Securing Wireless Local Area Networks with GoC PKI

PDF

Authors
  1. Spagnolo, J.
  2. Cayer, D.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN);NRNS Inc, Ottawa ON (CAN)
Abstract
Defence R&D Canada led a project in which a wireless virtual private networking (VPN) architecture was set up in a test bed in the Network Information Operation (NIO) lab for 802.11/a/b/g communications. The goal of this initial work was to aid in developing a security policy for use of wireless local area networks (WLAN) in government enterprise networks. This report presents the results of follow-on work that leverages the Government of Canada (GoC) Public Key Infrastructure (PKI) technology for strong authentication of wireless users as well VPN users. The solution presented herein relies on the latest wireless security protocols to secure the wireless link and includes an Internet Protocol Security (IPsec) based VPN to achieve a greater level of assurance for more sensitive GoC network environments. The work focuses on the establishment and protection of digital identities, mutual authentication, authorization, data privacy and integrity, as well as wireless network policy management and dissemination. We conclude that the Wi-Fi Protected Access 2 (WPA2) when operating in enterprise mode and combined with GoC PKI issued certificates and wireless network policy managed through Windows group policies, is an acceptable solution for providing authenticated/secure WLAN access to GoC protected environments. We also conclude that layering IPsec security on top of WPA2 adds complexity without providing additional assurance against unauthorized WLAN access. While testing the propo

Il y a un résumé en français ici.

Report Number
DRDC-OTTAWA-CR-2007-239 — Contractor Report
Date of publication
01 Oct 2007
Number of Pages
39
DSTKIM No
CA030288
CANDIS No
528870
Format(s):
CD ROM

Permanent link

Document 1 of 1

Date modified: