Search

US-20260129065-A1 - Open Roaming Security Management

US20260129065A1US 20260129065 A1US20260129065 A1US 20260129065A1US-20260129065-A1

Abstract

Devices, systems, methods, and processes for enhancement of security measurement in Open Roaming network are described herein. Typically, in Open Roaming networks access nodes do not have the information whether a user device is a trusted device and accesses the network based on authentication by an Identity Provider (IdP). To address these issues, access nodes may be configured to generate a trust score for the user device based on their monitored activities on the network. The access node may share the trust score with the IdP. The IdP may receive one or more trust scores for the user device and generates a global trust score for the user device. The IdP further shares the global trust score with Identity Federation. During a re-association attempt, a new access node may grant or deny the network access to the user device based on the received global trust score of the user device.

Inventors

  • Robert Barton
  • Bhavik Pradeep Shah
  • Barry Qi Yuan
  • Jerome Henry

Assignees

  • CISCO TECHNOLOGY, INC.

Dates

Publication Date
20260507
Application Date
20241105

Claims (20)

  1. 1 . A device, comprising: a processor; a network interface controller configured to provide access to a network, wherein the network interface controller is communicatively coupled to an identity provider; and a memory communicatively coupled to the processor, wherein the memory comprises a security management logic that is configured to: receive an association request from a user device; authenticate the user device with the identity provider in response to receiving the association request; grant the user device an access to the network based on the authentication; monitor one or more activities of the user device on the network; generate a local trust score for the user device based on the monitored one or more activities; and transmit the local trust score to the identity provider.
  2. 2 . The device of claim 1 , wherein monitoring the one or more activities of the user device on the network comprises detecting one or more security events related to the user device.
  3. 3 . The device of claim 2 , wherein the one or more security events include at least one of a security violation event, a malware propagation, an unauthorized probing event, or a Distributed Denial-of-Service (DDoS) event.
  4. 4 . The device of claim 1 , wherein the security management logic is further configured to: receive a new association request from the user device; and re-authenticate the user device with the identity provider in response to receiving the new association request.
  5. 5 . The device of claim 4 , wherein the security management logic is further configured to receive a global trust score of the user device from the identity provider in response to the re-authentication of the user device.
  6. 6 . The device of claim 5 , wherein the global trust score is based on an aggregation of the local trust score of the user device and one or more other local trust scores of the user device.
  7. 7 . The device of claim 5 , wherein the security management logic is further configured to compare the global trust score of the user device with a threshold score.
  8. 8 . The device of claim 7 , wherein the security management logic is further configured to control the user device access to the network based on the comparison of the global trust score with the threshold score.
  9. 9 . The device of claim 8 , wherein to control the user device access to the network, the security management logic is further configured to grant the user device restricted access to the network based on the global trust score being less than the threshold score.
  10. 10 . The device of claim 8 , wherein to control the user device access to the network, the security management logic is further configured to deny the user device access to the network based on the global trust score being less than the threshold score.
  11. 11 . The device of claim 8 , wherein the global trust score being less than the threshold score indicates that the user device has a non-compliant behavior.
  12. 12 . The device of claim 11 , wherein the security management logic is further configured to receive a warning from the identity provider based on the user device having the non-compliant behavior.
  13. 13 . The device of claim 12 , wherein the security management logic is further configured to: generate a new local trust score for the user device; and transmit the new local trust score to the identity provider, wherein the global trust score of the user device is updated based on the new local trust score.
  14. 14 . The device of claim 8 , wherein to control the user device access to the network, the security management logic is further configured to allow the user device access to the network based on the global trust score being greater than the threshold score.
  15. 15 . The device of claim 1 , wherein monitoring the one or more activities of the user device on the network further comprises monitoring one or more packets transmitted and received by the user device on the network.
  16. 16 . A device, comprising: a processor; a network interface controller communicatively coupled to a plurality of access nodes; and a memory communicatively coupled to the processor, wherein the memory comprises a security management logic that is configured to: authenticate a user device attempting to access a network; receive one or more local trust scores for the user device from at least one access node of the plurality of access nodes; generate a global trust score for the user device based on an aggregation of the one or more local trust scores; and share the global trust score for the user device with an identity federation.
  17. 17 . The device of claim 16 , wherein the device is associated with an identity provider, and wherein the identity provider and one or more other identity providers are members of the identity federation.
  18. 18 . The device of claim 17 , wherein the global trust score is shared among the members of the identity federation.
  19. 19 . The device of claim 16 , wherein the security management logic is further configured to: receive an authentication request for the user device, from another access node of the plurality of access nodes; re-authenticate the user device based on the authentication request; and transmit the global trust score of the user device to the other access node based on the re-authentication, wherein the user device access to the network is controlled based on the global trust score.
  20. 20 . A method for security management in open roaming, comprising: receiving an association request from a user device; authenticating the user device with an identity provider in response to receiving the association request; granting the user device an access to a network based on the authentication; monitoring one or more activities of the user device on the network; generating a local trust score for the user device based on the monitored one or more activities; and transmitting the local trust score to the identity provider.

