Politecnico di Torino (logo)

Design and development of Wi-Fi access with eIDAS for cross border authentication

Muhammad Ali Anjum

Design and development of Wi-Fi access with eIDAS for cross border authentication.

Rel. Antonio Lioy, Diana Gratiela Berbecaru. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2019

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (10MB) | Preview
[img] Archive (ZIP) (Documenti_allegati) - Other
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (113MB)

There is a significant increase of devices with wireless LAN capabilities, due to which connectivity to the internet becomes a requirement in every profession. At the same time the security of wireless LANs becomes more important. These needs led to many national and international initiatives providing network connectivity using wireless LAN. That includes \textit{eduroam} and \textit{govroam}, which provide roaming services for educational and government sectors respectively. But there are some limitations to these projects, these don't support complex authorization mechanism and are based on RADIUS servers infrastructure, which needs to be maintained in the entire federated hierarchy. In this thesis we provide a solution for wireless network connectivity for citizens of European countries, which are part of eIDAS (electronic identification and trust services) project. eIDAS is a comprehensive and predictable legal framework for secure, trustworthy and easy-to-use electronic identification. It provides mutual recognitions of electronic identification between member states by establishing interoperability between existing national eID infrastructures for cross border authentication. We developed and tested two solutions, one using software approach and second using hardware infrastructure, same as the one deployed in Politecnico di Torino. In first solution we used Zeroshell, a Linux based distribution which provides an all-in-one solution for network services. We created a Captive Portal and used Shibboleth SAML 2.0 to authenticate using eIDAS framework. It also provides the ability to add eIDAS-Nodes and IDP (Identity Provider) in access control list (ACL) to provide access to them without authentication. In second solution we separated the authentication and infrastructure part. Authentication part is composed of Wifi-Auth eIDAS-SP, which is only responsible for providing authentication using eIDAS framework. Whereas our infrastructure includes Cisco WLC, Cisco AP (Access Point) and Fortigate 60D, which is responsible for Captive Portal, managing authenticated users, ACL and management of the network. We have tested our solution successfully using Italy-SPID, Portugal-Chave M\`ovel Digital and Spain-DNIe.

Relators: Antonio Lioy, Diana Gratiela Berbecaru
Academic year: 2019/20
Publication type: Electronic
Number of Pages: 118
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/13122
Modify record (reserved for operators) Modify record (reserved for operators)