Table of Contents s67

802.1x/Extensible Authentication Protocol

Beyond Traditional IEEE 802.11 Security to 802.1X/Extensible Authentication Protocol

Document Revision #: 0.4 Date of Issue: April 13, 2003 Project Members: Marie Waldrick

Revision 0.4/ April 13, 2003 Page 1 802.1x/Extensible Authentication Protocol

Table of Contents Beyond Traditional IEEE 802.11 Security to 802.1X/Extensible Authentication Protocol 1 Two types of WLAN 3 Adhoc Mode 3 Figure 1.0 An Adhoc Network 3 Infrastructure Mode 4 Figure 2.0 An Infrastructure Mode Client/Server Network 4 IEEE 802.11 5 OSI Reference Model 7 EAP System Architecture 8 Figure 3.0 8 EAP Extensible Authentication Protocol (EAP) 9 Figure 4.0 EAP in RADIUS RFC 2869 9 802.1x 10 Figure 5- 802.1x 10 Future Work/Protocols 10 802.1x/EAP=802.11i 10 Figure 6- Relationship between EAP client, backend authentication server and NAS 13 Figure 6- EAP/MD5 Conversation 14 Figure 7- EAP/TLS 15 Table 1.0 Definitions of Acronyms 16 References 17

Two types of WLAN

Adhoc Mode

Access 3 point

p pto La 4

1 ISP Web Server p pto La

Figure 1.0 An Adhoc Network

Infrastructure Mode Client/Server

Access 3 File point Server

4 2 1 Authentication Server p pto La

Figure 2.0 An Infrastructure Mode Client/Server Network

IEEE 802.11

IEEE 802.11 WLAN security is in the Data Link Layer of the OSI reference model. Part of the IEEE 802.11 standard provides a mechanism to protect the privacy of information that is transmitted through the air. The IEEE 802.11 standard provides three things.

 Service set identifier (SSID)

 Media Access Control (MAC) address filtering

 Wired Equivalent Privacy (WEP)

The first is called open authentication where the service set ID (SSID) is supplied. The SSID is short for Service Set Identifier which is a 32-character unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect to the Basic Service Set (BSS). The SSID differentiates one WLAN from another, so all access points and all devices attempting to connect to a specific WLAN must use the same SSID. A device will not be permitted to join the BSS unless it can provide the unique SSID. Because an SSID can be sniffed in plain text from a packet it does not supply any security to the network. An SSID is also referred to as a Network Name because essentially it is a name that identifies a wireless network.

The second type is by a shared key. The access point sends the client device a challenge text packet that the client must then encrypt with the correct WEP key and return to the Access Point. If the client has the wrong key, no authentication will occur and no association will take place with the Access Point.

Static wired equivalent privacy (WEP) keys are either 40 or 128 bits that are statically defined by the network administrator on the access point and all clients that communicate with the access point. This mechanism, Wired Equivalent Privacy (WEP) defines an encryption method but does not define how the secret keys are to be distributed to the client and to the Access Point nodes.

In the network community, it is now generally agreed that IEEE 802.11 is insecure for wireless networks.

Access points are open signals that can potentially be picked up by anyone. Sharing compatible WLAN adapters and settings in the adhoc mode without an access point may allow an attacker to gain unauthorized access to clients. These are 802.11 b or 802.11a WLAN cards.

If the infrastructure mode is used with an Access Point, the default settings must have been changed on the Access Points to enable the WEP encryption protocol. By now however, the encryption protocol has been broken: 802.11a/b WEP RF

By itself, 802.11 has management methods that are not authenticated. These messages are listed below:

beacon probe request or response association request or response re-association request or response disassociation de-authentication

These messages are open to denial-of-service (DoS) attacks.

Possible Solutions:

Change the default SSID to something that does not identify your company or address. Filter addresses at MAC (Media Access Control) level. This means define which clients can have access to the network via the Access Point. This can be too administratively overbearing. Another option is to use a RADIUS Server where user-based authentication is centrally managed. A RADIUS (Remote Authentication Dial-in User Service) server does not address security of communications while they are “in the air”, it only prevents unauthorized people from accessing the ”wired” network.

