Header
Home | Sitemap  
Sections
Archive
Su Mo Tu We Th Fr Sa
1
2345678
9101112131415
16171819202122
23242526272829
30
Syndication


Home : Wi-Fi Security : EAP Authentication Types

EAP Authentication Types

by

image

 

EAP Authentication Types

Several different EAP protocol types are used with WLANs today. Some are complicated to deploy, some are more secure than others, and some are not considered secure. The differences between the types of EAP that can be deployed in a WLAN environment are important to understand in relation to costs, security, and timely deployments. The EAP types to be discussed in this section are LEAP, EAP-TLS, EAP-TTLS, EAP-MD5, PEAP, and proprietary protocols.

LEAP

Cisco developed their proprietary Lightweight Extensible Authentication Protocol (LEAP) as an 802.1x-standard EAP-based authentication type to support networks under a variety of operating systems that may not natively support EAP [8]. LEAP offered a convenient way to ensure mutual authentication between a client and a RADIUS server when authentication standards for use in wireless environments were still evolving rapidly. LEAP provides user-based centralized authentication and per-user, per-session WEP keys. LEAP is widely, but not exclusively, used in Cisco Aironet products. The supplicant, authenticator, and authentication server 802.1x design features are part of the Cisco LEAP deployment.

LEAP has become the most popular form of EAP currently in use because of its relatively simple deployment requirements and the popularity of the Cisco Aironet product line. It runs on most popular operating systems and hardware platforms and is supported by nearly all RADIUS vendors. Because LEAP uses password-only authentication, its security level is determined by the strength of the passwords employed. Over the last couple of years, Cisco has begun moving toward a new standard called Protected EAP (PEAP).

EAP-TLS

Microsoft developed EAP-Transport Level Security (EAP-TLS) authentication, and it has been standardized by the IETF [9]. EAP-TLS is based on the Secure Socket Layer (SSL) protocol used for secure Web traffic [10]. EAP-TLS is more appropriate for organizations that have already deployed a PKI because it uses both server-side and client-side certificates for user identification. If PKI is not already in place, a new infrastructure will require installing, configuring, and maintaining or outsourcing the use of a Certificate Authority (CA), registration authority, a directory, and a certificate management system. Managing both server-side and client-side certificates across a large enterprise can be a time-consuming, expensive, and overwhelming task for organizations with limited resources.

Digital certificates are data structures distributed by a CA that identify a public key as belonging to a particular user. In most cases, a digital certificate complies with the X.509 standard and is generally made up of the following: certificate version, serial number, certificate issuer, user name, user's public key, validity period, optional extensions, signature algorithm, and signature. The certificate version, serial number, issuer, user, user's public key, and validity period are combined, and the values are run through a keyed hash function to derive the digital signature. The certificate authority keys the hash with its own private key. Other authentication systems, such as token-based authentication, are being selected by organizations because they align more closely with their business models and security policies. Not all RADIUS servers that support EAP will support the EAP-TLS authentication method.

EAP-TLS was the only EAP method used in Windows XP until the recent introduction of PEAP and when Windows XP Service Pack 1 introduced Microsoft's first support for PEAP [11]. EAP-TLS provides for mutual authentication between the supplicant and the authentication server, negotiation of the encryption method, and secured private key exchange. TLS authentication is relatively straightforward in EAP. Each part of the session establishment dialog between the supplicant and the authentication server is placed inside of an EAP-TLS packet, and when the TLS authentication dialog succeeds, the authenticator is informed and access to the network is granted.

A segment of the keying data created during the TLS session initiation for that channel is sent to the authenticator and the supplicant, which already knows the TLS-established secret key, and the authenticator uses that key for WEP encryption. Because the supplicant wants to talk to the authenticator, the authentication server encrypted channel configured by TLS between the authentication server and the supplicant is not used.

Certificates are used to authenticate the authentication server to the supplicant in EAP-TLS with an option to authenticate the supplicant to the authentication server. The process is started when the authentication server sends its digital certificate to the supplicant. In one-way authentication, a server sends its certificate to a browser to prove its identity. SSL version 3 is supported by all current versions of Web browsers and is very similar to TLS. For many people, all that matters is that the results of SSL or TLS are the same—an encrypted session between the browser and the Web server— and both methods start with the same authentication phase. As discussed earlier, EAP-TLS administrators should be more interested in using mutual authentication than one-way authentication because it protects the network against man-in-the-middle attacks.

Because both wireless clients and access points are strongly authenticated using digital certificates, the deployment of certificate authorities has become much easier and more cost effective. The advantages of EAP-TLS make it a preferred authentication method for WLANs. The client can be reauthenticated and rekeyed as often as needed without inconveniencing the end user as a result of per-session WEP keys. Although EAP-TLS has had some software bug implementation problems, it has been tested extensively without being broken or revealing any significant security flaws in the protocol itself; however, it should be noted that the username is passed from client to server in a TLS exchange before certificates are exchanged, and it is possible to observe the username's passive packet analysis. If remote access connections are being made in the Windows environment and SmartCards are being used, EAP-TLS authentication should be mandatory.

