Identity Management in SCIFI
Loading...
Date
2015-11
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
SCIFI is a system for building large scale wireless networks. It is comprised of a open source software controller, replacement firmware for off-the-shelf wireless routers based on OpenWRT, two identity management systems, one based on EDUROAM, the other a non-federated system for visitors and a monitoring system. This paper presents both the federated, hierarchical system used in EDUROAM and the system used for visitors, which is fairly complex due to the desire of allowing the users to self-register coupled with security and legal requirements.. SCIFI is the main element of WifiUFF, the wireless network at Universidade Federal Fluminense.The University is now the largest federal university in Brazil in number of undergraduate students, with 55 thousand students. There are 92 buildings in campi in Niteroi and several other locations in Brazil, most in the state of Rio de Janeiro. Currently, WifiUFF has 453 access points, 415 at Niteroi. A two year plan is in place to reach four thousand access points to cover the whole University. The installed base already has more than thirty thousand unique users weekly, with peaks of 3,500 simultaneous users. WifiUFF has three SSIDs, Eduroam, CadastroWifiUFF and Visitantes UFF, respectively for EDUROAM, user registration and visitors. The Eduroam SSID allows every person who is registered in the identity database at UFF (students, professors and staff) to use the network, as well as users that belong to the Eduroam federation. This paper will describe the process of authorizing both local users and users that belong to other institutions. At UFF the back-end is an LDAP server, which is queried by a RADIUS server. The other two SSIDs comprise the so called “visitors system”. The three main requirements for the system to allow access to the network to people that are not in either UFF´s or EDUROAM identity databases is that 1) they cannot do it anonymously, that is, if any misuse is detected the person can be identified; 2) the same security used for EDUROAM should be granted to those users; 3) the process should be self-driven, that is, the user himself should be able to register and get access without having to go to a specific place or talk to the University staff. To implement the requirements one open, sandboxed wireless network was created. This network, called CadastroWifiUFF, redirects http access to the registration server. This registration server allows new users to register and users that have not completed the configuration process to access manuals and applications that help configure their machine. At the end of the registration process the server sends an SMS with the user login/password pair. The SMS is the confirmation that the user has access to the phone that was registered, and serves as the identity. In Brazil all cell phones are registered. In the US or other countries that allow anonymous cell phones the system would have to be changed. The user then configures its system and gains access to the VisitantesUFF network.
Description
Keywords
SCIFI, Wireless Networks, Eduroam