We live in a society that wants to be online whenever possible, and WiFi is popular technology for achieving this. Unlike the ”home” situation which could be described as a trusted network, we also make heavy use of public offerings of WiFi, which we describe as guest networks, and which are in a special position that could make them perform a number of rogue attacks on our connections. This presentation identifies the dangers of using WiFi on such guest networks, and it analyses methods of running a trusted network over such potentially rogue connections. We describe a system that we call EduVPN that implements such facilities and that is designed with educational institutions as an audience. As the name suggests, we make use of educational infrastructure to achieve this; specifically, we introduce a form of authentication based on SURFconext. The resulting system offers a range of choices to the roaming user; he might use strongly authenticated eduroam to access the Internet while visiting a befriended institution, and in those and other situations, he might choose to not rely on the security of a guest network, and use EduVPN to obtain secure access to home services that are concealed from general access through eduroam or guest networks.


Part of session

Network Centric Services

Related documents