By far, the most secure way to protect a network(s) is through a Virtual Private Network (VPN) with a firewall installed before the wireless network structure. Then with the wireless network, a combination of 802.1x and Extensible Authentication Protocol (EAP) can be used. EAP and 802.1x are discussed in the following report.

OSI Reference Model

Application Layer Seven OSI

Presentation Layer Six OSI

Session Layer Five OSI

IPSec, SSL, SSH (Encapsulation) Transport Layer Four Transport Control Protocol (TCP) OSI

Internet Protocol (IP) Network Layer Three L2TP-vpn encryption OSI

Data Link Layer Two 802.11 (Media Access Control) OSI

Physical Frequency Hoping Spread Spectrum Layer One OSI Direct Sequence Spread Spectrum Infrared

EAP System Architecture

PPP is well known and well deployed in many enterprises. As in figure 3 below, PPP is also integrated in RADIUS. PPP is usually used to obtain a packet service, but 802.11 is already a packet service; thus, PPPoL is an overhead. So, put PPP into the MAC-frame and put authentication method in PPP.

Visited domain

PPPoL:EAP AP/PPP p pto server La 802.11 RADIUS

802.11/PPP client Figure 3.0 EAP

EAP Extensible Authentication Protocol (EAP)

EAP is a generic architecture for passing messages among parties that do not necessarily need to understand the contents. It was originally created for use within PPP. EAP already exists for RADIUS authentication Server. See RFC 2869.

EAP sits inside PPP’s authentication protocol and provides a generalized framework for all sorts of authentication methods. Rather than keep changing PPP, the idea was to simply have a tunnel through the remote access server (RAS) for a more powerful protocol between the user and the real authentication server. By pulling EAP out into a separate protocol, it then has the option of re-use in other environments, like IEEE 802.1X. EAP methods may not know the negotiated ciphersuite. EAP is supposed to head off proprietary authentication systems and let everything from passwords to challenge-response tokens and PKI certificates work smoothly. For example, EAP provides support for multiple authentication methods and can be wrapped within TLS, see Figure 8.0. Any EAP method running within wrapped EAP is provided with built-in support for key exchange, session resumption and fragmentation and reassembly. These were weaknesses in EAP standalone. See RFC 2284. RFC 2284

Visited domain

Authenticator EAP over Radius top (AP) ap L Authenticati on Server (RADIUS)

Supplicant

Figure 4.0 EAP in RADIUS RFC 2869

802.1x

802.1x "Standard for Port Based Network Access Control" is simply a standard provided by IEEE for passing EAP over a wired or wireless LAN. Each message(s) can be packaged in Ethernet frames using 802.1X. PPP is not needed so the rest of PPP features can be eliminated. Three basic entities are provided by 802.1x. They are supplicant, authenticator, and authentication server in Figure 5.0 below.

Visited domain

802.11b, EAPoL

Authenticator EAP over Radius top for 802.11 ap L (AP) Authentication Server (RADIUS)

Supplicant (user)

Figure 5.0- 802.1x

Future Work/Protocols

802.1x/EAP=802.11i

802.11i provides full support for server-based authentication (usually only business) using the 802.1x protocol and EAP GF Most consumers will continue to use WEP until 802.11i is provided to the market in hardware and software.

802.11i will provide Temporal Key Integrity Protocol (TKIP) TKIP as a replacement for WEP when it is discarded. TKIP is one of two encryptions standards proposed for 802.11i. The other ADVANCED Encryption Standard may be somewhat stronger, but it will run only on future 802.11a/b hardware.

Basically, with 802.1x a user is initially allowed to communicate only with a access point. The authenticator only allows access to itself via a single port; the supplicant has no access to the rest of the network.

The access point passes the request on to a special longin server. Only if that server is satisfied by the person’s credentials (a user name plus a password, a biometric, or smart card) will the server give the person access to the network.

“If access is approved, the authenticator hands over a unique per-supplicant master key from which the supplicant’s network adapter derives the TKIP key, the packet integrity key, and other cryptographic necessities.

