Chapter 7

Chapter 7 Access Authentication

Session 5 – Contents • Authentication Concepts • IEEE 802.1X Authentication • Extensible Authentication Protocol (EAP) • EAP Password Mechanisms • Other Password Mechanisms • Password Security Considerations • EAP Authentication Servers • Remote Authentication Dial-in User Service (RADIUS) • The Needham-Schroeder Protocol, Kerberos V5.1 • ITU-T X.509

Security Concerns • Browsing • The attacker tries to get access to a database to get information. • Spoofing • The attacker pretends to be a user with certain privileges. • Session Hijacking • The attacker tries to take over an existing connection between two computers. • Electronic Eavesdropping or Sniffing • The attacker records all the traffic going through the network interface card (NIC) or on a server node. • Exhaustive Attacks • The attacker tries to identify secret information by testing all possibilities. Also called Brute Force Attack.

What is Authentication? authentication / n.(1) The act of identifying or verifying the entity that originated the message or the corroboration (proof) of the sender's identity, i.e. that he is who he claims to be. Written messages are authenticated with a handwritten signature so the receiver of the message is able to validate the message. (2) access. The act of identifying or verifying the eligibility of a station, originator or individual to access specific categories of information. Longley, D., & Shain, M. (1989). Data & Computer Security Dictionary of Standards Concepts and Terms (p26). Boca Raton, FL:CRC Press, Inc.

Access Authentication Dial-up User Authentication PSTN Device Authentication NAS VoIP Home office Internet,IPWAN Authentication Server Router Router User Authentication Firewall Router Intranet Wireless Access Authentication • Access Authentication • Dial-up User Authentication • Wireline User Authentication. • Wireless User Authentication • Device Authentication.

Access Authentication The prevention of the unauthorized use of a resource. Access Authentication Protocol EAP Method Mechanism IEEE 802.1X CHAP OTP EAP-TLS EAP-SIM MS-CHAP v2 EAP-AKA GTC EAP-TTLS EAP-PSK Digital Certificates EAP-PEAP PEAP: Protected EAP CHAP: Challenge-Handshake Authentication Protocol OTP: One-Time Password GTC: Generic Token Card IEEE 802.1X: Port-based Access Control Protocol EAP: Extensible Authentication Protocol TLS: Transport Layer Security TTLS: Tunneled Transport Layer Security

Authentication Factors • What the user knows • Something secret only the user knows • A memorized personal identification number (PIN) or password • What the user has • Something unique the user possesses • SecureID card (token generating a one-time password) • A smartcard that can perform cryptographic operations on behalf of a user). • Digital certificate • What the user is • Something unique to the user • Biometrics (Fingerprints, voiceprint)

Access Authentication vs. Authorization • Access Authentication • Defines whether Access-Accept or Access-Reject is returned by the authenticator server. • Authorization • Defines user’s environment once access is granted. • Controls or restricts what user is allowed to do on a network access server (NAS) or network.

IEEE 802.1X Authentication • The IEEE 802.1X-2004 is a data link layer transport protocol that defines wireless and physical networks port-access control standards. • Port access refers to “user port” access controlled by a wireless access point or wired switch. Users do not get IP-connectivity until they have successfully authenticated. • IEEE802.1X deployment requires the installation of three components: • Supplicant authentication software and hardware. • Authenticator – 802.1X EAP compatible. • Authentication Server. In IEEE 802.11, the Access Point acts as an authenticator, while a wireless station (e.g., a laptop) is the supplicant. A Port Access Entity (PAE) is an entity that is able to control the authorized/unauthorized state of its controlled port.