EAP-TTLS

EAP-TTLS is an IETF draft standard and is an extension to the functionality of the EAP-TLS authentication protocol, removing the EAP-TLS requirement of the supplicant-side certificate by requiring only an authentication server certificate, greatly easing deployment overhead. Funk Software [12] and Certicom (http://www.certicom.com) codeveloped and designed EAP-TTLS as a more secure and easily managed version of EAP.

In a manner similar to RADIUS, TTLS uses the TLS channel to exchange Attribute Value Pairs (AVPs). The TTLS server validates AVPs against any type of authentication mechanism through the general encoding of its information. All methods defined by EAP, as well as several older methods, are currently supported by TTLS implementations. New attributes to support new protocols can easily be extended in TTLS to work with new protocols. As EAP-TTLS products become more common in the market, one must remember that the RADIUS server and the supplicant software must support this type of EAP authentication for the solution to work.

The authentication server is authenticated using its digital certificate, and an encrypted tunnel is established between the supplicant and the authentication server during the initial authentication phase of EAP-TTLS. The supplicant's authentication credentials, such as a digital certificate or password, are passed to the authentication server in the tunnel and authenticated using the administrator's authentication algorithm of choice. Nearly every type of supplicant authentication credentials (passwords, certificates, tokens, etc.) can be used inside the encrypted tunnel using EAP-TTLS. Also, having only a server-side certificate requirement eliminates much of the overhead associated with client-side certificate deployment; most types of authentication algorithms can be used inside the encrypted tunnel (MS-CHAPv2, MS-CHAP, CHAP, PAP, EAMD5, and others).

Some other key security features of EAP-TTLS include strong protection against eavesdroppers seeking to perform dictionary attacks, mutual authentication, fast reconnections while roaming, and automatic rekeying of encryption keys. Enterprise users that want the security of TLS, but have legacy authentication methods or token-based authentication methods, should regard TTLS as a viable EAP method. In TTLS, the client validates the server's certificate by sending a copy of the server's certificate as part of the supplicant software package. In this way, the supplicant can compare the certificate it was given during installation with the one given to it by the server when it authenticates to the wireless network.

EAP-MD5

RFC 2284 considers EAP-MD5 mandatory, and it was the first authentication type created by this RFC for 802.1x [13]. MD5 is a password-based protocol that is easy to implement. EAP-MD5 uses the same challenge handshake protocol as used in PPP-based CHAP; however, the challenges and responses are sent as EAP messages. The authentication server challenges the supplicant with a random string of text, and then the supplicant hashes the challenge with its password and sends the response back to the server.

The response to the server is validated based on its knowledge of the password. Unfortunately, EAP-MD5 allows an eavesdropper to obtain both the challenge and the encrypted response, making it possible to conduct a dictionary attack using the same algorithm that was used to obtain the user's password. Also, because MD5 authenticates only the supplicant and does nothing to authenticate the authentication server, a rogue RADIUS server could be added to the WLAN by an attacker to obtain the login credentials of a legitimate user.

One other security risk is that MD5 does not use per-session WEP keys. Immediately after authentication, communication between the client and the access point is either not encrypted or is encrypted with a static WEP key, which allows eavesdropping to occur on data communications over a WLAN because static WEP can be broken. Many companies have chosen not to use MD5 as an authentication method because of its inherent vulnerabilities when used in a WLAN. Of particular concern, MD5 lacks persession WEP keys, one-way authentication, and challenge passwords. These shortcomings make use of MD5 a risky proposition.

PEAP

Several weaknesses in EAP were identified shortly after it was released. While using EAP, it was found that the initial identity request and corresponding response is sent in cleartext, so an attacker capturing and analyzing packets could obtain user identities for use in later attacks. There is no support in EAP for fast reconnections when roaming. This creates a problem when a client is trying to associate with a new access point while network traffic is flowing. EAP does not include packet management, so individual vendors are required to handle packet fragments and reassembly.

Multiple EAP types were developed to remedy these problems. Each type is based on EAP-TLS, which is regarded by experts as providing suitable security for wireless networks. Each one of these EAP types corrects the deficiencies described for EAP WLAN implementations. Microsoft, Cisco, and RSA Security developed PEAP to address these deficiencies by wrapping EAP in a TLS tunnel. PEAP is now an IETF draft [14]. PEAP is designed to protect EAP communication between clients and authenticators. PEAP uses TLS to create an encrypted tunnel from the authentication server to the supplicant after verifying the identity of the authentication server, providing support for identity protection. Once the encrypted tunnel is established, a second EAP authorization process occurs inside the tunnel to extend the TLS connection. Any implemented EAP authorization type (tokens, passwords, certificates, etc.) can be used as the client is authenticated in the second EAP authentication process running inside the TLS connection. PEAP also provides built-in support for packet fragmentation, packet reassembly, and fast reconnects.

