1 Opening Wireless Security at the Open 1

1 Opening Wireless Security at the Open 1 X Project Matthew Gast msg@trapezenetworks. com TERENA Net. Connect 2008, May 2008 http: //www. open 1 x. org/ http: //www. openseaalliance. org/ Open. SEA Alliance – Enabling Ubiquitous Secure Network Access |

About me § Founder and board member at the Open. SEA Alliance § Author of 802. 11 Wireless Networks: The Definitive Guide (O’Reilly, 2005) § IEEE 802. 11 member > Secretary of Task Group U (interworking with external networks) § Vice Chair of Wi-Fi Alliance Security Marketing task group § Principal Engineer at Trapeze Networks > > Product architecture & design Long range planning and evolution of wireless LAN technology Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 2

What is the Open. SEA Alliance? § Non-profit organization developing edge network technologies > SEA stands for “secure edge access” § Goal: Create market leading open- source solutions > > Collaborative development & test Both commercial and academic uses § Strong corporate backing for the Open 1 X Project § Founded by industry leaders in May 2007, joined by JANET(UK) § Continued member growth § Important note: I am speaking today on behalf of the organization, not my employer Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 3

4 The Open 1 X Project at Present Open. SEA Alliance – Enabling Ubiquitous Secure Network Access |

The Open 1 X Project § Open source supplicant > > The initial project of the Open. SEA Alliance Project web site: http: //open 1 x. org/ § Goal: To create a robust, multi-platform open-source 802. 1 X client § Three major components > > > Multi-platform core engine technology (XSupplicant) Multi-platform GUI Plug-ins to extend engine’s functionality § Project run by a “project management committee” (PMC) consisting of industry experts > > > Establish & maintain project roadmap Coordinate development Create project infrastructure (build & test environments, web site) Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 5

Open 1 X Architecture Plug ins libtnc crash reporting EAP Methods IPC channel Graphical User Interface Core supplicant engine System Abstraction & Integration Layer (SAIL) Open 1 X driver (IEEE 802. 1 X) Operating system driver Network Medium Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 6

New Modular Supplicant GUI § Cross-platform GUI > Same look and feel across platforms – ideal for diverse computing environments § Engine control & reporting channel is platform-independent and can be connected to any GUI § Improved status monitoring over built-in supplicants Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 7

Supplicant GUI design § Customizeable with QT Designer > Create any skin needed (an eduroam skin? ) § Engine plug-ins can automatically extend GUI displays with new configuration options Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 8

9 The Near Future of Open 1 X Open. SEA Alliance – Enabling Ubiquitous Secure Network Access |

Open 1 X Direction & Goals § Content organized into releases > > Release code names are alphabetical Sea. Ant, Sea. Badger, Sea. Cow, and so on § Roadmap maintained by PMC > Downloadable from http: //www. open 1 x. org/roadmap/ § Who contributes to the roadmap? > > > People on mailing lists (users, developers) – frequently short-term People on the Open 1 X wiki – http: //wiki. open 1 x. org/ Open. SEA Alliance members § Open. SEA members also employ some engineers > No requirement to work on open source road map § Updates > > PMC updates road map at the end of release cycles Open source road map defines feature set for next stable release Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 10

The Next Release (2. 2. x), “Sea Ant” § Major goal: platform support > > Linux and Mac OS X getting feature parity with Windows Extension of Windows support to Vista § EAP method extension > > > PEAP version 1 with EAP-GTC (“Cisco PEAP”) EAP-GTC support (RFC 3748, RFC 3748 with persistent passcode storage, and draft-zhou redefinition for EAP-FAST) TLS configuration support in GUI § Opportunistic Key Caching (OKC) > > Sometimes called Proactive key caching (PKC) Use a single key across multiple cooperating access points, such as a switch-based split-MAC network § Much improved documentation, both developer and user § Lots of clean-up work Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 11

Current Project Infrastructure Projects § Library upgrades > Current versions of Open. SSL, lib. XML, libtnc, iconv, zlib, etc. § Automatic build environment > > Builds on demand Nightly builds & packaging § Automated QA testing & regression checking § Debugging tool improvements Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 12

13 The Not-so-Near Future Open. SEA Alliance – Enabling Ubiquitous Secure Network Access |

How to Help, Part 1: code § Writing code is the “classic” way to contribute to open source projects > > Pick a roadmap item of interest to you Or, write code for a feature that you need – we take all code that works! § See the whole gory list of development tasks here > http: //open 1 x. org/roadmap/Sea. Ant/ Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 14

How to Help, part 2: for non-coders § Matthew is in this category! § Development > Open. SEA may contract some development, but this requires detailed specifications § Direction > Read the roadmap and provide comments > Suggest features or platforms for the roadmap § Testing > Run the supplicant and provide feedback (the crash reporter should make this easy) > Develop automated test scripts, and either contribute results or scripts to community > Report things that work (or don’t work) § Documentation > EAP method configuration > RADIUS server configuration § Support > Join mailing lists to help answer questions Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 15

Future Developments § Extending platform support > > Dual-mode phones Tighter integration with underlying operating systems § Extending standards support > > Plug-in architecture allows users to choose TNC, NAP, NAC, … New wireless security standards such as 802. 11 r and 802. 11 w § New deployment and troubleshooting tools > Centralized configuration support Open. SEA Alliance | Enabling Ubiquitous Secure Network Access - www. openseaalliance. net 16

17 Thanks for listening! Matthew Gast – msg@trapezenetworks. com Web site : http: //www. open 1 x. org XSupplicant Mailing lists: open 1 x-xsupplicant@lists. sourceforge. net open 1 x-developers@lists. sourceforge. net Open. SEA Alliance – Enabling Ubiquitous Secure Network Access | 3/17/2018 Open. SEA Alliance – Enabling Ubiquitous Secure Network Access |