1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
\documentclass{beamer}
\usepackage{lmodern}
\usepackage[czech]{babel}
\usepackage[utf8x]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{textpos}
\usepackage{tikz,calc}
\usepackage{graphicx}
\usepackage{wrapfig}
\usepackage{color}
\usepackage{mathtools}
\usepackage{hyperref}
\usepackage{epstopdf}
\usepackage{amsmath}
\hypersetup{
colorlinks,
citecolor=black,
filecolor=black,
linkcolor=black,
urlcolor=black
}
\usepackage{pdflscape}
\input{theme/theme.tex}
\title{Wifi roaming and open source}
\author{Karel Kočí}
\date{12.6.2018}
\AtBeginSection[]{
\begin{frame}
\tableofcontents[currentsection]
\end{frame}
}
\begin{document}
\input{theme/title.tex}
\begin{frame}{802.11r}
\begin{itemize}
\item Extension to 802.11i (WPA2)
\item Allows AP switching in cooperation between both APs
\item Supplicant negotiates keys before AP switch
\item Usable when moving between access points
\item Only in same mobility domain
\item Communication between APs can be either over air or DS
\end{itemize}
\end{frame}
\begin{frame}{802.11r terminology}
\begin{itemize}
\item \textbf{R0KH} Derives keys for all R1KM in network
\item \textbf{R1KH} Derives PTK (Pairwise transient key)
\item \textbf{S0KH} in Supplicant derives R0 keys
\item \textbf{S1KH} in Supplicant derives with R1KH PTK
\end{itemize}
Both R0KH and R1KH communicate with authenticator
Another point: 802.11r (FT) is advertised
\end{frame}
\begin{frame}{Over-the-DS TF protocol (non-RSN)}
\includegraphics[width=10cm]{over-ds.png}
\tiny{Source: IEEE Standard (11:13.5.5,13-8)}
\end{frame}
\begin{frame}[fragile]{Setting it up (on OpenWRT)}
\begin{verbatim}
option ieee80211r '1'
option nasid '11'
option r1_key_holder '04F021242480'
list r0kh '04:F0:21:24:24:80,11,E1594C87BF2C30DA27E1C116C5683B90'
list r0kh '04:F0:21:24:24:5E,12,903F4FFCC7907A6562B665B6721D5E1F'
list r1kh '04:F0:21:24:24:80,04:F0:21:24:24:80,290856554F810E3D3D5C06DC5F82639E'
list r1kh '04:F0:21:24:24:5E,04:F0:21:24:24:5E,F38D019B98BA8C8B559ED52A456083CC'
\end{verbatim}
\vspace{1cm}
\begin{verbatim}
list r0kh 'BSSID,NASID,KEY'
list r1kh 'BSSID,KEYHOLDER-ID,KEY'
\end{verbatim}
\end{frame}
\begin{frame}{Measurements}
\begin{itemize}
\item Two 5GHz APs with OpenWRT and configured 802.11r (hostapd, ath10k)
\item PC running iperf3 server
\item Laptop with wpa\_supplicant running iperf3 client in UDP mode
\item iperf3 configured for 600Mbits/sec
\end{itemize}
\end{frame}
\begin{frame}{Switching with roaming}
\includegraphics[width=10.7cm,trim=1cm 0 0 4cm]{with-r.pdf}
\end{frame}
\begin{frame}{Switching with roaming}
\includegraphics[width=10.7cm,trim=1cm 0 0 4cm]{with-r-close.pdf}
\end{frame}
\begin{frame}{Switching without roaming}
\includegraphics[width=10.7cm,trim=1cm 0 0 4cm]{no-r.pdf}
\end{frame}
\begin{frame}{Switching without roaming}
\includegraphics[width=10.7cm,trim=1cm 0 0 4cm]{no-r-close.pdf}
\end{frame}
\begin{frame}[fragile]{Real usability}
\begin{itemize}
\item \textbf{Android} Lowers threshold for switch
\item \textbf{Linux(wpa\_supplicant)} No effect (well..)
\end{itemize}
\begin{verbatim}
# mode:short scan:threshold:long scan
bgscan="simple:5:-50:300"
\end{verbatim}
\end{frame}
\begin{frame}[fragile]{Should we deploy it?}
Probably yes?
\vspace{5cm}
\textbf{Thank you for you attention}
Karel Kočí (@karel\_koci, karel.koci@nic.cz)
\end{frame}
\end{document}
|
