Design and development of Wi-Fi access with eIDAS for cross border authentication

There is a significant increase of devices with wireless LAN capabilities, due to which connectivity to the internet becomes a requirement in every profession. At the same time the security of wireless LANs becomes more important. These needs led to many national and international initiatives providing network connectivity using wireless LAN. That includes \textit{eduroam} and \textit{govroam}, which provide roaming services for educational and government sectors respectively. But there are some limitations to these projects, these don’t support complex authorization mechanism and are based on RADIUS servers infrastructure, which needs to be maintained in the entire federated hierarchy. In this thesis we provide a solution for wireless network connectivity for citizens of European countries, which are part of eIDAS (electronic identification and trust services) project. eIDAS is a comprehensive and predictable legal framework for secure, trustworthy and easy-to-use electronic identification. It provides mutual recognitions of electronic identification between member states by establishing interoperability between existing national eID infrastructures for cross border authentication. We developed and tested two solutions, one using software approach and second using hardware infrastructure, same as the one deployed in Politecnico di Torino. In first solution we used Zeroshell, a Linux based distribution which provides an all-in-one solution for network services. We created a Captive Portal and used Shibboleth SAML 2.0 to authenticate using eIDAS framework. It also provides the ability to add eIDAS-Nodes and IDP (Identity Provider) in access control list (ACL) to provide access to them without authentication. In second solution we separated the authentication and infrastructure part. Authentication part is composed of Wifi-Auth eIDAS-SP, which is only responsible for providing authentication using eIDAS framework. Whereas our infrastructure includes Cisco WLC, Cisco AP (Access Point) and Fortigate 60D, which is responsible for Captive Portal, managing authenticated users, ACL and management of the network. We have tested our solution successfully using Italy-SPID, Portugal-Chave M\`ovel Digital and Spain-DNIe.

Quelle / Link:

Design and development of Wi-Fi access with eIDAS for cross border authentication

Dieser Beitrag wurde unter Cybersecurity, Forschungsprojekte veröffentlicht. Setze ein Lesezeichen auf den Permalink.