The administrator must configure PEAP as an EAP type for a given connection policy as managed through a RADIUS server. PEAP must be supported by the client software and, in some cases, the firmware. Several older methods of user authentication such as MS-CHAPv2 are generally used as secure certificate-based authentication. They do not require the added management overhead necessary to implement and manage certificates. Both EAP-TTLS and PEAP were designed to use older authentication methods while maintaining the strong cryptographic foundation of TLS.

Both TTLS and PEAP are two-stage protocols that establish security in stage one and then exchange authentication in stage two. Both protocols establish a TLS tunnel in stage one and authenticate the authentication server to the client with a certificate. Although TTLS and PEAP still use certificates to authenticate the wireless network to the user, only server-side certificates are required. This results in a much more manageable system than that provided by a complete PKI certificate-based authentication system. In stage two, a secure tunnel is established and the client authentication credentials are exchanged. A TLS tunnel is used by PEAP to protect a second EAP exchange. The authentication must be performed using an EAP-defined protocol. Microsoft and Cisco both support PEAP. Client software is built into Microsoft's operating systems. Third-party add-on software is now available.

TTLS has a much larger market presence and acceptance than PEAP, resulting in much broader RADIUS support for TTLS than PEAP. Cisco and Microsoft's support of PEAP may drive expanded PEAP support in RADIUS. Both Cisco's Aironet Client Utility (ACU) and Windows XP with Service Pack 1 support PEAP. Currently, Microsoft provides native support for PEAP in Windows operating systems such as Windows XP and Windows.NET. Cisco's development of cross-platform clients may also assist in driving the growth of wireless PEAP implementations and applications.

Microsoft currently supports two types of PEAP: PEAP-EAP-MS-CHAPv2 and PEAP-EAP-TLS. Client-side passwords or certificates are used in PEAP-EAP-MS-CHAPv2. MS-CHAPv2 supports certificate authentication as part of the PEAP process, but only supports password authentication apart from PEAP. Server-side and client-side certificates are required in PEAP-EAP-TLS, providing the strongest possible level of security. When used as stand-alone authentication protocols, aside from PEAP, MS-CHAPv1 supports only one-way authentication, whereas MS-CHAPv2 supports mutual authentication between client and server using hashed shared passwords.

This section has provided a brief overview on WEP's usage and its inherent insecurity. TKIP and MIC were discussed as a solution to WEP's weaknesses. The different types of EAPs were reviewed in detail to provide a better understanding of how each protocol performs authentication. Advantages of dynamic key management and implementation methodologies were compared, along with the EAP types, including EAP-MD5, EAP-TLS, LEAP, EAP-TTLS, and PEAP. We next turn our attention to the use of Virtual Private Networks (VPNs) in a WLAN environment.

830 times read

Related news
» EAP and its Variants
by admin posted on Oct 14,2007
» IEEE 802.1X Authentication
by admin posted on Oct 19,2006
» 802.1x and EAP—Advanced Security
by admin posted on Aug 17,2007
» Deploying the Infrastructure
by admin posted on Dec 24,2006
» Configuring Security
by admin posted on Oct 19,2006


More Top News
Cisco Wireless Networking
arrow What is a WLAN?
arrow How does a Wireless LAN Work?
arrow WLAN Benefits
arrow WLAN Design Considerations
arrow Accounting for the Fresnel Zone and Earth Bulge
arrow Radio Frequency Interference
arrow Interference from Radio Transmitters
arrow Harmonics
arrow Application Considerations
arrow Structural Considerations
arrow Security Considerations
arrow Network Management Considerations
arrow WLAN Modes of Operation
arrow What is a Wireless-aware LAN?
arrow Wireless-aware LAN Benefits
arrow Wireless Domain Services for IEEE 802.1X Local Authentication Service and Fast Secure Roaming Support
arrow Rogue AP Detection and Locatio
arrow Interference Detection to Isolate and Locate Network Interference
arrow Simplified WLAN Deployment Processes with Assisted Site Surveys
arrow Streamlined WLAN Management and Operations Support
arrow Seamless Delivery of Enhanced Network Security Solutions
arrow Radio Frequency (RF) Basics
arrow Transmitting Radio Signals over EM Waves
arrow Rogue AP Detection and Locatio
arrow Anatomy of a Waveform
arrow Propagating a Strong Radio Signal
arrow Understanding Signal Power and S/N Ratio
arrow Attenuation
arrow Bouncing
arrow Who Uses Wireless Technology?
arrow Wireless Security Filtering
arrow Wireless Security WPA
Most Popular
Featured Author

admin

image
wireless Business Project Management Beautiful Pictures
Website Statistics