IGD WG Update
Download
Report
Transcript IGD WG Update
IGD Working
Committee Update
Ulhas Warrier
Chair, IGD
Intel Corporation
Outline
IGD v1.0 recap
IGD v2.0 objectives
WLAN Enrollment Scenario
Working Committee Status
Internet Gateway Device 1.0
v1.0 approved in Nov 2001
Several IGD products in the market
Different connection types supported
PPPoE,
PPPoA, IP-Routed
Multiple WAN connections
Access to gateway info
Data
rate, connection status
Automatic NAT-traversal
UPnP IGD Example
for NAT traversal
Peer Game
System on Internet
Internet
Routing to
private LAN
address fails
NAT using WAN address
End to end
packet delivery
Discover IGD, Get WAN IP address
Game Host
with private LAN
IP address
Configure IGD to forward
packets arriving on the
IGD WAN address to host
Tell peer to send packet
to IGD’s WAN address
Tell peer to
send packet
to LAN address
Internet Gateway Device 2.0
Committee formed in Q2 2002
Two-fold Charter
Future IGD needs – IGD DCP
802.11 access point configuration – AP DCP
Current focus mostly on AP DCP
Completion targeted by Q1 ’03
First plugfest in October 2002
Group has weekly teleconference meetings
Current active participants – Broadcom,
GlobeSpanVirata, Intel, LG, Microsoft, Thomson
IGD DCP 2.0
IPv6 support
Existing services modified for IPv6
New services – firewall configuration
IGD v1 enhancements
Support for configuring IP Forwarding
Port mapping additions
Access Point DCP
Simplify Access Point setup
Make enrollment of new clients easy
Initial configuration
Diagnostic information
Devices with no UI
Guest clients
Additional access points
Enable deployment of stronger link security
Privacy important as WLAN usage increases
Make link security setup easy, including 802.1x
Access Point UPnP Services
WLANAccessPointDevice
WLANConfigurationService
required
WLANAuthenticationService
conditionally required
DeviceSecurity
required
AP Configuration Service
Common way to programmatically access AP
information
SSID
AP mode – repeater or not
Valid channel set
Physical location of the access point - Longitude-latitude,
location address as in street, city, state, zip
Auto-fallback rate, Possible data rates
WEP encryption level, Default WEP key, WEP keys (1 to 4)
Configuration Status
Total number of connected clients
Some of the configuration actions will be secured
E.g. setting of WEP key
AP Authentication Service
Maintains WLAN client list
Username
Credentials (Password)
Access restrictions
Simple, common interface to update client list
Notifies user of authentication attempt from
new clients
All actions will be secured
Enrolling an 802.11 Client
Dev1
Secure 802.11 link established
Secure UPnP
PC1
Console PC
User prompted on PC1 for
802.1x authentication
password
User enters info provided
by Dev1 vendor
(chassis/manual)
PC1 informs AP about
successful validation
Username: __Dev1__
Password: ________
Device without UI easily enrolled into secure WLAN
Setting up Console PC
Assumption:
PC1 has builtin AP control
point software
PC1
Username: ________
Password: ________
AP ID : WLP1234
Secure 802.11 link established
Secure UPnP established
Assumption: AP
has ‘first login info’
and ‘AP ID’ made
available to user
User prompted for 802.1x
authentication information
User enters info given by
AP vendor (chassis/manual)
AP identifier string
displayed to user
User can configure AP
securely from PC1 anytime
PC1 becomes the ‘secure console’ for AP
Access Point DCP Status
Configuration Service 0.45
Authentication Service 0.2
Discussion on optional/required status
Alignment work with other forums
Ready for first plugfest
Repeater setup next focus
SSN and IEEE TGi
WECA
Dependency on UPnP Security
Demo
Enrolling into secure WLAN
For the interconnected lifestyle