Wireless Security Research with focus on PEAP/TTLS Design and Implementation - PowerPoint PPT Presentation

About This Presentation
Title:

Wireless Security Research with focus on PEAP/TTLS Design and Implementation

Description:

Wireless Security Research with focus on PEAP/TTLS Design and Implementation Based on Nirmala Bulusu s Master Thesis Outline of the Talk Introduction WLAN, RADIUS ... – PowerPoint PPT presentation

Number of Views:187
Avg rating:3.0/5.0
Slides: 70
Provided by: nbu77
Learn more at: http://cs.uccs.edu
Category:

less

Transcript and Presenter's Notes

Title: Wireless Security Research with focus on PEAP/TTLS Design and Implementation


1
Wireless Security Researchwith focus on
PEAP/TTLS Design and Implementation
  • Based on Nirmala Bulusus Master Thesis

2
Outline of the Talk
  • Introduction
  • WLAN, RADIUS, EAP, TLS,TTLS, PEAP
  • Design and Implementation of PEAP Module for Free
    RADIUS
  • Performance Comparison of PEAP and TTLS
  • Conclusion and Future Work

3
Introduction
  • WLAN, RADIUS, EAP, TLS,
  • TTLS and PEAP

4
Why Wireless Networking
  • Advantages
  • No "plug ins"
  • Increased Productivity
  • Easier network expansion
  • Flexibility and
  • Lowers the cost of ownership
  • Use unlicensed band
  • Vulnerabilities
  • Unauthorized user access
  • Eavesdropping (network can be tapped using
    sniffing tools)

5
War Driving
A directional antenna fashioned from a Pringles
can is used to search for unsecured access points.
6
Doonesbury
Parking Lot Attack
7
Secure Tunnels
The Extensible Authentication Protocol (EAP) uses
encryption to create a tunnel for data
confidentiality.
8
IEEE 802.1x - Architecture
  • IEEE 802.1x is a port-based network access
    control solution to authenticate every network
    user accessing the LAN services.
  • It defines an encapsulation technique that allows
    for the transmission of EAP packets between the
    Supplicant and Authenticator in the LAN
    environment.

9
EAP- Tunneled Transport Layer Security (EAP- TTLS)
  • TTLS is a two-stage protocol - establish security
    in stage one, exchange authentication in stage
    two.
  • The users identity and password-based
    credentials are tunneled during authentication
  • Provides mutual authentication, key generation
    , client identity privacy and data cipher suite
    negotiation

10
How PEAP WorksPEAP Phase 1 Establish TLS
Tunnel
  • Client/Supplicant associates with AP - EAPOL
  • Authentication Server is authenticated to the
    Supplicant using PKI certificate.
  • Supplicant sends machine credentials to
    authenticator over the established TLS channel
  • Authenticator checks Clients validity and if
    valid, generates the WEP key
  • Authenticator delivers key to supplicant and
    transitions controlled port status to permit
    supplicant access to LAN

11
How PEAP Works PEAP Phase 2 Authenticate
Client
  • Client is requested user identity
  • Supplicant responds by sending user credentials
    to authenticator
  • Authenticator checks validity by looking up the
    user database
  • If user id valid, authenticator extends
    controlled port status to permit supplicant full
    access to LAN
  • User is logged on to the domain and the network
    is open

12
The New Proposed ProtocolsEAP-TTLS and PEAP
  • TTLS - developed by Funk and Certicom,
  • Linux, Mac OS X, Windows 95/98/ME, and Windows
    NT/2000/XP.
  • Can use any Authentication Method - CHAP, PAP,
    MS-CHAP, MS-CHAPv2 and EAP
  • PEAP developed by Microsoft, Cisco.
  • Windows XP is currently the only operating system
    that supports PEAP.
  • Only EAP - generic token card

Research Goal Design, Implement and perform a
comparative analysis of the two
protocols.
13
What is PEAP ?
  • IETF Draft-standard proposed by RSA, Microsoft,
    Cisco
  • draft-josefsson-pppext-eap-tls-eap-02.txt.
  • PEAP is an 802.1x Authentication protocol
    typically designed for enhancing access control
    in wireless LANs (WLANs)
  • It is built on top of two well known protocols
  • Extensible Authentication Protocol (EAP)
  • Transport Layer Security (TLS)

14
IEEE 802.1x How it Works
  • 802.1x is a port-based network access control
    method to authenticate and authorize users
    accessing Local Area Network (LAN) services.

