WLAN Security

Examining EAP and 802.1x

802.1x works at Layer 2 to authentication and authorize devices on wireless access points.

IEEE 802.1x

It is used for certain closed wireless access points.

802.1x Authentication

A wireless node must be authenticated before it can gain access to other LAN resources

It does assume a point-to-point model.

Then PPP can serve for this point-to-point model.

What is PPP and what does it have to do with wireless security?

Most people are familiar with PPP, the point-to-point protocol. It’s most commonly used for dial-up Internet access.

PPP is also used by some ISPs for DSL and cable modem authentication, in the form of PPPoE (PPP over Ethernet).

What is PPP and what does it have to do with wireless security?

By any measure, PPP is a very successful protocol.

In practice, PPP has gone far beyond its original use as a dial-up access method as it's now used all over the Internet.

What is PPP and what does it have to do with wireless security?

Although PPP has many parts that make it useful in different networking environments, the part that we care about in this demonstration is the authentication piece.

What is PPP and what does it have to do with wireless security?

Before anything at Layer 3 (like IP) is established, PPP goes through an authentication phase at Layer 2.

With dial-up Internet access, that’s the username and

password.

What is PPP and what does it have to do with wireless security?

PPP authentication is used to identify the user at the other end of the PPP line before giving them access.

By authenticating at layer 2, you are independent of upperlayer protocol (such as IP).

What is PPP and what does it have to do with wireless security?

And you can make decisions on how to handle layer 3 protocols, such as IP, based on the authentication information.

For example, depending on what authentication information you provide, you might get a particular IP address.

PPP General Frame Format

802.1x Terminology

802.1x does introduce some terminology that we need to get used to.

An authenticator helps authenticate what you connect to it. It does this via the authentication server.

The supplicant is what is being authenticated. See the following diagram if that's unclear.

802.1x Terminology

802.1x Terminology

The Port Access Entity (PAE) is what executes the algorithms and follows the protocol(s).

Each of the three items above has a PAE, but the PAE software does do different things on each of the three.

How did EAP get into the picture?

As PPP use grew, people quickly found its limitations, both in flexibility and in level of security, in the authentication methods, such as PAP.

How did EAP get into the picture?

Most corporate networks want to do more than simple usernames and passwords for secure access.

So a new authentication protocol, called the Extensible Authentication Protocol (EAP) was designed.

What is EAP

EAP

Extensible Authentication Protocol is a universal authentication framework frequently used in wireless networks and Point-to-Point connections.

It is defined by RFC 3748.

EAP and WPA

WPA and WPA2 standard has officially adopted five EAP types as its official authentication mechanisms.

EAP is a way for a supplicant to authenticate, usually against a back-end RADIUS server.

EAP comes from the dial access world and PPP. 

There is a RFC for how RADIUS should support EAP between authenticator and authentication server, RFC 3579.

EAP was first defined in the IETF RFC 2284.

The EAP TLS variant is defined in RFC 2716.

The following figure shows the EAP format.

Note that when 802.1x is the transport, all this fits into the 802.1x payload field, with EAPOL packet type set to 0 (EAP packet).

The EAPOL frame format

EAP is a way for a supplicant to authenticate, usually against a back-end RADIUS server.

EAP comes from the dial access world and PPP. 

There is an RFC for how RADIUS should support EAP between authenticator and authentication server, RFC 3579.

EAP was first defined in the IETF RFC 2284.

The EAP TLS variant is defined in RFC 2716.

The following figure shows the EAP format.

Note that when 802.1x is the transport, all this fits into the 802.1x payload field, with EAPOL packet type set to 0 (EAP packet).

EAP format

The code field indicates the type of EAP packet as follows: (1) Request, (2) Response,

(3) Success, (4) Failure

The ID is one byte for matching requests and responses.

Length is the byte count including the code, ID, length and data fields. 

The data field format varies depending on the code field.

Types 3 and 4, Success and Failure are easy to describe: they have no data field (0 bytes).

Types 1 and 2 share a format. It boils down to a type code (one byte) then the data for that type. 

Here's what that makes the EAP packet look like:

The original RFC defines several types of EAP authentication. They are:

1 Identity2 Notification3 Nak (response only)4 MD5-Challenge5 One-Time Password (OTP) (RFC 1938)6 Generic Token Card

13 TLS (RFC 2716 adds TLS)

The RFC's contain some great diagrams showing the sequence of messages for the above EAP variants.

The IEEE  802.1x standard goes through all this for EAP-OTP in a couple of different scenarios (supplicant initiated exchange, authenticator initiated, etc.).

How did EAP get into the picture?

EAP sits inside PPP’s authentication protocol.

It provides a generalized framework for all sorts of authentication methods.

EAP Message

Exactly one EAP packet is encapsulated in the Information field of a PPP Data Link Layer frame and building a PPP EAP Message.

Where the protocol field indicates type hex C227 (PPP EAP).

How did EAP get into the picture?

By pulling EAP out (destacando) into a separate protocol, it then has the option of re-use in other environments - like 802.1X.

How did EAP get into the picture?

EAP is supposed to head off (desviar) proprietary authentication systems and let everything from passwords to challenge-response tokens and PKI certificates work smoothly.

How did EAP get into the picture?

With a standardized EAP, interoperability and compatibility across authentication methods becomes simpler.

How did EAP get into the picture?

Only the client and the authentication server have to be coordinated.

By supporting EAP authentication, a RAS server (in wireless this is the AP) gets out of the business of actively participating in the authentication dialog ...

How did EAP get into the picture?

For example, when you dial a remote access server (RAS) and use EAP as part of your PPP connection, the RAS doesn’t need to know any of the details about your authentication system.

How did EAP get into the picture?

