Author: Bon K. Sy

Subject: Brief history of Go-Wireless project & details about Call-for-collaboration

Release date: May 4, 2003

 

Term of use:

            This document is prepared for public use free-of-charge. This document is provided "AS-IS." This document may be duplicated and distributed only if it is without any alternation, and the original authorship is acknowledged. In addition, the author is under no circumstances to be held accountable for any undesirable consequence resulted from the use of this document.

 

Brief history of Go-Wireless project

We have initiated the Go-Wireless project at June of 2002. The Go-Wireless resource center is located at http://bonnet2.geol.qc.edu/wireless/, while the official site is http://www.qcwireless.net/gowireless.html

 

As of August of 2002, we have implemented the following features for the

Go-Wireless project:

 

1. It provides an Internet enabled database tool for managing wireless network and access information. Specifically, it allows a user to use a web browser to create wireless access user group, and to enter wireless node/hotspot information such as location, encryption key information.

 

2. It provides wireless client users to retrieve location and access information in text based or map based format via a standard web browser, or in audio format via telephone using VXML technology.

 

3. It provides a tool to help wireless client user to maintain their wireless client card information such as MAC address, firmware and driver version. The same information will automatically be made available, when the client user chooses, to the wireless node/hotspot owners in case MAC filtering is enabled for authentication purpose.

 

4. It provides node audit utility for (self-)reporting the status of a wireless node.

 

 

Recent development

Since then, we have expanded the project to integrate the Go-Wireless database component with the Radiator radius by the OCS (Open System Consultants). We have worked closely with Mike McCauley of OCS, who is the chief engineer of the Radiator radius and a subscription member of the NYCwireless mailing list.

 

We are pleased to announce that we have successfully integrated the Radiator radius into the Go-Wireless project. Now the Go-Wireless project is capable of providing authentication/accounting services to Go-Wireless users who also operates/manages a wireless node/hotspot.

 

In our in-house lab, we have already tested out successfully our integration solution in a "noisy" environment where multiple wireless networks coexist with various "moderate-to-high" end APs including Orinoco AP-500, Orinoco AP-1000, (Orinoco AP-2000?), and Cisco 340 and 350 series. Our tests have included authentications based on MAC filtering, EAP-PEAP, and EAP-TLS. In addition, the Go-Wireless project, through a tight integration between Radiator radius and the database system, is also capable of providing access log accounting whenever the AP is capable of sending accounting request. Currently the Go-Wireless project can provide accounting for three different modes of authentication: MAC filtering, EAP-PEAP, and EAP-TLS.

 

Now we would like to expand our test to include APs from hotspots where their locations are geographically diverse. Specifically, we would like to understand better the performance of the Radiator radius, and how well our integration solution may work on low-end APs with radius support such as LinkSys WRT-51ab. If you are interested in testing out how the Go-Wireless project may serve as a model to provide a one-stop shop authentication/accounting service for multiple (community-based) wireless networks/clouds, please email me at bon@bunny.cs.qc.edu or Ben Serebin at ben@nycwireless.net for further details.

 

In order for you to participate as a beta tester, you need to satisfy the following pre-requisite:

 

1. You have a high speed Internet connection with static IP.

 

2. You have an AP supporting radius-based authentication (and optionally accounting). And preferably your AP assumes a public IP.

Note: Not all APs with radius support can authenticate via a radius living in a separate subnet; e.g., Orinoco AP-500.

 

3. You have clients running Windows 2000 with SP3, or Windows XP with SP1, if you plan to participate in testing EAP-PEAP and/or EAP-TLS.

 

4. You agree to participate in this test just for an experimental evaluation with no commercial purpose. Therefore, you should not attempt to use it in a production environment, and you agree not to hold us liable for any undesirable consequence.

 

What do we provide?

1. User manual with screen dump for account setup in the Go-Wireless project.

2. Basic manual for the client machine setup. Currently we support only Windows 2000 with SP3, and Windows XP with SP1. If you are interested in trying out in a Linux environment using XSupplicant, you are most welcome. But we currently do not have resources or time at the present moment to provide necessary support. Please try http://www.open1x.org/ for self help.

3. Free-of-charge server side setup for radius authentication under MAC filtering, EAP-PEAP, or EAP-TLS --- your choice.

4. Free-of-charge usage of the Go-Wireless project.

5. Free-of-charge server-side certificate for EAP-PEAP and EAP-TLS.

6. Free-of-charge client certificates for EAP-TLS to the extent that we can afford.

7. Free-of-charge limited support for AP and/or client setup to the extent of the resources that we can afford.

 

 

What are the benefits for all of us?

1. Better understanding and experience on wireless security ranging from no-brain weak security such as enabling WEP to the strongest possible security following 802.1X industry standard.

2. Better understanding on the potential of Go-Wireless and Radiator radius for serving wireless community groups such as NYCwireless and others.

3. If successful, wireless community groups would have a proven, flexible, and cost-effective model for enabling wireless security that covers both breadth and depth for wireless communities such as NYCwireless.

 

 

If you are convinced, what do we need from you to participate?

1. A simple statement assuring us that you satisfy and agree the terms in the pre-requisite.

2. The public static IP of radius request will be originating from your end.

3. Model and vendor of your AP. If your AP is NOT Orinoco AP-500, AP-1000,

Cisco 340/350 series, please specify authentication (and accounting) response required by your device. Note: your NAS device has to be in the dictionary list for Radiator radius to understand how to work with it.

4. Shared secret of your choice for your NAS (Network Access Service device) to communicate with the radius.

5. Type of authentication you want to enable. Choose one: MAC, EAP-PEAP,

EAP-TLS.

6. A note about whether your AP supports accounting.

7. If you need client certificates for EAP-TLS authentication, please specify the username(s) of users in the Go-Wireless for us to generate the client certificates. (Note: it must be a valid username in the Go-Wireless in order for it to work.)

 

What will you get from us for setting up the test?

Email response about our ability to accommodate you as a tester. If so, you will receive:

 

1. The IP of the Radiator radius that you need to enter in the radius setup of your AP.

2. Confirmation of the shared secret used for the AP to communicate with the radius.

3. Confirmation of the specific type of authentication that you requested.

4. Server certificate for EAP-PEAP or EAP-TLS.

5. Client certificates if appropriate.