EAP methods for wireless networks
Introduction
Along with the widespread acceptance and implementation of wireless local area networks have also come concerns about the security of these networks. Transmitting data via an air interface rather than a more secure physical conduit brings along with it certain inherent vulnerabilities to security, such as eavesdropping. While enterprises have embraced the benefits of accessing their networks wirelessly, such as increased mobility and productivity for their workers, they have also kept a focus on keeping their sensitive data within their boundaries. It is mainly the need for enterprise security that has driven the development of wireless LAN security methods and protocols, and these advancements have also had a positive effect in personal and small office settings.
One of the most challenging and important aspects of securing wireless LANs in enterprises is that of authentication and authorization. This topic addresses establishing the valid identity of the user or device attempting to access a network as well as deciding whether that entity is going to be allowed to join the network and access its services and resources. The extensible authentication protocol (EAP) provides a framework for addressing these concerns. Within the EAP framework, there are a number of specific methods that can be used for authentication. The choice of an authentication method is essential to securing any network and should be made considering the unique requirements of each individual network. To date, we have not found a noncommercial paper addressing a comparison of the various EAP methods available and their appropriateness for use in a variety of wireless networks. In addition to comparison, we added enterprise-specific requirements for EAP methods and discussed suitable EAP methods for RFID and WiMAX.
Section 1 gives a background and overview of wireless LANs and their security issues to be addressed. In Section 2, we present some requirements which an EAP method selected for use with a wireless LAN should support and discuss the relevance and importance of these requirements. Section 3 surveys some popular EAP methods which exist and their suitability to the requirements. In Section 4, we address some of the security issues which an EAP method should guard against. Section 5 discusses some scenarios that might be encountered when a user or device is mobile and needs to travel between networks employing an EAP method. 6 RFID, 7 WiMAX address the use of EAP methods with RFID and WiMAX technologies, respectively. Section 8 summarizes the conclusions drawn from the evidence presented and makes the argument for interoperability of an EAP method.
Wireless LANs can operate in one of two modes: ad hoc or infrastructure. In ad hoc mode [2], each device present in the wireless network communicates directly with other devices on the network without the use of any central hub between the devices. This method of operation has the main benefit of not requiring any additional equipment beyond the wireless interface cards present in the wireless devices themselves. However, it does not fit the traditional hub and spoke topology in which wired LANs have typically been deployed.
In infrastructure mode [1], wireless devices communicate with each other and usually with a wired network via a centralized access point. This topology fits well with existing wired networks and allows the existing infrastructure to be augmented by access points, providing wireless access only at the last hop between the access point and the user devices. Since wireless LANs operating in infrastructure mode are more popular, especially among enterprises, these will be the focus of this paper.
The pertinent standards defining the operation of wireless LANs are IEEE standards 802.11a, b, and g. The 802.11a standard specifies operation of a wireless network at 54 megabits per second in the 5.8 GHz band. 802.11b specifies operation of a wireless network at 11 megabits per second in the 2.4 GHz band and is the most popularly implemented type of WLAN. 802.11g specifies operation of a wireless network at 54 megabits per second in the 2.4 GHz band and is quickly catching up with 802.11b in number of installations due to its backward compatibility with 802.11b access devices. All of these bandwidths are shared between all users on an access point and wireless channel or frequency.
While these standards do not include in their definition a complete specification for enterprise-level security [3], there are certain options available in the suite of 802.11 standards which do provide some options for implementing a secured wireless LAN. The options on which to base an authentication method are:
- •
Pre-shared key, typically implemented for individuals, home offices, and small offices.
- •
Password based security, typically implemented by enterprises that have extant strong password policies and mechanisms for authentication.
- •
Certificate based security for enterprises that require and choose to deploy certificates [5].