The three elements in IEEE 802.1x


Supplicant
Authenticator
System
System


Host NIC

Services offered by
Authenticator
Ethernet 802.1,
the Authenticator
PAE


(Port Access Entity)

Wireless PC card,
system

EAP Messages
EAPOL

etc.

Encapsulated

Controlled
Port Unauthorized
Port

Authorize/Unauthorize

The th
ree d
ifferent
Uncontrolled

Port

e
lements in
IEEE
802.1x

MAC Enable

15
802.1x Communication protocols
  • Protocols to transmit data between Supplicant and
    the Access Point
  • EAP-over-LAN (EAPoL) encapsulated EAP messages in
    Ethernet frames
  • EAP over RADIUS (Remote Access Dial-in User
    Service) encapsulates EAP messages in RADIUS
    packets

16
Remote Access Dial-in User Service (RADIUS)
  • RADIUS is a Client/server protocol and software
    that supports authentication, authorization, and
    accounting (AAA) for dial-up, virtual private
    network, and wireless network access.
  • Three major components of RADIUS
  • End User (Supplicant)
  • RADIUS Client (Access Point, Authenticator or
    Terminal Server)
  • RADIUS server (Authentication server).
  • All RADIUS messages are sent as User Datagram
    Protocol (UDP) messages on port 1812.

17
Message Exchanges Between RADIUS Client and
Server
For PEAP, Password is not sent in this frame
18
802.1X Authentication Types
  • EAP-TLS (EAP-Transport Layer Security)
  • Mutual authentication via PKI based client
    server certificates
  • Supported in XP and soon other Windows versions
  • Imposes substantial administrative burden to
    generate, distribute and manage user
    certificates.
  • EAP-TTLS (EAP-Tunneled Transport Layer Security)
  • User authentication via user ID and password
  • Supported by Funk Softwares Odyssey
  • Supports both EAP and non-EAP kind of
    Authentication methods.
  • PEAP (Protected EAP)
  • User authentication via user ID and password
  • Supported by Cisco Aironet client adapters and
    Microsoft XP SP1
  • Supports only EAP authentication methods.

19
EAPTransport Layer Security
  • EAP-TLS (RFC2716) defines a mechanism for
    exchange of messages with both client and server
    validating each other via certificates providing
    mutual authentication
  • Certificate management required for secure
    operation

No user-password kind of exchanges
20
Need for PEAP/TTLS
  • Wireless AP broadcasts all traffic hence can
    easily collect data if within the broadcast range
  • PEAP/TTLS answers this by transmitting
    user-sensitive data in an encrypted channel - the
    established TLS tunnel
  • Weak Wireless Encryption
  • Using PEAP/TTLS the data within the tunnel cannot
    be decrypted without the TLS master secret and
    the key is not shared with the Access point.
    Rogue/compromised access points cannot decrypt
    messages.
  • MAC address based access control does not work
    NetStumbler
  • Use TLS-based authentication mechanisms to tunnel
    user credentials.
  • EAP-TLS administrative overhead
  • With PEAP/TTLS only server side PKI
    infrastructure based digital certificates are
    used to authenticate EAP servers. No need to
    install and maintain Client side certificates.

21
EAP-Tunneled Transport Layer Security (EAP-TTLS)
  • Is a two-phase protocol - establish security in
    stage one, exchange authentication in phase two.
  • The users identity and password-based
    credentials are tunneled during authentication
  • The AAA server can proxy the user authentication
    to AAA/H (e.g., LDAP, Active Directory) server.

