Wireless security research with focus on peap ttls design and implementation
This presentation is the property of its rightful owner.
Sponsored Links
1 / 69

Wireless Security Research with focus on PEAP/TTLS Design and Implementation PowerPoint PPT Presentation


  • 68 Views
  • Uploaded on
  • Presentation posted in: General

Wireless Security Research with focus on PEAP/TTLS Design and Implementation. Based on Nirmala Bulusu’s Master Thesis. Outline of the Talk. Introduction WLAN, RADIUS, EAP, TLS,TTLS, PEAP Design and Implementation of PEAP Module for Free RADIUS Performance Comparison of PEAP and TTLS

Download Presentation

Wireless Security Research with focus on PEAP/TTLS Design and Implementation

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Wireless security research with focus on peap ttls design and implementation

Wireless Security Researchwith focus on PEAP/TTLS Design and Implementation

Based on Nirmala Bulusu’s Master Thesis


Outline of the talk

Outline of the Talk

  • Introduction

    • WLAN, RADIUS, EAP, TLS,TTLS, PEAP

  • Design and Implementation of PEAP Module for Free RADIUS

  • Performance Comparison of PEAP and TTLS

  • Conclusion and Future Work


Introduction

Introduction

WLAN, RADIUS, EAP, TLS,

TTLS and PEAP


Wireless security research with focus on peap ttls design and implementation

Wireless Network

Wired Ethernet Network

Wireless Network

Access Point

Why Wireless Networking

Advantages:

  • No "plug ins"

  • Increased Productivity

  • Easier network expansion

  • Flexibility and

  • Lowers the cost of ownership

  • Use unlicensed band

  • Vulnerabilities

  • Unauthorized user access

  • Eavesdropping (network can be tapped using sniffing tools)


War driving

War Driving

A directional antenna fashioned from a Pringles can is used to search for unsecured access points.


Doonesbury

Doonesbury

Parking Lot Attack


Secure tunnels

Secure Tunnels

The Extensible Authentication Protocol (EAP) uses encryption to create a “tunnel” for data confidentiality.


Wireless security research with focus on peap ttls design and implementation

E

A

P

EAP

C

H

A

P

P

A

P

MD5

TLS

TTLS

PEAP

MS-CHAPv2

EAP

802.1X

PPP

802.11

IEEE 802.1x - Architecture

  • IEEE 802.1x is a port-based network access control solution to authenticate every network user accessing the LAN services.

  • It defines an encapsulation technique that allows for the transmission of EAP packets between the Supplicant and Authenticator in the LAN environment.


Wireless security research with focus on peap ttls design and implementation

EAP- Tunneled Transport Layer Security (EAP- TTLS)

  • TTLS is a two-stage protocol - establish security in stage one, exchange authentication in stage two.

  • The user’s identity and password-based credentials are tunneled during authentication

  • Provides: mutual authentication, key generation , client identity privacy and data cipher suite negotiation


How peap works peap phase 1 establish tls tunnel

How PEAP WorksPEAP – Phase 1: Establish TLS Tunnel

  • Client/Supplicant associates with AP - EAPOL

  • Authentication Server is authenticated to the Supplicant using PKI certificate.

  • Supplicant sends machine credentials to authenticator over the established TLS channel

  • Authenticator checks Client’s validityand if valid, generates the WEP key

  • Authenticator delivers key to supplicant and transitions controlled port status to permit supplicant access to LAN


How peap works peap phase 2 authenticate client

How PEAP Works PEAP – Phase 2: Authenticate Client

  • Client is requested user identity

  • Supplicant responds by sending user credentials to authenticator

  • Authenticator checks validity by looking up the user database

  • If user id valid, authenticator extends controlled port status to permit supplicant full access to LAN

  • User is logged on to the domain and the network is open


The new proposed protocols eap ttls and peap

PEAP – developed by Microsoft, Cisco.