Rather than having a simple authentication protocol defined in a standard, the designers have chosen to provide a framework for a variety of authentication methods to be used. This concept of an extensible authentication protocol (EAP) provided the network administrator the flexibility to choose a method appropriate for their organization as well as the opportunity to change the authentication method to one that is possibly more secure. Based on the above options, EAPs can be categorized according to the various methods employed in their design. Although many methods exist, only those more frequently used will be discussed in this paper. Prior to discussion of these methods, some fundamental WLAN security procedures will be addressed.
One of the fundamental issues to be addressed when considering network security is that of authentication and authorization. Authentication addresses establishing the genuine identity of the device or user wishing to join a wireless network. Authorization addresses determining whether the authenticated user or device is permitted to join the network [5].
The first generation of wireless LAN security was wired equivalent privacy, or WEP. The mechanism employed by WEP to handle authentication and authorization is that of the shared secret. If a user or device is programmed with the same secret as the access point of the network it is attempting to join, then it is permitted on the network. One of the major flaws with this mechanism is that if the key is gained through any means, then unauthorized parties can access the network. There are no rules existing in the WEP standard for enforcing key changes over time and the key usually remains static for long periods time.
WEP is particularly vulnerable to attacks when the shared secret key is not changed regularly because that key can be discovered by capturing packets transmitted across a network. As the combination of the shared secret key and a 24-bit initialization vector is used for data encryption, and this vector value is repeated, then it is possible to discover the common information including the secret key [4].
In addition to authentication and authorization, the issue of data encryption must also be addressed when considering security of a wireless network. Once a user or device has been authenticated and authorized to join the network, their data must be secured continually for as long as they are transmitting data on the network. The mechanism WEP [4] uses for data encryption is a stream cipher based on the RC4 algorithm with keying provided by the shared secret key and an initialization vector.
As stated earlier, the vulnerability with RC4 in this configuration lies with reuse of the initialization vector due to its finite size. While this is more of a concern on larger networks having a lot of traffic being transmitted and received, even smaller networks are susceptible but the time necessary to stage an attack may be increased. One-way to circumvent attacks of this nature is to enforce key changes, but these changes must be communicated to all the devices on the network in some fashion and cannot be implemented in a centralized manner.
Once the vulnerabilities with WEP were identified, work was launched to create a standard for security in wireless networks. This resulted in the current standard for wireless network security, IEEE standard 802.11i. Prior to acceptance of the 802.11i standard, a consortium of parties involved with wireless networking called the Wi–Fi Alliance sought to make a subset of certain security aspects of the 802.11i draft available in an early stage and developed WPA, or Wi–Fi Protected Access.
Both WPA and the full 802.11i standard support two modes of operation: one for small office or personal networks called personal mode and one for large corporations or enterprises called enterprise mode. In personal mode, there is a shared key between the access point and devices or users wishing to authenticate with the access point. But instead of using this key directly as the basis for encryption as with WEP, the key is used to permit admission to the network and a new key, unique to each user or device is generated for data encryption purposes.
WPA and 802.11i operating in enterprise mode handle authentication through a standard developed for controlling admission to a network which is published as IEEE standard 802.1X. This standard is not unique to wireless networks and rather can apply to any point-to-point network.
802.1X [6], [7], [8] proposes a solution by which a supplicant is authenticated to an authenticator via the use of an authentication server. In terms of a wireless LAN in infrastructure mode, the supplicant is usually a wireless device or user, the authenticator is the access point with which the device or user wishes to communicate, and the authentication server is a device such as an authentication, authorization, and accounting (AAA) server or a remote authentication dial-in user service (RADIUS). However, in stronger authentication methods, as will be discussed later, the network will authenticate the device but the device will also authenticate the network in a mutual authentication scheme. 802.1X does not specify the method by which the authentication transaction will take place; rather, it uses the concept of an extensible authentication protocol (EAP) as specified in IETF RFC 3748. This allows the flexibility of a different authentication method to be chosen based on which is most appropriate for the circumstances of the network that needs to be secured. In this context, we define an authentication protocol as the mechanism by which a user or device is authenticated and allowed to join a network or rejected in its attempt to do so. An authentication protocol is considered to be extensible in this case as only a framework is defined for its operation; there are a variety of specific methods that can be used for the authentication procedure.
