peap eap ttls l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
PEAP & EAP-TTLS PowerPoint Presentation
Download Presentation
PEAP & EAP-TTLS

Loading in 2 Seconds...

play fullscreen
1 / 35

PEAP & EAP-TTLS - PowerPoint PPT Presentation


  • 256 Views
  • Uploaded on

PEAP & EAP-TTLS. EAP-TLS Drawbacks PEAP EAP-TTLS EAP-TTLS – Full Example Security Issues PEAP vs. EAP-TTLS Other EAP methods Summary. So far…. EAP was introduced, it doesn’t provide enough security for wireless environments. EAP-TLS provides protection from most attacks .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'PEAP & EAP-TTLS' - ostinmannual


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
peap eap ttls

PEAP & EAP-TTLS

  • EAP-TLS Drawbacks
  • PEAP
  • EAP-TTLS
  • EAP-TTLS – Full Example
  • Security Issues
  • PEAP vs. EAP-TTLS
  • Other EAP methods
  • Summary
so far
So far…
  • EAP was introduced, it doesn’t provide enough security for wireless environments.
  • EAP-TLS provides protection from most attacks
eap tls drawbacks
EAP-TLS Drawbacks
  • Lack of user identity protection
    • Passed in the EAP/Identity and in the certificate
  • Needs client certificate in order to authenticate client
    • Generate and distribute the certificates
    • Revoke keys
    • Users login from different computers (Coffe shop…)
    • Users are more familiar with the idea of passwords. Certificates may require some training.
eap tls extensions
EAP-TLS Extensions
  • Two quite similar protocols are developed in order to improve the weaker points of EAP-TLS.
  • In both, the main idea is to establish a TLS channel and then using the TLS tunnel in order to pass the identity of the user and perform the authentication protocol.
peap protected eap
Developed by Microsoft, Cisco and RSA Security

Current status: Internet draft (draft-josefsson-pppext-eap-tls-eap-06.txt at ieft.org)

Provides: Mutual authentication, client identity protection and key generation.

PEAP – Protected EAP
peap the participants
PEAP – The Participants

Perform PEAP (NAS uses as pass-through)

Trust

Some Link

Layer

Secured Link

Backend Server

NAS

Client

Can be the same machine or separated

The NAS doesn’t have to know PEAP

peap the protocol
PEAP – The Protocol

Two phases:

  • Perform TLS handshake in which the server is being authenticated to the client by using a certificate. Optionally, the user can be authenticated as well with a certificate.
  • If the user was not authenticated with a certificate, perform EAP in the generated TLS channel in order to authenticate the client.
peap packet format
PEAP Packet Format

Code

Identifier

Length

Type

Flags

Ver

TLS Message Length…

…TLS Message Length

TLS Data…. (EAP packets)

  • Code: 1- Request 2- Response
  • Identifier – Used to match response to request
  • Type- 25 (PEAP)
  • Flags: Length included, More fragments, Start flag
peap phase 1

EAP-Request / Identity

EAP- Response / Identity [My Domain]

EAP-Request (Type = PEAP, start)

TLS Handshake

PEAP – Phase 1

PEAP

Server

Client

TLS Channel Established

EAP- Response (empty)

peap phase 2

EAP-Request / Identity

EAP-Response / Identity [My ID]

EAP-Request / Type = X (MD5, OTP, etc)

Establish EAP method and

Perform authentication

EAP-Success / EAP-Failure

PEAP – Phase 2

In the TLS Channel

PEAP

Server

Client

Transfer of the generated key from the PEAP server to the NAS if on different machines

eap ttls
EAP-TTLS
  • Developed by Funk Software.
  • Internet draft: draft-ieft-pppext-eap-ttls-02.txt on ietf.org
  • Provides: mutual authentication, key generation , client identity privacy and data cipher suite negotiation
eap ttls the protocol
EAP-TTLS – The Protocol

Again, two phases:

  • Establish TLS Channel, authenticate server (Optionally authenticate user too)
  • If the user wasn’t authenticated, use the TLS channel to authenticate user using an authentication protocol (not only EAP)
eap ttls the participants

Some Link Layer

(PPP, 802.11)

Authentication Protocol

(Radius)

EAP-TTLS – The Participants

Authentication, Authorizing and/or Accounting protocol (such as Radius)

NAS (EAP,AAA)

AAA

Server

TTLS Server (TLS,AAA)

Client

EAP-TTLS conversation, TLS Channel

Authenticate (EAP, PAP, CHAP, etc)

eap ttls layers
EAP-TTLS Layers

User Authentication- PAP/CHAP/EAP etc

TLS

EAP-TTLS

EAP

Link Layer/AAA layer – PPP, Radius, etc

eap ttls packet format
EAP-TTLS Packet Format

Contains AVPs, which encapsulates authentication information (PAP/CHAP/...)