Windows XP is currently the only operating system that supports PEAP.

Only EAP - generic token card

TTLS - developed by Funk and Certicom,

Linux, Mac OS X, Windows 95/98/ME, and Windows NT/2000/XP.

Can use any Authentication Method - CHAP, PAP, MS-CHAP, MS-CHAPv2 and EAP

The New Proposed ProtocolsEAP-TTLS and PEAP

Research Goal : Design, Implement and perform a comparative analysis of the two protocols.


What is peap

What is PEAP ?

  • IETF Draft-standard proposed by RSA, Microsoft, Cisco

    • draft-josefsson-pppext-eap-tls-eap-02.txt.

  • PEAP is an 802.1x Authentication protocol typically designed for enhancing access control in wireless LANs (WLANs)

  • It is built on top of two well known protocols

    • Extensible Authentication Protocol (EAP)

    • Transport Layer Security (TLS)


Ieee 802 1x how it works

Authentication

Server System

Authentication

Server

[AAA]

Any EAP

Mostly Radius

IEEE 802.1x – How it Works

  • 802.1x is a port-based network access control method to authenticate and authorize users accessing Local Area Network (LAN) services.

The three elements in IEEE 802.1x

Supplicant

Authenticator

System

System

Host NIC

Services offered by

Authenticator

Ethernet 802.1,

the Authenticator

PAE

(Port Access Entity)

Wireless PC card,

system

EAP Messages

EAPOL

etc.

Encapsulated

Controlled

Port Unauthorized

Port

Authorize/Unauthorize

The th

ree d

ifferent

Uncontrolled

Port

e

lements in

IEEE

802.1x

MAC Enable


802 1x communication protocols

802.1x Communication protocols

  • Protocols to transmit data between Supplicant and the Access Point:

    • EAP-over-LAN (EAPoL) encapsulated EAP messages in Ethernet frames

    • EAP over RADIUS (Remote Access Dial-in User Service) encapsulates EAP messages in RADIUS packets


Remote access dial in user service radius

Remote Access Dial-in User Service (RADIUS)

  • RADIUS is a Client/server protocol and software that supports authentication, authorization, and accounting (AAA) for dial-up, virtual private network, and wireless network access.

  • Three major components of RADIUS

    • End User (Supplicant)

    • RADIUS Client (Access Point, Authenticator or Terminal Server)

    • RADIUS server (Authentication server).

  • All RADIUS messages are sent as User Datagram Protocol (UDP) messages on port 1812.


Message exchanges between radius client and server

Message Exchanges Between RADIUS Client and Server

For PEAP, Password is not sent in this frame


802 1x authentication types

802.1X Authentication Types

  • EAP-TLS (EAP-Transport Layer Security)

    • Mutual authentication via PKI based client & server certificates

    • Supported in XP and soon other Windows versions

    • Imposes substantial administrative burden to generate, distribute and manage user certificates.

  • EAP-TTLS (EAP-Tunneled Transport Layer Security)

    • User authentication via user ID and password

    • Supported by Funk Software’s Odyssey

    • Supports both EAP and non-EAP kind of Authentication methods.

  • PEAP (Protected EAP)

    • User authentication via user ID and password

    • Supported by Cisco Aironet client adapters and Microsoft XP SP1

    • Supports only EAP authentication methods.


Eap transport layer security

EAP–Transport Layer Security

  • EAP-TLS (RFC2716) defines a mechanism for exchange of messages with both client and server validating each other via certificates providing mutual authentication

  • Certificate management required for secure operation

No user-password kind of exchanges


Wireless security research with focus on peap ttls design and implementation

Need for PEAP/TTLS

  • Wireless AP broadcasts all traffic hence can easily collect data if within the broadcast range

    • PEAP/TTLS answers this by transmitting user-sensitive data in an encrypted channel - the established TLS tunnel

  • Weak Wireless Encryption

    • Using PEAP/TTLS the data within the tunnel cannot be decrypted without the TLS master secret and the key is not shared with the Access point. Rogue/compromised access points cannot decrypt messages.