802.1X Port-based Access Control Protocol Authentication Server System Authentication System Services offered by the authenticator system AuthenticatorPort Access Entity AuthenticationServer Authentication Protocol Exchanges Port Unauthorized Controlled Port Uncontrolled Port AuthControlledPortStatus MAC Enable/Disable LAN

EAP Stack Auth. Layer Connection and Login Process Protection Layer Method Layer PEAP TLS TTLS Extensible Authentication Protocol (EAP) EAP Layer EAP over LAN (EAPOL) Media Layer PPP 802.3 802.5 802.11 Wireless LAN Token Ring Ethernet

Extensible Authentication Protocol • Originally created for use with PPP, it has since been adopted for use with IEEE 802.1X -2004 "Port-Based Network Access Control". • Supports authentication mechanisms such as smart cards, Kerberos, digital certificates, one-time-passwords, and others. • Authentication mechanisms are implemented in a number of ways called EAP methods, e.g., EAP-TLS, EAP-TTLS, EAP-PEAP, etc. • EAP is extensible because any authentication mechanism can be encapsulated within EAP messages. • EAP allows the deployment of new protocols between the supplicant and the authentication server. • The encapsulation technique used to carry EAP packets between peer and authenticator in a LAN environment is known as EAP over LANs, or EAPOL • Authentication Mechanisms • MD5-Challenge: Analogous to the PPP CHAP protocol with MD5 as the specified algorithm, RFC 1994. The Request contains a "challenge" message to the peer. • One-Time Password (OTP): Defined in "A One-Time Password System," RFC 1938. The Request contains a displayable message containing an OTP challenge. • Generic Token Card (GTC): Defined for use with various token card implementations which require user input. The Request contains an ASCII text message and the Reply contains the token card information necessary for authentication.

EAP Authentication Process Authentication ServerRadius, Kerberos, PKI, OTP, Token Authenticator EAP Method EAP over Ethernet Password Authentication Database The Authenticator functions as an AAA client to the Authentication Server Token Authentication Database X.509 Directory Kerberos Ticket Granting Server Supplicants AAA – Authentication, Authorization and Accounting

EAP Certificate and Hybrid Methods • Certificate Method • EAP-TLS: The Extensible Authentication Protocol-Transport Layer Security uses X.509 digital certificates for secure mutual authentication client and server. • EAP Hybrid Methods • EAP-TTLS (Tunneled TLS): Based on asymmetric cryptography reusing TLS mechanisms. In EAP-TTLS, the TLS handshake can be mutual, or it can be one-way, in which only the server is authenticated to the client. • PEAP (Protected Extensible Authentication Protocol): Based on asymmetric cryptography reusing TLS mechanisms. Provides an encrypted and authenticated tunnel based on transport layer security (TLS) that encapsulates EAP authentication mechanisms.

Protected EAP • First a TLS tunnel ( ) is established, and then the tunnel is used to run legacy authentication protocols in the inner tunnel ( ). Cipher Suite Services offered by the authenticator system LAN, Wireless Cipher Suite Trust Authenticator (Dual Port) Authentication Server Keys EAP Methods, EAP-TLS, EAP-GTC, MS-CHAPv2 Client Authenticator with Controlled Port Disabled. EAP API EAP API EAP Method EAP Method

EAP SIM-Based Methods • EAP-AKA (Authentication and Key Agreement): • Based on the 3rd generation Authentication and Key Agreement mechanism (AKA) specified for Universal Mobile Telecommunications System (UMTS) and for cdma2000. • Based on challenge-response mechanisms and symmetric cryptography. It uses shared secrets between the User and the Authenticator together with a sequence number to perform the Authentication. • EAP-SIM (Subscriber Identity Module) • Based on symmetric cryptography that reuses the GSM authentication infrastructure. • Useful for scenarios where SIMs are already deployed (e.g., authentication of GPRS clients on a WLAN connected to a 3GPP network).

EAP Pre-Shared Key Methods • EAP-TLS-PSK: TLS Pre-Shared Key • A possible future EAP method based on TLS that would support authentication based on pre-shared keys. • TLS-PSK uses one of the following: • 1. Symmetric key operations for authentication; • 2. Diffie-Hellman exchange authenticated with a pre-shared key; • 3. Combined public key authentication of the server with pre-shared key authentication of the client. • EAP-IKEv2: • Based on the symmetric and asymmetric cryptography of IKEv2, a protocol whose security has received considerable expert review. • Could be an excellent candidate to replace EAP-MD5. • EAP-PSK (Pre-Shared Key) • Based on symmetric cryptography. • Advantages: • Simplicity: Easy to implement and to deploy without any pre-existing infrastructure. • Wide applicability: Can be used to authenticate over any network, in particular for WLANs. • Security: Based on AES. • Extensibility: Can add extensions as needed. • Patent-avoidance: No Intellectual Property Right claims.

