Wireless LAN Overview - PowerPoint PPT Presentation

1 / 131
About This Presentation
Title:

Wireless LAN Overview

Description:

Wi-Fi standards use the Ethernet protocol and CSMA/CA (carrier sense multiple ... Rogue AP attacks (AP impersonation) DOS (denial of service) wireless attacks ... – PowerPoint PPT presentation

Number of Views:260
Avg rating:3.0/5.0
Slides: 132
Provided by: luce192
Category:

less

Transcript and Presenter's Notes

Title: Wireless LAN Overview


1
Wireless LAN Overview
  • Wi-Fi Technology
  • Wireless Fidelity (Wi-Fi)
  • Channels
  • Basic SecurityPractices
  • Vulnerabilities
  • WEP
  • WPA
  • 802.11i

2
Wireless LAN Overview
  • EAP and 802.1x
  • 802.1x
  • EAP
  • Definition
  • Process Flow
  • EAP Types and Flow

3
Wi-Fi Technology
4
Wi-Fi
  • Wi-Fi (short for Wireless Fidelity") is the
    popular term for a high-frequency wireless local
    area network (WLAN)
  • Promoted by the Wi-Fi Alliance (Formerly WECA -
    Wireless Ethernet Carriers Association)
  • Used generically when referring to any type of
    802.11 network, whether 802.11a, 802.11b,
    802.11g, dual-band, etc. The term is promulgated
    by the Wi-Fi Alliance

5
Wi-Fi
  • Wi-Fi standards use the Ethernet protocol and
    CSMA/CA (carrier sense multiple access with
    collision avoidance) for path sharing
  • The 802.11b (Wi-Fi) technology operates in the
    2.4 GHz range offering data speeds up to 11
    megabits per second. The modulation used in
    802.11 has historically been phase-shift keying
    (PSK).
  • Note, unless adequately protected, a Wi-Fi
    wireless LAN is easily accessible by unauthorized
    users

6
Wireless LAN Topology
  • Wireless LAN is typically deployed as an
    extension of an existing wired network as shown
    below. 

7
Wireless LAN Topology
  • Here is an example of small business usage of
    Wi-Fi Network.

DSL Router
DSLConnectionEtc.
The DSL router and Wi-Fi AP are often combined
into a single unit
8
What is 802.11?
  • 802.11 refers to a family of specifications
    developed by the IEEE for wireless LAN
    technology. 802.11 specifies an over-the-air
    interface between a wireless client and a base
    station or between two wireless clients.
  • The IEEE accepted the specification in 1997.

9
802.11 Family Members
  • There are several specifications in the 802.11
    family
  • 802.11
  • Applies to wireless LANs and provides 1 or 2 Mbps
    transmission in the 2.4 GHz band using either
    frequency hopping spread spectrum (FHSS) or
    direct sequence spread spectrum (DSSS).
  • 802.11a
  • An extension to 802.11 that applies to wireless
    LANs and provides up to 54 Mbps in the 5GHz band.
    802.11a uses an orthogonal frequency division
    multiplexing encoding scheme rather than FHSS or
    DSSS.
  • 802.11b
  • (also referred to as 802.11 High Rate or Wi-Fi)
    is an extension to 802.11 that applies to
    wireless LANs and provides 11 Mbps transmission
    (with a fallback to 5.5, 2 and 1 Mbps) in the 2.4
    GHz band. 802.11b uses only DSSS. 802.11b was a
    1999 ratification to the original 802.11
    standard, allowing wireless functionality
    comparable to Ethernet.
  • 802.11g
  • Applies to wireless LANs and provides 20 Mbps in
    the 2.4 GHz band.

10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
802.11Range Comparisons
15
802.11 Authentication
  • The 802.11 standard defines several services that
    govern how two 802.11 devices communicate. The
    following events must occur before an 802.11
    station can communicate with an Ethernet network
    through a wireless access point provides
  • Turn on the wireless Client
  • Client listens for messages from any access
    points (AP) that are in range
  • Client finds a message from an AP that has a
    matching SSID
  • Client sends an authentication request to the AP
  • AP authenticates the station
  • Client sends an association request to the AP
  • AP associates with the station
  • Client can now communicate with the Ethernet
    network thru the AP

16
What Exactly Is 802.1x?
  • Standard set by the IEEE 802.1 working group.
  • Describes a standard link layer protocol used for
    transporting higher-level authentication
    protocols.
  • Works between the Supplicant (Client Software)
    and the Authenticator (Network Device).
  • Maintains backend communication to an
    Authentication (Typically RADIUS) Server.

17
What Does it Do?
  • Transport authentication information in the form
    of Extensible Authentication Protocol (EAP)
    payloads.
  • The authenticator (switch) becomes the middleman
    for relaying EAP received in 802.1x packets to an
    authentication server by using RADIUS to carry
    the EAP information.
  • Several EAP types are specified in the standard.
  • Three common forms of EAP are
  • EAP-MD5 MD5 Hashed Username/Password
  • EAP-OTP One-Time Passwords
  • EAP-TLS Strong PKI Authenticated Transport
    Layer Security (SSL)

802.1x Header
EAP Payload
18
What is RADIUS?
  • RADIUS The Remote Authentication Dial In User
    Service
  • A protocol used to communicate between a network
    device and an authentication server or database.
  • Allows the communication of login and
    authentication information. i.e.
    Username/Password, OTP, etc. using
    Attribute/Value pairs (Attribute Value)
  • Allows the communication of extended attribute
    value pairs using Vendor Specific Attributes
    (VSAs).
  • Can also act as a transport for EAP messages.
  • RFC2865, RFC2866 and others

RADIUS Header
UDP Header
EAP Payload
19
802.11 Authentication Flow
20
Wi-Fi Channels
  • Wireless LAN communications are based on the use
    of radio signals to exchange information through
    an association between a wireless LAN card and a
    nearby access point.
  • Each access point in an 802.11b/g network is
    configured to use one radio frequency (RF)
    channel.
  • Although the 802.11b/g specifications indicate
    that there are fourteen (14) channels that can be
    utilized for wireless communications, in the
    U.S., there are only eleven channels allowed for
    AP use. In addition, since there is frequency
    overlap among many of the channels, there must be
    22 MHz separation between any two channels in
    use.