While WPA does use the same data protection and encryption scheme as WEP, it is made significantly more secure against attacks with the inclusion of an EAP protocol. In addition, WPA does enforce that keys are changed through use of a temporal key integrity protocol, or TKIP [9]. The full 802.11i standard enhances this by keeping the same options for EAP authentication available and strengthening data encryption through allowing a choice of data encryption modes of RC4 or the use of the advanced encryption system (AES) in a CCM block cipher mode, which is far more resistant to attacks than the RC4 algorithm employed by WEP and WPA.
While the previous methods of securing wireless LANs did have some inherent vulnerabilities, the state of the art with 802.11i and WPA allow selection of a method well suited to the individual requirements of a particular network. In the next section, we will discuss the requirements for authentication across a variety of networks.
Section snippets
EAP requirements
RFC 4017 describes some mandatory, recommended, and optional, requirements for EAP methods to be used to secure wireless LANs. The mandatory requirements can be considered as the base level functionality which is required in order to provide security to the wireless network. Recommended requirements would add desirable functionality in most scenarios. Optional requirements add functionality that may or may not be necessary depending on the circumstances of the individual network. We have also
EAP methods
Modern wireless networks secured with Wi–Fi Protected Access (WPA) or the 802.11i standard also referred to as WPA2 in enterprise mode use authentication techniques based on the IEEE 802.1X standard. 802.1X dictates the use of an extensible authentication protocol (EAP) in a point-to-point network. EAP definition in 802.1X does not specify an exact method, algorithm, or procedure for the authentication but rather specifies a framework into which a particular method can be plugged.
Some EAP
Possible attacks [23,28]
Use of an EAP method to securely authenticate users or devices to a network does not necessarily provide guaranteed security. There can be attacks against the EAP procedure. A secure EAP method will have protections against such attacks. Some of the attacks possible on the EAP method include:
- •
Discovering user identities by reading unencrypted authentication exchanges.
- •
Modifying or spoofing EAP packets. Denial of Service attacks using spoofed authentication responses, replay attacks, or packets
Mobility issues
As more and more users join wireless networks, some consideration must be given to the flexibility of an EAP method chosen to operate in a mobile scenario. This might include a user who travels from one wireless LAN to another wireless LAN implementing the same or a different EAP protocol. Moreover, consideration should be given to the use of EAP in scenarios traversing different networks, such as a user moving between a wireless LAN to a cellular network or from a wireless LAN to a WiMAX
RFID
Radio frequency identification is a new generation technology used to identify objects to which transponders are attached. In this method, each object has a transponder with some unique data encoded to it; a reader is used to retrieve this data using near field communication. Some common applications of RFID are tracking items throughout a manufacturing process, identifying shipping containers, and inventory management in supply chain services. Use of RFID technology can bring about benefits in
WiMAX
WiMAX, or Worldwide Interoperability for Microwave Access, is an emerging technology based on the IEEE 802.16 standard for a Metropolitan Area Network (MAN) which strives to provide broadband wireless access capabilities across a wider area than the typical WLAN. [24] As with any wireless data transmission method, there are some issues relating to securing these transmissions which must be addressed in order for users and service providers to have confidence in the platform. As with WLAN,
Conclusion
Since the advent of wireless LANs in 1997, the technological progress in this field has been tremendous. With the technological progress, however, came security vulnerabilities. All the methods discussed in the report have had their share of flaws and limitations. Most of the methods are either currently deployed or still in the process of deployment.
As discussed in the report, we have two major sets of methods currently deployed, namely certificate based and password based. Large corporations
Acknowledgements
This material is based upon work supported by the National Science Foundation under grants CNS-0516807 and CNS-0551694. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
References (33)
- B. Mitchell, What is infrastructure mode in wireless Networking,...
Understanding Ad Hoc Mode
- et al.
