Authentication in WLAN

Size: px

Start display at page:

Download "Authentication in WLAN"

Alan Henderson
9 years ago
Views:

1 Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE i. Provides stronger data encryption and user authentication (largely missing in WEP). WPA authentication protocols WEP Represents first attempt at security Uses static 40 or 104 bit keys for authentication and encryption. Based on RC4 symmetric cipher. Efficient. Flaws in WEP (1) No key management protocol tied to WEP Access points and clients must be programmed with the same WEP key. Since synchronizing the change of keys is tedious and difficult, keys are seldom changed. If attacker cracks key, all traffic can be decrypted (2) The size of the key - 40 bits. If hacker gathers enough data, using tools such as Aircrack and Airsnort, WEP key can be broken in under 30 minutes. 1

WPA authentication protocols WEP Represents first attempt at security Uses static 40 or 104 bit keys for authentication and encryption. Based on RC4 symmetric cipher. Efficient.

2 (3) Authentication messages can be easily forged defines two forms of authentication: Open System (no authentication) or Shared Key authentication. The Problem? A monitoring attacker can observe both the challenge and the encrypted response. From those, he can determine the key used to encrypt the response, and encrypt any challenge he receives in the future. By monitoring a successful authentication, the attacker can later forge an authentication. (4) WEP use the same key for encryption and authentication. 2

A monitoring attacker can observe both the challenge and the encrypted response.

3 WPA (Wi-Fi Protected Access): Provides sophisticated data encryption than WEP and also provides user authentication. Do not share the same key for authentication and data encryption. Provides for mutual authentication. The three entities are the client, the Authentication Server (AS), and the AP. Supports EAP (extensible authentication protocol) 3

Do not share the same key for authentication and data encryption.

4 EAP (extensible authentication protocol): An authentication framework, not a specific authentication mechanism. Four message types: o Request o Respond o Success o Failure. Encapsulate other authentication protocols, such as TLS, Kerberos, in its Request and Respond messages. The AS uses the Success or Failure message to notify the AP whether the client authentication was successful. 4

Encapsulate other authentication protocols, such as TLS, Kerberos, in its Request and Respond

5 The Request-Identity (User name) and Response-Identity messages precede other Request and Response messages. Only after that sequence does the EAP start encapsulating other authentication protocols. The AP is not aware of the authentication process in detail. It cares only about the authentication server's decision whether to grant the client the access to the network. An important role of the authentication process is to establish a shared key that the client and the AP can use for message protection. The message protection process starts only when the authentication process finishes with the EAP message Success, which includes generating a Pairwise Master Key (PMK) on the client and server, and the authentication server sends the PMK to the AP over a secure channel. WPA uses the PMK to generate keys for encryption. The AS and the client compute the Pairwise Master Key differs from one authentication method to another. 5

An important role of the authentication process is to establish a shared key that the client and the AP can use for message protection.

6 EAP support the following methods: Lightweight EAP (LEAP): A username/password combination is sent to a Authentication Server for authentication. Kerberos EAP-TLS: Both the server and the client need a valid (x509) certificate, and therefore a PKI. Desired Properties of Wireless Network Authentication 1. Mutual authentication 2. Identity privacy 3. Replay attack resistance 4. Fast reconnect Mutual Authentication Identity Privacy - The identity here is referring to client s username. - The Request-Identity and Response-Identity messages are sent in plaintext, attack can easily discover supplicant s identity by eavesdrop the conversation at the beginning of the process. Thus, EAP methods must take care of hiding client s identity. 6

Identity privacy 3. Replay attack resistance 4. Fast reconnect Mutual Authentication Identity Privacy - The identity here is referring to client s username.

7 Replay Attack Resistance - If an attacker eavesdrops and records the authentication process of a valid client and replays it to gain the access to the network, a replay attack will occur. Fast Reconnect - When the client changes location and associates with another AP, the client may lose connection to the network until he reauthenticates via the new AP. New applications for wireless networks, such as Voice over IP (VoIP), require seamless connections to the network. Authentication Protocols for WLAN Symmetric key approach: LEAP Public key approach: EAP-TLS Symmetric Key Approaches Efficient and require little computational power. Especially important in wireless networks because many wireless devices, such as PDAs and mobile VoIP phones, have little computational power. Drawbacks: most symmetric key authentication protocols derive the shared secret from the user's password and some passwords are not strong, it is easy for the attacker to extract the secret key from them. It is hard to securely distribute the shared secret to both parties. 7

New applications for wireless networks, such as Voice over IP (VoIP), require seamless connections to the network.

8 Lightweight Extensible Authentication Protocol (LEAP) Includes mutual authentication and Pairwise Master Key derivation. Client (C) Authentication Server (S) Request Identity Response Identity (username of client c) and request s s= Random Challenge Calculate Challenge Hash Using User- Supplied Password H(E Password (s)) Response (Authenticate Client) c=random Challenge Success and Request c (Authenticate AS) Calculate Challenge Hash Using User- Supplied Password Flaws: LEAP does not protect the client's identity. Moreover, because an eavesdropper can easily sniff the challenge-response pair sent between the client and the AS during the authentication, LEAP is vulnerable. 8

Supplied Password H(E Password (s)) Response (Authenticate Client) c=random Challenge Success and Request c (Authenticate AS) Calculate Challenge Hash Using User-

9 Public Key Approaches: Transport Layer Security (EAP-TLS) Client Authentication Server (AS) Request Identity Response Identity c= random number Response c Request c s, Cert AS s = random number Cert AS = AS certificate p = random number Cert Client = Client Certificate Response E(AS pubkey, p), Cert Client Signature Client = Client Digital Signature Client Signature Authenticate AS Authenticate Client Both calculate Pairwise Master Key = F (c, s, p) Request (TLS finish) contains hash of handshake messages Response (TLS finish) Success 9

Certificate Response E(AS pubkey, p), Cert Client Signature Client = Client Digital Signature Client Signature Authenticate AS

10 Summary of Symmetric and Public Key Approaches LEAP is well understood and widely deployed. EAP-TLS is a public key approach that provides strong security. EAP-TLS satisfies all properties, except identity privacy and fast reconnect. EAP-TLS does not provide a way to authenticate clients who do not have a certificate that are signed by the CAs that the AS trusts. 10

EAP-TLS satisfies all properties, except identity privacy and fast reconnect.

802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi [email protected]

$802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com$ 802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi [email protected] 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key