Password-Based EAP Methods • EAP-PAX • Designed for device authentication using a shared key, a personal identification number (PIN). Instead of using a symmetric key exchange, the client and server perform a Diffie-Hellman key exchange, which provides forward secrecy. • Supports the generation of strong key material; mutual authentication; resistance to desynchronization, dictionary, and man-in-the-middle attacks; ciphersuite extensibility with protected negotiation; identity protection; and the authenticated exchange of data, useful for implementing channel binding. EAP-PAX is ideal for wireless environments such as IEEE 802.11. • EAP-SPEKE (Simple Password Exponential Key Exchange) • Based on symmetric cryptography and asymmetric key cryptography to provide password-only authenticated key exchange. • Useful only when authentication is based on user-provided password information. • Unnecessarily complex for device authentication (e.g., it makes heavy use of public key cryptography). • Improved protocol supports mutual authentication and key exchange and it works on the Elliptic Curve Cryptosystems (ECC) base, as well as the DH (Diffie-Hellman) base.

Road to Authentication Step 1 Step 2EAP Method Step 3Authentication Mechanism 802.1XPort-Based Network Control (Note 1) EAP-AKA SIM-based EAP-SIM EAP-TLS-PSK Public-Key Certificates Pre-Shared-Keys EAP-IKE v2 No EAP-PSK Yes EAP-PAX Passwords EAP-SPEKE RSA / ECC EAP Methods, EAP-TLS, EAP-GTC, MS-CHAPv2 PEAP No, Only Server Client and Server Certificates EAP Methods, CHAP, PAP, MS-CHAP and MS-CHAPv2. EAP-TTLS (Note 2) Yes Client Certificate EAP-TLS (Note 3) Note 1: Strong Access Control protocol. Must be coupled with a secure EAP method. Note 2: No need to issue certificate to the client Note 3: Both the client and the server must be assigned a digital certificate signed by a certificate authority. Requires PKI

EAP Key Material • User authentication protocols perform two functions: • Verifying the identity of one or both parties, and • Producing ephemeral secret keys shared between the parties that are used subsequently for data origin authentication. • During authentication, key material is transported or agreed to. • In key transport, both parties share a key-encrypting key that is used to wrap (encipher) the key that is going to be transported - exchanged. • A key agreement algorithm allows two parties to generate a secret key computed from public key algorithms such as Diffie-Hellman. • Exchanged or generated keys are used to generate key material. • In EAP, the following keys are derived: Master Session Key (MSK), Extended Master Session Key (EMSK), AAA Key, Application-Specific Master Session Keys (AMSK), Transient Session Keys (TSK), Initialization Vector (IV), and Transient EAP Keys (TEK) • The MSK is used to derive the AAA Key; the AAA Key is used to derive the Transient Session Keys (TSKs), and the TSKs are used to protect data.

EAP Password Mechanisms • Legacy authentication systems are based on passwords or token-based authentication systems. • EAP is used with legacy authentication systems by first establishing a secure tunnel (e.g. TLS), and then using that tunnel to run the legacy authentication protocols, so the authentication is running in an inner tunnel. • Two EAP methods, TTLS and PEAP, have been proposed to support legacy authentication systems. • EAP-TTLS supports all EAP methods, CHAP, PAP, MS-CHAP, and MS-CHAPv2. • EAP-PEAP supports all EAP methods, as well as EAP-TLS, EAP-GTC, MS-CHAPv2. PAP and CHAP are not recommended for use as authentication methods with EAP-PEAP.