21
Wi-Fi Channels
  • In a multi-access point installation, where
    overlapping channels can cause interference,
    dead-spots and other problems, Channels 1, 6 and
    11 are generally regarded as the only safe
    channels to use. Since there are 5 5MHz channels
    between 1 and 6, and between 6 and 11, or 25MHz
    of total bandwidth, that leaves three MHz of
    buffer zone between channels.
  • In practice, this constraint limits the number of
    useable channels to three (channels 1, 6, and
    11). 802.11a wireless networks have eight
    non-overlapping channels which provide more
    flexibility in terms of channel assignment.

22
Wi-Fi Channels
  • For example, 802.11a - An extension to the IEEE
    802.11 standard that applies to wireless LANs and
    provides up to 54 Mbps in the 5GHz band.
  • For the North American users, equipment available
    today operates between 5.15 and 5.35GHz.
  • This bandwidth supports eight separate,
    non-overlapping 200 MHz channels.
  • These channels allow users to install up to eight
    access points set to different channels without
    interference, making access point channel
    assignment much easier and significantly
    increasing the level of throughput the wireless
    LAN can deliver within a given area.

23
Wi-Fi Channels
  • If two access points that use the same RF channel
    are too close, the overlap in their signals will
    cause interference, possibly confusing wireless
    cards in the overlapping area.
  • To avoid this potential scenario, it is important
    that wireless deployments be carefully designed
    and coordinated.
  • It is also critical to make sure that deployment
    does not cause conflicts with other pre-existing
    wireless implementations.

Three channels on a single floor
24
Basic 802.11 Security
  • SSID (Service Set Identifier) or ESSID (Extended
    Service Set Identifier)
  • Each AP has an SSID that it uses to identify
    itself. Network configuration requires each
    wireless client to know the SSID of the AP to
    which it wants to connect.
  • SSID provides a very modest amount of control. It
    keeps a client from accidentally connecting to a
    neighboring AP only. It does not keep an attacker
    out.

25
SSID
  • SSID (Service Set Identifier) or ESSID (Extended
    Service Set Identifier)
  • The SSID is a token that identifies an 802.11
    network. The SSID is a secret key that is set by
    the network administrator. Clients must know the
    SSID to join an 802.11 network however, network
    sniffing can discover the SSID.
  • The fact that the SSID is a secret key instead of
    a public key creates a management problem for the
    network administrator.
  • Every user of the network must configure the SSID
    into their system. If the network administrator
    seeks to lock a user out of the network, the
    administrator must change the SSID of the
    network, which requires reconfiguration of every
    network node. Some 802.11 NICs allow you to
    configure several SSIDs at one time.

26
Basic 802.11 Security
  • MAC filters
  • Some APs provide the capability for checking the
    MAC address of the client before allowing it to
    connect to the network.  
  • Using MAC filters is considered to be very weak
    security because with many Wi-Fi client
    implementations it is possible to change the MAC
    address by reconfiguring the card.
  • An attacker could sniff a valid MAC address from
    the wireless network traffic .

27
Basic 802.11 Security
  • Static WEP keys
  • Wired Equivalent Privacy (WEP) is part of the
    802.11 specification.
  • Static WEP key operation requires keys on the
    client and AP that are used to encrypt data sent
    between them. With WEP encryption, sniffing is
    eliminated and session hijacking is difficult (or
    impossible).
  • Client and AP are configured with a set of 4
    keys, and when decrypting each are used in turn
    until decryption is successful. This allows keys
    to be changed dynamically.
  • Keys are the same in all clients and AP. This
    means that there is a community key shared by
    everyone using the same AP. The danger is that if
    any one in the community is compromised, the
    community key, and hence the network and everyone
    else using it, is at risk.

28
Authentication Type
  • An access point must authenticate a station
    before the station can associate with the access
    point or communicate with the network. The IEEE
    802.11 standard defines two types of
    authentication
  • Open System Authentication
  • Shared Key Authentication

29
Authentication Type Open System Authentication
  • The following steps occur when two devices use
    Open System Authentication
  • The station sends an authentication request to
    the access point.
  • The access point authenticates the station.
  • The station associates with the access point and
    joins the network.
  • The process is illustrated below.

30
Authentication Type Shared Key Authentication
  • The following steps occur when two devices use
    Shared Key Authentication
  • The station sends an authentication request to
    the access point.
  • The access point sends challenge text to the
    station.
  • The station uses its configured 64-bit or 128-bit
    default key to encrypt the challenge text, and
    sends the encrypted text to the access point.
  • The access point decrypts the encrypted text
    using its configured WEP Key that corresponds to
    the stations default key.
  • The access point compares the decrypted text with
    the original challenge text. If the decrypted
    text matches the original challenge text, then
    the access point and the station share the same
    WEP Key and the access point authenticates the
    station.
  • The station connects to the network.

31
Authentication Type Shared Key Authentication
  • If the decrypted text does not match the original
    challenge text (i.e., the access point and
    station do not share the same WEP Key), then the
    access point will refuse to authenticate the
    station and the station will be unable to
    communicate with either the 802.11 network or
    Ethernet network.
  • The process is illustrated in below.

32
Overview of WEP Parameters
  • Before enabling WEP on an 802.11 network, you
    must first consider what type of encryption you
    require and the key size you want to use.
    Typically, there are three WEP Encryption options
    available for 802.11 products
  • Do Not Use WEP The 802.11 network does not
    encrypt data. For authentication purposes, the
    network uses Open System Authentication.
  • Use WEP for Encryption A transmitting 802.11
    device encrypts the data portion of every packet
    it sends using a configured WEP Key. The
    receiving device decrypts the data using the same
    WEP Key. For authentication purposes, the
    wireless network uses Open System Authentication.
  • Use WEP for Authentication and Encryption A
    transmitting 802.11 device encrypts the data
    portion of every packet it sends using a
    configured WEP Key. The receiving 802.11 device
    decrypts the data using the same WEP Key. For
    authentication purposes, the 802.11 network uses
    Shared Key Authentication.
  • Note Some 802.11 access points also support Use
    WEP for Authentication Only (Shared Key
    Authentication without data encryption).

