[Docs] [txt|pdf] [Tracker] [Email] [Nits]

Versions: 00

                                                          Jacques Caron
   INTERNET-DRAFT                                IP Sector Technologies
   Expires: August 2002                                   February 2002


                    Public Wireless LAN roaming issues

              <draft-caron-public-wlan-roaming-issues-00.txt>



1 Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

2 Abstract

   Public wireless Internet access zones based on IEEE 802.11 [1]
   wireless LAN technology are becoming common. However, many issues
   are impeding further adoption of the technology by end-users, in
   particular the inability or difficulty to roam between the networks
   of different providers. This document aims to document these issues,
   show how they are different from roaming in other contexts such as
   dialup access to the Internet or GSM roaming, and how current
   solutions do not fully address these issues. Future documents will
   try to address these issues with practical solutions.

Table of Contents

   1 Status of this Memo..............................................1
   2 Abstract.........................................................1
   3 Introduction.....................................................2
   4 Terminology......................................................2
   5 Conventions used in this document................................3


   Caron         Informational - Expires August 2002                1
   INTERNET-DRAFT Public Wireless LAN Roaming Issues     February 2002



   6 Public Wireless Internet access zones............................3
   7 Roaming requirements.............................................3
   7.1 Transparent roaming............................................4
   7.2 Security.......................................................4
   7.3 Scalability....................................................5
   7.4 Cost transport and accounting..................................5
   7.5 Private access.................................................6
   7.6 Other requirements.............................................7
   7.7 Non-requirements...............................................7
   8 Existing setups..................................................7
   8.1 Attaching to the wireless LAN..................................8
   8.2 Getting an IP address and other parameters.....................8
   8.3 Filtering and connection hijacking.............................8
   8.4 WWW-based authentication.......................................8
   8.5 Back-end systems...............................................8
   8.6 Issues with existing setups....................................9
   9 Alternate solutions..............................................9
   10 Security Considerations........................................10
   11 References.....................................................11
   12 Author's Addresses.............................................12

3 Introduction

   Public wireless Internet access zones (also known as "hot spots"),
   commonly based on IEEE 802.11 wireless LAN technology are becoming
   common. However, many issues are impeding further adoption of the
   technology by end-users, in particular the inability or difficulty
   to roam between the networks of different providers.

   The rest of this document is structured as follows. Section 6 gives
   a brief description of the workings of public wireless Internet
   access zones. Section 7 shows why roaming is so important in this
   context, and how it is different from other roaming environments,
   such as dialup Internet access or GSM roaming. Section 8 describes
   current solutions used to address authentication and possibly
   roaming. Section 9 describes the issues found in these setups and
   other possible issues.

4 Terminology

   WISP   Wireless Internet Service Provider. An organization which
          provides access to the Internet via Wireless LAN
          infrastructure.

   WLAN   Wireless LAN, using e.g. IEEE 802.11 protocols.




   Caron          Informational - Expires July 2002                 2
   INTERNET-DRAFT Public Wireless LAN Roaming Issues     February 2002



5 Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in
   this document are to be interpreted as described in RFC-2119 [2].

6 Public Wireless Internet access zones

   Public wireless Internet access zones are locations equipped by
   Wireless Internet Service Providers (WISPs) with appropriate
   hardware so that any user with a device (such as a laptop or PDA)
   and an appropriate network card can attach to the wireless network,
   access the Internet, and use any application relying on it, such as
   e-mail, WWW browsing, remote access to a corporate network (VPN),
   etc. while present in the coverage area.

   Currently, most such setups rely on the IEEE 802.11 Wireless LAN
   technology, which provides cheap and fast connections (up to several
   megabits per second), and a reasonable coverage area. The technology
   is also extensively used within corporate and home boundaries, which
   allow the reuse of existing hardware and minimum reconfiguration.

   Such an access zone usually consists of one or more access points
   providing the interface between the wireless devices and the wired
   network, and some form of access controller (which may be integrated
   within an access point) which checks that the user is properly
   authenticated and authorized, and may perform such functions as
   accounting, online subscription, provide local information services,
   etc. The whole setup is then connected to the public Internet.

   In most cases, authentication and authorization is actually relayed
   to some central server holding the database of authorized users.
   When roaming between different providers is implemented, additional
   relaying can occur until the appropriate server is reached.

7 Roaming requirements

   For the public WLAN access model to become widely accepted, it is
   necessary to build up critical mass, by having very extensive
   coverage, without the need for users to sign up with multiple
   different providers.

   This requires roaming, as can be found in Internet dialup access
   (discussed at length in the works of the roamops working group [3,
   4]) or GSM networks, but an important difference makes it even more
   of a requirement: the limited coverage of WLAN networks.