EAP PEAP with MS-CHAP-v2 Authenticator Client Request Identity Message Client or Computer Identity Authenticator Challenge (16-octet random number) Client Challenge Response (24-octet) Client Challenge (16-octet random number) Success Message Response to Client Challenge Ack Message Success Message The entire authentication exchange is encrypted through the TLS channel created in PEAP

EAP Generic Token Card (GTC) Access Control Server Encipher with Key Seed Same User’s Key PIN Database Seed Encipher with Key Token User Authenticator

EAP One-Time Password (OTP) Seed and Challenge numbers Network Access Server Hash Function User’s secretpass-phrase or PIN Seed and Challenge numbers Concatenate Same Concatenate User’s secretpass-phrase or PIN Database One-Time Password Hash Function • One-Time Password Systems • New password required for each session. • IETF standardized OTP in RFC 2289. • Difficult to administer the secret pass-phrase list and, therefore, not very scalable. Secret pass-phrase and seed are hashed the number of times to be equal to the Challenge number and then become a One-Time Password. User Authenticator

Password Security Considerations • Passwords are prearranged identifiers that the user possesses, such as words, special coded phrases, personal identification numbers (PINs), etc. • Password systems require a single coded response from the user to be allowed access to the host computer. • When writing a password policy, organizations should consider the following: • How the password will be selected • How often the password will be changed • How long the password will be used • How the system will handle (transmit) the password • Users normally choose unsatisfactory or poor passwords, such as words from a dictionary, words spelled backwards, first names, surnames, address numbers, telephone numbers, and social security numbers.

Password Guessing • In 1985, the Department of Defense published the Password Management Guideline, CSC-STD-002-85, that described how to calculate the maximum lifetime of a password. where L = Maximum lifetime for a password P = Probability that a password can be guessed within its lifetime, assuming continuous guesses for that period. R = Number of guesses possible to make per unit of time. S = Password space; the total number of passwords that can be generated. S = AM (A = number of alphabet symbols, M = password length) • For P = 10-6; R = 500K guesses/sec = 43.2 x 108/day. • For a password that consists of a combination of ten upper and lower case letters and numbers 0 - 9, then and

Password Guidelines • Must contain a combination of at least eight alphanumeric characters including at least one alphabetic, one numeric, and one special (e.g., punctuation) character, as well as one upper case and one lower case character. • Must be a minimum length of ten characters (not eight) if the system does not distinguish between upper and lower case. • Must not contain the user ID or portion thereof. • Must not be a combination of year and date. • Must not contain any two or more letters in forward or reverse alphabetic sequence, ASCII sequence, or QWERTY sequence, regardless of the case. • In the Windows NT environment, it is better to use passwords that are exactly 7 or 14 characters in length. • The system should not modify the end-user password, i.e., convert the password to all lower case, or truncate the password. • Passwords must not be stored or retained in clear at any location; instead, a hash of the password should be stored. The Secure Hash Algorithm SHA (224, 256, 384, or 512) should be used and the hashed password should not be truncated.

Access Authentication • Two-Factor Authentication • To identify and authenticate an authorized system user, two factors are necessary: (1) Something secret only the user knows – a memorized personal identification number (PIN) or password; (2) Something unique the user possesses – a token. • Time Synchronizing • The authorized system user carries a token which generates a unique, one-time, unpredictable access code every 60 seconds. To gain access to a protected resource, a user simply enters his or her secret PIN, followed by the current code displayed on the token. • Authentication is assured when the authenticator recognizes the token’s unique code in combination with the user’s unique PIN. Software synchronizes each token with hardware at the authenticator. • RSA SecurID token is a good example of a product providing an easy, one-step process to positively identify network and system users.

