SMC WLAN Security Syste
Download
Report
Transcript SMC WLAN Security Syste
新世代無線網路新趨勢
Pogo Tsai
Brand Marketing Division
[email protected]
First Release Date
2002/09/12
Last Modify Date
2002/09/12
Powered by SMC Taiwan
– Acctran
Page 1
WW WLAN Market Trend
WLAN growth up to 60% in 2001
33.4% CAGR growth expected through 2005
WLAN Base station
WLAN NIC
25,000
20,000
15,000
10,000
5,000
0
2001
2002
2003
2004
2005
Source: IDC, Feb-2002
Unit: thousand
Powered by SMC Taiwan – Acctran
Page 2
Wireless LAN System Market
Comparison of WLAN Market
Forecasts
WLAN market: a fast growing market
60
40
Mio units
50
Frost & Sullivan 2001
Gartner Dataquest 2001
Gartner Dataquest 2002
Cahners In-Stat 2002
30
20
10
0
2000
2001
Powered by SMC Taiwan – Acctran
2002
2003
2004
2005
Page 3
WLAN Chipset Standard
US$M
Source: Cahners In-Stat/MDR, 3/2002
Powered by SMC Taiwan – Acctran
Page 4
Wireless Protocol Standards
1000 m
WLAN
802.
2 .0
o th
e to
m
Ho
Bl u
10 m
N2
11b
HiperLA
Bl
ue
th
to o
eR
802.11a
WPAN
DECT/WDCT
Distance
100 m
F
1 .0
10 Mbs
1 Mbs
54 Mbs
Data Rates
Powered by SMC Taiwan – Acctran
Page 5
Wireless LAN Applications
Enterprise
Wireless Ethernet
Datarate: 11- 54 Mbit/s
Vertical
Inventory Control
Datarate: 1-11 Mbit/s
Wireless LAN
Wireless Bridges
Datarate: 11- 54 Mbit/s
Powered by SMC Taiwan – Acctran
Consumer
Datarate: 11- 54 Mbit/s
Page 6
Unlicensed Operation
RF Bands
902MHz
902MHz
26MHz BW
Crowded
Worldwide limited
North & South America
902
2.4GHz
2.4GHz
83.5MHz BW
Available worldwide
IEEE802.11 WLANs
928
Americas, most of Europe
Japan
5.1GHz
300MHz BW
discontinuous
Developing
Spain
5.1GHz
2400
2440
France
2480
2500
U-NII
Source: Harris Semiconductor
U-NII
Japan*
5100
Europe
HiperLAN1
5200
5300
5400
5500
5600
Europe
HiperLAN2*
5700
5800
5900
U-NII: Unlicensed National Information Infrastructure
*Frequency Allocations are pending
Powered by SMC Taiwan – Acctran
Page 7
IEEE 802.11x Standard
Extension
Scope
802.11a
5 GHz OFDM PHY spec.
802.11b
2.4 GHz DSSS PHY spec.
802.11d
2.4 GHz Regulatory Domain Update
802.11e
802.11f
QoS supporting broad range of applications such as voice,
video conferencing, and streaming video
IAPP (Inter Access Point Protocol)
802.11g
2.4 GHz higher rates (22Mbps)
802.11h
MAC and PHY enhancement of 802.11a
Enables regularity acceptance of 802.11a products in
Europe
Security – server based authentication; New security
encapsulation based on AES
802.11i
Source: Envara
Powered by SMC Taiwan – Acctran
Page 8
從晶片發展看無線網路驅勢
Powered by SMC Taiwan – Acctran
Page 9
802.11a 的優勢 – 涵蓋率及速度的比較
Rate
(Mbps)
100
802.11a
50
0
-50 ft
100
AP
0 ft
50 ft
100 ft
150 ft
200 ft
802.11b
50
0
AP
Powered by SMC Taiwan – Acctran
Page 10
50
45
40
35
30
25
20
15
10
5
0
802.11a 的優勢 – SMC 802.11a Turbo Mode
• 在不需完全用掉 802.11a 不互相干擾的 8 個 Channel 時,
SMC 能把 8 個 Channel 結合成為 3 個 72Mbps 的 高速
Channel 運作
Turbo
36
40
44
48
52
56
60
64
42
50
58
3 40MHz Channels
8 20MHz Channels
Powered by SMC Taiwan – Acctran
Page 11
802.11a 的優勢 – Data Rate 的比較
- SMC 802.11a’s supported link rates that are 2 to 5 times
-802.11b at the same distance when tested to 225 feet .