Description

The present disclosure relates to network access management. More particularly, the present disclosure relates to enhancement of network security especially in open roaming networks. BACKGROUND Open Roaming is a cloud-based framework, promoted by Wireless Broadband Alliance (WBA), to simplify and enhance a user's Wi-Fi experience. Open Roaming aims at providing secure and seamless connectivity across different Wi-Fi networks without needing to select a network, request access, or authenticate the user's device. Identity Federations make an important part of Open Roaming and refer to the collaborative framework that allows multiple Identity Providers (IdPs) to authenticate users, thereby providing secure and seamless access to different networks. As a user device moves from one location to another, the user device can be authenticated with the Identity Federation and granted access to the local network. However, the local network (e.g., access nodes) receives little to no information about the user device. When the user device moves from one Wi-Fi network to another Wi-Fi network, at some other location, the network usually has no information regarding a user's behavior on the network, whether the user device is known to have caused security violations or not. The user device is simply trusted because the user device is known to the Identity Federation. This may affect the security of the network. SUMMARY OF THE DISCLOSURE Systems and methods for enhancement of network security especially in open roaming networks in accordance with embodiments of the disclosure are described herein. In many embodiments, a device comprises a processor, a network interface controller configured to provide access to a network, and a memory communicatively coupled to the processor. The network interface controller is communicatively coupled to an identity provider. The memory comprises a security management logic that is configured to receive an association request from a user device, authenticate the user device with the identity provider in response to receiving the association request, grant the user device an access to the network based on the authentication, monitor one or more activities of the user device on the network, generate a local trust score for the user device based on the monitored one or more activities, and transmit the local trust score to the identity provider. In a variety of embodiments, monitoring the one or more activities of the user device on the network comprises detecting one or more security events related to the user device. In a number of embodiments, the one or more security events include at least one of a security violation event, a malware propagation, an unauthorized probing event, or a Distributed Denial-of-Service (DDoS) event. In several embodiments, the security management logic is further configured to receive a new association request from the user device, and re-authenticate the user device with the identity provider in response to receiving the new association request. In further embodiments, the security management logic is further configured to receive a global trust score of the user device from the identity provider in response to the re-authentication of the user device. In numerous embodiments, the global trust score is based on an aggregation of the local trust score of the user device and one or more other local trust scores of the user device. In more embodiments, the security management logic is further configured to compare the global trust score of the user device with a threshold score. In various embodiments, the security management logic is further configured to control the user device access to the network based on the comparison of the global trust score with the threshold score. In yet more embodiments, to control the user device access to the network, the security management logic is further configured to grant the user device restricted access to the network based on the global trust score being less than the threshold score. In still more embodiments, to control the user device access to the network, the security management logic is further configured to deny the user device access to the network based on the global trust score being less than the threshold score. In still yet more embodiments, the global trust score being less than the threshold score indicates that the user device has a non-compliant behavior. In further embodiments, the security management logic is further configured to receive a warning from the identity provider based on the user device having the non-compliant behavior. In many further embodiments, the security management logic is further configured to generate a new local trust score for the user device, and transmit the new local trust score to the identity provider, wherein the global trust score of the user device is updated based on the new local trust score. In yet further embodiments, to control the user device access to the network,