  • MAC address based access control does not work [NetStumbler]

    • Use TLS-based authentication mechanisms to tunnel user credentials.

  • EAP-TLS administrative overhead

    • With PEAP/TTLS only server side PKI infrastructure based digital certificates are used to authenticate EAP servers. No need to install and maintain Client side certificates.


Wireless security research with focus on peap ttls design and implementation

EAP-Tunneled Transport Layer Security (EAP-TTLS)

  • Is a two-phase protocol - establish security in stage one, exchange authentication in phase two.

  • The user’s identity and password-based credentials are tunneled during authentication

  • The AAA server can proxy the user authentication to AAA/H (e.g., LDAP, Active Directory) server.

TTLS Architectural Model


Protected eap peap

Protected EAP (PEAP)

  • Two Phase Protocol: Establish TLS connection, start a second EAP authentication process inside encrypted tunnel.

  • Client is authenticated in the second phase using any EAP authentication mechanism (Generic Token Card, One-Time-Password, MS-CHAPv2)

    • MS-CHAPv2 : Microsoft Challenge-Handshake Authentication Protocol

  • PEAP addresses the weaknesses of EAP by protecting user-credentials, standardizes key exchanges, supports fragmentation, fast reconnects and seamless transition.

    • Fast reconnection: Do quick re-authentication by passing only session keys. The session can be resumed without having to perform PEAP Phase 1 or 2.

    • Seamless transition: uses the connection re-establishment mechanism provided by the TLS handshake protocol.


Phase 1 establish tls tunnel

Phase 1- Establish TLS Tunnel

AP only pass-through device from this point

(User-name)

/Start

Exchange Series of TLS messages

User Validates server certificate

RADIUS server sends Certificate chain to Client


Phase 2 authenticate client

Phase 2- Authenticate Client

Challenge String

Response to challenge string & user password

EAP- Success message

Session key, encrypted WEP key


Peap protocol implementation details

PEAP Protocol Implementation Details


Freeradius server code organization

FreeRADIUS Server Code Organization

  • Handles requests through a module interface Radius Load Module [RLM]

  • Module has four components that act on RADIUS requests at different stages of processing the request

    • Authorization: Process of obtaining information about the user from external source & determining the type of authentication protocol to be used.

    • Authentication: Process of validating a User’s Identity.

    • Pre-Accounting:Decides whether to proxy the request

    • Accounting :This records the request in the RADIUS log

  • A module declares which components it supports by putting function pointers in its "module_t rlm_* ” structure.


  • Wireless security research with focus on peap ttls design and implementation

    Free RADIUS Code Directory Structure

    The new developed Software


    Module behavior

    Module Behavior

    • Add module inside the modules{} block of the radiusd.conf file. module_name defined in the block is used to load the module.

    • Each configured module calls its own init() method.

    • The instantiate() method is called next. It is given a handle to the configuration block holding the parameters.

    • Finally a detach() method is called when server is shut- down to release the allocated resources.


    Example radiusd conf

    Example - radiusd.conf

    modules {

    eap {

    default_eap_type = peap

    tls{

    } …

    peap {

    default_eap_type = mschapv2

    }…

    } …

    }…

    # eap sets the authorize type as EAP

    authorize { …

    eap

    }

    # eap authentication takes place.

    authenticate { …

    eap

    } …


    The rlm eap peap module

    The rlm_eap_peap module

    • Deals with the standard attach, detach, and authenticate interfaces.

    • The rlm_eap_peap module does not have an initiate() interface.

      • PEAP is a protocol on top of TLS, so before initiating PEAP we have to initialize the TLS session.