   Internet dialup relies on the existing PSTN (public switched
   telephone network) infrastructure, which allows for access from
   nearly any location in the world (even though it might come at a


   Caron          Informational - Expires July 2002                 3
   INTERNET-DRAFT Public Wireless LAN Roaming Issues     February 2002



   cost). It is not uncommon in many countries to have "nationwide"
   numbers which allow Internet access for the price of a local call
   from anywhere in the country. This means that a single ISP
   participating in the roaming system the user subscribes to is enough
   for that whole country.

   GSM networks have cells that can cover up to hundreds of square
   kilometers, and often have regulatory requirements for widespread
   coverage. Hence, here also, a single GSM operator in the country
   having a roaming agreement with the home GSM network is often
   enough. In the worst case, the number of GSM operators in a country
   is anyway limited to a very small number, usually a handful at most.

   In comparison, a WLAN cell coverage radius is only a few hundred
   meters. For this reason, WLAN coverage by any given operator remains
   limited, and a much larger number of operators of all sizes (from
   one access point to several thousand or more) will be required to
   get any decent coverage and reach critical mass.

7.1 Transparent roaming

   Like for Internet dialup or GSM roaming, it is felt necessary that
   authentication of users roaming to a public WLAN should be
   transparent, i.e. does not require any manual action from the user,
   or the use of a specific application.

   The first point is that no specific reconfiguration should be needed
   when roaming, not only from one public WLAN to another, but also
   from a private WLAN (at home or at work) to a public one, and vice
   versa.

   It is also important to make sure the public WLAN can be used for
   any IP-based service, including e-mail, VoIP, corporate VPN access,
   etc. without requiring prior launch of a web browser, for instance,
   which might not even be implemented on the specific device being
   used (such as a VoIP phone).

7.2 Security

   Due to the very nature of wireless technology, authentication
   exchanges must be protected against eavesdropping, which includes
   capture of clear-text passwords, but also offline dictionary attacks
   against encrypted credentials.

   Given the wide number of WISPs of all sizes that will be used, it is
   difficult to ascertain a trust relationship with every one of them.
   For this reason, it is imperative that credentials be protected end-
   to-end, i.e. between the client and its home authentication server.




   Caron          Informational - Expires July 2002                 4
   INTERNET-DRAFT Public Wireless LAN Roaming Issues     February 2002



   WLANs also allow the easy set up of "rogue" access points (a
   problematic which does not exist in the dialup or GSM world), that
   could attempt to act like a legitimate access point to try to
   capture credentials. This again requires end-to-end protection of
   login information, as well as means for the user to be sure that the
   access point has access to its home server (mutual authentication).

   Due to the possible lack of trust, and the probability that billing
   will be at least in part duration based, it is also important that
   home authentication servers (and indirectly users) can be sure that
   visited networks cannot "cheat" on accounting by extending session
   durations beyond their real lifetime. For this reason, it must be
   possible for home servers to periodically re-authenticate roaming
   users.

   Conversely, it is also important for WISPs to make sure they will be
   paid for the services provided, and hence have non-repudiation
   mechanisms in place. This is detailed in section 7.4.

   Another problem is the ability for another user to eavesdrop on a
   legitimate user connection, take note of MAC and IP addresses, and
   take its place as soon as the previous user left. This should be
   addressed by some kind of local and/or end-to-end periodic re-
   authentication.

7.3 Scalability

   Given the very high number of WISPs that will be needed to get
   decent coverage, and the need for global roaming, the roaming system
   must be highly scalable. It is also doubtful - and undesirable -
   that one single organization (roaming broker) will be able to build
   relationships will all actors in the market, and handle them
   efficiently.

   It this thus necessary to envision an "open" roaming model, which
   would allow for more complex chains of roaming intermediaries
   between a network operator and a home authentication server, much
   like Internet routing can go through a complex path through multiple
   ISPs with various peering and transit relationships.

   Exactly like in the Internet where global connectivity is a
   requirement, it is very important that this open model ensure that
   roaming can be global, and that there is always a path between any
   network operator and any authentication server.

7.4 Cost transport and accounting

   Due to the requirements for a scalable and open roaming model, and
   given the diversity of the cost structures of various WLAN
   operators, it is desirable that any protocols used for carrying


   Caron          Informational - Expires July 2002                 5
   INTERNET-DRAFT Public Wireless LAN Roaming Issues     February 2002



   authentication and authorization requests also carry cost
   information.

   This information must be described in a format that accounts for all
   known billing scenarios (duration-based, volume-based, flat-fee,
   pre-pay, initial and subsequent increments...), and can be easily
   parsed and interpreted. The data may be modified along the way to
   reflect roaming agreements (commissions of roaming brokers).