RADIUS Authentication Server • Used for Remote Authentication Dial-In User Services • Is an easy method for authentication, authorization and accounting of dial-in users (AAA). • Relies on basic Request/Accept messaging. • Uses UDP (User Datagram Protocol). • Relies on “shared secret” for NAS authentication • Access-Request • Sent by RADIUS client (Network Access Server - NAS) • Contains username, password and particulars such as NAS ID, port number, access type, etc. • Password encrypted with shared secret • Access-Accept or Access-Reject • Returned by RADIUS server • Contains list of attributes (called authorization info) used by the NAS

RADIUS Access-Request 1 Network Access Server (NAS)NAS operates as a Client of Radius Access-Reject or Challenge Client (User) 5 Resubmit Access-Request 7 2 4 Challenge Response 6 3 RADIUS Server Database Smart Card, Software List of requirements which must be met to allow access for the user. 5 - 6 2 - 4 1 7 • Sends Access-Reject or Challenge (random number) • User enciphers Challenge with Smart Card or encryption software. • Access-Request • User dials into remote access server • User Name • Password (Hidden using RSA Message Digest Algorithm, MD5) • NAS ID • Port ID • NAS sends request for RADIUS authentication and authorization. • RADIUS checks against its user ID database, and • Provides info to NAS whether the user is in the database or not. • Resubmit Access- Request • Original Access- Request with the User Password Attribute replaced by the encrypted response.

Needham and Schroeder Authentication • A T: {A ¦B ¦RA} • T A: EKA {RA ¦ B ¦ K ¦EB(K ¦A)} • A B: E B {K ¦A} • B A: E K {R B} • A B: E K {RB – 1} Trusted Entity 2 1 3 4 A B 5

Kerberos Authentication Method • Internet security standard protocol RFC 1510 based on trusted third-party centralized authentication to offer authentication services to users and servers in an open distributed environment. • Used in Windows 2000 • Relies on secret-key symmetric ciphers for encryption and authentication. • Requires trust in a third party (the Kerberos server) for authentication. • If the server is compromised, the integrity of the whole system is lost. • Does not use public-key encryption, therefore, does not produce digital signatures or authentication of authorship of documents. • Version 4 still used. • Version 4 makes use of DES in Propagating Cipher Block Chaining (PCBC) • Version 5 (RFC 1510) uses any encryption algorithm. If DES is used it has to be in CBC mode. ftp://ftp.isi.edu/in-notes/rfc1510.txt .

Ticket is encrypted using the secret key shared by the Kerberos server and the Application server. Kerberos • Kerberos server performs the functions of a Key Distribution Center (KDC). • Keeps the secret keys of all users. • Authenticates the identities of users and distributes session keys to users and servers. • Application servers do not communicate with the Kerberos server. Kerberos Server I believe you. Here is your ticket with your user ID, network address, and the server ID for the application server “B” you want to access. I am Alice’s workstation and I want to use database # 1 in the application server “B”. Here is my user ID. 3 2 I am Alice, and I want to use your database #1. Here is my ticket. Application Server “B” 4 Client Workstation 1 I am Alice, and here is my password to prove it. Database # 1 I believe you, and here is your access to the database services. 5

Kerberos’ Abbreviations and Protocols C = Client S = Server TGS = Ticket Granting Server adddrx = x’s network address Ax = x’s authentication (name, address, and timestamp) IDx = x’s identification Kx = x’s secret key Kx,y = Session key for x and y communications Kx {m} = m encrypted with x’s secret key Txy = x’s ticket to use with y TGSx = TGS used by C times = beginning and ending validity time for a ticket, timestamp || = concatenation AS TGS 3 2 1 4 Once per type of service Once per user log on C Once per service session 5 6 S • IDC|| TGSC || time • EKC { K C, TGS } || E KTGS { TC,TGS } || time • IDS || E KTGS { TC,TGS } || E K C, TGS { AC } • E K C, TGS { KC,S } || E Ks { TC,S } • E Ks {TC,S} || EKC,S { AC } • EKC,S { timestamp, Subkey, Seq # } Kerberos’ ticket for x to talk with y Tx,y = EKy { IDx, addrx, times, Kx,y }

Kerberos Encryption and Checksum Encryption Confounder Message Padding Confounder Message Padding Encipher HMAC Ki Ke Ciphertext Output = E (Ke, confounder || message || padding) || HMAC(Ki, confounder || message || padding) Checksum Confounder Message Padding HMAC Ki Ke Encipher Ke Encipher Checksum Output = E (Ke, confounder) || E [Ke, (HMAC(Ki confounder || message || padding)]

Kerberos Security Concerns • Secret keys should be distributed in a secure way. • Kerberos servers have same concerns about secret-key encryption, i.e. confidentiality and timeliness that apply to Kerberos’ secret keys. • Kerberos servers should be located in physically secure environments with restricted physical access. • Multiple-service-granting tickets are reusable, so an opponent may capture the ticket and use it. • Tickets should have a timestamp and a lifetime to prevent replay attacks (Version 5).