33
Recommended 802.11 Security Practices
  • Change the default password for the Admin account
  • SSID
  • Change the default
  • Disable Broadcast
  • Make it unique
  • If possible, Change it often
  • Enable MAC Address Filtering
  • Enable WEP 128-bit Data Encryption. Please note
    that this will reduce your network performance
  • Use the highest level of encryption possible
  • Use a Shared Key
  • Use multiple WEP keys
  • Change it regularly
  • Turn off DHCP
  • Refrain from using the default IP subnet

34
Vulnerabilities
35
Vulnerabilities
  • There are several known types of wireless attacks
    that must be protected against
  • SSID (network name) sniffing
  • WEP encryption key recovery attacks
  • ARP poisoning (man in the middle attacks)
  • MAC address spoofing
  • Access Point management password and SNMP attacks
  • Wireless end user (station) attacks
  • Rogue AP attacks (AP impersonation)
  • DOS (denial of service) wireless attacks

36
Diversity Antenna Attacks
  • If diversity antennas A and B are attached to an
    AP, they are setup to cover both sides of tan
    area independently. Alice is on the left side of
    the area, so the AP will choose antenna A for the
    sending and receiving frames. Bob is on the
    opposite side of the area from Alice and will
    therefore send and receive frames with antenna B.
  • Bob can take Alice off the network by changing
    his MAC address to be the same as Alice's. Bob
    can also guarantee that his signal is stronger on
    antenna B than Alice's signal on antenna A by
    using an amplifier or other enhancement
    mechanism.
  • Once Bob's signal has been detected as the
    stronger signal on antenna B, the AP will send
    and receive frames for the MAC address on antenna
    B. As long as Bob continues to send traffic to
    the AP, Alice's frames will be ignored.

37
Malicious AP overpowering valid AP
  • If a client is not using WEP authentication (or
    an attacker has knowledge of the WEP key), then
    the client is vulnerable to DoS attacks from
    spoofed APs.
  • Clients can generally be configured to associate
    with any access point or to associate to an
    access point in a particular ESSID.
  • If a client is configured to associate to any
    available AP, it will select the AP with the
    strongest signal regardless of the ESSID.
  • If the client is configured to associate to a
    particular ESSID, it will select the AP in the
    ESSID with the strongest signal strength.
  • Either way, a malicious AP can effectively
    black-hole traffic from a victim by spoofing the
    desired AP.

38
Man-in-the-Middle Attacks
  • Man-in-the-middle (MITM) attacks have two major
    forms eavesdropping and manipulation.
  • Eavesdropping occurs when an attacker receives a
    data communication stream. This is not so much a
    direct attack as much as it is a leaking of
    information. An eavesdropper can record and
    analyze the data that he is listening to.
  • A manipulation attack requires the attacker to
    not only have the ability to receive the victim's
    data but then be able to retransmit the data
    after changing it.

39
WEP What?
  • WEP (Wired Equivalent Privacy) referring to the
    intent to provide a privacy service to wireless
    LAN users similar to that provided by the
    physical security inherent in a wired LAN.
  • WEP is the privacy protocol specified in IEEE
    802.11 to provide wireless LAN users protection
    against casual eavesdropping.

40
IV Key Hashing/Temporal Key
WEP Encryption Today
IV
BASE KEY
PLAINTEXT DATA
CIPHERTEXT DATA
XOR
RC4
STREAM CIPHER
41
WEP How?
  • When WEP is active in a wireless LAN, each 802.11
    packet is encrypted separately with a RC4 cipher
    stream generated by a 64 bit RC4 key. This key is
    composed of a 24 bit initialization vector (IV)
    and a 40 bit WEP key.
  • The encrypted packet is generated with a bit-wise
    exclusive OR (XOR) of the original packet and the
    RC4 stream.
  • The IV is chosen by the sender and should be
    changed so that every packet won't be encrypted
    with the same cipher stream.
  • The IV is sent in the clear with each packet.
  • An additional 4 byte Integrity Check Value (ICV)
    is computed on the original packet using the
    CRC-32 checksum algorithm and appended to the
    end.
  • The ICV (be careful not to confuse this with the
    IV) is also encrypted with the RC4 cipher stream.

42
WEP - Weaknesses
  • Key Management and Key Size
  • Key management is not specified in the WEP
    standard, and therefore is one of its weaknesses,
    because without interoperable key management,
    keys will tend to be long-lived and of poor
    quality.
  • The Initialization Vector (IV) is Too Small
  • WEPs IV size of 24 bits provides for 16,777,216
    different RC4 cipher streams for a given WEP key,
    for any key size. Remember that the RC4 cipher
    stream is XOR-ed with the original packet to give
    the encrypted packet which is transmitted, and
    the IV is sent in the clear with each packet.
  • The Integrity Check Value (ICV) algorithm is not
    appropriate
  • The WEP ICV is based on CRC-32, an algorithm for
    detecting noise and common errors in
    transmission. CRC-32 is an excellent checksum for
    detecting errors, but an awful choice for a
    cryptographic hash.

43
WEP - Weaknesses
  • WEPs use of RC4 is weak
  • RC4 in its implementation in WEP has been found
    to have weak keys. Having a weak key means that
    there is more correlation between the key and the
    output than there should be for good security.
    Determining which packets were encrypted with
    weak keys is easy because the first three bytes
    of the key are taken from the IV that is sent
    unencrypted in each packet.
  • This weakness can be exploited by a passive
    attack. All the attacker needs to do is be within
    a hundred feet or so of the AP.
  • Authentication Messages can be easily forged
  • 802.11 defines two forms of authentication
  • Open System (no authentication) and
  • Shared Key authentication.
  • These are used to authenticate the client to the
    access point.
  • The idea was that authentication would be better
    than no authentication because the user has to
    prove knowledge of the shared WEP key, in effect,
    authenticating himself.

