Integrated Congnitive Management System- Hostapd

Integrated Congnitive Man-agement System-Hostapd

2014 YU-ANTL Seminal

Hyun dong HwangAdvanced Networking Technology Lab. (YU-ANTL)

Dept. of Information & Comm. Eng, Graduate School, Yeungnam University, KOREA

(Tel : +82-53-810-3940; Fax : +82-53-810-4742http://antl.yu.ac.kr/; E-mail : [email protected])

http://antl.yu.ac.kr/

Advanced Networking Tech. Lab.Yeungnam University (YU-ANTL)

YU-ANTL Lab SeminalHyun dong Hwang2

Outline Integrated Cognitive Management System Hostapd & Wpa_Supplicant 802.11r Fast transition Current procedure Hostapd configuration Reference



Integrated Cognitive Management Sys-tem

Integrated Cognitive Management System Topology



Hostapd & Wpa_Supplicant Hostapd

hostapd is a user space daemon for access point and authenti-cation servers. It implements IEEE 802.11 access point man-agement,

IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server.

The current version supports Linux (Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211).

hostapd is designed to be a "daemon" program that runs in the background and acts as the backend component controlling au-thentication.

hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd.



Hostapd & Wpa_Supplicant Hostapd features

WPA-PSK (WIFI protected Access) WPA with EAP (with integrated EAP server or an external RA-

DIUS backend authentication server) ("WPA-Enterprise") key management for CCMP, TKIP, WEP104, WEP40 WPA and full IEEE 802.11i/RSN/WPA2 RSN: PMKSA caching, pre-authentication IEEE 802.11r IEEE 802.11w RADIUS accounting RADIUS authentication server with EAP Wi-Fi Protected Setup (WPS)



Hostapd & Wpa_Supplicant Wpa_supplicant

wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN).

Supplicant is the IEEE 802.1X/WPA component that is used in the client stations.

It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/associa-tion of the wlan driver.

wpa_supplicant is designed to be a "daemon" program that runs in the background and acts as the backend component control-ling the wireless connection.

wpa_supplicant supports separate frontend programs and a text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with wpa_supplicant.



Hostapd & Wpa_Supplicant Wpa_supplicant features

WPA-PSK ("WPA-Personal") WPA with EAP (e.g., with RADIUS authentication server) ("WPA-

Enterprise") key management for CCMP, TKIP, WEP104, WEP40 WPA and full IEEE 802.11i/RSN/WPA2 RSN: PMKSA caching, pre-authentication IEEE 802.11r IEEE 802.11w Wi-Fi Protected Setup (WPS)



Current procedure Current Problem

If do not using Bridge port, Wpa_cli command ft_ds(run the Fast BSS Transition) is not transport to target AP

If using Bridge port, network DNS server not working



802.11r Fast transition 802.11 Key Hierarchy



802.11r Fast transition 802.11r Action Frame



802.11r Fast trasition 802.11r FT Request Frame



802.11r Fast trasition 802.11r FT Respone Frame



802.11r Fast transition FT Confirm frame



802.11r Fast transition FT ACK frame



Over-the-DS FT Protocol authentication in an RSN



Over-the-DS FT Protocol authentication in an RSN



Current procedure Test Topology

STA1 : WPA_Supplicant STA2 : WPA_Supplicant

AP1 : Hostapd AP2 : Hostapd

Bridge portEthernet

STA

Wpa_supplicant Wpa_cli

AP

Hostapd Hostapd_cli



Current topology Network dirver : ath9k(NL80211)

Ethernet Ethernet

bridgeUbuntu 12.04 LTSKernel : 2.6.38-8-generic

Hostapd 2.0LAN CARD : TP-LINK TL WDN4800

Ubuntu 12.04 LTSKernel : 2.6.38-8-genericHostapd 2.0LAN CARD : TP-LINK TL WDN4800

Ubuntu 12.04 LTSKernel : 2.6.38-8-generic

Wpa_supplicant 2.0LAN CARD : TP-LINK TL WDN4800



Hostapd 2.0 Ubuntu 12.04 일때 필수 설치 라이브러리

libnl-1, libnl-2, libnl-1-dev, libnl-2-dev, bridge-utils, iw, openssl(libssl-dev)

Compat wireless module(for ath9k driver) 은 더 이상 지원 안함

Ubuntu 11.04 일때는 Compat wireless module 을 이용한 ath9k 설치가 필요 하지만 Hostapd 2.0 의 openssl 1.0.1f 를 지원하지 안고 드라이버에 인증서가 설치가 안됨 .