    /* rlm_eap_peap.c - Contains interfaces called from the main module EAP */

     EAP_TYPE rlm_eap_peap = {

    "eap_peap",/* module_name */

    eappeap_attach,/* attach */

    NULL,/* No peap initialization interface*/

    NULL,/* No need for authorization interface*/

    eappeap_authenticate,/* authentication */

    eappeap_detach/* detach */

    };


    Peap phase 1 implementation

    PEAP Phase 1- Implementation

    • Handler is sent to the eaptls_process function which processes the EAP request & returns the status code.

    • If the status code returned is a Success then the PEAP module proceeds to decode the tunneled attributes

    • If the status code returned is a Fail then the PEAP module interprets it as a failure in establishing the TLS session and returns back to the eaptls_process method for ending the session.


    The eap tlv method

    The EAP-TLV Method

    • EAP-TLV is a payload with standard Type-Length-Value (TLV) objects.

      • Used to carry arbitrary parameters between the EAP peer and the EAP server.

    • The PEAP tunnel success/failure packet contains a Result TLV.

      • The Result TLV packet is used to indicate success or failure of the PEAP tunnel.

    • They are sent in the TLS channel - Phase 2.

      • Packets are protected from being spoofed by an attacker.


    Eap tlv packet formats

    EAP –TLV Packet Formats


    Implementation eap tlv

    Implementation – EAP-TLV

    • User credentials, the state of the message exchange and the Status i.e the Result TLV has to be passed through the encrypted channel.

      • A data structure to store these parameters is defined

      • Two functions for explicitly framing the result TLV packetshave been implemented

    /* eap_peap.h - PEAP header file*/

    #define TLV_SUCCESS 1

    #define TLV_FAILURE 2

    #define PW_EAP_TLV 33

    typedef struct peap_tunnel_t {

    VALUE_PAIR*username;

    VALUE_PAIR*state;

    intstatus; /* Checks for Result TLV status */

    } peap_tunnel_t;

    static int eappeap_success(EAP_HANDLER *handler, tls_session_t *tls_session)

    static int eappeap_failure(EAP_HANDLER *handler, tls_session_t *tls_session)


    Peap phase 2 implementation

    PEAP Phase 2- Implementation

    • Starts with the eappeap_authenticate () interface receiving the EAP_TLSOK status code from the eaptls_process function

    • The function proceeds to read and decrypt the tunneled data from the SSL session using the in built SSL functions .

    • Next it allocates a new request data structure and adds the tunneled attributes to the request.

    • It then calls the rad_authenticate () function with the new request packet as the parameter to handle the tunneled EAP-Type MS-CHAPv2.


    Peap phase 2 implementation1

    PEAP Phase 2- Implementation

    • Next it reads the Response Packet received from the rad_authenticate function.

    • IF the status field = TLV_SUCCESS, then Phase two of the protocol has been successful and the server can proceed to generate the MPPE (Microsoft Point–to-Point Encryption) keys according to the RFC 2716 [EAP-TLS].

    • Any response messages in the VALUEPAIR format need to be converted to the tunneled data format.


