(Man in the Middle) MITM in Mesh January 2007 doc.: IEEE 802.11-yy/0002r1 January 2007 (Man in the Middle) MITM in Mesh Date: 2007-01-09 Authors: Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <stuart.kerry@philips.com> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <patcom@ieee.org>. Junping Zhang, Huawei Junping Zhang, Huawei Company

Abstract Introduction about MITM (man-in-the-middle) attack January 2007 doc.: IEEE 802.11-yy/0002r1 January 2007 Abstract Introduction about MITM (man-in-the-middle) attack How does MITM happen to mesh Method of avoiding the attack Junping Zhang, Huawei Junping Zhang, Huawei Company

Outline The overview of 802.1x authentication with EAP-TLS in mesh January 2007 doc.: IEEE 802.11-yy/0002r1 January 2007 Outline The overview of 802.1x authentication with EAP-TLS in mesh Problem may exist in mesh with EAP-TLS The method of solving the MITM problem Conclusion Outline做下修改，便于讲的时候理下思路。首先是802.1x和EAP-TLS介绍，然后是攻击分析，最后是我们的修改以及好处。 另外需要把前两个阶段发生攻击和我们修改的缺点私底下准备好，万一人家问起便于回答。 Junping Zhang, Huawei Junping Zhang, Huawei Company

The overview of 802.1x authentication in mesh January 2007 The overview of 802.1x authentication in mesh 802.1x is used for authentication in mesh now The core of 802.1x is Extended Authentication Protocol Now it mostly employs EAP-TLS. Junping Zhang, Huawei

The authentication process with EAP-TLS in mesh January 2007 The authentication process with EAP-TLS in mesh Authentication Server Authentication Server Supplicant Supplicant Authenticator Authenticator Peer Link Establishment Authentication process with EAP-TLS EAPOL EAP Start EAP Start EAP Request Identity EAP Request Identity EAP Request (Identity-Machine Name or User Name) EAP Request (Identity-Machine Name or User Name) EAP Request-TLS(TLS Start) EAP Request-TLS(TLS Start) EAP Request-TLS(TLS Client_hello) EAP Request-TLS(TLS Client_hello)) EAP Request(TLS Server_hello,TLS Certificate,Server key exchange) EAP Request(TLS Server_hello,TLS Certificate,Server key exchange) EAP Request-TLS(TLS Cert,Clinet key exch,TLS fin) EAP Request-TLS(TLS Cert,Clinet key exch,TLS fin) EAP Request-TLS(changecipher spec) EAP Request-TLS(changecipher spec) EAP Request-TLS() EAP Request-TLS() EAP Success(EAP-TLS Session key, Encryption Type) EAP Success(Session key) Junping Zhang, Huawei

Outline The overview of 802.1x authentication with EAP-TLS in mesh January 2007 doc.: IEEE 802.11-yy/0002r1 January 2007 Outline The overview of 802.1x authentication with EAP-TLS in mesh Problem may exist in the EAP-TLS for mesh The solution of solving the MITM problem Conclusion Outline做下修改，便于讲的时候理下思路。首先是802.1x和EAP-TLS介绍，然后是攻击分析，最后是我们的修改以及好处。 另外需要把前两个阶段发生攻击和我们修改的缺点私底下准备好，万一人家问起便于回答。 Junping Zhang, Huawei Junping Zhang, Huawei Company

Security problem existing in EAP-TLS for mesh January 2007 Security problem existing in EAP-TLS for mesh MITM(man-in-the-middle) attack may occur one attacker is able to read, insert and modify messages at will between supplicant and authenticator the peer (supplicant and AS) doesn’t know whether message is forged or not. An example of (MITM)attack in mesh Downgrade, asymmetry and forged attack Junping Zhang, Huawei

An example of MITM attack in mesh January 2007 An example of MITM attack in mesh attacker Supplicant Authenticator Supplicant’ Legality Authenticator Authentication Server EAPOL EAP Start A new authentication course EAP Request Identity EAP Request (Identity-Machine Name or User Name) forged attack (Identity-Machine Name or User Name)’…… forged MAC address and identity information server_hello’ server_hello client_hello client_hello’ downgrade and asymmetry attack Junping Zhang, Huawei