Hostapd 2.0 이상의 버전에서는 openssl 1.01f 이상의 버전 지원이 필수

Iptable 을 통한 포트 포워딩

dhcp3-server 를 설치하여 동적 네트워크 IP 를 할당 및 후에 RSN 구성



Hostapd configuration /etc/network/interface

auto loiface lo inet loopbackauto eth0iface eth0 inet staticaddress 165.229.185.233netmask 255.255.255.0gateway 165.229.185.1auto wlan0iface wlan0 inet staticaddress 10.10.0.1netmask 255.255.255.0

No Bridge

auto loiface lo inet loopbackauto eth0iface eth0 inet staticauto br0iface br0 inet staticaddress 165.229.185.233netmask 255.255.255.0gateway 165.229.185.1bridge_ports eth0bridge_fd 9bridge_hello 2bridge_maxage 12bridge_stp offauto wlan0iface wlan0 inet staticaddress 10.10.0.1netmask 255.255.255.0

Using Bridge



Hostapd configuration /etc/dhcp/dhcpd.conf : DHCP server 설정

ddns-update-style none;ignore client-updates;authoritative;option local-wpad code 252 = text;subnet 10.0.0.0 netmask 255.255.255.0 {range 10.0.0.2 10.0.0.16;option domain-name-servers 8.8.4.4, 208.67.222.222;option routers 10.0.0.1;}



Hostapd configuration /etc/default/isc-dhcp-server : DHCP server init script

# Defaults for dhcp initscript# sourced by /etc/init.d/dhcp# installed at /etc/default/isc-dhcp-server by the maintainer scripts## This is a POSIX shell fragment## On what interfaces should the DHCP server (dhcpd) serve DHCP requests?# Separate multiple interfaces with spaces, e.g. "eth0 eth1".INTERFACES="wlan0"



Hostapd configuration 실행 Script 파일

ifconfig wlan0 up 10.0.0.1 netmask 255.255.255.0sleep 2if [ "$(ps -e | grep dhcpd)" == "" ]; thendhcpd wlan0 &fi##########Enable NATiptables --flushiptables --table nat --flushiptables --delete-chainiptables --table nat --delete-chainiptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADEiptables --append FORWARD --in-interface wlan0 -j ACCEPTsysctl -w net.ipv4.ip_forward=1./hostapd -dd ./hostapd.confkillall dhcpd



Hostapd configuration Hostapd.conf

interface=wlan0driver=nl80211#bridge=br0ctrl_interface=/var/run/hostapdctrl_interface=0hw_mode=gchannel=5auth_algs=1ieee80211n=1ssid=yuantlwpa=2wpa_key_mgmt=FT-PSKwpa_pairwise=CCMP TKIPrsn_pairwise=CCMP TKIPwpa_passphrase=12345678wpa_group_rekey=3600#iapp_interface=eth0own_ip_addr=165.229.185.233rsn_preauth=1rsn_preauth_interfaces=eth0okc=1nas_identifier=nas2.kir.numobility_domain=a1b2r0_key_lifetime=10000r1_key_holder=000102030406reassociation_deadline=1000pmk_r1_push=1r0kh=64:66:b3:0b:c0:94 nas.kir.nu 000102030405060708090a0b0c0d0e0fr0kh=64:70:02:07:ad:c4 nas2.kir.nu 0f0e0d0c0b0a09080706050403020100r1kh=64:66:b3:0b:c0:94 00:01:02:03:04:05 0f0e0d0c0b0a09080706050403020100r1kh=64:70:02:07:ad:c4 00:01:02:03:04:06 000102030405060708090a0b0c0d0e0f



Reference[1] 김진욱 , 김영탁 , “IEEE 802.11 환경에서 Network Initiated Roaming 기반의 로드밸런싱을 이용한 인지형 무선 LAN 관리 시스 템” , JCCI, 2013.[2] IEEE Standard 802.11-2007, “Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specification,” June 2007. [3] Devin Akin, David Coleman, “Robust Security Network(RSN) Fast BSS Transition(FT)” white paper, Setember 2008[4] http://hostap.epitest.fi/wpa_supplicant/devel/[5] http://wireless.kernel.org/en/users/Documentation/hostapd

http://hostap.epitest.fi/wpa_supplicant/devel/







Documents

Integrated Congnitive Management System- Hostapd