,height=25pt]{my-tu-header}{tu-logo-white} + + + % Head +\defbeamertemplate*{headline}{tubs theme} +{% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line head} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=36pt]{section in head/foot} + \hskip2pt\pgfuseimage{my-tu-header} + \vskip2pt\insertnavigation{\paperwidth}\vskip0.5pt + \end{beamercolorbox}% + \ifbeamer@theme@subsection% + \begin{beamercolorbox}[colsep=1.5pt]{middle separation line head} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{subsection in head/foot} + \usebeamerfont{subsection in head/foot}\insertsubsectionhead + \end{beamercolorbox}% + \fi% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line head} + \end{beamercolorbox} +} + +\definecolor{dark-blue}{rgb}{0.12,0.23,0.62} + +\setbeamercolor{structure}{fg=dark-blue} + + +\setbeamercolor*{palette primary}{use=structure,fg=black,bg=structure.fg!40!white} +\setbeamercolor*{palette secondary}{use=structure,fg=white,bg=structure.fg} +\setbeamercolor*{palette tertiary}{use=structure,fg=white,bg=structure.fg} +\setbeamercolor*{palette quaternary}{fg=white,bg=black} + +\setbeamercolor*{sidebar}{use=structure,bg=structure.fg} + +\setbeamercolor*{palette sidebar primary}{use=structure,fg=structure.fg!10} +\setbeamercolor*{palette sidebar secondary}{fg=white} +\setbeamercolor*{palette sidebar tertiary}{use=structure,fg=structure.fg!50} +\setbeamercolor*{palette sidebar quaternary}{fg=white} + +\setbeamercolor*{titlelike}{use=structure,fg=structure.fg} + +\setbeamercolor*{separation line}{} +\setbeamercolor*{fine separation line}{} + +\mode + + diff --git a/eduroam-arch.png b/eduroam-arch.png new file mode 100644 index 0000000..c5258ca Binary files /dev/null and b/eduroam-arch.png differ diff --git a/eduroam-radius.png b/eduroam-radius.png new file mode 100644 index 0000000..7274efc Binary files /dev/null and b/eduroam-radius.png differ diff --git a/presentation.tex b/presentation.tex new file mode 100644 index 0000000..79449a4 --- /dev/null +++ b/presentation.tex @@ -0,0 +1,196 @@ +\documentclass[]{beamer} + +\usepackage[utf8]{inputenc} +\usepackage{ngerman} +\usepackage{pgf} +\usepackage{url} +\usepackage{colortbl} + +\mode +\useoutertheme[footline=authorinstituteframenumber,subsection=false]{tubs} +\setbeamertemplate{table of contents}[ball] +\setbeamertemplate{items}[ball] +\setbeamertemplate{navigation symbols}{} +%%\setbeamertemplate{blocks}[rounded][shadow=true] + +\mode + +\title{Sicherheit in eduroam} +\subtitle{Seminar Kommunikation und Multimedia, Sommersemester 2010} +\author{Roland Hieber} +\institute[IBR, TU Braunschweig]{Institut für Betriebssysteme und Rechnerverbund\\ + Technische Universität Braunschweig} + +\date{\today} + +% TODO BOXEN!!!!! +\begin{document} + +\frame{\titlepage} + +\section*{Überblick} + +\frame{ + \frametitle{Überblick} + \tableofcontents +} + +\section{Einführung} +\frame{ + \frametitle{Was ist eduroam?} + + \begin{itemize} + \item<1-> "`\emph{edu}cational \emph{roam}ing"' + \item<2-> Verbund aus den Organisationen nationaler Forschungsnetze + \begin{itemize} + \item TERENA -- Trans-European Research and Education Networking Association + \end{itemize} + \item<3-> Ziel: netzübergreifende Benutzerauthentifizierung + \item<4-> Aber auch: Zugriffskontrolle auf die angebotenen Ressourcen (Benutzerautorisierung) + \end{itemize} +} + +\frame{ + \frametitle{Verbreitung} + \begin{figure}[h] + \centering + \includegraphics[width=.8\textwidth]{eduroam-map.png} + \caption{Karte der teilnehmenden Länder \cite{eduroam.org}} + \end{figure} +} + +\section{Architektur} + +\frame{ +\frametitle{IEEE 802.1X} + \begin{figure} + \centering + \includegraphics[width=0.6\textwidth]{8021X-Overview.pdf} + %\caption{Netzzugang durch IEEE 802.1X (\cite{commons8021X})} + \label{fig:8021X} + \end{figure} + \begin{enumerate} + \item<1> Rechner (Supplicants) müssen sich authentifizieren + \item<2-> Authenticator fragt Backend (RADIUS-Server) nach Gültigkeit der Login-Daten + \item<3-> Supplicant hat nach Freigabe Zugriff auf die kontrollierten Ressourcen + \end{enumerate} +} + +\frame{ + \frametitle{IEEE 802.1X: Detail} + \begin{figure} + \centering + \includegraphics[width=\textwidth]{8021X-ports.png} + %\caption{Netzzugang durch IEEE 802.1X (\cite{commons8021X})} + \label{fig:8021Xports} + \end{figure} + Nach erfolgreicher Authentifizierung werden beide kontrollierten Ports aktiviert. +} + +\frame{ + \frametitle{IEEE 802.1X: Extensible Authentication Protocol (EAP)} + Hier soll ein Diagramm erscheinen, das den Nachrichtenverkehr bei der generellen EAP-Authentifizierung darstellt + % TODO +} + +\frame{ + \frametitle{EAP-TLS} + Hier soll ein Diagramm erscheinen, das den Nachrichtenverkehr bei EAP-TLS darstellt + % TODO +} + +\frame{ + \frametitle{EAP-TTLS} + Hier soll ein Diagramm erscheinen, das den Nachrichtenverkehr bei EAP-TTLS darstellt + % TODO +} + +\frame{ + \frametitle{RADIUS} + \begin{itemize} + \item Remote Authentication Dial-In User Service + \item<2-> Protokoll für Authentifizierung, Autorisierung und Accounting (AAA) + \item<3-> RADIUS-Server kann Anfragen entweder selber beantworten oder an einen + anderen Server weiterleiten + \end{itemize} + \only<4->{\begin{figure} + \centering + \includegraphics[width=0.4\textwidth]{eduroam-radius.png} + %\caption{Netzzugang durch IEEE 802.1X (\cite{commons8021X})} + \label{fig:eduroam-radius} + \end{figure}} +} + +\frame{ + \frametitle{Autorisierung anhand weiterer Benutzerattribute} +% \begin{figure}[htb] +% \centering +% \includegraphics[width=0.4\textwidth]{tnc-arch.png} +% %\caption{TNC-Architektur~\cite{10.1109/NSS.2009.47}} +% \label{fig:tnc} +% \end{figure} + \begin{itemize} + \item \emph{Integrity Management Collector (IMC)}: sammelt Attributdaten auf dem Client-System (z.~B. ob ein Virenscanner installiert ist) + \item \emph{Integrity Management Verifier (IMV)}: prüft, ob die übertragenen Attributdaten mit den vom Systemadministrator vergebenen Richtlinien übereinstimmen + \item \emph{Network Access Requestor (NAR)}: auf der Client-Seite für den Aufbau einer Netzwerkverbindung zuständig. (meist IEEE~802.1X Supplicant). + \item \emph{Network Access Authority (NAA)}: regelt auf der Server-Seite den Zugriff der anfragenden Clients $\Rightarrow$ im RADIUS-Server integriert + \end{itemize} +} + +\section{eduGAIN} +\frame{ + \frametitle{eduGAIN} + \begin{figure}[htb] + \centering + \includegraphics[width=0.6\textwidth]{edugain-arch.png} +% \caption{eduGAIN-Architektur~\cite{Lopez2008418}} + \label{fig:edugain} + \end{figure} + \begin{itemize} + \item Regelung des Zugriffs über manuell zugewiesene Attribute + \item<2-> Netzwerkübergreifende Kommunikation über \emph{Bridged Elements} + \begin{itemize} + \item Abstraktion der institutionsspezifischen Protokolle + \end{itemize} + + \end{itemize} + +} + +\section{Sicherheitsbetrachtungen} +\frame{ + \frametitle{Sicherheitsbetrachtungen} + \begin{itemize} + \item Denial of Service durch gefälschte EAPOL-Pakete + \item<2-> Gefälschte Zertifikate $\Rightarrow$ Benutzer muss wissen, was er tut + \item<3-> RADIUS-Root-Server ist Single Point of Failure + \item<4-> Kommunikation zwischen RADIUS-Server nicht gesichert + \end{itemize} +} + +\section{Ausblick} +\frame{ + \frametitle{Ausblick} + \begin{itemize} + \item eduroam-ng (\emph{eduroam next generation}) + \item<2-> Migration RADIUS $\rightarrow$ RadSec + \begin{itemize} + \item<3-> Gesicherte Kommunikation zwischen RADIUS-Servern + \item<4-> Peer Discovery: automatisierte Feststellung des zuständigen RADIUS-Servers anhand von DNS-Einträgen (\url{_radiustls._tcp.idp.org}) $\Rightarrow$ kein SPoF mehr + \end{itemize} + + \end{itemize} + +} + +\frame{ + \centerline{\bf\LARGE Thank you!} +} + +\frame{ + \frametitle{Quellenangaben} + \bibliographystyle{plain} + \bibliography{lit} +} + +\end{document} \ No newline at end of file diff --git a/seminar.kilepr b/seminar.kilepr index 6ac228d..d8ef53a 100644 --- a/seminar.kilepr +++ b/seminar.kilepr @@ -4,7 +4,7 @@ img_extIsRegExp=false img_extensions=.eps .jpg .jpeg .png .pdf .ps .fig .gif kileprversion=2 kileversion=2.1 beta2 -lastDocument=authz.tex +lastDocument=presentation.tex masterDocument=ausarbeitung.tex name=Seminar pkg_extIsRegExp=false @@ -16,13 +16,31 @@ src_extensions=.tex .ltx .latex .dtx .ins MakeIndex= QuickBuild= -[item:architektur.tex] +[item:8021X-Overview.pdf] archive=true column=0 +encoding= +highlight= +line=0 +open=false +order=-1 + +[item:8021X-Overview.svg] +archive=true +column=3080297 +encoding= +highlight= +line=0 +open=false +order=-1 + +[item:architektur.tex] +archive=true +column=841 encoding=UTF-8 highlight=LaTeX -line=40 -open=true +line=43 +open=false order=1 [item:ausarbeitung.tex] @@ -30,43 +48,79 @@ archive=true column=0 encoding=UTF-8 highlight=LaTeX -line=0 +line=40 open=true order=0 [item:ausblick.tex] archive=true -column=0 +column=324 encoding=UTF-8 highlight=LaTeX -line=7 +line=8 open=true -order=5 +order=3 [item:authn.tex] archive=true -column=18 +column=0 encoding=UTF-8 highlight=LaTeX -line=26 -open=true +line=40 +open=false order=6 [item:authz.tex] archive=true -column=804 +column=0 encoding=UTF-8 highlight=LaTeX -line=8 +line=1 open=true -order=7 +order=1 + +[item:beamerouterthemetubs.sty] +archive=true +column=27 +encoding=UTF-8 +highlight=LaTeX +line=18 +open=false +order=9 + +[item:edugain-arch.png] +archive=true +column=0 +encoding= +highlight= +line=0 +open=false +order=-1 + +[item:eduroam-map.png] +archive=true +column=7864421 +encoding= +highlight= +line=0 +open=false +order=-1 + +[item:eduroam-map.svg] +archive=true +column=7864320 +encoding= +highlight= +line=0 +open=false +order=-1 [item:einfuehrung.tex] archive=true column=0 encoding=UTF-8 highlight=LaTeX -line=6 +line=12 open=false order=5 @@ -84,10 +138,19 @@ archive=true column=1 encoding=UTF-8 highlight=BibTeX -line=55 -open=true +line=151 +open=false order=3 +[item:presentation.tex] +archive=true +column=150 +encoding=UTF-8 +highlight=LaTeX +line=178 +open=true +order=2 + [item:seminar.kilepr] archive=true column=0 @@ -99,11 +162,11 @@ order=-1 [item:sicherheit.tex] archive=true -column=0 +column=34 encoding=UTF-8 highlight=LaTeX -line=11 -open=true +line=2 +open=false order=4 [item:tnc-arch.png] @@ -117,9 +180,9 @@ order=-1 [item:zusammenfassung.tex] archive=true -column=316 +column=6 encoding=UTF-8 highlight=LaTeX -line=5 -open=true +line=6 +open=false order=2 diff --git a/tu-logo-mask.png b/tu-logo-mask.png new file mode 100644 index 0000000..c29447f Binary files /dev/null and b/tu-logo-mask.png differ diff --git a/tu-logo-white.png b/tu-logo-white.png new file mode 100644 index 0000000..96f9bf0 Binary files /dev/null and b/tu-logo-white.png differ