The main objective of this project is to design and implement a custom network access control system optimized for edge gateways running Yocto-based BalenaOS. This system will replace existing solutions like CoovaChilli, FreeRADIUS, and Hostapd, providing a more efficient, scalable, and secure alternative that integrates seamlessly with an existing Vue.js-based captive portal.

Tasks and Activities

1. System Design and Architecture:

• Design the architecture for a unified network access control system that integrates user authentication, IP management, and wireless access point management.

1. Custom Software Development:

• Develop the custom captive portal controller, authentication service, and wireless AP management tools using efficient programming languages like Golang and C/C++.
• Implement a lightweight DHCP server and IP tables management for dynamic IP allocation and traffic control.

1. Security Implementation:

• Integrate SSL/TLS for secure communication and data encryption.
• Develop advanced firewall rules and intrusion detection systems to enhance network security.

1. Scalability and Performance Optimization:

• Optimize the system for resource-constrained edge devices, ensuring minimal CPU and memory usage.
• Design the system to scale horizontally across multiple gateways with clustering and load balancing mechanisms.

1. Integration with Existing Systems:

• Ensure seamless integration with the existing Vue.js-based captive portal, allowing for white-labeling and easy customization.
• Develop configuration management tools for flexible and dynamic system updates.

1. Deployment and Testing:

• Create a Yocto recipe for building and deploying the system on BalenaOS-based devices.
• Perform extensive testing for performance, security, and scalability, documenting all findings.

Deliverables

1. Custom Network Access Control System: A complete, optimized software package replacing CoovaChilli, FreeRADIUS, and Hostapd.
2. Yocto Recipe: A custom recipe for building and deploying the system on Yocto-based BalenaOS devices.
3. Security and Performance Reports: Documentation of testing results, including security validations and performance metrics.
4. Deployment and Configuration Scripts: Automated scripts for deployment and configuration management.
5. User and Technical Documentation: Comprehensive documentation covering system usage, configuration, and maintenance.
6. Final Presentation: A summary of the project, highlighting key achievements, challenges overcome, and future recommendations.

This structured approach will ensure that the project meets its goal of delivering a modern, secure, and efficient network access control system for edge devices.

Learners are expected to complete the following tasks and deliver the corresponding outcomes to achieve the project goal:

1. System Architecture Design:

• Deliverable: A detailed system architecture document outlining the design of the custom network access control system, including components for captive portal management, authentication, IP management, and wireless AP control.

1. Custom Software Development:

• Deliverable: A fully functional software package that replaces CoovaChilli, FreeRADIUS, and Hostapd, developed in languages like Golang and C/C++. This package will include:
• Captive Portal Controller
• Authentication Service
• Wireless AP Management Service
• DHCP Server and IP Management Module

1. Security Implementation:

• Deliverable: A set of security features integrated into the system, including SSL/TLS encryption, firewall rules, and intrusion detection capabilities, with a corresponding security implementation report.

1. Scalability and Performance Optimization:

• Deliverable: Optimized code and system configurations that ensure the solution is lightweight, resource-efficient, and capable of scaling horizontally. This includes performance benchmarks and optimization reports.

1. Integration and Customization Tools:

• Deliverable: Tools and scripts for seamless integration with the existing Vue.js-based captive portal, including white-labeling templates and configuration management scripts.

1. Yocto Recipe for BalenaOS:

• Deliverable: A custom Yocto recipe for building and deploying the network access control system on Yocto-based BalenaOS devices, ensuring easy deployment and updates.

1. Testing and Validation Reports:

• Deliverable: Comprehensive testing and validation reports, including security tests, scalability assessments, and performance evaluations.

1. User and Technical Documentation:

• Deliverable: Complete user and technical documentation, covering installation, configuration, usage, and maintenance of the system.

1. Final Presentation:

• Deliverable: A final presentation that summarizes the project, including the key achievements, challenges encountered, and recommendations for future improvements.

These deliverables will collectively ensure that learners have developed a robust, scalable, and secure network access control system, along with the necessary tools and documentation for deployment and maintenance.

Mentorship: Continuous guidance from experienced staff members to assist with technical challenges, architectural decisions, and project management.

Access to Tools and Technology: Provision of necessary development tools, access to test hardware, and software environments, including Yocto-based BalenaOS and related development frameworks.

Regular Check-ins: Scheduled weekly meetings to review progress, provide feedback, and address any roadblocks.

Documentation and Resources: Access to existing documentation, codebases, and relevant learning materials to help understand the technologies involved.

Testing Environment: A dedicated testing environment for running and validating the developed solution under real-world conditions.