Nirmala Bulusu

1. Implementation and Performance Analysis of the Protected Extensible Authentication Protocol (PEAP) Nirmala Bulusu

2. Outline of the Talk • Introduction • WLAN, RADIUS, EAP, TLS,TTLS, PEAP • Design and Implementation of PEAP Module for Free RADIUS • Performance Comparison of PEAP and TTLS • Conclusion and Future Work

3. Introduction WLAN, RADIUS, EAP, TLS, TTLS and PEAP

4. What is PEAP ? • IETF Draft-standard proposed by RSA, Microsoft, Cisco • draft-josefsson-pppext-eap-tls-eap-02.txt. • PEAP is an 802.1x Authentication protocol typically designed for enhancing access control in wireless LANs (WLANs) • It is built on top of two well known protocols • Extensible Authentication Protocol (EAP) • Transport Layer Security (TLS)

5. IEEE 802.1x – How it Works • 802.1x is a port-based network access control method to authenticate and authorize users accessing Local Area Network (LAN) services. (Port Access Entity)

6. 802.1x Communication protocols • Protocols to transmit data between Supplicant and the Access Point: • EAP-over-LAN (EAPoL) encapsulated EAP messages in Ethernet frames • EAP over RADIUS (Remote Access Dial-in User Service) encapsulates EAP messages in RADIUS packets

7. Remote Access Dial-in User Service (RADIUS) • RADIUS is a Client/server protocol and software that supports authentication, authorization, and accounting (AAA) for dial-up, virtual private network, and wireless network access. • Three major components of RADIUS • End User (Supplicant) • RADIUS Client (Access Point, Authenticator or Terminal Server) • RADIUS server (Authentication server). • All RADIUS messages are sent as User Datagram Protocol (UDP) messages on port 1812.

8. Message Exchanges Between RADIUS Client and Server For PEAP, Password is not sent in this frame

9. 802.1X Authentication Types • EAP-TLS (EAP-Transport Layer Security) • Mutual authentication via PKI based client & server certificates • Supported in XP and soon other Windows versions • Imposes substantial administrative burden to generate, distribute and manage user certificates. • EAP-TTLS (EAP-Tunneled Transport Layer Security) • User authentication via user ID and password • Supported by Funk Software’s Odyssey • Supports both EAP and non-EAP kind of Authentication methods. • PEAP (Protected EAP) • User authentication via user ID and password • Supported by Cisco Aironet client adapters and Microsoft XP SP1 • Supports only EAP authentication methods.

10. EAP–Transport Layer Security • EAP-TLS (RFC2716) defines a mechanism for exchange of messages with both client and server validating each other via certificates providing mutual authentication • Certificate management required for secure operation No user-password kind of exchanges

11. Need for PEAP/TTLS • Wireless AP broadcasts all traffic hence can easily collect data if within the broadcast range • PEAP/TTLS answers this by transmitting user-sensitive data in an encrypted channel - the established TLS tunnel • Weak Wireless Encryption • Using PEAP/TTLS the data within the tunnel cannot be decrypted without the TLS master secret and the key is not shared with the Access point. Rogue/compromised access points cannot decrypt messages. • MAC address based access control does not work [NetStumbler] • Use TLS-based authentication mechanisms to tunnel user credentials. • EAP-TLS administrative overhead • With PEAP/TTLS only server side PKI infrastructure based digital certificates are used to authenticate EAP servers. No need to install and maintain Client side certificates.

12. EAP-Tunneled Transport Layer Security (EAP-TTLS) • Is a two-phase protocol - establish security in stage one, exchange authentication in phase two. • The user’s identity and password-based credentials are tunneled during authentication • The AAA server can proxy the user authentication to AAA/H (e.g., LDAP, Active Directory) server. TTLS Architectural Model

13. Protected EAP (PEAP) • Two Phase Protocol: Establish TLS connection, start a second EAP authentication process inside encrypted tunnel. • Client is authenticated in the second phase using any EAP authentication mechanism (Generic Token Card, One-Time-Password, MS-CHAPv2) • MS-CHAPv2 : Microsoft Challenge-Handshake Authentication Protocol • PEAP addresses the weaknesses of EAP by protecting user-credentials, standardizes key exchanges, supports fragmentation, fast reconnects and seamless transition. • Fast reconnection: Do quick re-authentication by passing only session keys. The session can be resumed without having to perform PEAP Phase 1 or 2. • Seamless transition: uses the connection re-establishment mechanism provided by the TLS handshake protocol.

