802.1x/Extensible Authentication Protocol
Beyond Traditional IEEE 802.11 Security to 802.1X/Extensible Authentication Protocol
Document Revision #: 0.4 Date of Issue: April 13, 2003 Project Members: Marie Waldrick
Revision 0.4/ April 13, 2003 Page 1 802.1x/Extensible Authentication Protocol
Table of Contents Beyond Traditional IEEE 802.11 Security to 802.1X/Extensible Authentication Protocol 1 Two types of WLAN 3 Adhoc Mode 3 Figure 1.0 An Adhoc Network 3 Infrastructure Mode 4 Figure 2.0 An Infrastructure Mode Client/Server Network 4 IEEE 802.11 5 OSI Reference Model 7 EAP System Architecture 8 Figure 3.0 8 EAP Extensible Authentication Protocol (EAP) 9 Figure 4.0 EAP in RADIUS RFC 2869 9 802.1x 10 Figure 5- 802.1x 10 Future Work/Protocols 10 802.1x/EAP=802.11i 10 Figure 6- Relationship between EAP client, backend authentication server and NAS 13 Figure 6- EAP/MD5 Conversation 14 Figure 7- EAP/TLS 15 Table 1.0 Definitions of Acronyms 16 References 17
Revision 0.4/ April 13, 2003 Page 2 802.1x/Extensible Authentication Protocol
Two types of WLAN
Adhoc Mode
Access 3 point
p pto La 4
1 ISP Web Server p pto La
Figure 1.0 An Adhoc Network
Revision 0.4/ April 13, 2003 Page 3 802.1x/Extensible Authentication Protocol
Infrastructure Mode Client/Server
5
Access 3 File point Server
4 2 1 Authentication Server p pto La
Figure 2.0 An Infrastructure Mode Client/Server Network
Revision 0.4/ April 13, 2003 Page 4 802.1x/Extensible Authentication Protocol
IEEE 802.11
IEEE 802.11 WLAN security is in the Data Link Layer of the OSI reference model. Part of the IEEE 802.11 standard provides a mechanism to protect the privacy of information that is transmitted through the air. The IEEE 802.11 standard provides three things.
Service set identifier (SSID)
Media Access Control (MAC) address filtering
Wired Equivalent Privacy (WEP)
The first is called open authentication where the service set ID (SSID) is supplied. The SSID is short for Service Set Identifier which is a 32-character unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect to the Basic Service Set (BSS). The SSID differentiates one WLAN from another, so all access points and all devices attempting to connect to a specific WLAN must use the same SSID. A device will not be permitted to join the BSS unless it can provide the unique SSID. Because an SSID can be sniffed in plain text from a packet it does not supply any security to the network. An SSID is also referred to as a Network Name because essentially it is a name that identifies a wireless network.
The second type is by a shared key. The access point sends the client device a challenge text packet that the client must then encrypt with the correct WEP key and return to the Access Point. If the client has the wrong key, no authentication will occur and no association will take place with the Access Point.
Static wired equivalent privacy (WEP) keys are either 40 or 128 bits that are statically defined by the network administrator on the access point and all clients that communicate with the access point. This mechanism, Wired Equivalent Privacy (WEP) defines an encryption method but does not define how the secret keys are to be distributed to the client and to the Access Point nodes.
In the network community, it is now generally agreed that IEEE 802.11 is insecure for wireless networks.
Access points are open signals that can potentially be picked up by anyone. Sharing compatible WLAN adapters and settings in the adhoc mode without an access point may allow an attacker to gain unauthorized access to clients. These are 802.11 b or 802.11a WLAN cards.
Revision 0.4/ April 13, 2003 Page 5 802.1x/Extensible Authentication Protocol
If the infrastructure mode is used with an Access Point, the default settings must have been changed on the Access Points to enable the WEP encryption protocol. By now however, the encryption protocol has been broken: 802.11a/b WEP RF
By itself, 802.11 has management methods that are not authenticated. These messages are listed below:
beacon probe request or response association request or response re-association request or response disassociation de-authentication
These messages are open to denial-of-service (DoS) attacks.
Possible Solutions:
Change the default SSID to something that does not identify your company or address. Filter addresses at MAC (Media Access Control) level. This means define which clients can have access to the network via the Access Point. This can be too administratively overbearing. Another option is to use a RADIUS Server where user-based authentication is centrally managed. A RADIUS (Remote Authentication Dial-in User Service) server does not address security of communications while they are “in the air”, it only prevents unauthorized people from accessing the ”wired” network.