X.509 Authentication Method • ITU-T recommendation X.509 is part of the X.500 series of recommendations that define a directory service. • X.509 is the primary standard for certificates. It specifies not only the format of the certificate, but also the conditions under which certificates are created and used. • Two types of authentication are used. • Simple Authentication using passwords. • Strong Authentication using public-key crypto systems. • Public Key Infrastructure (PKI) is based on X.509, Version 3. • Each certificate contains the public key of a user and is signed with the private key of a CA. • RSA is recommended for use in X.509. • X.509 is used in S/MIME, IP Security, TLS/SSL and SET.

X.509 – Simple Authentication • Alice sends her ID and password to Bob; • Bob sends Alice’s ID and password to the Directory, where the password is checked against the information held for Alice. • The Directory confirms (or denies) to Bob that the credentials are valid. • The success (or failure) of authentication may be conveyed to Alice. Directory 3 2 1 A B 4 The password is sent in cleartext

X.509 – Simple Protected Authentication Alice’s Password from Directory Alice Bob Alice • Using a one-way function, Alice creates a hash of her ID, password, time stamp and a random number. • Alice sends in clear her ID, time stamp and random number. The time stamp and/or random number (when used) is used to minimize replay and to conceal the password. • Bob generates Alice’s hash by using Alice’s ID and optional time stamp and/or random number, together with the Directory’s local copy of Alice’s password. • Bob compares Alice’s hash with the locally generated hash value. ID, Password, Time Stamp, and Random Number ID, Time Stamp, and Random Number ID, Time Stamp, and Random Number Transmit One-Way Function Hash Hash Hash One-Way Function Compare

Alice’s CA Decipher Non-repeating number rA Time Stamp tA Decipher Encipher Alice’s Digital Signature sgnData Authentication Message Bob’s ID IDB Decipher Encipher Secret Key [encData] Secret Key [encData] Bob X.509 – One-way Strong Authentication CA’sPublic Key Alice Bob checks if Alice’s certificate has expired. Using CA’s Public Key Alice’s Certificate and path to CA Enciphered, and signed authentication message Alice’s public key and info Using Alice’s Public Key Using Alice’s Private Key • Bob • Checks that Alice’s non-repeating number has not been replayed. • Checks that Alice’s time stamp is current. • Verifies that Bob himself is the intended recipient. rA , tA, IDB , Bp[encData] Bp[encData] Using Bob’s Private Key Using Bob’s Public Key

Bob’s CA Alice X.509 – Two-way Strong Authentication CA’sPublic Key Bob Alice checks if Bob’s certificate has expired. Using CA’s Public Key Decipher Bob’s Certificate Non-repeating number rB Enciphered, and signed authentication message Bob’s public key and info • Alice • Checks that Bob’s non-repeating number has not been replayed. • Checks that Bob’s time stamp is current. • Verifies that Alice herself is the intended recipient. Time Stamp tB Using Bob’s Public Key Decipher Using Bob’s Private Key Encipher Bob’s Digital Signature sgnData rB , tB, IDA , Bp[encData] Authentication Message Alice’s ID IDA Ap[encData] Using Alice’s Private Key Decipher Encipher Secret Key [encData] Using Alice’s Public Key Secret Key [encData]

Security (Bits) Symmetric Encryption Algorithm Hash Algorithm Block Size (Bits) Word Size (Bits) Diffie-Hellman and RSA Modulus Size ECC 80 SKIPJACK SHA-1 512 32 1024 160 112 3DES SHA-1 512 32 2048 224 128 AES-128 SHA-256 512 32 3072 256 192 AES-256 SHA-384 1024 64 7680 384 256 AES-512 SHA-512 1024 64 15360 512 Key Length Equivalent Strengths