14. Phase 1- Establish TLS Tunnel AP only pass-through device from this point (User-name) /Start Exchange Series of TLS messages User Validates server certificate RADIUS server sends Certificate chain to Client

15. Phase 2- Authenticate Client Challenge String Response to challenge string & user password EAP- Success message Session key, encrypted WEP key

16. PEAP Protocol Implementation Details

17. FreeRADIUS Server Code Organization • Handles requests through a module interface Radius Load Module [RLM] • Module has four components that act on RADIUS requests at different stages of processing the request • Authorization: Process of obtaining information about the user from external source & determining the type of authentication protocol to be used. • Authentication: Process of validating a User’s Identity. • Pre-Accounting:Decides whether to proxy the request • Accounting :This records the request in the RADIUS log • A module declares which components it supports by putting function pointers in its "module_t rlm_* ” structure.

18. Free RADIUS Code Directory Structure The new developed Software

19. Module Behavior • Add module inside the modules{} block of the radiusd.conf file. module_name defined in the block is used to load the module. • Each configured module calls its own init() method. • The instantiate() method is called next. It is given a handle to the configuration block holding the parameters. • Finally a detach() method is called when server is shut- down to release the allocated resources.

20. Example - radiusd.conf modules { eap { default_eap_type = peap tls{ } … peap { default_eap_type = mschapv2 }… } … }… # eap sets the authorize type as EAP authorize { … eap } # eap authentication takes place. authenticate { … eap } …

21. The rlm_eap_peap module • Deals with the standard attach, detach, and authenticate interfaces. • The rlm_eap_peap module does not have an initiate() interface. • PEAP is a protocol on top of TLS, so before initiating PEAP we have to initialize the TLS session. /* rlm_eap_peap.c - Contains interfaces called from the main module EAP */  EAP_TYPE rlm_eap_peap = { "eap_peap", /* module_name */ eappeap_attach, /* attach */ NULL, /* No peap initialization interface*/ NULL, /* No need for authorization interface*/ eappeap_authenticate, /* authentication */ eappeap_detach /* detach */ };

22. PEAP Phase 1- Implementation • Handler is sent to the eaptls_process function which processes the EAP request & returns the status code. • If the status code returned is a Success then the PEAP module proceeds to decode the tunneled attributes • If the status code returned is a Fail then the PEAP module interprets it as a failure in establishing the TLS session and returns back to the eaptls_process method for ending the session.

23. The EAP-TLV Method • EAP-TLV is a payload with standard Type-Length-Value (TLV) objects. • Used to carry arbitrary parameters between the EAP peer and the EAP server. • The PEAP tunnel success/failure packet contains a Result TLV. • The Result TLV packet is used to indicate success or failure of the PEAP tunnel. • They are sent in the TLS channel - Phase 2. • Packets are protected from being spoofed by an attacker.

24. EAP –TLV Packet Formats

25. Implementation – EAP-TLV • User credentials, the state of the message exchange and the Status i.e the Result TLV has to be passed through the encrypted channel. • A data structure to store these parameters is defined • Two functions for explicitly framing the result TLV packetshave been implemented /* eap_peap.h - PEAP header file*/ #define TLV_SUCCESS 1 #define TLV_FAILURE 2 #define PW_EAP_TLV 33 typedef struct peap_tunnel_t { VALUE_PAIR *username; VALUE_PAIR *state; int status; /* Checks for Result TLV status */ } peap_tunnel_t; static int eappeap_success(EAP_HANDLER *handler, tls_session_t *tls_session) static int eappeap_failure(EAP_HANDLER *handler, tls_session_t *tls_session)

26. PEAP Phase 2- Implementation • Starts with the eappeap_authenticate () interface receiving the EAP_TLSOK status code from the eaptls_process function • The function proceeds to read and decrypt the tunneled data from the SSL session using the in built SSL functions . • Next it allocates a new request data structure and adds the tunneled attributes to the request. • It then calls the rad_authenticate () function with the new request packet as the parameter to handle the tunneled EAP-Type MS-CHAPv2.

27. PEAP Phase 2- Implementation • Next it reads the Response Packet received from the rad_authenticate function. • IF the status field = TLV_SUCCESS, then Phase two of the protocol has been successful and the server can proceed to generate the MPPE (Microsoft Point–to-Point Encryption) keys according to the RFC 2716 [EAP-TLS]. • Any response messages in the VALUEPAIR format need to be converted to the tunneled data format.