TTLS Architectural Model
22
Protected EAP (PEAP)
  • Two Phase Protocol Establish TLS connection,
    start a second EAP authentication process inside
    encrypted tunnel.
  • Client is authenticated in the second phase using
    any EAP authentication mechanism (Generic Token
    Card, One-Time-Password, MS-CHAPv2)
  • MS-CHAPv2 Microsoft Challenge-Handshake
    Authentication Protocol
  • PEAP addresses the weaknesses of EAP by
    protecting user-credentials, standardizes key
    exchanges, supports fragmentation, fast
    reconnects and seamless transition.
  • Fast reconnection Do quick re-authentication by
    passing only session keys. The session can be
    resumed without having to perform PEAP Phase 1 or
    2.
  • Seamless transition uses the connection
    re-establishment mechanism provided by the TLS
    handshake protocol.

23
Phase 1- Establish TLS Tunnel
AP only pass-through device from this point
(User-name)
/Start
Exchange Series of TLS messages
User Validates server certificate
RADIUS server sends Certificate chain to Client
24
Phase 2- Authenticate Client
Challenge String
Response to challenge string user password
EAP- Success message
Session key, encrypted WEP key
25
PEAP Protocol Implementation Details
26
FreeRADIUS Server Code Organization
  • Handles requests through a module interface
    Radius Load Module RLM
  • Module has four components that act on RADIUS
    requests at different stages of processing the
    request
  • Authorization Process of obtaining information
    about the user from external source determining
    the type of authentication protocol to be used.
  • Authentication Process of validating a Users
    Identity.
  • Pre-AccountingDecides whether to proxy the
    request
  • Accounting This records the request in the
    RADIUS log
  • A module declares which components it supports by
    putting function pointers in its "module_t rlm_
    structure.

27
Free RADIUS Code Directory Structure
The new developed Software
28
Module Behavior
  • Add module inside the modules block of the
    radiusd.conf file. module_name defined in the
    block is used to load the module.
  • Each configured module calls its own init()
    method.
  • The instantiate() method is called next. It is
    given a handle to the configuration block holding
    the parameters.
  • Finally a detach() method is called when server
    is shut- down to release the allocated resources.

29
Example - radiusd.conf
modules eap default_eap_type
peap tls peap
default_eap_type mschapv2
eap sets the authorize type as
EAP authorize eap eap authentication
takes place. authenticate eap
30
The rlm_eap_peap module
  • Deals with the standard attach, detach, and
    authenticate interfaces.
  • The rlm_eap_peap module does not have an
    initiate() interface.
  • PEAP is a protocol on top of TLS, so before
    initiating PEAP we have to initialize the TLS
    session.

/ rlm_eap_peap.c - Contains interfaces called
from the main module EAP /  EAP_TYPE
rlm_eap_peap "eap_peap", / module_name
/ eappeap_attach, / attach / NULL, / No
peap initialization interface/ NULL, / No
need for authorization interface/ eappeap_authen
ticate, / authentication / eappeap_detach /
detach /
31
PEAP Phase 1- Implementation
  • Handler is sent to the eaptls_process function
    which processes the EAP request returns the
    status code.
  • If the status code returned is a Success then the
    PEAP module proceeds to decode the tunneled
    attributes
  • If the status code returned is a Fail then the
    PEAP module interprets it as a failure in
    establishing the TLS session and returns back to
    the eaptls_process method for ending the session.

32
The EAP-TLV Method
  • EAP-TLV is a payload with standard
    Type-Length-Value (TLV) objects.
  • Used to carry arbitrary parameters between the
    EAP peer and the EAP server.
  • The PEAP tunnel success/failure packet contains a
    Result TLV.
  • The Result TLV packet is used to indicate success
    or failure of the PEAP tunnel.
  • They are sent in the TLS channel - Phase 2.
  • Packets are protected from being spoofed by an
    attacker.