    Performance analysis of peap and ttls

    Performance Analysis of PEAP and TTLS


    Test bed at uccs eng lab

    TEST BED at UCCS ENG LAB

    RADIUS

    Client


    Client server machine configurations

    Machine Spec

    IP Address

    OS

    Software

    wiper.uccs.edu

    1.8 Ghz, 1 GB RAM

    RADIUS Server and DHCP server

    128.192.61.132

    RedHat 9.0

    Running Linux 2.2.20-19.9 kernel

    FreeRadius

    Modified

    CVS snapshot radiusd-09.03.03.tar.gz

    willow.uccs.edu

    Access Point

    Cisco Aironet 1200

    128.192.61.130

    RedHat 9.0 Running Linux 2.2.20-19.9 kernel

    Cisco 1200 series

    Software

    Toshiba – 366 Mhz, 512 MB

    Wireless Client

    Using Cisco Aironet 350 PC Card

    Dynamic IP address

    128.192.61.144

    to

    128.98.61.152

    RedHat 6.2 running Linux 2.2.20-19.9 kernel

    Open1x Xsupplicant

    Version 9.0

    Hobbit – 1 Ghz Dell Optiplex, 512 MB

    Wireless Client

    Using Cisco Aironet 350 PCI Card

    Dynamic IP address

    128.192.61.144

    to

    128.98.61.152

    Windows XP-SP1

    And RedHat 9.0 Running Linux 2.2.20.9 kernel

    Open1x Xsupplicant for Linux and built in Service Pack for XP

    Client/Server Machine Configurations


    Performance impact of clients processor speed on peap ttls

    Performance Impact of Clients’ Processor Speed on PEAP & TTLS

    • Purpose:

      Investigate the impact of Client’s processor speed on the time taken to process the Client requests and to see the capacity of the server to handle multiple requests coming from the Clients.

    • Number of Tests Performed:

      Three Tests performed - Toshiba machine – 366Mhz, Hobbit machine – 996 Mhz and with two clients having simultaneous access to the server.


    Peap vs ttls on toshiba machine

    PEAP vs TTLS on Toshiba machine

    PEAPTTLS

    Average1046 949

    Variance814212060


    Peap vs ttls on hobbit machine

    PEAP vs TTLS on Hobbit machine

    PEAPTTLS

    Average983911

    Variance10356


    Peap vs ttls simultaneous access of clients

    PEAP vs TTLS Simultaneous Access of Clients

    PEAPTTLS

    Average1006947

    Variance2370712387


    Result analysis

    Result Analysis

    • TTLS out performing PEAP on an average by 8%

    • At lower processor speeds - TTLS was outperforming PEAP by 10%

    • At higher processor speeds – the performance difference is around 7%

    • When running simultaneously with two clients it shows a performance difference of only 6%

    • TTLS and PEAP both show low data variance.

      • PEAP had almost negligible variance with a higher processor speed Client.

    • Processor speeds influencing PEAP relatively more as compared to TTLS


    Sensitivity study of peap ttls with client stationed at varying distances

    Sensitivity study of PEAP & TTLS with Client stationed at varying distances

    • Purpose:

      To study the impact on the performance of the two protocols by introducing packet loss or signal degradation with increasing distances between wireless Client and AP.

    • Number of Tests Performed:

      Five Tests performed at distance ranges of approximately 25, 30, 45, 55 and 65 feet. Some tests were done behind walls and closed doors to see the impact of line of sight.


    Peap vs ttls distance range 30ft

    PEAP vs TTLS Distance Range ~ 30ft


    Peap vs ttls distance range 25ft

    PEAP vs TTLS Distance Range ~ 25ft


    Peap vs ttls distance range 45ft

    PEAP vs TTLS Distance Range ~ 45ft


    Peap vs ttls distance range 55ft

    PEAP vs TTLS Distance Range ~ 55ft


    Peap vs ttls distance range 65ft

    PEAP vs TTLS Distance Range ~ 65ft


    Peap vs ttls average performance

    PEAP vs TTLS Average Performance


    Peap vs ttls variance data

    PEAP vs TTLS Variance Data


    Result analysis1

    Result Analysis

    • As Client goes farther away from the access point the performance of both the protocols degrades.

    • At a lower distance range there is negligible performance difference between PEAP and TTLS – TTLS performing 1% better.

    • With increasing distance range average performance difference increases - TTLS performs 20 % better at ~65 feet range.

    • Data collected highly variant for PEAP as compared to TTLS at closer distances but at the farthest point of ~65 feet TTLS data showed higher variance than PEAP.


    Peap ttls resilience tests

    PEAP & TTLS Resilience Tests

    • Purpose:

      To study the tolerance capacity of the protocols towards network transient behavior.

    • Number of Tests Performed:

      Five Tests performed. The network interface at the RADIUS server end is brought up and down over different time periods by running a Perl script.