28. Performance Analysis of PEAP and TTLS

29. TEST BED at UCCS ENGG LAB RADIUS Client

30. Machine Spec IP Address OS Software wiper.uccs.edu 1.8 Ghz, 1 GB RAM RADIUS Server and DHCP server 128.192.61.132 RedHat 9.0 Running Linux 2.2.20-19.9 kernel FreeRadius Modified CVS snapshot radiusd-09.03.03.tar.gz willow.uccs.edu Access Point Cisco Aironet 1200 128.192.61.130 RedHat 9.0 Running Linux 2.2.20-19.9 kernel Cisco 1200 series Software Toshiba – 366 Mhz, 512 MB Wireless Client Using Cisco Aironet 350 PC Card Dynamic IP address 128.192.61.144 to 128.98.61.152 RedHat 6.2 running Linux 2.2.20-19.9 kernel Open1x Xsupplicant Version 9.0 Hobbit – 1 Ghz Dell Optiplex, 512 MB Wireless Client Using Cisco Aironet 350 PCI Card Dynamic IP address 128.192.61.144 to 128.98.61.152 Windows XP-SP1 And RedHat 9.0 Running Linux 2.2.20.9 kernel Open1x Xsupplicant for Linux and built in Service Pack for XP Client/Server Machine Configurations

31. Performance Impact of Clients’ Processor Speed on PEAP & TTLS • Purpose: Investigate the impact of Client’s processor speed on the time taken to process the Client requests and to see the capacity of the server to handle multiple requests coming from the Clients. • Number of Tests Performed: Three Tests performed - Toshiba machine – 366Mhz, Hobbit machine – 996 Mhz and with two clients having simultaneous access to the server.

32. PEAP vs TTLS on Toshiba machine PEAP TTLS Average 1046 949 Variance 8142 12060

33. PEAP vs TTLS on Hobbit machine PEAP TTLS Average 983 911 Variance 10 356

34. PEAP vs TTLS Simultaneous Access of Clients PEAP TTLS Average 1006 947 Variance 23707 12387

35. Result Analysis • TTLS out performing PEAP on an average by 8% • At lower processor speeds - TTLS was outperforming PEAP by 10% • At higher processor speeds – the performance difference is around 7% • When running simultaneously with two clients it shows a performance difference of only 6% • TTLS and PEAP both show low data variance. • PEAP had almost negligible variance with a higher processor speed Client. • Processor speeds influencing PEAP relatively more as compared to TTLS

36. Sensitivity study of PEAP & TTLS with Client stationed at varying distances • Purpose: To study the impact on the performance of the two protocols by introducing packet loss or signal degradation with increasing distances between wireless Client and AP. • Number of Tests Performed: Five Tests performed at distance ranges of approximately 25, 30, 45, 55 and 65 feet. Some tests were done behind walls and closed doors to see the impact of line of sight.

37. PEAP vs TTLS Distance Range ~ 30ft

38. PEAP vs TTLS Distance Range ~ 25ft

39. PEAP vs TTLS Distance Range ~ 45ft

40. PEAP vs TTLS Distance Range ~ 55ft

41. PEAP vs TTLS Distance Range ~ 65ft

42. PEAP vs TTLS Average Performance

43. PEAP vs TTLS Variance Data

44. Result Analysis • As Client goes farther away from the access point the performance of both the protocols degrades. • At a lower distance range there is negligible performance difference between PEAP and TTLS – TTLS performing 1% better. • With increasing distance range average performance difference increases - TTLS performs 20 % better at ~65 feet range. • Data collected highly variant for PEAP as compared to TTLS at closer distances but at the farthest point of ~65 feet TTLS data showed higher variance than PEAP.

45. PEAP & TTLS Resilience Tests • Purpose: To study the tolerance capacity of the protocols towards network transient behavior. • Number of Tests Performed: Five Tests performed. The network interface at the RADIUS server end is brought up and down over different time periods by running a Perl script. • Note: A constant downtime of 3 sec has been used in all tests. • At first this was chosen randomly. But later by changing downtime it seemed to be making less difference to the performance as compared to changing network uptime.

46. PEAP vs TTLS Network Uptime 5.0 sec PEAP TTLS Average 12 6 Variance 266 84

47. PEAP vs TTLS Network Uptime 4.5 sec PEAP TTLS Average 9 8 Variance 105 95

48. PEAP vs TTLS Network Uptime 4.2 sec PEAP TTLS Average 12 12 Variance 106 118

49. PEAP vs TTLS Network Uptime 4.0 sec PEAP TTLS Average 18 16 Variance 50 91

50. PEAP vs TTLS Network Uptime 3.9 sec PEAP TTLS Average 25 26 Variance 437 390