UNIBE.6

A4-Mesh

Long Title: Authentication, Authorization, Accounting, and Auditing in Wireless Mesh Networks
Leading
Organization:
Universität Bern
Participating
Organizations:
Université de Neuchâtel
SWITCH - Teleinformatikdienste für Lehre und Forschung
Domain: AAA
Status: finished
Start Date: 04.01.2011
End Date: 30.10.2012
Project Leader: T. Braun
Deputy Project Leader: A. Jamakovic-Kapic
Website: https://A4-mesh.unibe.ch/

Improved mesh networks can enable outdoor monitoring and surveillance applications. A4-Mesh has developed a completely functional wireless mesh infrastructure including support for authentication and authorization, accounting, and auditing.

(see also project exension eA4-Mesh)

Results

Component Description
Project website Project description and documentation
Document storage (internal) Documents related to the project (internal)
Software and documentation (internal) Software packages related to the authorization and authentication mechanisms.
Software that related to the integration of the ADAM Linux branches of UNIBE and UNINE
Software packages including hostapd, iw, and brctl along with the respective configuration files.
Documentation and installation manual for short term and long-term accounting (incl. charging), and monitoring mechanisms based on Netflow.
Software packages for ALIX nodes including the compilation script and configuration for softflowd.
Indoor testbeds Deployment of two indoor test beds at UNIBEand UNINE
Wireless mesh network pilot Design and hardware implementation of a fully functional outdoor mesh-node, and the deployment of pilot wireless mesh network for supporting environmental research requirements in the Crans- Montana-Sierre region.
Extension pilot network Pilot network for extending campus network connectivity at UNIBE IT
Authentication Design and implementation of machine and end-user authentication and authorization mechanisms based on SWITCHaai. Solution has been published in the IEEE HOTMESH 2012 ("Authorisation and Authentication Mechanisms in support of Secure Access to WMN Resources").
Publications and demos Several publications, presentations and demonstrations have been done during the project, and about 10 press articles about A4-Mesh have been published.

The focus of the A4-Mesh project was the development and integration of innovative authentication and authorization, auditing, and accounting mechanisms (A4) into a fully functional wireless mesh network infrastructure, and its deployment in two application scenarios, namely a campus extension scenario and an environmental monitoring scenario in the Swiss Alps. The last application for supporting environmental research requirements has been particularly successful. As a result researchers are able to access their measurement devices and onsite data storages directly from the university and the network users are able to access the Internet at any time. Furthermore, the integration of the mechanisms for authentication and authorisation made it possible to access the network in a secure way because of the integration into the authentication and authorization infrastructure (AAI) of Swiss higher education based on SWITCHaai mechanisms. Furthermore, the A4-Mesh offers detailed accounting functions, which provide information about traffic consumptions of each particular user. The A4-Mesh monitoring infrastructure allows us to monitor every parameter provided by the ADAM operating system. It might be an amount of free memory on the ALIX node, or number of retransmissions on the particular interface. The monitoring web interface is easily configurable by the administrator.


Goals

To successfully use wireless mesh networks in the area of Swiss higher education, wireless mesh networks have to support authentication, authorization, accounting, and auditing. They must also be seamlessly integrated into the organizations' authentication and authorization infrastructure. As there are usually multiple concurrent users of the network, the wireless mesh network has to support accounting to enable billing the costs to the different users and to support network management. For a successful operation of a wireless mesh network, inconsistent and erroneous states in the networks have to be detected and resolved. This requires constant auditing of network state and configuration.
The project will achieve the following specific goals:

  1. Authentication and authorization: Network nodes, clients (end systems), network users and administrators are authenticated (and authorized).
  2. Accounting: Network characteristics and traffic is monitored; individual charging, short-term accounting on the nodes and long-term aggregation on a central server are possible.
  3. Auditing: Inconsistent or erroneous node states are automatically detected and states recovered.
  4. Test beds, pilot networks and user trials: Indoor test beds for iterative testing, outdoor pilot networks for evaluation under realisitic scenarios and connection of small remote sites with cost-efficient backup links are deployed.
  5. Demonstration ans Dissemination: A4-Mesh is demonstrated to the public using the pilot networks (environmental research and campus network extension show-cases).

Benefits

The project will allow to increase the coverage of campus networks and networks for environmental monitoring applications.
With the approaches developed in A4-Mesh the organizations of Swiss higher education can easily extend the coverage of their campus networks, e.g., when sites of a University are several 100 m or kms away from the main campus.
They can also connect remote sites for research projects or events.
Many research projects in different research areas (climate research, geology and biology) may profit from an easily deployable outdoor wireless network that supports high speed network access as well as authentication and authorization based on SWITCHaai and mechanisms for accounting and auditing.
A4-Mesh also supports the concurrent use of the wireless network infrastructure by multiple projects with the ability of a detailed accounting and billing.
The project reduces the network maintenance costs by auditing functions that may trigger recovery mechanisms of the network.

Development

First the system architecture has to be defined. Then the following parts will be designed and implemented:

  • authentication mechanisms for network nodes and end systems
  • authorization functions, software package including user documentation
  • short term accounting mechanisms and integration of short term accounting data to diversity network setup
  • long-term accounting incl. charging, software package for accounting including user documentation
  • network monitoring and auditing functions
  • self-healing mechanisms
  • alarming infrastructure
  • software package for network monitoring and auditing functions
  • definition of indoor test beds and pilot network (environmental research show case)
  • setup of indoor test beds
  • agreements with land owners for environmental research pilot network
  • test setup of environmental research pilot network
  • initial setup of environmental research pilot network, pilot network for campus network extension and pilot network for redundant connectivity of small remote sites
  • demonstration events ("A4-Mesh Info-Day" is planned in November 2011)
  • evaluation

Back