44
WPA
  • Wi-Fi Protected Access (WPA) is a new security
    guideline issued by the Wi-Fi Alliance.
  • The goal is to strengthen security over the
    current WEP standards by including mechanisms
    from the emerging 802.11i standard for both data
    encryption and network access control.
  • Path WEP -gt WPA -gt 802.11i
  • WPA TKIP(Temporal Key Integrity Protocol)
    IEEE 802.1x
  • For encryption, WPA has TKIP, which uses the same
    encryption algorithm as WEP, but constructs keys
    in a different way.
  • For access control, WPA will use the IEEE 802.1x
    protocol.

45
802.11i Future Wireless Security Standard
  • Task group "i" within the IEEE 802.11 is
    responsible for developing a new standard for
    WLAN security to replace the weak WEP (Wired
    Equivalent Privacy).
  • The IEEE 802.11i standard utilizes the
    authentication schemes of 802.1x and
    EAP(Extensible Authentication Protocol) in
    addition to a new encryption scheme AES
    (Advanced Encryption Standard) and dynamic key
    distribution scheme - TKIP(Temporal Key Integrity
    Protocol).
  • 802.11i TKIP IEEE 802.1x AES

46
802.11i Future Wireless Security Standard
  • Temporal Key Integrity Protocol (TKIP)
  • The Temporal Key Integrity Protocol is part of
    the IEEE 802.11i encryption standard for wireless
    LANs. TKIP is the next generation of WEP, the
    Wired Equivalency Protocol, which is used to
    secure 802.11 wireless LANs. TKIP provides
    per-packet key mixing, a message integrity check
    and a re-keying mechanism, thus fixing the flaws
    of WEP.

47
802.11i Future Wireless Security Standard
  • Advanced Encryption Standard (AES)
  • AES is the U.S. government's next-generation
    cryptography algorithm, which will replace DES
    and 3DES.

48
EAP and 802.1x
49
802.1x
  • IEEE802.1x is the denotation of a standard that
    is titled Port Based Network Access Control,
    which indicates that the emphasis of the standard
    is to provide a control mechanism to connect
    physically to a LAN.
  • The standard does not define the authentication
    methods, but it does provide a framework that
    allows the application of this standard in
    combination with any chosen authentication
    method.
  • It adds to the flexibility as current and future
    authentication methods can be used without having
    to adapt the standard.

50
802.1x Components
  • The 802.1x standard recognizes the following
    concepts
  •  Port Access Entity (PAE)
  • which refers to the mechanism (algorithms and
    protocols) associated with a LAN port (residing
    in either a Bridge or a Station)
  •  Supplicant PAE
  • which refers to the entity that requires
    authentication before getting access to the LAN
    (typically in the client station)
  • Authenticator PAE
  • which refers to the entity facilitating
    authentication of a supplicant (typically in
    bridge or AP)
  • Authentication server
  • which refers to the entity that provides
    authentication service to the Authenticators in
    the LAN (could be a RADIUS server)

51
802.1x Components
52
802.1x Call Flow
53
802.1x Call Flow
54
802.1x Traffic
  • As the picture indicates, EAP information, when
    transmitted from Supplicant to Authentication
    Server, is first encapsulated within a (wireless)
    LAN frame (referred to as EAP over LAN or EAPoL).
    Once received by the Authenticator it is
    extracted from the LAN frame and placed in a
    packet that conforms to the RADIUS protocol.
  • This RADIUS packet is then transmitted to the
    Authentication using the RADIUS (UDP) protocol.
  • Traffic coming from the Authentication Server to
    the Supplicant follows the reverse process.

55
EAP
  • EAP was originally designed as part of the PPP
    (Point-to-Point Protocol)
  • The PPP Extensible Authentication Protocol (EAP)
    is a general protocol for PPP authentication
    which supports multiple authentication
    mechanisms. It was developed in response to an
    increasing demand for remote access user
    authentication that uses other security devices.
  • By using EAP, support for a number of
    authentication schemes may be added by defining
    EAP-Types. Support might include token cards,
    one-time passwords, public key authentication
    using smart card, certificates, and others.
  • EAP hides the details of the authentication
    scheme from those network elements that need not
    know
  • For example in PPP, the client and the AAA server
    only need to know the EAP type, and the Network
    Access Server does not

56
EAP
  • RFC 2284 defines PPP Extensible Authentication
    Protocol.
  • EAP does not select a specific authentication
    mechanism at Link Control Phase, but rather
    postpones this until the Authentication Phase.
  • This allows the authenticator to request more
    information before determining the specific
    authentication mechanism.
  • This also permits the use of a "back-end" server
    which actually implements the various mechanisms
    while the PPP authenticator merely passes through
    the authentication exchange.

57
EAP Architecture
58
EAP Architecture
59
EAP Comparison
60
EAP Comparison
61
(No Transcript)
62
(No Transcript)
63
EAP Elements
  • EAP basically consists of four different protocol
    elements
  • Request packets (from Authenticator AP to
    client Supplicant)
  • Response packets (from Client to Authenticator)
  • Success packet
  • Failure packet


May originate from an AAA server
64
EAP Elements
65
EAP Message
  • All EAP messages have a common format

66
EAP Message 2
  • EAP request and response messages have the same
    format , with code1 for requests and code2 for
    responses

67
EAP Message 3
  • EAP Success messages are EAP messages with code 3
    and no data.
  • A success message means that the authentication
    concluded successfully.
  • EAP failure messages are EAP messages with code 4
    and no data.
  • A Failure message means that the authentication
    has failed.