To Probe Further • Public-Key Infrastructure (X.509) (PKIX) Charter. Links to many X.509 RFP web sites. http://www.ietf.org/html.charters/pkix-charter.html • Directories and X.500: An Introduction, Information Technology Services, National Library of Canada. Retrieved August 20, 2002 from http://www.nlc-bnc.ca/9/1/p1-244-e.html • RFC 2865 Remote Authentication Dial-in User Service (RADIUS) describes a protocol for carrying authentication, authorization, and configuration information between a Network Access Server that desires to authenticate its links and a RADIUS Server. http://www.ietf.org/rfc/rfc2865.txt?number=2865 • Password Management Guideline, CSC-STD-002-85 http://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.html • One-Time Password System RFC 2289. IETF. http://www.ietf.org/rfc/rfc2289.txt?number=2289 • The Kerberos Network Authentication Service (V5). RFC 1510. IETF. http://www.ietf.org/rfc/rfc1510.txt?number=1510 • Extensible Authentication Protocol RFC 2284 • Mishra, Arunesh, and William Arbaugh. (2001) "An Initial Security Analysis of the IEEE 802.1X Security Standard. Paper available from http://www.cs.umd.edu/~waa/1x.pdf

To Probe Further • Needham R. M., M. D. Schroeder, Using Encryption for Authentication in Large Networks of Computers Communications of the ACM, Vol. 21 (12), pp. 993-99.

802.1X Ethernet Packet 6 bytes 6 bytes 2 bytes 1 byte 1 byte 2 bytes n bytes Protocol Version 01 Packet Body Length Dest. MAC 0180C200000F Source MAC Type 8180 Packet Type Packet Body 00 EAP-Packet 01 EAPOL-Start * 02 EAPOL-Logoff * 03 EAPOL-Key 04 EAPOL-Encapsulated-ASF-Alert * No Packet Body Field 1 byte 1 byte 2 bytes n bytes Code Identifier Length Data EAP Payload (EAP-TLS, EAP-TTLS, EAP PEAP) 1 Request 2 Response 3 Success 4 Failure 32 bytes 1 bytes 2 bytes 8 bytes 16 bytes 1 bytes 16 bytes n bytes Descriptor Type Key Length Replay Counter Key Index Key Signature Key IV Key Nonce Packet Body Field

VPN Gateway VPN Applications:Extranets and Remote Access Security Policy Server Internet Tunnel Mode Router VoIP and data packets are enciphered between the laptop and the VPN Gateway Laptop with VPN and MCS Client Software Nortel’s Protected Intranet

EAP Authentication Process Authentication ServerRadius, Kerberos, PKI, OTP, Token IP Phone User Authentication Authenticator EAP Method EAP over Ethernet Password Authentication Database Token Authentication Database X.509 Directory Kerberos Ticket Granting Server

VoIP VPN Tunnel using IPSec Router Internet,IPWAN IP Phone Router VPN Tunnel IP Phone

Shared Master Secret Key Shared Master Secret Key Cleartext Block Cleartext Block Cleartext Block Cleartext Block + + + + IV IV Master Shared Secret Key Master Shared Secret Key AES AES AES AES Ciphertext Block Ciphertext Block Ciphertext Block Ciphertext Block VoIP using TLS (SSL) Use Diffie-Hellman Public Key Exchange Algorithm to negotiate a key The negotiated secret key is used to encipher all IP voice packets during the the phone call. Encipher Decipher Use AES to encipher and decipher a secure TLS (SSL) VoIP phone call.

Extensible Authentication Protocol Client (Peer, Supplicant) Authentication Server (Radius) Authenticator EAPOL Start EAP Request Identity EAP Response Identity Radius Access Request Radius Access Challenge EAP Request EAP Response Radius Access Request Radius Access Accepted EAPOL Success

Chapter 7

Chapter 7

Presentation Transcript

Chapter 7

Chapter 7

Chapter 7

CHAPTER 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7

Chapter 7