Code

Identifier

Length

Type

Flags

Ver

TLS Message Length…

…TLS Message Length

TLS Data….

  • Code: 1- Request 2- Response
  • Identifier – Used to match response to request
  • Type- 21 (EAP-TTLS)
  • Flags: Length included, More fragments, Start flag
slide16
AVPs
  • In PEAP the data exchanged between the client and the server over the TLS channel is EAP packets.
  • In EAP-TTLS, AVPs – attribute-values pairs are exchanged. Encrypted by TLS and encapsulated in EAP-TTLS packets.
  • The AVPs format of EAP-TTLS is compatible with the Diameter & Radius AVP format.
  • This allows easy translation of AVP packets by the EAP-TTLS server between the client and the AAA server (using Radius for example).
eap ttls avp format
EAP-TTLS AVP Format

AVP Code

V M r r r r r r

AVP Length

Vendor-ID (optional)

Data…

AVP Code + Vendor ID : Used to identify attributes

V: Does Vendor-ID appear

M: 0- This AVP can be ignored if not supported

1- If this AVP isnt supported, fail the negotation

eap ttls phase 1
EAP-TTLS - Phase 1

EAP-Request / Identity

EAP- Response / Identity [My Domain]

EAP-Request (Type= EAP-TTLS, start)

TLS Handshake

TTLS

Server

Client

TLS Channel Established

EAP- Response (empty)

eap ttls phase 2

Exchange AVPs over the TLS Channel, encapsulated in EAP-TTLS

AVPs (extracted from the

TTLS records)

EAP-Success/

EAP-Failure

Success/Failure

EAP-TTLS – Phase 2

Client

TTLS

Server

AAA

Server

TTLS Message Exchange

NAS as a pass-through

Radius Message Exchange

eap ttls key distribution
EAP-TTLS – Key Distribution
  • EAP-TTLS Enables key distribution to the client and to the access point.
  • The key is used for the communication between the AP and the client.
  • Supports exchange of:
    • Data cipher suite (cryptographic algorithm, key length)

not the same as the suite used in the TLS phase

    • Keying Material (from which the used keys will be generated) Supported by PEAP as well.
eap ttls key distribution 2
EAP-TTLS – Key Distribution (2)
  • The client and the AP send their data cipher suite preferences to the TTLS server which select a cipher suite supported by both and sends it to both. (we’ll see when exactly in the following example)
  • If the client and/or the AP do not send their preferences, other means of negotiation should be used. (link layer…)
  • The client and TTLS server generate their keying material (as in EAP-TLS) and the TTLS sends the keying material to the AP
eap ttls full example
EAP-TTLS – Full Example

LAN

Radius

Radius

Access Point

AAA

TTLS Server

Client

  • Usage of CHAP in order to authenticate the client
  • Establishment of data cipher suite and keying material
eap ttls full example 1
EAP-TTLS – Full Example (1)

Radius

Radius

Access Point

AAA

TTLS Server

Client

EAP-Request/Identity

EAP-Response/Identity

Radius Access Request: Data-Cipher-Suite+ EAP-Response/Identity

Radius Access Challenge: EAP-Request/TTLS-Start

EAP-Request/TTLS-Start

EAP-Response/TTLS: client_hello

RAR: EAP-Response/TTLS: client_hello

RAC: EAP-Request/TTLS (server_hello,certificate,

server_key_exchange,server_hello_done)

eap ttls full example 2
EAP-TTLS – Full Example (2)

Radius

Radius

Access Point

AAA

TTLS Server

Client

EAP-Request/TTLS (server_hello,certificate,server_key_exchange,srv_hello_done)

EAP-Response/TTLS (client_key_exchange,CCS,client_finish)

RAR: EAP-Response/TTLS (client_key_exchange,CCS,client_finish)

RAC: EAP-Request/TTLS (CCS, server_finish)