Outline The overview of 802.1x authentication with EAP-TLS in mesh January 2007 doc.: IEEE 802.11-yy/0002r1 January 2007 Outline The overview of 802.1x authentication with EAP-TLS in mesh Problem may exist in the EAR-TLS for mesh The solution of solving the mitm problem Conclusion Outline做下修改，便于讲的时候理下思路。首先是802.1x和EAP-TLS介绍，然后是攻击分析，最后是我们的修改以及好处。 另外需要把前两个阶段发生攻击和我们修改的缺点私底下准备好，万一人家问起便于回答。 Junping Zhang, Huawei Junping Zhang, Huawei Company

Some methods for preventing MITM January 2007 Some methods for preventing MITM SSL3.0/TLS1.0 that is based on X.509 certificate model. Both supplicant and authentication server need certificate. Security of communication between each mesh point and CRL server has to been ensured The performance problem of download certificate and CRL Enterprises deploy with RADIUS databases that are different with X.509 PSK Deployment is burdensome not suitable for large scale mesh applications. PSK problem has been discussed in doc (11-06/1446r1) Junping Zhang, Huawei

Suggestion method Verify authenticator before EAP-TLS January 2007 Suggestion method Verify authenticator before EAP-TLS Issue signature by AS verify authenticator by signature Junping Zhang, Huawei

Issue signature in EAP-TLS January 2007 doc.: IEEE 802.11-yy/0002r1 January 2007 Issue signature in EAP-TLS AS Supplicant EAP Response/Identity EAP Request/TLS Start EAP Response/TLS ClientHello(Random) EAP Request/TLS ServerHello(Random) || Certificate || ServerKeyExchange || [CertificateRequest] || ServerHelloDone EAP Response/TLS ClientUserID|| ClientPassword_MD5 or(Certificate) || ClientKeyExchange || ChangeCipherSpec || Finished 验证SUPPLICANT合法性,portal配置好了signature,然后发签名，然后就可以变成合法的AUTHENTICATOR issue AS’s signature to legal supplicant EAP Request/TLS ChangeCipherSpec || Signature||AlgorithmFlag||Finished Verify the legality of issuer and accept it or not EAP Response EAP Success Junping Zhang, Huawei Junping Zhang, Huawei Company

Verify authenticator during initial EMSA authentication January 2007 Verify authenticator during initial EMSA authentication Supplicant Authenticator Association Request (Peer Link Open IE ) Association Request ( Peer Link Open IE + ) Signature +AlgorithmFlag Verify the legality of Signature: issuer and holder Association Response (Peer Link Confirm IE) Association Response (Peer Link Confirm IE) The signature is issued to every legal node by AS. “Algorithm Flag” indicates the public algorithm used by AS. One new supplicant need to verify authenticator by signature which issued by AS. AS can adopt TimeStamp or other mechanism to prevent the vicious reuse of signature. Junping Zhang, Huawei

Benefit of suggestion method January 2007 Benefit of suggestion method It can solve MITM problem. Simple deployment. A mesh network only need one AS’s certificate and its public key. Lower cost The public key algorithm can be gotten by software-update Small modification to 802.1x authentication. It can still use 802.1x authentication mechanism and EMSA key hierarchy. Junping Zhang, Huawei

Outline The overview of 802.1x authentication with EAP-TLS in mesh January 2007 doc.: IEEE 802.11-yy/0002r1 January 2007 Outline The overview of 802.1x authentication with EAP-TLS in mesh Problem may exist in the EAR-TLS for mesh The solution of solving the mitm problem Conclusion Outline做下修改，便于讲的时候理下思路。首先是802.1x和EAP-TLS介绍，然后是攻击分析，最后是我们的修改以及好处。 另外需要把前两个阶段发生攻击和我们修改的缺点私底下准备好，万一人家问起便于回答。 Junping Zhang, Huawei Junping Zhang, Huawei Company

Conclusion There are MITM in 802.1x authentication for mesh January 2007 Conclusion There are MITM in 802.1x authentication for mesh The verifying authenticator can solve MITM problem more efficient. Junping Zhang, Huawei

January 2007 Straw poll Shall we accept the verifying authenticator method and prepare texts based on it for approval ? Yes: No : Junping Zhang, Huawei

References IEEE P802.11s™/D1.00 Draft 802.11i overview January 2007 Junping Zhang, Huawei