68

General Description ofIEEE 802.1x Terminology
wireless network
enterprise network
enterprise edge
EAP over wireless
EAP over RADIUS
RADIUS server
Supplicant
Authentication Server
Authenticator
Operates on client
Processes EAP requests
Operates on devices at network edge, like APs and
switches
69

Before EAP Start
  • 802.11 association between client and
    authenticator
  • IP connection blocked by AP

EAP over wireless
EAP over RADIUS
RADIUS server
802.1X traffic
RADIUS traffic (IP/UDP over Layer 2 protocol (Eg.
Ethernet)
authentication traffic
AP transfers data from 802.1x EAP messages into
RADIUS messages, and visa versa AP blocks IP
connection until RADIUS access-accept is received
normal data
70
802.1x Call Flow
71
EAP Flow
  • After the Link Establishment phase is complete,
    the authenticator sends one or more Requests to
    authenticate the peer.
  • The Request has a type field to indicate what is
    being requested. Examples of Request types
    include Identity, MD5-challenge, One-Time
    Passwords, Generic Token Card, etc.
  • The MD5-challenge type corresponds closely to the
    CHAP authentication protocol.
  • Typically, the authenticator will send an initial
    Identity Request followed by one or more Requests
    for authentication information. However, an
    initial Identity Request is not required, and MAY
    be bypassed in cases where the identity is
    presumed (leased lines, dedicated dial-ups,
    etc.). 

72
EAP Flow
  • The peer sends a Response packet in reply to each
    Request. As with the Request packet, the
    Response packet contains a type field which
    corresponds to the type field of the Request. 
  • The authenticator ends the authentication phase
    with a Success or Failure packet.

73
Generic EAP Authentication Flow
Authenticator
Peer
74
EAP Authentication
  • Physical connection between the client station
    and the network is established first, which for
    wireless operation means that 802.11 Association
    has to be completed (this is the equivalent of
    plugging in a wired station in an Ethernet wall
    socket).

75
EAP Authentication
  • After Association the 802.1x authentication
    commences, initiated by the Authenticator (i.e.
    the AP or NAS), which sends an EAP Request to the
    Supplicant (i.e. the client station) asking for
    its credentials. These credentials could be
    machine name or user name, depending on the
    authentication method that is used.

76
EAP Authentication
  • The Supplicant transmits its identity information
    as part of an EAP response to the Authenticator,
    which takes the packet from the LAN frame and
    encapsulates it in a RADIUS protocol message for
    transmission to the Authentication Server.

77
EAP Authentication
  • At this point a sequence of exchanges will take
    place between the Authentication Server and the
    Supplicant (via the Authenticator), of which the
    exact details depend on the Authentication method
    used. The ultimate result of the complete
    sequence is either a positive result, where the
    supplicant is successfully authenticated, or a
    negative one where the authentication has failed.
    In the first case the door to network is opened
    and all network resources are now available for
    the client device, while in the second case the
    network access remains blocked.

78
EAP Authentication Methods MD5
  • EAP-Message Digest 5 uses the same challenge
    handshake protocol as PPP-based CHAP, but the
    challenges and responses are sent as EAP
    messages.
  • MD5 can be considered as the lowest common
    denominator EAP type.
  • EAP-MD5 does not support the use of per session
    WEP keys, or mutual authentication of Access
    Point and client.
  • It also does not support encrypted links for user
    data, so cannot be used in an 802.11i
    environment.
  • The EAP-MD5 authentication algorithm provides
    one-way password based network authentication of
    the client.

79
EAP Authentication Methods MD5
  • This algorithm can also be used for wireless
    applications with less stringent wireless LAN
    security requirements.
  • Advantage of using EAP-MD5 is that it is simple
    to administer for an operator, re-using the
    database of usernames and passwords which may
    exist currently. 
  • Disadvantage of using EAP-MD5 in wireless LAN
    applications is that no encryption keys are
    generated. Also, while the protocol can be used
    by the client to authenticate the network, it is
    typically used only for the network to
    authenticate the client.

80
EAP Authentication Methods MD5
  • A wireless station associates to its AP.
  • The AP will issue an EAP Request Identity frame
    to the client station.
  • The client station responds with its identity
    (machine name or user name).
  • The AP relays the EAP message (I.e. client
    stations identity) to the RADIUS
  • server, to initiate the authentication
    services.
  • The MD5 protocol replies on a challenge text
    issued by the server to the client.
  • Client is to encrypt this challenge using its
    user password and return the result.

81
EAP Authentication Methods MD5
  • The server will decrypt the result using the
    password that is recorded for the user.
  • When results match the original, the client is
    validated as genuine.
  • No encryption keys are generated.

82
EAP MD5
83
EAP Authentication Methods TLS
  • Transport Layer Security (TLS) is a certificate
    based authentication protocol. RFC 2716 provides
    mutual authentication and supports per-session
    WEP keys .
  • Certificate based authentication provides a
    highly secure digital equivalent of ID cards used
    by both the client and network so they can
    authenticate each other. Public Key
    Infrastructure (PKI) digital signature techniques
    are used to prove each partys authenticity.

84
EAP Authentication Methods TLS
  • A digital certificate is comprised of the
    following fields
  • a version
  • certificate serial number
  • signature algorithm identifier
  • name of the issuer
  • validity period
  • name
  • public key
  • optional unique identifiers
  • a signature value.

85
Certificate Authority
86
EAP Authentication Methods TLS
  • A wireless station associates to its AP.
  • The AP will issue an EAP Request
  • Identity frame to the client station.

87
EAP Authentication Methods TLS
  • The client station responds with its
  • identity (machine name or user name).
  • The AP relays the EAP message (I.e.
  • client stations identity) to the RADIUS
  • server, to initiate the authentication
  • services.

88
EAP Authentication Methods TLS
  • The RADIUS server requests credentials
  • from the client station to confirm the
  • identity, by sending the EAP request via
  • the AP.
  • The client replies sending its credentials
  • relayed by the AP.

89
EAP Authentication Methods TLS
  • The TLS_Hello messages are the start of the TLS
    handshake protocol
  • Server initiates by sending its Server_hello
    (including, the Certificate, the so-called
    Cyphersuite, indicating what crypto algorithm it
    can handle).
  • Client replies with Client_Hello, stating among
    others its certificate, what crypto-algorithm was
    selected, and requesting the server to send its
    certificate.
  • The client and Server engage in the
    Key-Exchange sequence (Diffie-Hellman).

