An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4
2004/11/42 Outline ► Introduction ► IEEE 802.1x Standard ► Man-in-Middle, Session Hijack attack ► Proposed solution ► Conclusion ► Reference
2004/11/ Security ► A wireless network is broadcast by nature, and the media is reachably-broadcast. ► Authentication and data encryption. ► The standard for WLAN communications introduced the Wired Equivalent Privacy (WEP) protocol.
2004/11/44 Basic Security Mechanisms ► Two Model: ad-hoc and infrastructure mode. ► A wireless client establish a relation with an AP, called an association. Unauthenticated and unassociated Authenticated and unassociated Authenticated and associated
2004/11/ State Machine ► STA and AP exchange authentication Management frames between state 1 and 2. ► Open system,share key and Mac-address based control list. ► WEP was designed to provide confidentiality.
2004/11/46 WEP Protocol ► The WEP protocol is used in networks to protect link level data during wireless transmission. ► It relies on a secret key k shared between the communicating parties to protected the body of a transmitted frame of data. ► Encryption of a frame proceeds: checksumming and encryption.
2004/11/47 WEP Protocol (2)
2004/11/48 The Drawback of WEP ► Keystream Reuse The IV field used by WEP is only 24 bits wide, nearly guaranteeing that the same IV will be reused for multiple message.
2004/11/49 The Drawback of WEP (2) ► Message Modification The WEP checksum is a linear function of the message.
2004/11/410 Outline ► Introduction ► IEEE 802.1x Std and RSN ► Man-in-Middle, Session Hijack attack ► Proposed solution ► Conclusion
2004/11/411 IEEE 802.1x and RSN ► IEEE 802.1x is a security framework must provide network access authentication. ► RSN (Robust Security Network) provides mechanisms to restrict network connectivity to authorized entities only via 802.1x.
2004/11/412 IEEE 802.1x Setup ► Supplicant: An entity use a service via a port on the Authenticator. ► Authenticator: A service provider. ► AAA Server: A central authentication server which directs the Authenticator to provide the service after successful authentication.
2004/11/ Association
2004/11/414 A Typical Authentication Session using EAP EAPOLRADIUS EAPOL Start
2004/11/415 Extensible Authentication Protocol (EAP) ► EAP is built around the challenge-response communication paradigm. ► Four type messages: EAP Request, EAP Response, EAP Success, EAP Failure.
2004/11/416 EAPOL ► The EAP Over Lan (EAPOL) protocol carries the EAP packets between authenticator and supplicant. ► An EAPOL key message provides a way of communicating a higher-layer negotiated session key.
2004/11/417 RADIUS ► Remote Authentication Dial-In User Service (RADIUS) Protocol. ► The Authentication server and the authenticator communicate using the RADIUS.
2004/11/418 Dual Port Model ► The AP (Authenticator) must permit the EAP traffic before the authentication succeeds.
2004/11/ /1x State Machine
2004/11/420 Outline ► Introduction ► IEEE 802.1x Std and RSN ► Man-in-Middle, Session Hijack attack ► Proposed solution ► Conclusion
2004/11/421 Attack ► MIM (Man-in-Middle) attack. ► Session Hijacking. ► Denial of Service (DoS).
2004/11/422 Man-in-Middle ► An attacker forge this packet on behalf of the authenticator and potentially start a simple Man-in-Middle attack.
2004/11/423 Session Hijacking ► The session hijack by spoofing a MAC disassociate message.
2004/11/424 Denial of Service (DoS) ► EAPOL Logoff, EAPOL Start message spoofing. ► EAP failure message spoofing. ► Spoofing of management frames. ► Large number of associate request.
2004/11/425 Outline ► Introduction ► IEEE 802.1x Std and RSN ► Man-in-Middle, Session Hijack attack ► Proposed solution ► Conclusion
2004/11/426 Per-packet Authenticity and Integrity ► Lack of per-packet authenticity and integrity in IEEE frames has been a key contributor in many of the protocol ’ s security problems. ► There are currently no plans by the IEEE to add integrity protection to management frame. ► The session hijack attack primarily exploited.
2004/11/427 Authenticity and Integrity of EAPOL messages ► Addition of an EAP authenticator attribute.
2004/11/428 Outline ► Introduction ► IEEE 802.1x Std and RSN ► Man-in-Middle, Session Hijack attack ► Proposed solution ► Conclusion
2004/11/429 Conclusion ► Because the transport medium is shared, permits attackers easy and unconstrained access. ► Our attacks demonstrate that the current RSN architecture does not provide strong access control and authentication.
2004/11/430 Reference Arunesh Mishra, William A. Arbaugh, “ An Initial security analysis of the IEEE 802.1x Standard ” N.Borisov, L.Goldberg, D.Wagner, “ Intercepting Mobile Communications: The Insecurity of ”. Proc., Seventh Annual International Conference on Mobile Computing and Networking, July, 2001, pages IEEE, Lan man standard of the ieee computer society. Wireless lan media access control and physical layer specification. IEEE standard , 1997.