    • Note: A constant downtime of 3 sec has been used in all tests.

      • At first this was chosen randomly. But later by changing downtime it seemed to be making less difference to the performance as compared to changing network uptime.


    Peap vs ttls network uptime 5 0 sec

    PEAP vs TTLS Network Uptime 5.0 sec

    PEAPTTLS

    Average126

    Variance26684


    Peap vs ttls network uptime 4 5 sec

    PEAP vs TTLS Network Uptime 4.5 sec

    PEAPTTLS

    Average98

    Variance10595


    Peap vs ttls network uptime 4 2 sec

    PEAP vs TTLS Network Uptime 4.2 sec

    PEAPTTLS

    Average1212

    Variance106118


    Peap vs ttls network uptime 4 0 sec

    PEAP vs TTLS Network Uptime 4.0 sec

    PEAPTTLS

    Average1816

    Variance5091


    Peap vs ttls network uptime 3 9 sec

    PEAP vs TTLS Network Uptime 3.9 sec

    PEAPTTLS

    Average2526

    Variance437390


    Result analysis2

    Result Analysis

    • Client performance degrades as the network interface uptime gets shorter.

    • At 3.8 sec uptime both PEAP and TTLS protocols failed to recover.

    • The average performance of TTLS as compared to PEAP is negligible

    • Where difference was large the variance difference between the two also has been relatively big.


    Peap ttls stress tests

    PEAP & TTLS Stress Tests

    • Purpose:

      To study the performance of the two protocols when run for a longer period of time.

    • Number of Tests Performed:

      Two Tests performed – One for Each Protocol. Each test was run for over 15 hours


    Stress test peap

    Stress Test - PEAP

    Average1011


    Stress test ttls

    Stress Test - TTLS

    Average1099


    Result analysis3

    Result Analysis

    • Both protocols passed the stress tests. Both authenticated the Client all times.

    • The peaks can be attributed to the fact that in some of the cases the Client got authenticated in the second or third trial of authentication

    • The peaks reached by TTLS are much more frequent and higher as compared to PEAP - Over a longer time period TTLS shows more variance than PEAP


    Mac address spoofing test

    MAC Address Spoofing Test

    • Purpose:

      Investigate if by spoofing the MAC address an attacker can gain access to a wireless network that relies on tunneled encryption like PEAP/TTLS for authenticating wireless Clients.

    • Number of Tests Performed:

      One test was performed with a Linux Client authenticating using PEAP. Attacker had Windows XP running AiroPeek software for sniffing MAC addresses.

      I would like to thank Donovan Thorpe of Computer Services UCCS for his help in performing this test.


    Result analysis4

    Result Analysis

    • The attacker could associate with the Access Point as it had a valid MAC address while eavesdropping the network. Thus passed the first line of defense – MAC address filtering.

    • The attacker was prompted for the user credentials. This stage could not be by-passed and the attacker could not access the network as the user credentials were in encrypted format and thus could not be sniffed.


    Conclusion future work

    Conclusion & Future Work


    Conclusion

    Conclusion

    • Developed a Radius Server on Linux that supports both PEAP and TTLS.

    • PEAP is relatively more influenced by Client’s processor speeds, distance range and network transient nature as compared to TTLS.

    • Although the higher performance shown by TTLS over PEAP is negligible, it is worth noting that TTLS was outperforming PEAP on an average by 10% in all the tests.

    • The enhanced Radius Server can serve both Windows and Linux clients.


    Future work

    Future Work

    • Study how to apply the PEAP/TTLS protocols in Mobile Ad-Hoc Networks.

    • Study the implications of providing Virtual Private Network (VPN) features in addition to encryption of PEAP/TTLS within the wireless Access Point devices.

    • Develop ways to protect user's identity that is passed in clear between the access point, the RADIUS server, and any other database-backend server by implementing firewalls or other such viable security techniques.


  • Login