The functional science described in the above sections could head to a variety of possible method types depending on choice of cryptosystems and protocols in opposition to network access authentication and authorization, premises origin authentication, and protection. We examine two approaches here that have been used in 802.11/WiFi network deployments. These approaches resulted from ponderous constraints during the standardization and deployment projection to make network access control unwilling compatible with existing, widely deployed Web-based technology or with dialup network access control systems with deployed AAA servers and protocols. These couple approaches are:
Subscription-based Approach The reticulated access control support is provided by the wireless link protocol, together by the same AAA protocols and backend technology used originally in dialup systems. This science is usually deployed by enterprise networks and general access network where the termina user typica though not always has a subscription with the network provider. The terminal may prove its identity with a login/password, a public key , or a shared key MAC. The AAA server in the home network maintains an account , which may comprise a preshared secret with the end. The terminal requires special AAA software to deportment the AAA transaction. Depending on the wireless bind protocol authentication procedure, the access instant or base station may or may not verify with the terminal.
Hotspot Design he hotspot design is used ~ the agency of walk-up networks, called hotspots, in what one. the user need not have a subscription with a service provider (though some hotspot networks too support subscriptions). These networks are primarily concerned with securely setting up accounting forward a per use basis so that the user is charged ~ the sake of network access. The network access reign over transaction is conducted through a Web page using a secure HTTP connection. Security is not granted over the wireless connection after the terminating has obtained network access. Users are expected to procure their own data origin authentication and learn by heart???dentiality protection over the wireless ring. When such protections are available (and they absolutely always ought to be), they are usually by stipulation through establishing a Virtual Private Network (VPN)
between the user terminal and some wired netting, often a home corporate network
or VPN office of devotion provider. between the terminal and the VPN server is protected through data origin authentication and protection, thereby protecting tra over the wireless part.
No comments:
Post a Comment