   This information should also take into account different currencies,
   and it is expected that roaming brokers will handle the conversion
   between different currencies.

   This cost information should be present in:

   - authentication/authorization requests sent to the home server
   (which might refuse "too expensive" connections based on the
   requesting user's plan, for instance);

   - in requests presented to the client during the authentication
   process, so the user can approve (eventually in an automated
   fashion) the costs that are presented;

   - in positive authorization responses, with a means to certify that
   the responding entity (home server or intermediate broker) agrees to
   these costs (e.g. a digital signature);

   - in interim and final accounting messages;

   - in accounting message confirmations, with a non-repudiation
   mechanisms such as a digital signature.

   Note that the cost information and any digital signatures are only
   local to the relationship between any two operators (or between the
   end user and the home server, in the case of costs presented to the
   end user), since intermediaries are able to modify these costs.

   Digital signatures or equivalent mechanisms might also be needed on
   the client acceptation of the costs presented.

7.5 Private access

   Given the fact that contrary to dialup and GSM technologies, WLAN
   technologies are very often used in the home and office
   environments, it is important that any solutions used for public
   access be compatible with private access, without the need for
   complex reconfiguration.





   Caron          Informational - Expires July 2002                 6
   INTERNET-DRAFT Public Wireless LAN Roaming Issues     February 2002



   It might also be possible to encourage operators of home and
   corporate WLAN networks to provide both private and public access,
   and handle appropriately different classes of users.

7.6 Other requirements

   It is necessary that users that are not properly authenticated be
   able to get access to some resources, such as free local resources,
   servers providing service information and on-line subscription, help
   or customer service information, etc.

   This might be achieved by assigned such customers to a distinct VLAN
   and/or IP network, or through filtering.

   As much as possible, emphasis should be placed on solutions that can
   be easily used, ported, and installed on a wide variety of
   platforms, and not have too many dependencies on specific hardware,
   firmware, drivers or operating systems.

   It is also important that any solutions allow easy roaming to and
   from other types of wireless (and maybe wired) networks, in
   particular GPRS, due to the complementing nature of GPRS and WLAN
   access technologies (wide coverage at low speed vs. limited coverage
   at high speeds).

7.7 Non-requirements

   Once the client is properly authenticated and authorized, the
   question of the protection of the data flowing to/from the client is
   often raised, given the nature of wireless technology.

   It is however felt by the author that any local encryption on the
   wireless media only provides a false sense of security, since data
   could be then easily captured by untrusted WISPs once it reaches the
   wired network.

   For this reason, use of end-to-end protection mechanisms, such as
   IPsec (e.g. for VPN access to a corporate network) or SSL/TLS (for
   web browsing or e-mail transfer) is a better solution that needs to
   be encouraged.

8 Existing setups

   Most existing setups in public WLAN access zones (other than those
   where access is free and no identification is required) use some
   form of Web-based authentication and connection hijacking, described
   below.





   Caron          Informational - Expires July 2002                 7
   INTERNET-DRAFT Public Wireless LAN Roaming Issues     February 2002



8.1 Attaching to the wireless LAN

   Access points are usually configured in the most "open" way
   possible: there is no authentication and no encryption, thus any
   user with a compatible device can attach to the WLAN and reach any
   other devices connected to the network.

8.2 Getting an IP address and other parameters

   All configuration is usually done via DHCP [5], which allows the
   user device to get a lease for an IP address, and other parameters
   such as default gateway, DNS servers, etc. Here again, there is no
   authentication, and any user can get this information.

8.3 Filtering and connection hijacking

   Until the user is properly authenticated and authorized, most
   traffic is not authorized between WLAN users and the rest of the
   global Internet. However, any attempt to reach a WWW server using
   the HTTP protocol [6] over a TCP connection to the well-known port
   for this protocol (port 80), is captured locally, and results in a
   "redirect" towards a pre-defined target, usually a WWW server
   providing an authentication interface, as defined below.

   An exception is made so that any user can get access to "free"
   resources, which include the WWW-based authentication server, and
   eventually service information, online subscription and online help
   servers.

8.4 WWW-based authentication

   Here, a Web based interface allows the user to enter authentication
   information, usually a username and a password. The web server
   providing this interface can be either a device local to the hot
   spot, or some remote server to which access is allowed even if the
   user is not yet properly authorized.

   The WWW interface is usually secured using the HTTPS [7,8] protocol
   (SSL or TLS [9]) rather than regular HTTP. This allows for
   protection from eavesdropping on the wireless LAN.

   Once the user has provided appropriate credentials and they have
   been verified, filters are changed so that the user gets full access
   to the Internet.

8.5 Back-end systems

   Back-end handling of authentication and accounting is not
   standardized, but it is believed to be often based on RADIUS, with
   the possible addition of proprietary extensions.


