WLAN Security

Examining EAP and 802.1x

802.1x works at Layer 2 to authentication
and authorize devices on wireless access
points.
IEEE 802.1x


It is used for certain closed wireless
access points.
802.1x Authentication
A wireless node must be authenticated before it can gain access to other
LAN resources

It does assume a point-to-point model.

Then PPP can serve for this point-to-point
model.


What is PPP and what does it have to do with wireless security?

Most people are familiar with PPP, the point-
to-point protocol. Its most commonly used
for dial-up Internet access.

PPP is also used by some ISPs for DSL and
cable modem authentication, in the form of
PPPoE (PPP over Ethernet).
What is PPP and what does it have to do with wireless security?

By any measure, PPP is a very successful
protocol.

In practice, PPP has gone far beyond its
original use as a dial-up access method as it's
now used all over the Internet.
What is PPP and what does it have to do with wireless security?


Although PPP has many parts that make it useful in
different networking environments, the part that we
care about in this demonstration is the authentication
piece.
What is PPP and what does it have to do with wireless security?

Before anything at Layer 3 (like IP) is established,
PPP goes through an authentication phase at Layer
2.

With dial-up Internet access, thats the username and
password.

What is PPP and what does it have to do with wireless security?
PPP authentication is used to identify the user at the
other end of the PPP line before giving them access.

By authenticating at layer 2, you are independent of
upperlayer protocol (such as IP).


What is PPP and what does it have to do with wireless security?

And you can make decisions on how to handle
layer 3 protocols, such as IP, based on the
authentication information.

For example, depending on what authentication
information you provide, you might get a particular
IP address.
PPP General Frame Format


802.1x Terminology


802.1x does introduce some terminology that we
need to get used to.

An authenticator helps authenticate what you
connect to it. It does this via the authentication
server.

The supplicant is what is being authenticated. See
the following diagram if that's unclear.

802.1x Terminology

802.1x Terminology

The Port Access Entity (PAE) is what
executes the algorithms and follows the
protocol(s).

Each of the three items above has a PAE,
but the PAE software does do different
things on each of the three.

How did EAP get into the picture?


As PPP use grew, people quickly found its
limitations, both in flexibility and in level of
security, in the authentication methods, such as
PAP.



How did EAP get into the picture?

Most corporate networks want to do more than
simple usernames and passwords for secure
access.

So a new authentication protocol, called the
Extensible Authentication Protocol (EAP) was
designed.

What is EAP
EAP

Extensible Authentication Protocol is a
universal authentication framework frequently
used in wireless networks and Point-to-Point
connections.

It is defined by RFC 3748.
EAP and WPA


WPA and WPA2 standard has officially
adopted five EAP types as its official
authentication mechanisms.


EAP is a way for a supplicant to
authenticate, usually against a back-end
RADIUS server.

EAP comes from the dial access world and
PPP.


There is a RFC for how RADIUS should
support EAP between authenticator and
authentication server, RFC 3579.

EAP was first defined in the IETF RFC 2284.



The EAP TLS variant is defined in RFC 2716.

The following figure shows the EAP format.

Note that when 802.1x is the transport, all this fits
into the 802.1x payload field, with EAPOL packet
type set to 0 (EAP packet).


The EAPOL frame format




EAP is a way for a supplicant to authenticate,
usually against a back-end RADIUS server.

EAP comes from the dial access world and
PPP.



There is an RFC for how RADIUS should
support EAP between authenticator and
authentication server, RFC 3579.



EAP was first defined in the IETF RFC 2284.

The EAP TLS variant is defined in RFC 2716.

The following figure shows the EAP format.

Note that when 802.1x is the transport, all
this fits into the 802.1x payload field, with
EAPOL packet type set to 0 (EAP packet).

EAP format


The code field indicates the type of EAP
packet as follows:

(1) Request, (2) Response,
(3) Success, (4) Failure



The ID is one byte for matching requests and
responses.

Length is the byte count including the code, ID,
length and data fields.

The data field format varies depending on the code
field.