Security issues of IEEE 802.11b wireless LAN, Canadian Conference
(2004) 802.11 WEP: Concepts and Vulnerability
Securing Wireless LANs with PEAP and Passwords, Introduction: Choosing a Strategy for Wireless LAN Security
Network World Global Test Alliance, What is 802 1x?
802.1X Offers Authentication and Key Management
- et al.
Zorn. Roese, IEEE 8021X Remote Authentication Dial in User Service (RADIUS) Usage Guidelines, RFC 3580
(September 2004) - Trapeze Networks, Enterprise WLAN Security: Making Sense of the options, White...
- et al.
EAP Method requirements for Wireless LANs, RFC 4017
(March 2005)
Advantages of EAP–SPEKE over EAP–PEAP for Password Based Authentication
PPP Extensible Authentication Protocol (EAP), RFC 2284
PPP EAP TLS Authentication Protocol, RFC 2716
EAP Tunneled TLS Authentication protocol version 1
I-D ACTION: draft-josefsson-pppext-eap-tls-eap-tls-eap-04.txt: Protected EAP, IETF Draft
Cited by (35)
Providing efficient SSO to cloud service access in AAA-based identity federations
2016, Future Generation Computer SystemsNon-isomorphic biclique cryptanalysis of full-round Crypton
2015, Computer Standards and InterfacesCitation Excerpt :Block ciphers are elementary components in the design of many cryptographic protocols. Indeed, block ciphers are widely used in advanced authentication protocols like extensible and password authentication protocols [1,2]; key management [3]; as well as the building blocks of the other symmetric primitives like hash functions [4] and cryptographic PRNGs [5]. The block cipher Crypton is a 128-bit block cipher which was proposed by Lim [6].
Out-of-band federated authentication for Kerberos based on PANA
2013, Computer CommunicationsCitation Excerpt :In response, the EAP peer answers with an EAP Response/Identity containing the identity represented by using the Network Address Identifier (NAI) format [27]. The process continues with the EAP method execution (e.g. EAP-TLS, EAP-PSK, etc. [28]) which may involve several EAP Request/Response exchanges between EAP peer and server. A successful EAP authentication finishes with an EAP Success message and the provision of keying material [29]: the Master Session Key (MSK) and the Extended Master Session Key (EMSK).
A method of fuzzy preference relation to authorize the worldwide interoperability for microwave access license in Taiwan
2012, Applied Mathematical ModellingCitation Excerpt :The current trend in mobile communication networks is so-called fourth generation (4G) system which offers users multiple wireless accesses operating on the principle of Always Best Connected (ABC) [7]. Worldwide Interoperability for Microwave Access (WiMAX), based on the IEEE (Institute of Electrical and Electronics Engineers) 802.16, is a 4G mobile communication technology which provides wireless data from point-to-point link to full mobile cellular type access over long distances in various ways [8,9]. The major advantages of 802.16 compared to other network access technologies are the longer transmission range and more sophisticated support for Quality of Service (QoS) at the media access control level [10].
Providing EAP-based Kerberos pre-authentication and advanced authorization for network federations
2011, Computer Standards and InterfacesCitation Excerpt :While an EAP lower-layer is used as transport protocol between the peer and the authenticator, the communication between the authenticator and the server is performed using an AAA protocol such as RADIUS [10] or Diameter [11]. Additionally, certain EAP methods [12] are able to generate keying material. According to the EAP Key Management Framework [2], the Master Session Key (MSK) and the Extended Master Session Key (EMSK) are exported after a successful EAP authentication.
Secure three-party key distribution protocol for fast network access in EAP-based wireless networks
2010, Computer NetworksCitation Excerpt :We have compared our proposal based on 3PFH against other different EAP-based network access control schemes. Potentially, different EAP methods [35] can be used in wireless networks. Nevertheless, in real deployments, one of the most common EAP methods is EAP-TLS (or derived methods such as EAP–TTLS or PEAPv2), which is based on asymmetric cryptography.