Date of Award

6-3-2004

Document Type

Thesis (Master's)

Department or Program

Department of Computer Science

First Advisor

Sean Smith

Abstract

Dartmouth's Greenpass project extends how public key cryptography can be used to secure the wireless LAN with a RADIUS (Remote Authentication Dial In User Service) server that is responsible for handling authentication requests from clients (called supplicants in the 802.1x authentication model). This thesis describes the design and implementation of the authentication process of Greenpass, specifically what decisions are made in determining who is granted access and how a small modification of already existing protocols can be used to provide guest access in a way that better reflects how delegation of authority works in the real world. Greenpass takes advantage of the existing PKI to authenticate local Dartmouth users via X.509 identity certificates using EAP-TLS. We use the flexibility of SPKI/SDSI (Simple Public Key Infrastructure/Simple Distributed Security Infrastructure) authorization certificates to distribute the responsibility of delegating access to guests to certain authorized delegators, avoiding some of the necessary steps and paperwork associated with having a large centralized entity responsible for the entire institution. This thesis also discusses how our solution can be adapted to support different methods of guest delegation and investigates the possibility of eliminating the cumbersome central entity and administrative overhead traditionally associated with public key cryptography.

Comments

Originally posted in the Dartmouth College Computer Science Technical Report Series, number TR2004-510.

Share

COinS