After a user has been authenticated, EAP is used to frequently refresh the master key, reducing the window of opportunity for intercepting packets for cracking. This re-keying process cleverly has perhaps more to do with the cryptographic future than the present.

To solve different parts of the WEP problem, three types of overlays embed EAP inside an encrypted tunnel.

An early version, EAP-TLS(Transport Layer Security), required a client-side public-key certificate to be preinstalled before the first wireless session. Although this was the method that Microsoft uses for its campus-wide WLAN, EAP-TLS is complicated because an enterprise must establish a PKI.

Instead, vendors are focusing on two methods: EAP-TTLS (Tunneled TLS) and PEAP (Protected EAP)HA, both of which build tunnels. One tunnel is entirely anonymous, allowing a second tunneled session to begin, which itself encapsulates EAP or other protocols. This approach avoids client certificates but still allows for them.

The only differences between EAP-TTLS and PEAP are that PEAP lacks support for legacy authentication, an important issue as 802.11a/b/g products already out on the shelf.

Both vendor backed EAP-TTLS and PEAP are still being evaluated by IETF (Internet Engineering Task Force).

Still, two man-in-the-middle attacks have been theorized that must be addressed before the standards can be deployed with absolute security.

One attack relies on supplicants performing authentication in the clear when asked to do so; the other attack lies in a lack of cryptographic binding between network layers, which allows a man in the middle to spoof a network identity without detection.

Conclusions:

All current support for 802.1x/EAP, tunneled or not, still relies on WEP as the link encryption method, which means that a VPN is still required for definite link security until current 802.1x/EAP with TKIP starts appearing in Access Points and clients.

As we survey the road ahead, it’s clear that the arrival of the 802.1x/EAP in vendors’ products and eventually 802.11i will reduce the administrative burden of WLANs, integrating them with existing authentication mechanisms and making the security issue disappear. “GF

Determines authentication encryption and MAC algorithms. Select by Server Default Cipher Suite TLS_DHE_CSS_WITH_3DES _EDE_CBC_SHA Cipher Cipher Suite Suite

Back End Network (EAP) Access Server Trust Server (NAS)

t ien Cl p pto EAP Conversation (over PPP, 802.11, etc.) La

Keys for Link Layer Ciphersuites

EAP Method EAP Method

Figure 6.0- Relationship between EAP client, backend authentication server and NAS

Figure 7.0- EAP/MD5 Conversation

Figure 8.0- EAP/TLS

Table 1.0 Definitions of Acronyms

Acronym Phrase

PPP Point to point protocol

EAP Extensible Authentication Protocol

IEEE 802.11 standards IETF Internet Engineering Task Force 802.11a/b/g/… 802.1x Radius Remote Authentication Dial-In User Service Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. WEP Wired Equivalent Privacy TLS or TTLS EAP authentication methods Ciphersuite Determines authentication encryption and MAC algorithms. Select by Server Default Cipher Suite TLS_DHE_CSS_WITH_3DES_EDE_CBC_SHA

Wi-Fi Alliance The interrelationship between industry members is called the Wi-Fi Alliance. They call their industry standard WPA (Wi-Fi Protected Access). This is another name for the most current 802.11i draft from the IETF to repair WEP(Wired Equivalent Privacy) problems.

References

CP Cisco Networking Academy Program: Second-Year Companion Guide, Cisco Systems, Inc., Cisco Press 2001.

GF Glen Fleishman, “Key to Wi-Fi security”, http://www.infoworld.com/article/ / 03/01/10/030113newifisec_1.html

HA H.Anderson,“Protected Extensible Authentication Protocol (PEAP), http://www.globecom.net/ietf/draft/draft-josefsson-pppex-eap-tls-eap-02.html

RF Rob Flickenger, “Using SSH Tunneling”, http://www.oreillynet.com/pub/a/wireless/2001/02/23/wep.html

RFC 2284 http://www.ietf.org/ietf/lid-abstracts.txt

TKIP www.inetdevgrp.org/20020618/WLANSecurity.pdf

Revision 0.4/ April 13, 2003 Page 17