90
EAP Authentication Methods TLS
  • On completion of the DH Key exchange between
    server and client, the server transmits its keys
    to the AP.
  • To encrypt subsequent IEEE 802.11 frames
    exchanged between the AP and the client, a WEP
    key pair is used, that is generated by the AP,
    and is the same for all clients associated to
    this particular AP.
  • The AP will transmit this key pair to the client
    and uses the key received from the server to
    encrypt this message.
  • Once the client received the WEP keys it will
    pass them to the PC card via the NDIS interface
    and the driver.
  • Station and AP will use these WEP keys until
    station logs off or until re-authentication timer
    has expired (for period re-authentication).
  • When station roams to another AP a
    re-authentication is required and new WEP keys
    are established.

91
EAP Authentication Methods TLS
92
(No Transcript)
93
(No Transcript)
94
EAP Authentication Methods TTLS
  • Tunneled Transport Layer Security (TTLS) and
    Protected Extensible Authentication Protocol
    (PEAP) are similar in operation and support both
    secure username/password and mutual
    authentication.
  • EAP-TTLS a combination of both EAP-TLS, and
    traditional password-based methods such as
    Challenge Handshake Authentication Protocol
    (CHAP), and One Time Password (OTP). On the
    client side merely passwords are required instead
    of digital certificates, which relieves the
    administrator of the systems to manage and
    distribute certificates. On the authentication
    server side a certificate is required.
  • Certificates do not have to be installed in each
    client device. This is because PKI techniques are
    used to first allow the client to authenticate
    the server (via a certificate installed on the
    server) and form a secured connection between
    client and server. Then the server authenticates
    the client over the secured connection with the
    user providing a username and password pair.
  • This principle is much like the way in which
    browser based commerce takes place today over web
    browsers. Secure connections are established
    before the users authentication information is
    exchanged. Users see this typically as a padlock
    symbol in their browsers.

95
EAP Authentication Methods TTLS
  • In EAP-TTLS a secure TLS tunnel is first
    established between the supplicant and the
    authentication server.
  • The client authenticates the network to which it
    is connecting by authenticating the digital
    certificate provided by the TTLS server. This is
    exactly analogous to the techniques used to
    connect to a secure web server. Once an
    authenticated tunnel is established, the
    authentication of the end user occurs.
  • EAP-TTLS has the added benefit of protecting the
    identity of the end user from view over the
    wireless medium. In this way anonymity of the
    end user, a desirable attribute is provided.
  • EAP-TTLS also enables existing end-user
    authentication systems to be reused. Two key
    advantages of EAP-TTLS are that anonymity of the
    end user is provided, and that any existing
    RADIUS server and its associated database can be
    re-used.
  • EAP-TTLS is the only EAP type to date which
    provides end user anonymity.

96
EAP Authentication Methods TTLS
  • A wireless station associates to its AP.
  • The AP will issue an EAP Request Identity frame
    to the client station.
  • The client station responds with its identity
    (machine name or user name).
  • The AP relays the EAP message (I.e. client
    stations identity) to the RADIUS server, to
    initiate the authentication services.
  • The authentication protocol between the RADIUS
    server and the client station is still TLS and
    used to allow the client to authenticate the
    server.

97
EAP Authentication Methods TTLS
  • The TLS_Hello messages are the start of the TLS
    handshake protocol
  • Server initiates by sending its Server_hello
    (including its certificate and Cyphersuite,
    indicating what crypto algorithm it can handle).
  • Client responds by sending its acknowledgement
    for the crypto protocol to use (no certificates).
  • The client and Server engage in the
    Key-Exchange sequence (Diffie-Hellman).
  • Now the tunnel is established and secure, the
    additional user credentials are exchanged (using
    OTP or CHAP).

98
EAP Authentication Methods TTLS
  • On completion of the exchange between server and
    client, the server transmits its keys to the AP.
  • To encrypt subsequent IEEE 802.11 frames
    exchanged between the AP and the client, a WEP
    key pair is used, that is generated by the AP,
    and is the same for all clients associated to
    this particular AP.
  • The AP will transmit this key pair to the client
    and uses the key received from the server to
    encrypt this message.
  • Once the client received the WEP keys it will
    pass them to the PC card via the NDIS interface
    and the driver. Station and AP will use these WEP
    keys until station logs off or until
    re-authentication timer has expired (for period
    re-authentication).

99
EAP Authentication Methods TTLS
100
EAP Authentication Methods SRP
  • SRP (Secure Remote Password) is a secure
    password-based authentication and key-exchange
    protocol.
  • It solves the problem of authenticating clients
    to servers securely, in cases where the user of
    the client software must memorize a small secret
    (like a password) and carries no other secret
    information.
  • The server stores a verifier for each user, which
    allows it to authenticate the client but which,
    if compromised, would not allow the attacker to
    impersonate the client. SRP also exchanges a
    cryptographically-strong secret as a byproduct of
    successful authentication, which enables the two
    parties to communicate securely.
  • A key advantage of SRP is that the users
    password need not be stored in the RADIUS
    database. SRP is also a completely password based
    authentication system. No certificates are
    required.

101
EAP Authentication Methods SRP
  • A wireless station associates to its AP.
  • The AP will issue an EAP Request Identity frame
    to the client station.
  • The client station responds with its identity
    (machine name or user name).
  • The AP relays the EAP message (I.e. client
    stations identity) to the RADIUS server, to
    initiate the authentication services.
  • The server initiates a key exchange by
    transmitting a Generator Value, a Modulus number
    and a salt value (to prevent re-occurring keys).

102
EAP Authentication Methods SRP
  • The client calculates its Public Key as
  • K(client) ga (mod N), where a is randomly
    chosen (clients private key).
  • The Server executes a similar procedure and
    calculates its Public Key as
  • K(Server) (vgb) (mod N), where b is randomly
    chosen (Servers private key), and is a stored
    verifier from the database .
  • With keys in place, the client and server
    mutually validate each other.