33
EAP TLV Packet Formats
34
Implementation EAP-TLV
  • User credentials, the state of the message
    exchange and the Status i.e the Result TLV has to
    be passed through the encrypted channel.
  • A data structure to store these parameters is
    defined
  • Two functions for explicitly framing the result
    TLV packets have been implemented

/ eap_peap.h - PEAP header file/ define
TLV_SUCCESS 1 define TLV_FAILURE 2 define
PW_EAP_TLV 33 typedef struct peap_tunnel_t
VALUE_PAIR username VALUE_PAIR state int
status / Checks for Result TLV status /
peap_tunnel_t static int eappeap_success(EAP_HAND
LER handler, tls_session_t tls_session) static
int eappeap_failure(EAP_HANDLER handler,
tls_session_t tls_session)
35
PEAP Phase 2- Implementation
  • Starts with the eappeap_authenticate () interface
    receiving the EAP_TLSOK status code from the
    eaptls_process function
  • The function proceeds to read and decrypt the
    tunneled data from the SSL session using the in
    built SSL functions .
  • Next it allocates a new request data structure
    and adds the tunneled attributes to the request.
  • It then calls the rad_authenticate () function
    with the new request packet as the parameter to
    handle the tunneled EAP-Type MS-CHAPv2.

36
PEAP Phase 2- Implementation
  • Next it reads the Response Packet received from
    the rad_authenticate function.
  • IF the status field TLV_SUCCESS, then Phase two
    of the protocol has been successful and the
    server can proceed to generate the MPPE
    (Microsoft Pointto-Point Encryption) keys
    according to the RFC 2716 EAP-TLS.
  • Any response messages in the VALUEPAIR format
    need to be converted to the tunneled data format.

37
Performance Analysis of PEAP and TTLS
38
TEST BED at UCCS ENG LAB
RADIUS
Client
39
Client/Server Machine Configurations
40
Performance Impact of Clients Processor Speed
on PEAP TTLS
  • Purpose
  • Investigate the impact of Clients processor
    speed on the time taken to process the Client
    requests and to see the capacity of the server to
    handle multiple requests coming from the Clients.
  • Number of Tests Performed
  • Three Tests performed - Toshiba machine
    366Mhz, Hobbit machine 996 Mhz and with two
    clients having simultaneous access to the server.

41
PEAP vs TTLS on Toshiba machine
PEAP TTLS Average 1046 949 Variance 8142 12060
42
PEAP vs TTLS on Hobbit machine
PEAP TTLS Average 983 911 Variance 10 356
43
PEAP vs TTLS Simultaneous Access of Clients
PEAP TTLS Average 1006 947 Variance 23707 12387
44
Result Analysis
  • TTLS out performing PEAP on an average by 8
  • At lower processor speeds - TTLS was
    outperforming PEAP by 10
  • At higher processor speeds the performance
    difference is around 7
  • When running simultaneously with two clients it
    shows a performance difference of only 6
  • TTLS and PEAP both show low data variance.
  • PEAP had almost negligible variance with a higher
    processor speed Client.
  • Processor speeds influencing PEAP relatively more
    as compared to TTLS

45
Sensitivity study of PEAP TTLS with Client
stationed at varying distances
  • Purpose
  • To study the impact on the performance of the
    two protocols by introducing packet loss or
    signal degradation with increasing distances
    between wireless Client and AP.
  • Number of Tests Performed
  • Five Tests performed at distance ranges of
    approximately 25, 30, 45, 55 and 65 feet. Some
    tests were done behind walls and closed doors to
    see the impact of line of sight.

46
PEAP vs TTLS Distance Range 30ft
47
PEAP vs TTLS Distance Range 25ft
48
PEAP vs TTLS Distance Range 45ft
49
PEAP vs TTLS Distance Range 55ft
50
PEAP vs TTLS Distance Range 65ft
51
PEAP vs TTLS Average Performance
52
PEAP vs TTLS Variance Data
53
Result Analysis
  • As Client goes farther away from the access point
    the performance of both the protocols degrades.
  • At a lower distance range there is negligible
    performance difference between PEAP and TTLS
    TTLS performing 1 better.
  • With increasing distance range average
    performance difference increases - TTLS performs
    20 better at 65 feet range.
  • Data collected highly variant for PEAP as
    compared to TTLS at closer distances but at the
    farthest point of 65 feet TTLS data showed
    higher variance than PEAP.