Data Link Rate (Mbps)
60
802.11a
802.11b
50
Optimal Data Link Rate
in Office Environment
40
30
~5x
20
~3x
10
0
0
50
Powered by SMC Taiwan – Acctran
100
Range (ft)
150
200
Page 12
250
IEEE 802.11 Topology
• Independent Basic Service Set (IBSS)
• Extended Service Set (ESS)
BSS 1
IBSS
AP
Distribution System
AP
ESS
BSS 2
Powered by SMC Taiwan – Acctran
Page 13
Roaming (Inter Access Point Protocol)
Any wireless client moving from
one BSS (Basic Service Set) to
another BSS required a handover
process to remain its connection.
IAPP is an official protocol
proposed by IEEE 802.11 group to
provide the “reassociation” between
APs
Purpose:
To make access point devices
from different vendors to
interoperate across a
network to keep
connection/session alive.
Powered by SMC Taiwan – Acctran
Page 14
Bridging Access Point
Wireless Bridge
AP
Master Bridge
Access Point
Wireless Bridge
AP
•Point to Point
•Point to Multi-point
Powered by SMC Taiwan – Acctran
Page 15
Security: 802.1X Model
AP
Authentication
Server
Associate
STA
EAP Identity Request
EAP Identity Response
EAP Identity Response
EAP Auth Request
EAP Auth Request
EAP Auth Response
EAP Auth Response
EAP-Success
EAP-Success
Authentication traffic
Port Status:
Normal Data
Powered by SMC Taiwan – Acctran
Page 16
Market: Indoor Infrastructure
For Home,
SoHo,
Enterprise
Wireless PCI
Adapter
Access Point
Internet
USB-Wireless
Adapter
Wireless
Broadband
Router
Powered by SMC Taiwan – Acctran
Wireless
Gateway
Wireless PC Card
Mini-PCI Adapter
Page 17
Market: Public Hot-Spot
3/1/2002 In-Stat: Public Area Access, Hot-spot locations(airport, shopping mall, coffee bars,
hotel) in US will grow from 3,700 to 41,000 by 2007, Over 21 million users, generates over U$3
billion in service revenues. (from $1.1m in 2000)
Internet
Airports, Hotels,
Cafes,
Restaurants, …
Secured IP
Enterprise
Group
Control Gateway
Billing Systems
( Access,
Authentication,
Accounting)
Access Point
User
Powered by SMC Taiwan – Acctran
Page 18
Security and The Internet
Connection
Problem: external connection to the Internet
Solution: protect the network with a firewall
Problem: traffic flowing through public Internet
Solution: put the traffic through an encrypted tunnel
attac
k
attac
k
attac
k
Internet
attac
k
Corporate Network
Corporate Network
Powered by SMC Taiwan – Acctran
Page 19
The Wireless Effect
Internet
Corporate Network
You need firewall and encryption here!
But remember that users move from here to here to here ..
The Blurry Edge!
Powered by SMC Taiwan – Acctran
Page 20
SMC WLAN Security System 的認証原理與架構
Client appears, requests network access
CORPORATE LAN
Access Manager asks Control server
for ok and appropriate rights
Authentication
Server
INTERNET
Control Server requests login information
from client
Control Server authenticates user via
customer’s authentication server
Control Server/
Rights Manager
Access Manager
Access Manager
Control Server gives user rights to
Access Manager for enforcement
Client proceeds with network activity
Powered by SMC Taiwan – Acctran
Page 21
SMC WLAN Security System 的漫遊機制
Client has an active session
CORPORATE LAN
Client moves to a new Access Manager
Authentication
Server
INTERNET
Access Manager verifies user existence
and rights with Control Server
Access Manager
Control Server/
Rights Manager
Access Manager
Control Server coordinates Access
Manager-to-Access Manager communication
Existing sessions maintained via tunnels
New sessions connected via new
Access Manager
Powered by SMC Taiwan – Acctran
Page 22
Market: Outdoor Backbone
Internet Access Anywhere
• Fixed Wireless Broadband Network
• Last Mile Connection
Powered by SMC Taiwan – Acctran
Page 23
Application: Home Entertainment
*Sender*
Set-Top-Box
(802.11a)
*Receiver*
Internet
A/V Converter
(802.11a)
Internet Movie
Consumer Electronics/Home
Networking
Projector
Powered by SMC Taiwan – Acctran
5GHz for streaming multiple video
channels around the house: TV, gaming
machines, PCs, video, stereo systems can
all interconnecting without wiring systems
Page 24
Application: Metro Area Network
Homes
Businesses
Fiber
Campus
Public
Access
Fiber
Fiber
Powered by SMC Taiwan – Acctran
Page 25
Thank You !!
Q&A
Powered by SMC Taiwan – Acctran
Page 26