... ... and just re-packages EAP packets to hand off to a RADIUS server to make the actual authentication decision.

How 802.1x Works

The 802.1x access control works on unaggregated physical ports  at OSI Layer 2. It allows or denies access.

The access control it exerts can govern bidirectional or inbound traffic.

On LAN media, 802.1x needs some way to communicate between the Supplicant and the Authenticator. This happens directly at Layer 2.

The protocol used is EAPOL, which stands for EAP encapsulation over LANs. 

EAP is a separate protocol (or family of  protocols) for authentication.

Let's take a look at the EAPOL frame format. It is shown in the following figure:

the EAPOL frame format

The packet type is as follows:

0 EAP Packet1 EAPOL Start2 EAPOL Logoff3 EAPOL Key4 EAPOL Encapsulated Alert

The key packet  type is used for  EAP variants that allow an encryption key.

The packet body is then a Key Descriptor, with specified fields. We'll skip the details.

The Alert EAP packet type allows for things (like SNMP) to be sent through a port where the authentication resulted in an unauthorized state.

The standard notes  that use in a shared environment is  highly insecure unless the supplicant to authenticator traffic is a secure association, i.e. encrypted.

The authenticator then uses a standard protocol, usually RADIUS, to relay information to and from the authentication server.

The following figure shows how the protocol works.

It basically provides a L2 wrapper to transport EAP information between supplicant and authenticator. 

Note that the EAPOL-Start message is only used if the supplicant initiates the exchange.

The authenticator can notice link status has changed, and just jump right in with the EAP exchange.

It may seem a little silly, having a big diagram with only a couple of arrows in it. I hope that this emphasizes the key point here.

The double arrow goes further since we'll see that the authenticator re-encapsulates the EAP information, typically within RADIUS, and passes it through to the authentication server.

IEEE 802.1

IEEE 802.1 is a working group of the IEEE 802 project of the IEEE. It is concerned with: 802 LAN/MAN architecture internetworking among 802 LANs, MANs and other

wide area networks, 802 Link Security (This is not wireless), 802 overall network management, and protocol layers above the MAC & LLC layers.

What Is 802.1x?

IEEE 802.1x is an IEEE standard for port-based Network Access Control which extends the 802.1.

it is part of the IEEE 802.1 group of protocols.

It provides authentication to devices attached to a LAN port, establishing a point-to-point connection or preventing access from that port if authentication fails.

The standard 802.1x is an IEEE standard for Port-Based Network Access Control. 

IEEE 802.1x - a port based

authentication protocol

From the introduction to the 802.1x standard document, with some omissions:

"Port-based network access control makes use of the physical access characteristics of IEEE 802 LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port [...],

and of preventing access to that port in cases in which the authentication and authorization process fails. [...]

Examples of ports in which the use of authentication can be desirable include the Ports of MAC Bridges, [...] ,

and associations between stations and access points in IEEE 802.11 Wireless LANs."

That is, 802.1x and EAPOL just exist as a way to transport EAP information between Supplicant and Authenticator.

How This All Works

The RFC's contain some diagrams showing the sequence of messages for the above EAP variants.

The IEEE  802.1x standard goes through all this for EAP-OTP in a couple of different scenarios (supplicant initiated exchange, authenticator initiated, etc.).

This fills in the big EAP arrow in the above diagram to show the full sequence of messages.

The following figure shows my version of the sequence of messages for EAP-OTP (One Time Password).

Medium to large Enterprise WLAN Security

Level 3

EAP

Extensible Authentication Protocol is a universal authentication framework frequently used in wireless networks and Point-to-Point connections.

It is defined by RFC 3748.

Although the EAP protocol is not limited to wireless LANs and can be used for wired LAN authentication, it is most often used in wireless LANs.

WPA

WPA and WPA2 standard has officially adopted five EAP types as its official authentication mechanisms.

EAP is an authentication framework, not a specific authentication mechanism. It only defines message formats.

The EAP provides some common functions and a negotiation of the desired authentication mechanism.

Such mechanisms are called EAP authentication methods.

Each protocol that uses EAP defines a way to encapsulate that protocol's messages within the EAP messages.

In the case of 802.1x, this encapsulation is called EAPOL, "EAP over LANs".

Level 3: Medium to large Enterprise WLAN security

EAP-TLS could be the recommended authentication method for this security level. 

EAP-TLS have the same server and client side digital certificate requirements.

To implement EAP-TLS, not only does the server require a Digital Certificate but the users as well. 

This means you will need Certificate Authority to issue a proper Server Digital Certificate on a pair of dedicated RADIUS servers and not just a Self Signed Certificate on a makeshift RADIUS Server. 

For this security level, the proper PKI best practices should be followed. 

There should be at least a single dedicated PKI Root Certificate Authority, but preferably it should at least be a 2 or 3 tier PKI design.

A two tier chain for a medium Enterprise organization would have an offline Root Certificate Authority and an online Issuing Certificate Authority. 

The reason for this is that if a Certificate Authority is ever compromised, you can revoke it and create a new one ...

... from the higher offline Certificate Authorities without having to start your PKI deployment from scratch. 

Building a PKI from scratch because of a compromised Certificate Authority would be completely unacceptable in a large scale environment.

A large Enterprise should implement the three tier design with offline Root Certificate Authority, offline subordinate Certificate Authority, and online Issuing Certificate Authority.

Methods defined in IETF RFCs include: EAP-MD5, EAP-OTP, EAP-GTC, EAP-TLS or EAP-TTLS, EAP-IKEv2, EAP-SIM, EAP-AKA

Some commonly used methods capable of operating in wireless networks include: EAP-TLS, EAP-TTLS

Requirements for EAP methods used in wireless LAN authentication are described in RFC 4017.