54
PEAP TTLS Resilience Tests
  • Purpose
  • To study the tolerance capacity of the protocols
    towards network transient behavior.
  • Number of Tests Performed
  • Five Tests performed. The network interface at
    the RADIUS server end is brought up and down over
    different time periods by running a Perl script.
  • Note A constant downtime of 3 sec has been used
    in all tests.
  • At first this was chosen randomly. But later by
    changing downtime it seemed to be making less
    difference to the performance as compared to
    changing network uptime.

55
PEAP vs TTLS Network Uptime 5.0 sec
PEAP TTLS Average 12 6 Variance 266 84
56
PEAP vs TTLS Network Uptime 4.5 sec
PEAP TTLS Average 9 8 Variance 105 95
57
PEAP vs TTLS Network Uptime 4.2 sec
PEAP TTLS Average 12 12 Variance 106 118
58
PEAP vs TTLS Network Uptime 4.0 sec
PEAP TTLS Average 18 16 Variance 50 91
59
PEAP vs TTLS Network Uptime 3.9 sec
PEAP TTLS Average 25 26 Variance 437 390
60
Result Analysis
  • Client performance degrades as the network
    interface uptime gets shorter.
  • At 3.8 sec uptime both PEAP and TTLS protocols
    failed to recover.
  • The average performance of TTLS as compared to
    PEAP is negligible
  • Where difference was large the variance
    difference between the two also has been
    relatively big.

61
PEAP TTLS Stress Tests
  • Purpose
  • To study the performance of the two protocols
    when run for a longer period of time.
  • Number of Tests Performed
  • Two Tests performed One for Each Protocol.
    Each test was run for over 15 hours

62
Stress Test - PEAP
Average 1011
63
Stress Test - TTLS
Average 1099
64
Result Analysis
  • Both protocols passed the stress tests. Both
    authenticated the Client all times.
  • The peaks can be attributed to the fact that in
    some of the cases the Client got authenticated in
    the second or third trial of authentication
  • The peaks reached by TTLS are much more frequent
    and higher as compared to PEAP - Over a longer
    time period TTLS shows more variance than PEAP

65
MAC Address Spoofing Test
  • Purpose
  • Investigate if by spoofing the MAC address an
    attacker can gain access to a wireless network
    that relies on tunneled encryption like PEAP/TTLS
    for authenticating wireless Clients.
  • Number of Tests Performed
  • One test was performed with a Linux Client
    authenticating using PEAP. Attacker had Windows
    XP running AiroPeek software for sniffing MAC
    addresses.
  • I would like to thank Donovan Thorpe of Computer
    Services UCCS for his help in performing this
    test.

66
Result Analysis
  • The attacker could associate with the Access
    Point as it had a valid MAC address while
    eavesdropping the network. Thus passed the first
    line of defense MAC address filtering.
  • The attacker was prompted for the user
    credentials. This stage could not be by-passed
    and the attacker could not access the network as
    the user credentials were in encrypted format and
    thus could not be sniffed.

67
Conclusion Future Work
68
Conclusion
  • Developed a Radius Server on Linux that supports
    both PEAP and TTLS.
  • PEAP is relatively more influenced by Clients
    processor speeds, distance range and network
    transient nature as compared to TTLS.
  • Although the higher performance shown by TTLS
    over PEAP is negligible, it is worth noting that
    TTLS was outperforming PEAP on an average by 10
    in all the tests.
  • The enhanced Radius Server can serve both Windows
    and Linux clients.

69
Future Work
  • Study how to apply the PEAP/TTLS protocols in
    Mobile Ad-Hoc Networks.
  • Study the implications of providing Virtual
    Private Network (VPN) features in addition to
    encryption of PEAP/TTLS within the wireless
    Access Point devices.
  • Develop ways to protect user's identity that is
    passed in clear between the access point, the
    RADIUS server, and any other database-backend
    server by implementing firewalls or other such
    viable security techniques.
Write a Comment
User Comments (0)
About PowerShow.com