103
EAP Authentication Methods SRP
  • On completion of the exchange between server and
    client, the server transmits its keys to the AP.
  • To encrypt subsequent IEEE 802.11 frames
    exchanged between the AP and the client, a WEP
    key pair is used, that is generated by the AP,
    and is the same for all clients associated to
    this particular AP.
  • The AP will transmit this key pair to the client
    and uses the key received from the server to
    encrypt this message.
  • Once the client received the WEP keys it will
    pass them to the PC card via the NDIS interface
    and the driver.
  • Station and AP will use these WEP keys until
    station logs off or until re-authentication timer
    has expired (for period re-authentication).
  • When station roams to another AP new WEPs are
    established.

104
EAP Authentication Methods LEAP
  • Cisco delivers a special version of EAP
    (Extensible Authentication Protocol), known as
    LEAP (where the L stands for lightweight).
  • Though the Cisco systems can be configured to
    operate with other EAP protocols (and as such are
    capable of communicating with off the shelf
    Radius implementations that support IEEE 802.1x),
    this proprietary version is promoted by Cisco in
    order to offer a complete Cisco solution.
  • LEAP also is known to have significant flaws
  • The key used for encryption between client and
    Access Point is derived from the username and
    password stored at the Authentication server and
    used by the client station during log-in. The
    method used in this case is MSCHAP v1, and known
    in the industry to be vulnerable and hack-able by
    existing hack tools.
  • The EAP exchange between client and
    authentication server is not encrypted, as the
    key is not yet determined. The username is
    transmitted in the clear and the only the
    password is protected by an MSCHAP v1 hash, which
    is relatively easy to hack.

105
EAP Authentication Methods LEAP
106
EAP Authentication Methods LEAP
107
EAP Authentication Methods PEAP
  • Protected EAP (PEAP) A version of EAP developed
    by Microsoft, Cisco, and RSA Security that offers
    two implementation options.
  • The first uses the Microsoft Challenge-Handshake
    Authentication Protocol Version 2 (MS-CHAPv2) for
    mutual authentication and does not require client
    digital certificates.
  • The second implementation uses TLS for mutual
    authentication and requires digital certificates
    on all the clients (very similar to EAP-TLS).

108
EAP Authentication Methods PEAP
109
PEAP w MS-CHAPv2
  • The PEAP authentication process occurs in two
    parts.
  • The first part is the use of EAP and the PEAP EAP
    type to create an encrypted TLS channel.
  • The second part is the use of EAP and a different
    EAP type to authenticate network access.
  • The following examines PEAP with MS-CHAP v2
    operation, using as an example, a wireless client
    that attempts to authenticate to a wireless
    access point (AP) that uses a RADIUS server for
    authentication and authorization.

110
PEAP w MS-CHAPv2
  • PEAP Part 1-Creating the TLS Channel
  • The following steps are used to create the PEAP
    TLS channel
  • After creating the logical link, the wireless AP
    sends an EAP-Request/Identity message to the
    wireless client.
  • The wireless client responds with an
    EAP-Response/Identity message that contains the
    identity (user or computer name) of the wireless
    client.
  • The EAP-Response/Identity message is sent by the
    wireless AP to the RADIUS server. From this point
    on, the logical communication occurs between the
    RADIUS server and the wireless client, using the
    wireless AP as a pass-through device.
  • The RADIUS server sends an EAP-Request/Start PEAP
    message to the wireless client.
  • The wireless client and the RADIUS server
    exchange a series of TLS messages through which
    the cipher suite for the TLS channel is
    negotiated and the RADIUS server sends a
    certificate chain to the wireless client for
    authentication.
  • At the end of the PEAP negotiation, the RADIUS
    server has authenticated itself to the wireless
    client. Both nodes have determined mutual
    encryption and signing keys (using public key
    cryptography, not passwords) for the TLS channel.

111
EAP Authentication Methods PEAP
PEAP Server
Client
TLS Channel Established
EAP- Response (empty)
112
PEAP w MS-CHAPv2
  • PEAP Part 2-Authenticating With MS-CHAP v2
  • After the PEAP TLS channel is created, the
    following steps are used to authenticate the
    wireless client credentials with MS-CHAP v2
  • The RADIUS server sends an EAP-Request/Identity
    message.
  • The wireless client responds with an
    EAP-Response/Identity message that contains the
    identity (user or computer name) of the wireless
    client.
  • The RADIUS server sends an EAP-Request/EAP-MS-CHAP
    -V2 Challenge message that contains a challenge
    string.
  • The wireless client responds with an
    EAP-Response/EAP-MS-CHAP-V2 Response message that
    contains both the response to the RADIUS server
    challenge string and a challenge string for the
    RADIUS server.
  • The RADIUS server sends an EAP-Request/EAP-MS-CHAP
    -V2 Success message, which indicates that the
    wireless client response was correct and contains
    the response to the wireless client challenge
    string.
  • The wireless client responds with an
    EAP-Response/EAP-MS-CHAP-V2 Ack message,
    indicating that the RADIUS server response was
    correct.
  • The RADIUS server sends an EAP-Success message.
  • At the end of this mutual authentication
    exchange, the wireless client has provided proof
    of knowledge of the correct password (the
    response to the RADIUS server challenge string),
    and the RADIUS server has provided proof of
    knowledge of the correct password (the response
    to the wireless client challenge string). The
    entire exchange is encrypted through the TLS
    channel created in PEAP part 1.

113
EAP Authentication Methods PEAP
In the TLS Channel
PEAP Server
Client
Transfer of the generated key from the PEAP
server to the NAS if on different machines
114
EAP Authentication Methods PEAP
115
EAP Authentication Methods PEAP
116
EAP Authentication Methods MS-CHAPv2
  • The Microsoft EAP CHAP Extensions Version 2 (EAP
    MSCHAPv2) protocol allows mutual authentication
    between an authenticator and a peer that is
    seeking authentication.
  • It extends the MSCHAPv2 protocol defined in RFC
    2759, and is one of several authentication
    methods associated with the Extensible
    Authentication Protocol (EAP) defined in RFC
    2284.

