CmpE 209 EAP Overview Report Extensible Authentication Protocol (EAP) Overview Introduction: Extensible Authentication Protocol (EAP) is basically an authentication framework which was designed to extend support to the Point to Point Protocol (PPP). The frequent use of EAP has been in Wireless LAN (Local Area Network) and Point to Point Connections. Although there have been some instances of the usage of this protocol in wired LAN connections. Conceptually the EAP is designed to be a part of the Authentication protocol of the PPP in such a way that it provides a platform for many authentication methods. The EAP provides platform for about 40 such authentication methods. Thus EAP is more of a framework compared to a specific method. [1] [2] In Link Control Phase of PPP, the EAP does not select a specific authentication method rather pushing this part till the Authentication Phase. This permits more information to be collected by the authenticating point (authenticator) before it settles down on a particular method of authentication. Also this nullifies the usage of the “back-end” server which implements the specific method, bypassing the authenticator through the authentication exchange. [3] Thus, after a successful Link Establishment phase, the authenticator will request the peer to be authenticated. The sent Request will have a type field indicating what is wanted. Example: MD5-challenge, Identity, Generic Token Card, One-Time Passwords, etc. Normally, the authenticator would initially give out an Identity Request followed more requests for authentication of the information. But this initial Identity Request is not compulsory and may be skipped wherein identity could be presumed i.e. in case of dedicated dial-ups, leased lines, etc. The peer should then reply by giving out a response packet for each request. Similar to the Request packet, the Response packet also contains type field which corresponding to the type of Request. The authentication phase ends with the authenticator giving out a success or failure packet. 8 16 32bit Variable Type Length Authentication-Protocol Data The Authentication-Protocol Configuration Option format to negotiate the EAP Authentication Protocol is shown above: Type - 3 Length - 4 Authentication-Protocol - C227 (Hex) for PPP Extensible Authentication Protocol (EAP) [3] Team Golmaal Page 1 2/17/2016 CmpE 209 EAP Overview Report Types of EAP Methods: (1) LEAP • • • • • • • Lightweight Extensible Authentication Protocol also known as CiscoWireless EAP Proprietary wireless LAN authentication method developed by Cisco Systems. Provides username/password-based authentication between a wireless client and a RADIUS server like Cisco ACS or Interlink AAA Among a few protocols used with the IEEE 802.1X standard for LAN port access control. Gets key for per-user, per-session. Wired Equivalent Privacy (WEP) encryption is an enhancement to IEEE802.11b For both the Access Point (AP) and the user it uses mutual authentication. Apart from this there are some limitations of LEAP too: • • • Uses a modified authentication protocol version of MS-CHAP in which user credentials is not strongly protected. Can be susceptible to eavesdropping. For more robust implementations use of cryptography is necessary for securing user credentials Cisco’s response to this threat has been: – – Force users to have stronger, more complicated passwords Switch to alternative protocol developed by Cisco (EAP-FAST) for more security. [1] [6] [7] [8] [9] [10] Team Golmaal Page 2 2/17/2016 CmpE 209 EAP Overview Report (2) EAP-TLS • • • • • • • • • • An Internet Engineering Task Force (IETF) standard (RFC 2716) that is based on the TLS protocol (RFC 2246) Considered extension to SSL Uses digital certificates for both user and server authentication It uses PKI to secure communication to the RADIUS authentication server EAP-TLS is the original standard wireless LAN EAP authentication protocol Supported by most operating systems and network appliances. Extends EAP-TLS Securely tunnels Client authentication within TLS records TTLS requires only server-side certificates but in EAP TLS more certificates are used These certificates are used for one-way TLS authentication (network to user), and once you have a nice, safe, encrypted and integrity-checked channel, you can use EAP inside of the TLS tunnel for any other authentication [1] [5] (3) EAP-MD5 • One of the simplest EAP types that can be used. Uses MD5 hashing. • EAP-MD5 offers no key management or dynamic key generation, requiring the use of static WEP keys Okay for wired LANs, offers minimal security in wireless Vulnerable to dictionary attacks, and does not support mutual authentication or key generation Unsuitable with dynamic WEP, or WPA/WPA2 enterprise [1] [6] • • • (4) Protected Extensible Authentication Protocol (PEAP) • • • • • • • It is a method to securely transmit authentication information, including passwords, over wired or wireless networks Uses a digital certificate only for server authentication Already it has been widely accepted and provides good security to a variety of products. Very similar to TTLS but differs in requirement of only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication. A TLS tunnel is established, and another EAP session takes place inside For user authentication, PEAP supports various EAP-encapsulated methods within a protected TLS tunnel As of May of 2005, there were two PEAP sub-types certified for the updated WPA and WPA2 standard. They are: Team Golmaal Page 3 2/17/2016 CmpE 209 EAP Overview Report • • • PEAP sub-types PEAPv0/EAP-MSCHAPv2 PEAPv1/EAP-GTC [1] [4] [5] [6] (5) Other EAP Subtypes • EAP-PSK: pure symmetric-key EAP • EAP-IKEv2: EAP authentication method based on the Internet Key Exchange Protocol version 2 (IKEv2) • EAP-FAST: Flexible Authentication via Secure Tunneling (it is a proposal by Cisco Systems to fix the weaknesses of LEAP) • EAP-SIM: Used for authentication and session key distribution using the Global System for Mobile Communications (GSM) Subscriber Identity Module (SIM) EAP-AKA: It is for UMTS Authentication and Key Agreement is used for authentication and session key distribution using the Universal Mobile Telecommunications System (UMTS) [1] • Team Golmaal Page 4 2/17/2016 CmpE 209 EAP Overview Report Comparison Chart: EAP-MD5 LEAP EAP-TLS EAP-TTLS PEAP Server Authentication None Password Hash Public Key (Certificate) Public Key (Certificate) Public Key (Certificate) Supplicant Authentication Password Hash Password Hash Public Key (Certificate or Smart Card) CHAP, PAP, MSCHAP(v2), EAP Any EAP, like EAPMSCHAPv2 or Public Key Dynamic Key Delivery No Yes Yes Yes Yes Identity exposed, Dictionary attack, Manin-the-Middle (MitM) attack, Session hijacking Identity exposed, Dictionary attack Identity exposed MitM attack MitM attack; Identity hidden in Phase 2 but potential exposure in Phase 1 Security Risks [4] [5] [6] Team Golmaal Page 5 2/17/2016 CmpE 209 EAP Overview Report References: 1. 2. 3. 4. 5. 6. http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol http://www.networkworld.com/details/490.html http://www.javvin.com/protocolEAP.html http://www.wifiplanet.com/tutorials/article.php/3075481 http://wireless.utk.edu/documentation/papers/802.1x-chris.pdf http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/networking_solutio ns_white_paper09186a008009c8b3.shtml 7. http://asleap.sourceforge.net/ 8. http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci843996 ,00.html 9. http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safwl_wp.htm 10. http://www.cisco.com/warp/public/784/packet/exclusive/apr02.html Team Golmaal Page 6 2/17/2016