Types 3 and 4, Success and Failure are easy
to describe: they have no data field (0 bytes).

Types 1 and 2 share a format. It boils down
to a type code (one byte) then the data for
that type.



Here's what that makes the EAP packet look
like:

The original RFC defines several types of
EAP authentication. They are:

1 Identity
2 Notification
3 Nak (response only)
4 MD5-Challenge
5 One-Time Password (OTP) (RFC 1938)
6 Generic Token Card
13 TLS (RFC 2716 adds TLS)


The RFC's contain some great diagrams
showing the sequence of messages for the
above EAP variants.




The IEEE 802.1x standard goes through all
this for EAP-OTP in a couple of different
scenarios (supplicant initiated exchange,
authenticator initiated, etc.).

How did EAP get into the picture?


EAP sits inside PPPs authentication protocol.

It provides a generalized framework for all sorts of
authentication methods.



EAP Message

Exactly one EAP packet is encapsulated in the
Information field of a PPP Data Link Layer frame
and building a PPP EAP Message.

Where the protocol field indicates type hex C227
(PPP EAP).
How did EAP get into the picture?


By pulling EAP out (destacando) into a separate
protocol, it then has the option of re-use in other
environments - like 802.1X.

How did EAP get into the picture?

EAP is supposed to head off (desviar) proprietary
authentication systems and let everything from
passwords to challenge-response tokens and PKI
certificates work smoothly.

How did EAP get into the picture?


With a standardized EAP, interoperability
and compatibility across authentication
methods becomes simpler.


How did EAP get into the picture?

Only the client and the authentication server
have to be coordinated.

By supporting EAP authentication, a RAS
server (in wireless this is the AP) gets out
of the business of actively participating in the
authentication dialog ...
How did EAP get into the picture?

For example, when you dial a remote access server
(RAS) and use EAP as part of your PPP
connection, the RAS doesnt need to know any of
the details about your authentication system.



How did EAP get into the picture?


... ... and just re-packages EAP packets to hand off
to a RADIUS server to make the actual authentication
decision.

How 802.1x Works

The 802.1x access control works on
unaggregated physical ports at OSI Layer 2.
It allows or denies access.

The access control it exerts can govern
bidirectional or inbound traffic.

On LAN media, 802.1x needs some way to
communicate between the Supplicant and the
Authenticator. This happens directly at Layer
2.

The protocol used is EAPOL, which stands
for EAP encapsulation over LANs.



EAP is a separate protocol (or family
of protocols) for authentication.

Let's take a look at the EAPOL frame
format. It is shown in the following figure:

the EAPOL frame format


The packet type is as follows:

0 EAP Packet
1 EAPOL Start
2 EAPOL Logoff
3 EAPOL Key
4 EAPOL Encapsulated Alert


The key packet type is used for EAP
variants that allow an encryption key.

The packet body is then a Key Descriptor,
with specified fields. We'll skip the details.



The Alert EAP packet type allows for things
(like SNMP) to be sent through a port where
the authentication resulted in an unauthorized
state.


The standard notes that use in a shared
environment is highly insecure unless the
supplicant to authenticator traffic is a secure
association, i.e. encrypted.



The authenticator then uses a standard
protocol, usually RADIUS, to relay
information to and from the authentication
server.


The following figure shows how the protocol
works.

It basically provides a L2 wrapper to transport
EAP information between supplicant and
authenticator.


Note that the EAPOL-Start message is only
used if the supplicant initiates the
exchange.

The authenticator can notice link status has
changed, and just jump right in with the EAP
exchange.



It may seem a little silly, having a big diagram
with only a couple of arrows in it. I hope that
this emphasizes the key point here.



The double arrow goes further since we'll see
that the authenticator re-encapsulates the
EAP information, typically within RADIUS,
and passes it through to the authentication
server.

IEEE 802.1

IEEE 802.1 is a working group of the IEEE 802
project of the IEEE. It is concerned with:
802 LAN/MAN architecture
internetworking among 802 LANs, MANs and other
wide area networks,
802 Link Security (This is not wireless),
802 overall network management, and
protocol layers above the MAC & LLC layers.
What Is 802.1x?

