The IEEE 802.1X Framework: Port-Based Access Control

As described in Section 3, the IEEE 802.11 standard uses the IEEE 802.1X standard to provide mutual authentication between STAs and ASs. IEEE 802.1X is a general-purpose, extensible framework for authenticating users and distributing cryptographic keys. The actual authentication mechanism incorporated into the framework is implemented by the STA and the AS using EAP. EAP provides a framework that allows the use of multiple methods for achieving authentication, including static

passwords, dynamic passwords (e.g., one-time passwords, token generators), and public key cryptography certificates (on the AS only or on both the AS and STAs). Dozens of standard and proprietary EAP methods exist; Section 6 provides more information on the most commonly used ones.

IEEE 802.1X authentication has three main components: a client (also known as a supplicant), an authenticator, and an AS. The authenticator simply passes authentication traffic between the client and AS. IEEE 802.1X controls the flow of data between the DS and STAs by use of a controlled/uncontrolled port model. EAP authentication occurs through the IEEE 802.1X uncontrolled port on the authenticator; non-EAP data frames are passed or blocked via the IEEE 802.1X controlled port, depending upon the success or failure of IEEE 802.1X authentication (which includes EAP). This model is known as port-

based access control. Using this concept, IEEE 802.1X achieves the objective of blocking access for unauthorized parties in an IEEE 802.11 WLAN.

The authentication message flows between the client and the authenticator typically use the EAP over LAN (EAPOL) protocol. RADIUS is the protocol most commonly used to transport EAP messages between the authenticator and the AS. The steps in a typical successful IEEE 802.1X authentication exchange when RADIUS is used to support authentication-related traffic on the DS are as follows:

1. The supplicant (client) starts the exchange with an EAPOL-Start message.

2. The EAP exchange begins with the authenticator issuing an EAP-Request/Identity frame to the supplicant.

3. The supplicant replies with an EAP-Response/Identity frame. This is passed on to the RADIUS server over the uncontrolled port as a RADIUS-Access-Request packet.

4. The AAA server replies with a RADIUS-Access-Challenge packet, which is passed on to the supplicant as an EAP-Request. This request is of the appropriate authentication type and contains relevant challenge information.

5. The supplicant formulates an EAP-Response message and sends it to the authenticator. The response is translated by the authenticator into a Radius-Access-Request, with the response to the challenge as a data field.

6. The AAA server grants access with a Radius-Access-Accept packet. The authenticator issues an EAP-Success frame. The controlled port is authorized, and the user may begin to access the network.

7. During the termination phase, when the supplicant is finished accessing the network, it sends an EAPOL-Logoff message to restore the controlled port to an unauthorized state.

Figure 5-10 depicts the authentication frame flow in an IEEE 802.11 RSNA. As shown, authentication occurs between the STA and AS, with the AP assisting in the networking dialog. The IEEE 802.1X controlled port is blocked before the EAP authentication procedures take place. The EAP authentication process, which occurs over the IEEE 802.1X uncontrolled port, starts when the AP sends the EAP- Request frame to the STA, or the STA sends the EAPOL-Start frame. EAP frames pass between the STA and the AS via the uncontrolled ports.

AP STA

AS

802.1X EAP Probe Request

Accept / EAP-Success Key Material

Extensible Authentication Protocol Exchange

802.1X EAP Probe Response

Access Request ( EAP Request)

802.1X EAP Success

802.1X controlled port blocked 802.1X controlled port blocked

AP STA

AS

802.1X EAP Probe Request

Accept / EAP-Success Key Material

Extensible Authentication Protocol Exchange

802.1X EAP Probe Response

Access Request ( EAP Request)

802.1X EAP Success

802.1X controlled port blocked 802.1X controlled port blocked

Figure 5-10. Authentication Phase of Operation

At the conclusion of the authentication dialog, the AP controlled port is still blocked to general user traffic. Although the authentication is successful, the ports remain blocked until the temporal keys are installed in the STA and AP, which occurs during the 4-Way Handshake. This blocking keeps

unauthorized traffic from entering the DS and prevents any traffic from the DS from being transmitted wirelessly. The STA may also initiate an IEEE 802.1X authentication frame exchange. In this case, the exchange is the same, with the exception that the STA initiates it by issuing an EAPOL-Start message to the AP.

After the six-step authentication process has been completed, the AAA key is installed in the STA and the AS. As discussed in Section 4.2.1, the AAA key serves as a root key to enable the generation of other keys used to secure communications between the STA and the AP. The AAA key for this particular STA is the foundation of security, and its compromise would be devastating to the overall security of the system. The IEEE 802.11 standard does not describe specifically how the MSK is delivered to the AS and STA; it relies on EAP to handle this. Although the standard does not prescribe a method for secure MSK delivery and installation, it does indicate the importance of the connection between the AS and AP. 5.4.2 Authentication with the PSK

Typically, the authentication phase provides mutual authentication of a STA and an AS in an RSNA and delivers the Master Session Key to the AP and, sometimes, to the STA. However, in an RSNA that has negotiated the PSK AKM during the discovery phase, the authentication phase is not required, because

the shared key has already been distributed and installed in an out-of-band manner that has implicitly provided authentication. Therefore, when the AKM is PSK, the authentication phase is skipped entirely, as shown in Figure 5-11. However, the IEEE 802.1X controlled ports are still blocked, preventing users’ traffic from being passed to the DS.

Figure 5-11. Differences in the Five Phases when a PSK Is Used

5.4.3 AS to AP Connections

As shown in Figure 5-4 and Figure 5-11, following the authentication phase of operation, the AS delivers the AAA key to the AP. The data flows from the two network elements are depicted in Figure 5-11 by the dashed rectangle labeled AS-AP Key Distribution. As described in Section 4.2.1, the AAA key is the basis of the Pairwise Transient Key (PTK) and other keys (i.e., TK, EAPOL-KEK, and EAPOL-KCK). The interface between the AS and the AP—to allow the distribution of the AAA key and support mutual authentication—is not fully defined in the IEEE 802.11i specification. However, RADIUS and Diameter are the protocols most likely to be used to support authentication traffic between an AS and AP.

Although the details of the communications interface between the AS and the AP are outside the scope of the IEEE 802.11i amendment, the amendment does contain several requirements for the interface to ensure that the security of an RSN is not compromised. Specifically, the communication link between the AS and AP must provide the following:

+ Robust, mutual authentication between the AS and AP + An end-to-end channel for the mutual authentication

+ The ability to transfer the cryptographic key generated by the AS to the AP securely. As shown in Figure 5-12, the AS to AP communication must provide confidentiality and integrity, and the AS must prevent key compromise during storage.

Figure 5-12. AP to AS Communication

The AS is a critical component of overall RSN security. The IEEE 802.11 standard assumes the following with respect to the AS:

+ It does not expose or compromise the PMK (a subset of the AAA key) to other entities besides the AP.

+ It does not masquerade as a STA to the AP. + It does not masquerade as an AP to the STA.

Figure 5-13 depicts a typical enterprise environment with numerous STAs and APs, plus a single AS to provide authentication services during the third phase of RSN establishment. A AAA server running RADIUS is commonly used as the AS, but other types of AAA servers such as those supporting Diameter may also perform the service. In some small or single AP implementations, the AS may be physically integrated into the AP. In that case, there is no external communication for EAP authentication or for delivery of the AAA key.

Figure 5-13. Typical Enterprise with Multiple APs, STAs, and an AS