| Re: network discovery & selection: problem definition | <– Date –> <– Thread –> |
From: Michael Richardson (mcr sandelman.ottawa.on.ca)
|
|
| Date: Sat, 29 Nov 2003 19:39:02 -0600 (CST) | |
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Jari" == Jari Arkko <jari.arkko [at] piuha.net> writes:
Jari> Michael Richardson wrote:
>> An additional area, maybe out of scope:
>> how do I know that these intermediaries are legitimate, vs MITM?
Jari> I suppose they still have to be legitimate AAA proxies.
Jari> That is, an access network should not send your request to
Jari> an unknown intermediary. If it has a business relationship
Jari> with three intermediaries int1.com, int2.com, and int3.com,
Jari> it will route your request through one of them, even if you
Jari> tried to request routing through mitm.org.
It is more immediate than that.
Let's assume that there are two competing hotspots, physically adjacent
to each other. The signal is available in both locations. Both are using
NAT.
Call the two operators DeltaCoffee and GammaCoffee. They are using ESSID
"delta" and "gamma". Both make deals with arkohotspotproxy.com, the most
popular clearing house for EAP-AKA based payments.
However, GammaCoffee has found a way to make money without spending much.
They set their ESSID to "delta", and respond to EAP.
As a supplicant, one could get a EAP Request from either one. Let's say
that I get one from GammaCoffee's AP. It takes my request, goes back on the
wireless, authenticates against arkohotspotproxy.com using radius. Yes,
passing the packets to DeltaCoffee's AP, to which it has already
authenticated *itself* with.
The supplicant and authenticator do their thing, and then the supplicant
gets an IP address from GammaCoffee's AP. supplicant's packets are NAT'ed by
Gamma, and sent to Delta (who NATs them again).
The result:
Gamma gets a revenue stream from arkohotspotproxy.com
Delta pays for the bandwidth
If the charges are based upon per-byte, then maybe Gamma has to pay Delta
as much as it takes in. If they are based upon time, then Gamma wins.
(Best is if Gamma manages to steal a username/password along the way,
from some user that is willing to do username/password instead of something
that is secure)
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr [at] xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device
driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBP8ktCYqHRg3pndX9AQEYsAP+JIaS2/99nwcOgyAdzu/hhJ8RRbmD5DPn
MxKKWmxvnDKwCZL35AEH7eIxZT+y4hgKPas43+HA77eIudbQcTiu30mXhq2pfsCl
g47PhyzbBtiPH19KHDOpK2eqnM4GG5zyqUf8++X50dgNfefqwp0Io/+w9kINJleC
NGlSKptV0BI=
=vT5n
-----END PGP SIGNATURE-----
-
network discovery & selection: problem definition Jari Arkko, November 28 2003
-
Re: network discovery & selection: problem definition Michael Richardson, November 28 2003
-
Re: network discovery & selection: problem definition Jari Arkko, November 28 2003
- Re: network discovery & selection: problem definition Michael Richardson, November 29 2003
- Re: network discovery & selection: problem definition Jari Arkko, November 30 2003
- Re: network discovery & selection: problem definition Michael Richardson, November 30 2003
- Re: network discovery & selection: problem definition Jari Arkko, December 1 2003
- Re: network discovery & selection: problem definition Michael Richardson, December 1 2003
-
Re: network discovery & selection: problem definition Jari Arkko, November 28 2003
-
Re: network discovery & selection: problem definition Michael Richardson, November 28 2003
Results generated by Tiger Technologies using MHonArc.