IEEE 802.1x is an IEEE standard for port-
based Network Access Control which extends
the 802.1.

it is part of the IEEE 802.1 group of protocols.

It provides authentication to devices attached
to a LAN port, establishing a point-to-point
connection or preventing access from that port
if authentication fails.




The standard 802.1x is an IEEE standard for
Port-Based Network Access Control.


IEEE 802.1x - a port based
authentication protocol



From the introduction to the 802.1x standard
document, with some omissions:



"Port-based network access control makes
use of the physical access characteristics of
IEEE 802 LAN infrastructures in order to
provide a means of authenticating and
authorizing devices attached to a LAN port
[...],


and of preventing access to that port in
cases in which the authentication and
authorization process fails. [...]




Examples of ports in which the use of
authentication can be desirable include
the Ports of MAC Bridges, [...] ,

and associations between stations and
access points in IEEE 802.11 Wireless
LANs."


That is, 802.1x and EAPOL just exist as a
way to transport EAP information between
Supplicant and Authenticator.


How This All Works



The RFC's contain some diagrams showing
the sequence of messages for the above
EAP variants.




The IEEE 802.1x standard goes through all
this for EAP-OTP in a couple of different
scenarios (supplicant initiated exchange,
authenticator initiated, etc.).

This fills in the big EAP arrow in the above
diagram to show the full sequence of
messages.

The following figure shows my version of the
sequence of messages for EAP-OTP (One
Time Password).

Medium to large Enterprise
WLAN Security
Level 3
EAP

Extensible Authentication Protocol is a
universal authentication framework frequently
used in wireless networks and Point-to-Point
connections.

It is defined by RFC 3748.


Although the EAP protocol is not limited to
wireless LANs and can be used for wired
LAN authentication, it is most often used in
wireless LANs.

WPA


WPA and WPA2 standard has officially
adopted five EAP types as its official
authentication mechanisms.



EAP is an authentication framework, not a
specific authentication mechanism. It only
defines message formats.


The EAP provides some common functions
and a negotiation of the desired
authentication mechanism.

Such mechanisms are called EAP
authentication methods.


Each protocol that uses EAP defines a way to
encapsulate that protocol's messages within
the EAP messages.

In the case of 802.1x, this encapsulation is
called EAPOL, "EAP over LANs".
Level 3: Medium to large Enterprise WLAN
security

EAP-TLS could be the recommended
authentication method for this security level.

EAP-TLS have the same server and client
side digital certificate requirements.


To implement EAP-TLS, not only does the
server require a Digital Certificate but the
users as well.


This means you will need Certificate
Authority to issue a proper Server Digital
Certificate on a pair of dedicated RADIUS
servers and not just a Self Signed
Certificate on a makeshift RADIUS Server.


For this security level, the proper PKI best
practices should be followed.

There should be at least a single dedicated
PKI Root Certificate Authority, but preferably
it should at least be a 2 or 3 tier PKI design.


A two tier chain for a medium Enterprise
organization would have an offline Root
Certificate Authority and an online Issuing
Certificate Authority.


The reason for this is that if a Certificate
Authority is ever compromised, you can
revoke it and create a new one ...

... from the higher offline Certificate
Authorities without having to start your PKI
deployment from scratch.

Building a PKI from scratch because of a
compromised Certificate Authority would be
completely unacceptable in a large scale
environment.


A large Enterprise should implement the
three tier design with offline Root
Certificate Authority, offline subordinate
Certificate Authority, and online Issuing
Certificate Authority.

Methods defined in IETF RFCs include:
EAP-MD5,
EAP-OTP,
EAP-GTC,
EAP-TLS or EAP-TTLS,
EAP-IKEv2,
EAP-SIM,
EAP-AKA
Some commonly used methods capable of
operating in wireless networks include:
EAP-TLS,
EAP-TTLS

Requirements for EAP methods used in
wireless LAN authentication are described in
RFC 4017.