   Caron          Informational - Expires July 2002                 8
   INTERNET-DRAFT Public Wireless LAN Roaming Issues     February 2002



8.6 Issues with existing setups

   It is pretty clear that the existing setups do not meet all of the
   requirements set forth in section 7, in particular:

   - roaming is not transparent, user interaction using a WWW browser
   is required;

   - roaming is not secure, data can be captured by rogue APs.

   Beyond that, there is no standard solution to carry authentication
   information from the authentication gateways to the home server that
   would meet all the requirements, in particular:

   - open, scalable roaming

   - transport of cost information

   - non-repudiation

9 Alternate solutions

   One alternate solution lies in the use of IEEE 802.1X [10], an
   implementation of EAP [11] as a network port access control
   technique, together with appropriate EAP methods such as EAP TLS
   [12] or EAP SRP [13], as the network-to-client authentication
   interface. This would indeed satisfy many requirements, with the
   following issues remaining:

   - 802.1X requires low-level integration into firmware, drivers
   and/or operating systems, both in the infrastructure and in the
   clients, which might delay its widespread adoption.

   - there is a need to present cost information to the user, and get
   his/her acceptance of this cost, possibly within EAP.

   Until 802.1X is widely deployed, an equivalent, but easily portable
   authentication method is required. Extensions to support cost
   presentation and approval are also needed.

   On the back-end side, RADIUS or Diameter, transporting EAP, might
   constitute a good basis for the requirements set forth, however a
   number of extensions are needed:

   - cost information encoding and handling;

   - the ability to route authentication information for any user to
   its home server, via a possibly complex chain of intermediaries;

   - non-repudiation mechanisms;


   Caron          Informational - Expires July 2002                 9
   INTERNET-DRAFT Public Wireless LAN Roaming Issues     February 2002



   - in the case of RADIUS, additional security to compensate for the
   known deficiencies of the protocol.

10 Security Considerations

   Security in a wireless roaming environment is paramount, and is
   considered in section 7.2 above.













































   Caron          Informational - Expires July 2002                10
   INTERNET-DRAFT Public Wireless LAN Roaming Issues     February 2002



11 References



   1  Information technology - Telecommunications and information
      exchange between systems - Local and metropolitan area networks -
      Specific Requirements Part 11:  Wireless LAN Medium Access
      Control (MAC) and Physical Layer (PHY) Specifications, IEEE Std.
      802.11-1999, 1999.

   2  RFC 2119 Bradner, S., "Key words for use in RFCs to Indicate
      Requirement Levels", BCP 14, RFC 2119, March 1997

   3  RFC 2914 Aboba, B. et al., "Review of Roaming Implementations",
      RFC 2914, September 1997

   4  RFC 2477 Aboba, B., G. Zorn, "Criteria for Evaluating Roaming
      Protocols", RFC 2477, January 1999

   5  RFC 2131 Droms, R., "Dynamic Host Configuration Protocol", RFC
      2131, March 1997.

   6  RFC 2616 Fielding, R., J. Gettys, J. Mogul, H. Frystyk, L.
      Masinter, P. Leach, T. Bernlers-Lee, "Hypertext Transfer Protocol
      -- HTTP/1.1", June 1999.

   7  RFC 2817, Khare, R., S. Lawrence, "Upgrading to TLS Within
      HTTP/1.1", May 2000

   8  RFC 2818, Rescorla, E., "HTTP Over TLS", May 2000.

   9  RFC 2246, Dierks, T., C. Allen, "The TLS Protocol Version 1.0",
      January 1999

   10 IEEE Standards for Local and Metropolitan Area Networks: Port
      based Network Access Control, IEEE Std 802.1X-2001, June 2001.

   11 RFC 2284, Blunk, L., J. Vollbrecht, "PPP Extensible
      Authentication Protocol (EAP)", March 1998.

   12 RFC 2716, Aboba, B., D. Simon, "PPP EAP TLS Authentication
      Protocol", October 1999.

   13 <draft-ietf-pppext-eap-srp-03.txt>, Carlson, J., B. Aboba, H.
      Haverinen, "EAP SRP-SHA1 Authentication Protocol", July 2001,
      work in progress.






   Caron          Informational - Expires July 2002                11
   INTERNET-DRAFT Public Wireless LAN Roaming Issues     February 2002



12 Author's Addresses



   Jacques Caron
   IP Sector Technologies
   Ecluse 36c
   2000 Neuchatel
   Switzerland
   Phone:  +41 79 699 8389
   Email:  jcaron@ipsector.com









































   Caron          Informational - Expires July 2002                12


Html markup produced by rfcmarkup 1.129b, available from https://tools.ietf.org/tools/rfcmarkup/