117
MS-CHAPv2, What is?
  • Peer authentication using MS-CHAPv2. Following
    stages take place after a PPTP tunnel is
    established and the setup for the PPP connection
    has started.
  • The client requests an authenticator challenge
    from the server.
  • The server sends back a 16-bytes random
    authenticator challenge.
  • The client generates the response
  • The client generates 16-bytes random peer
    challenge.
  • The client generates the challenge by hashing the
    authenticator challenge, the peer challenge, and
    the user's login using SHA.
  • The client generates the NT password hash from
    the user's password.
  • The 16-byte NT password hash from step (c) is
    padded with 5 bytes of zero. From these 21 bytes
    three 7-byte DES keys are derived.
  • The first 8 bytes of the hash generated in step
    (b) (these 8 bytes are later referred to as the
    challenge) are encrypted using DES with each of
    the three keys generated in step (d).
  • The 24 bytes resulting from step (e), the 16-byte
    random peer challenge, and the user's login are
    sent back to the server as response.

118
 
119
EAP Authentication Methods MS-CHAPv2
  • The server decrypts the response with the hashed
    password of the client that is stored in a
    database.
  • If the decrypted response matches the challenge,
    the server sends a positive authenticator
    response
  • The server hashes the NT password hash using
    MD4 to generate a password-hash-hash.
  • The server generates a hash using SHA from the
    clients response, the password-hash-hash, and the
    literal constant Magic server to client signing
    constant''.
  • The server generates another hash using SHA from
    the 20-byte output of step (c), the 8-byte
    challenge (see step 3 (b)), and the literal
    constant Pad to make it do more than one
    iteration''.
  • The resulting 20 bytes are send back to the
    client in the form S upper-case ASCII
    representation of the byte values ''.
  • The client uses the same procedure to generate
    the 20 bytes and compares them to the servers
    authenticator response. If they match, both the
    client and the server are authenticated.

120
EAP Authentication Methods GTC
  • Generic Token Card

121
Difference between MsCHAPv2 and GTC
  • What is the difference between EAP-MSCHAPv2 and
    EAP-GTC PEAP supplicants?
  • Both supplicants support PEAP, but each supports
    different methods of client authentication
    through the TLS tunnel. The Microsoft PEAP
    supplicant supports client authentication by only
    MS-CHAPv2. This limits user databases to those
    that support MS-CHAPv2, such as Windows NT Domain
    and Active Directory. The Cisco PEAP supplicant
    (based on EAP-GTC) supports client authentication
    by one-time passwords and logon passwords. This
    enables support for one-time password databases
    from vendors such as RSA Security and Secure
    Computing Corporation and logon password
    databases such as LDAP and NDS as well as
    Microsoft Novell Directory Service (NDS)
    databases.
  • In addition, the EAP-GTC implementation includes
    the ability to hide username identities until the
    TLS encrypted tunnel is established, which
    provides additional confidentiality that
    usernames are not being broadcasted during the
    authentication phase. Starting in version 3.2,
    Cisco Secure ACS will support both EAP-MSCHAPv2
    and EAP-GTC PEAP supplicants.

122
EAP methods based on GSM credentials
  • Support for SIM and USIM (AKA) credentials
  • Uses standard SIM (Subscriber Identity Module)
    and USIM(UMTS Subscriber Identity Module) cards
  • Wireless phone SIM cards as a way of obtaining
    authentication
  • using SIM Extensible Authentication Protocol for
    GSM (EAP-SIM)
  • Using USIM Extensible Authentication and Key
    Agreement Protocol (EAP-AKA) for UMTS.
  • Generates 128 bit keys, has optional fast
    reconnect and identity privacy support

123
EAP Authentication Methods SIM
  • EAP SIM (Subscriber Identity Module)
    Authentication for GSM
  • EAP SIM authentication is based on Nokias EAP
    Server Technology.
  • This provides an interface between the GSM
    Authentication Center and one or more wireless
    LANs and uses the Extensible Authentication
    Protocol (EAP) in order to allow it to pass
    traffic securely over any Wide Area Network
    e.g. a Telcos internal data network or the
    Internet.
  • It permits authentication to be performed by WLAN
    clients that have an 802.11 interface and access
    to a GSM SIM card, with or without GSM air
    interface capabilities.
  • This authentication procedure is designed to
    provide mutual authentication between a wireless
    LAN client and an AAA server.
  • Typically the EAP server is implemented on the
    AAA server (e.g. RADIUS) and has an interface to
    the GSM network, so it operates as a gateway
    between the Internet AAA network and the GSM
    authentication infrastructure.
  • The system allows GSM mobile operators to reuse
    their existing authentication infrastructure for
    providing access to wireless networks.
  • EAP SIM combines the data from several GSM
    triplets (RAND, SRES, Kc), obtained from an
    Authentication Centre (AuC), to generate a more
    secure session encryption key. EAP SIM also
    enhances the basic GSM authentication mechanism
    by providing for mutual authentication between
    the client and the RADIUS server.

124
EAP Authentication Methods SIM
SIM- Subscriber Identify Module Usually referred
to as a SIM card, The SIM is the user
subscription to the mobile network. The SIM
contains relevant information that enabled access
control onto the subscribed operator's network.
125
(No Transcript)
126
EAP Authentication Methods SIM
  • The EAP SIM authentication proceeds as follows
  • The client receives an EAP Identity Request from
    the access point (AP).
  • The client responds to the APs request with an
    EAP Identity Response message containing the
    users network identity which is stored on the
    SIM (either the user's International Mobile
    Subscriber Identity (IMSI) or a temporary
    identity (pseudonym)).
  • The AP transmits this message to the RADIUS
    server, which in turn forwards it to the
    Authentication Center of the GSM network.
  • From the AuC the RADIUS server obtains GSM
    triplets and passes the RAND to the client. The
    SIM calculates the signed response (SRES) which
    is returned to the RADIUS server. The SIM also
    calculates cryptographic keying material, using a
    secure hash function on th
Write a Comment
User Comments (0)
About PowerShow.com