EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Some Common Campus PKI Applications January 2004 CSG Meeting Jim Jokl.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Protected Extensible Authentication Protocol
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
Ariel Eizenberg PPP Security Features Ariel Eizenberg
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
KIRAN CHAMARTHI NETWORK SECURITY
Wireless Security with 802.1X Copyright 2005 Michael Griego This work is the intellectual property of the author. Permission is granted for this material.
802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.
802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Wireless Authentication via EAP-FAST Party of Five Brandon Hoffman Kelly Koenig Azam Masood Phil Nwafor MSIT 458: Security (Professor Chen)
What about 802.1X? An overview of possibilities for safe access to fixed and wireless networks Amsterdam, October Erik Dobbelsteijn.
Windows 2003 and 802.1x Secure Wireless Deployments.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
Mobile and Wireless Communication Security By Jason Gratto.
WIRELESS LAN SECURITY Using
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Eugene Chang EMU WG, IETF 70
Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli
High-quality Internet for higher education and research Paul Dekkers April 4th, Turkey.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Securing your wireless LAN Paul DeBeasi VP Marketing
KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.
Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)
Cisco’s Secure Access Control Server (ACS)
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
802.1X in SURFnet 22 May 2003.
Lecture 24 Wireless Network Security
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
Authentication Protocols Natalie DeKoker, Lindsay Haley, Jordan Lunda, Matty Ott.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Port Based Network Access Control
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Authentication and handoff protocols for wireless mesh networks
CompTIA Security+ Study Guide (SY0-401)
Configuring and Troubleshooting Routing and Remote Access
The Tunneled Extensible Authentication Method (TEAM)
On and Off Premise Secure Access
– Chapter 5 (B) – Using IEEE 802.1x
SECURING WIRELESS LANS WITH CERTIFICATE SERVICES
Authentication and handoff protocols for wireless mesh networks
Presentation transcript:

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar

Contents: Introduction Architecture Features Implementations – Cisco LEAP – EAP-TLS – EAP-MD5 – PEAP – Other Subtypes Comparison Chart 2CmpE 209 Team Golmaal

Introduction What is EAP? – Defined by RFC 2284 and 3748 – Universal Authentication Framework – Mainly used in Wireless Networks and Point to point connections – A flexible protocol used to carry arbitrary authentication information. – Typically rides on top of another protocol such as 802.1x or RADIUS 3CmpE 209 Team Golmaal

EAP Architecture 4CmpE 209 Team Golmaal

EAP Features Provides some common functions and a negotiation of the desired authentication mechanism called methods. Currently there are about 40 different methods Methods defined in IETF RFCs include – EAP-MD5 – EAP-OTP – EAP-GTC – EAP-TLS – EAP-IKEv2 and in addition a number of vendor specific methods and new proposals exist Commonly used modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, PEAP, LEAP and EAP-TTLS 5CmpE 209 Team Golmaal

Cisco LEAP Lightweight Extensible Authentication Protocol also known as Cisco-Wireless EAP Proprietary wireless LAN authentication method developed by Cisco Systems. Provides username/password-based authentication between a wireless client and a RADIUS server like Cisco ACS or Interlink AAA Among a few protocols used with the IEEE 802.1X standard for LAN port access control. 6CmpE 209 Team Golmaal

Architecture of LEAP Access Point Client ACS Server 7CmpE 209 Team Golmaal

LEAP Process 8CmpE 209 Team Golmaal

Limitations of LEAP Uses a modified authentication protocol version of MS-CHAP in which user credentials are not strongly protected. Can be susceptible to eavesdropping. For more robust implementations use of cryptography is necessary for securing user credentials 9CmpE 209 Team Golmaal

ASLEAP 10CmpE 209 Team Golmaal

Cisco’s Response to Limitation of LEAP Suggests that network administrators to have either of the two reactive techniques: – Force users to have stronger, more complicated passwords – Switch to alternative protocol developed by Cisco (EAP-FAST) for more security. 11CmpE 209 Team Golmaal

EAP TLS An Internet Engineering Task Force (IETF) standard (RFC 2716) that is based on the TLS protocol (RFC 2246) Considered extension to SSL Uses digital certificates for both user and server authentication It uses PKI to secure communication to the RADIUS authentication server EAP-TLS is the original standard wireless LAN EAP authentication protocol Supported my all operating systems and network appliances. 12CmpE 209 Team Golmaal

EAP Authentication Process in wireless network

EAP-TTLS (Extension of EAP-TLS) Extends EAP-TLS Securely tunnels Client authentication within TLS records TTLS requires only server-side certificates but in EAP TLS more certificates are used These certificates are used for one-way TLS authentication (network to user), and once you have a nice, safe, encrypted and integrity-checked channel, you can use EAP inside of the TLS tunnel for any other authentication 14CmpE 209 Team Golmaal

PEAP PEAP is an IETF draft RFC authored by Cisco Systems, Microsoft, and RSA Security A method to securely transmit authentication information, including passwords, over wired or wireless networks Uses a digital certificate only for server authentication Very similar to TTLS! A TLS tunnel is established, and another EAP session takes place inside For user authentication, PEAP supports various EAP-encapsulated methods within a protected TLS tunnel PEAP sub-types - PEAPv0/EAP-MSCHAPv2 - PEAPv1/EAP-GTC 15CmpE 209 Team Golmaal

PEAP authentication process 16CmpE 209 Team Golmaal

EAP MD5 One of the most simple EAP types that can be used. Uses MD5 hashing. EAP-MD5 offers no key management or dynamic key generation, requiring the use of static WEP keys Okay for wired LANs, offers minimal security in wireless Vulnerable to dictionary attacks, and does not support mutual authentication or key generation Unsuitable with dynamic WEP, or WPA/WPA2 enterprise 17CmpE 209 Team Golmaal

Other EAP Subtypes EAP-PSK: pure symmetric-key EAP EAP-IKEv2: EAP authentication method based on the Internet Key Exchange Protocol version 2 (IKEv2) EAP-FAST: Flexible Authentication via Secure Tunneling (it is a proposal by Cisco Systems to fix the weaknesses of LEAP) EAP-SIM: Used for authentication and session key distribution using the Global System for Mobile Communications (GSM) Subscriber Identity Module (SIM) EAP-AKA: It is for UMTS Authentication and Key Agreement is used for authentication and session key distribution using the Universal Mobile Telecommunications System (UMTS) 18CmpE 209 Team Golmaal

EAP-MD5LEAPEAP-TLSEAP-TTLSPEAP Server Authentication NonePassword HashPublic Key (Certificat e) Supplicant Authentication Password Hash Public Key (Certificate or Smart Card) CHAP, PAP, MS- CHAP(v2), EAP Any EAP, like EAP-MS- CHAPv2 or Public Key Dynamic Key Delivery NoYes Security Risks Identity exposed, Dictionary attack, Man-in- the-Middle (MitM) attack, Session hijacking Identity exposed, Dictionary attack Identity exposed MitM attackMitM attack; Identity hidden in Phase 2 but potential exposure in Phase 1 Comparison Chart 19CmpE 209 Team Golmaal

References tworking_solutions_white_paper09186a008009c8b3.shtml sid7_gci843996,00.html 20CmpE 209 Team Golmaal

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.