By far, the most secure way to protect a network(s) is through a Virtual Private Network (VPN) with a firewall installed before the wireless network structure. Then with the wireless network, a combination of 802.1x and Extensible Authentication Protocol (EAP) can be used. EAP and 802.1x are discussed in the following report.
Revision 0.4/ April 13, 2003 Page 6 802.1x/Extensible Authentication Protocol
OSI Reference Model
Application Layer Seven OSI
Presentation Layer Six OSI
Session Layer Five OSI
IPSec, SSL, SSH (Encapsulation) Transport Layer Four Transport Control Protocol (TCP) OSI
Internet Protocol (IP) Network Layer Three L2TP-vpn encryption OSI
Data Link Layer Two 802.11 (Media Access Control) OSI
Physical Frequency Hoping Spread Spectrum Layer One OSI Direct Sequence Spread Spectrum Infrared
Revision 0.4/ April 13, 2003 Page 7 802.1x/Extensible Authentication Protocol
EAP System Architecture
PPP is well known and well deployed in many enterprises. As in figure 3 below, PPP is also integrated in RADIUS. PPP is usually used to obtain a packet service, but 802.11 is already a packet service; thus, PPPoL is an overhead. So, put PPP into the MAC-frame and put authentication method in PPP.
Visited domain
PPPoL:EAP AP/PPP p pto server La 802.11 RADIUS
802.11/PPP client Figure 3.0 EAP
Revision 0.4/ April 13, 2003 Page 8 802.1x/Extensible Authentication Protocol
EAP Extensible Authentication Protocol (EAP)
EAP is a generic architecture for passing messages among parties that do not necessarily need to understand the contents. It was originally created for use within PPP. EAP already exists for RADIUS authentication Server. See RFC 2869.
EAP sits inside PPP’s authentication protocol and provides a generalized framework for all sorts of authentication methods. Rather than keep changing PPP, the idea was to simply have a tunnel through the remote access server (RAS) for a more powerful protocol between the user and the real authentication server. By pulling EAP out into a separate protocol, it then has the option of re-use in other environments, like IEEE 802.1X. EAP methods may not know the negotiated ciphersuite. EAP is supposed to head off proprietary authentication systems and let everything from passwords to challenge-response tokens and PKI certificates work smoothly. For example, EAP provides support for multiple authentication methods and can be wrapped within TLS, see Figure 8.0. Any EAP method running within wrapped EAP is provided with built-in support for key exchange, session resumption and fragmentation and reassembly. These were weaknesses in EAP standalone. See RFC 2284. RFC 2284
Visited domain
Authenticator EAP over Radius top (AP) ap L Authenticati on Server (RADIUS)
Supplicant
Figure 4.0 EAP in RADIUS RFC 2869
Revision 0.4/ April 13, 2003 Page 9 802.1x/Extensible Authentication Protocol
802.1x
802.1x "Standard for Port Based Network Access Control" is simply a standard provided by IEEE for passing EAP over a wired or wireless LAN. Each message(s) can be packaged in Ethernet frames using 802.1X. PPP is not needed so the rest of PPP features can be eliminated. Three basic entities are provided by 802.1x. They are supplicant, authenticator, and authentication server in Figure 5.0 below.
Visited domain
802.11b, EAPoL
Authenticator EAP over Radius top for 802.11 ap L (AP) Authentication Server (RADIUS)
Supplicant (user)
Figure 5.0- 802.1x
Future Work/Protocols
802.1x/EAP=802.11i
802.11i provides full support for server-based authentication (usually only business) using the 802.1x protocol and EAP GF Most consumers will continue to use WEP until 802.11i is provided to the market in hardware and software.
Revision 0.4/ April 13, 2003 Page 10 802.1x/Extensible Authentication Protocol
802.11i will provide Temporal Key Integrity Protocol (TKIP) TKIP as a replacement for WEP when it is discarded. TKIP is one of two encryptions standards proposed for 802.11i. The other ADVANCED Encryption Standard may be somewhat stronger, but it will run only on future 802.11a/b hardware.
Basically, with 802.1x a user is initially allowed to communicate only with a access point. The authenticator only allows access to itself via a single port; the supplicant has no access to the rest of the network.
The access point passes the request on to a special longin server. Only if that server is satisfied by the person’s credentials (a user name plus a password, a biometric, or smart card) will the server give the person access to the network.
“If access is approved, the authenticator hands over a unique per-supplicant master key from which the supplicant’s network adapter derives the TKIP key, the packet integrity key, and other cryptographic necessities.
After a user has been authenticated, EAP is used to frequently refresh the master key, reducing the window of opportunity for intercepting packets for cracking. This re-keying process cleverly has perhaps more to do with the cryptographic future than the present.
To solve different parts of the WEP problem, three types of overlays embed EAP inside an encrypted tunnel.
An early version, EAP-TLS(Transport Layer Security), required a client-side public-key certificate to be preinstalled before the first wireless session. Although this was the method that Microsoft uses for its campus-wide WLAN, EAP-TLS is complicated because an enterprise must establish a PKI.
Instead, vendors are focusing on two methods: EAP-TTLS (Tunneled TLS) and PEAP (Protected EAP)HA, both of which build tunnels. One tunnel is entirely anonymous, allowing a second tunneled session to begin, which itself encapsulates EAP or other protocols. This approach avoids client certificates but still allows for them.
The only differences between EAP-TTLS and PEAP are that PEAP lacks support for legacy authentication, an important issue as 802.11a/b/g products already out on the shelf.
Both vendor backed EAP-TTLS and PEAP are still being evaluated by IETF (Internet Engineering Task Force).
Still, two man-in-the-middle attacks have been theorized that must be addressed before the standards can be deployed with absolute security.
Revision 0.4/ April 13, 2003 Page 11 802.1x/Extensible Authentication Protocol
One attack relies on supplicants performing authentication in the clear when asked to do so; the other attack lies in a lack of cryptographic binding between network layers, which allows a man in the middle to spoof a network identity without detection.
Conclusions:
All current support for 802.1x/EAP, tunneled or not, still relies on WEP as the link encryption method, which means that a VPN is still required for definite link security until current 802.1x/EAP with TKIP starts appearing in Access Points and clients.
As we survey the road ahead, it’s clear that the arrival of the 802.1x/EAP in vendors’ products and eventually 802.11i will reduce the administrative burden of WLANs, integrating them with existing authentication mechanisms and making the security issue disappear. “GF
Revision 0.4/ April 13, 2003 Page 12 802.1x/Extensible Authentication Protocol
Determines authentication encryption and MAC algorithms. Select by Server Default Cipher Suite TLS_DHE_CSS_WITH_3DES _EDE_CBC_SHA Cipher Cipher Suite Suite
Back End Network (EAP) Access Server Trust Server (NAS)
t ien Cl p pto EAP Conversation (over PPP, 802.11, etc.) La
Keys for Link Layer Ciphersuites
EAP Method EAP Method
Figure 6.0- Relationship between EAP client, backend authentication server and NAS
Revision 0.4/ April 13, 2003 Page 13 802.1x/Extensible Authentication Protocol
Figure 7.0- EAP/MD5 Conversation
Revision 0.4/ April 13, 2003 Page 14 802.1x/Extensible Authentication Protocol
Figure 8.0- EAP/TLS
Revision 0.4/ April 13, 2003 Page 15 802.1x/Extensible Authentication Protocol
Table 1.0 Definitions of Acronyms
Acronym Phrase
PPP Point to point protocol
EAP Extensible Authentication Protocol
IEEE 802.11 standards IETF Internet Engineering Task Force 802.11a/b/g/… 802.1x Radius Remote Authentication Dial-In User Service Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. WEP Wired Equivalent Privacy TLS or TTLS EAP authentication methods Ciphersuite Determines authentication encryption and MAC algorithms. Select by Server Default Cipher Suite TLS_DHE_CSS_WITH_3DES_EDE_CBC_SHA
Wi-Fi Alliance The interrelationship between industry members is called the Wi-Fi Alliance. They call their industry standard WPA (Wi-Fi Protected Access). This is another name for the most current 802.11i draft from the IETF to repair WEP(Wired Equivalent Privacy) problems.
References
Revision 0.4/ April 13, 2003 Page 16 802.1x/Extensible Authentication Protocol
CP Cisco Networking Academy Program: Second-Year Companion Guide, Cisco Systems, Inc., Cisco Press 2001.
GF Glen Fleishman, “Key to Wi-Fi security”, http://www.infoworld.com/article/ / 03/01/10/030113newifisec_1.html
HA H.Anderson,“Protected Extensible Authentication Protocol (PEAP), http://www.globecom.net/ietf/draft/draft-josefsson-pppex-eap-tls-eap-02.html
RF Rob Flickenger, “Using SSH Tunneling”, http://www.oreillynet.com/pub/a/wireless/2001/02/23/wep.html
RFC 2284 http://www.ietf.org/ietf/lid-abstracts.txt
TKIP www.inetdevgrp.org/20020618/WLANSecurity.pdf
Revision 0.4/ April 13, 2003 Page 17