EAP-Request/TTLS (CCS, server_finish)

EAP-Response/TTLS (user_name, CHAP-Challenge&Password) Data-CipherSuite+

RAR: EAP-Response/TTLS (user_name, CHAP-Challenge, CHAP-Password)

+Data-CipherSuite

RAR: User_name, CHAP-Challenge, Chap-Password

eap ttls full example 3
EAP-TTLS – Full Example (3)

Radius

Radius

Access Point

AAA

TTLS Server

Client

Radius Access-Accept [RAA]

RAC: EAP-Request/TTLS (Data-Cipher-Suite)

EAP-Request/TTLS (Data-Cipher-Suite)

EAP-Response (No data)

RAR: EAP-Response (No data)

RAA: Data-Cipher-Suite, Data-Keying-Material, EAP-Success

Mutual Authentication done

Data cipher suite and key established

EAP-Success

peap eap ttls security issues
PEAP & EAP-TTLS Security Issues
  • Based on TLS which is well tested. Using TLS grants protection from:
    • Man in the middle attacks
    • Snooping user ID & password
    • Session hijacking
  • Usage of tunneling:
    • Enables using existing protocols over a protected layer
    • Provides client identity protection:
      • Identity passed over the TLS channel
      • If the client is to be authenticated using a certificate, can be done after the TLS channel was established
open security problems
Open Security Problems
  • Relies on the security between the AAA, TTLS/PEAP server and AP.
  • Injection of EAP-Success / EAP-Failure packets
    • Possible solution: Other EAP message? inside the channel?
additional issues
Additional Issues
  • In addition to the security issues we introduced about PEAP & EAP-TTLS , they have some additional features:
  • Same as in EAP-TLS:
    • Support for fragmentation of long messages
    • Support for fast re-connection to the network (using TLS resumption abilities)
  • Exchange of information between the client and the authentication server. (EAP-TTLS: AVPs, PEAP: Latest draft defines something similar – TLVs)
  • Example for such information: language settings for notifications
other eap methods
Other EAP Methods
  • EAP-MD5
    • Only user authentication
    • Uses user id and password
    • Vulnerable to Dictionary attack, man in the middle, session hijack
    • Easy implementation
  • EAP-SRP (Secure Remote Password)
    • Usage of DH in order to authenticate both sides.

(The DH exchange is protected via usage of hash and salt)

    • Does not use certificates at all
    • Mutual authentication
    • Uses user id and password
eap methods 2
EAP Methods (2)
  • EAP-LEAP (Light Extensible Authentication Protocol)
    • Developed by Cisco as a proprietary protocol, can only be supported by Cisco NASes
    • Usage of challenge and response
    • Mutual authentication
    • Uses user id and password (no certificates)
    • Vulnerable to dictionary attack
  • EAP-SIM
    • Used for cellular communication, based on challenge-response which is done according to a key stored in the SIM card of a GSM cell phone.
    • Mutual Authentication
    • Vulnerable to spoofing
eap methods 3
EAP Methods (3)
  • EAP-SecurID
    • Usage of one time password in order to authenticated client.
    • No authentication of the server (solution: use tunneling)
    • Vulnerable to Man in the middle attack, session hijack
summary 1
Summary (1)
  • EAP enables usage of diverse methods in order to perform authentication. It defines the exchange of message until authentication process is done.
  • EAP-TLS makes use of the existing TLS protocol in order to provide safe mutual authentication.
  • PEAP and EAP-TTLS use TLS to authenticate server and offer tunneling of other methods in order to authenticate the client.
summary 2 eap architecture

E

A

P

EA

P

P

A

P

C

H

A

P

MD5

TLS

TTLS

PEAP

MS-CHAPv2

EAP

802.1X

PPP

802.11

Summary (2)EAP Architecture
summary 3
Summary (3)

What to use? A few examples:

  • On a wired network EAP-MD5 is probably enough for most uses. Can be tunneled through PEAP/EAP-TTLS for extended security and server authentication
  • If a certificate system is existing EAP-TLS can be used to provide a high level of security.
  • If an existing non-EAP authentication system exists- EAP-TTLS is the only option to enable its usage in a secure way.
  • EAP-SecurID can be used tunneled if OTPs are to be used. LEAP can be used if the NAS is from cisco.
  • Many more methods are being developed.