Authentication in WLAN

Authentication in WLAN

• Flaws in WEP (Wired Equivalent Privacy) • Wi-Fi Protected Access (WPA)

– Based on draft 3 of the IEEE 802.11i.

– Provides stronger data encryption and user authentication (largely missing in WEP). • WPA authentication protocols

WEP

– Represents first attempt at security

– Uses static 40 or 104 bit keys for authentication and encryption. – Based on RC4 symmetric cipher. Efficient.

Flaws in WEP

(1) No key management protocol tied to WEP

– Access points and clients must be programmed with the same WEP key. Since synchronizing the change of keys is tedious and difficult, keys are seldom changed.

– If attacker cracks key, all traffic can be decrypted (2) The size of the key - 40 bits.

If hacker gathers enough data, using tools such as Aircrack and Airsnort, WEP key can be broken in under 30 minutes.

(3) Authentication messages can be easily forged 802.11 defines two forms of authentication:

Open System (no authentication) or Shared Key authentication.

The Problem?

 A monitoring attacker can observe both the challenge and the encrypted response. From those, he can determine the key used to encrypt the response, and encrypt any challenge he receives in the future.

WPA (Wi-Fi Protected Access):

– Provides sophisticated data encryption than WEP and also provides user authentication. – Do not share the same key for authentication and data encryption.

– Provides for mutual authentication.

The three entities are the client, the Authentication Server (AS), and the AP.

EAP (extensible authentication protocol):

– An authentication framework, not a specific authentication mechanism. – Four message types:

o Request o Respond o Success o Failure.

– Encapsulate other authentication protocols, such as TLS, Kerberos, in its Request and Respond messages.

– The AS uses the Success or Failure message to notify the AP whether the client authentication was successful.

– The Request-Identity (User name) and Response-Identity messages precede other Request and Response messages. Only after that sequence does the EAP start encapsulating other authentication protocols.

– The AP is not aware of the authentication process in detail. It cares only about the authentication server's decision whether to grant the client the access to the network.

– An important role of the authentication process is to establish a shared key that the client and the AP can use for message protection. The message protection process starts only when the authentication process finishes with the EAP message Success, which includes generating a Pairwise Master Key (PMK) on the client and server, and the authentication server sends the PMK to the AP over a secure channel. WPA uses the PMK to generate keys for encryption. – The AS and the client compute the Pairwise Master Key differs from one authentication

EAP support the following methods:

 Lightweight EAP (LEAP): A username/password combination is sent to a Authentication

Server for authentication.

 Kerberos

 _{EAP-TLS: Both the server and the client need a valid (x509) certificate, and therefore a PKI.}

……

Desired Properties of Wireless Network Authentication

1. Mutual authentication 2. Identity privacy

3. Replay attack resistance 4. Fast reconnect

• Mutual Authentication • Identity Privacy

- The identity here is referring to client’s username.

- The Request-Identity and Response-Identity messages are sent in plaintext, attack can easily discover supplicant’s identity by eavesdrop the conversation at the beginning of the process. Thus, EAP methods must take care of hiding client’s identity.

• Replay Attack Resistance

- If an attacker eavesdrops and records the authentication process of a valid client and replays it to gain the access to the network, a replay attack will occur.

• Fast Reconnect

- When the client changes location and associates with another AP, the client may lose connection to the network until he reauthenticates via the new AP. New applications for wireless networks, such as Voice over IP (VoIP), require seamless connections to the network.

Authentication Protocols for WLAN

– Symmetric key approach: LEAP – Public key approach: EAP-TLS

Symmetric Key Approaches

– Efficient and require little computational power. Especially important in wireless networks because many wireless devices, such as PDAs and mobile VoIP phones, have little computational power.

– Drawbacks: most symmetric key authentication protocols derive the shared secret from the user's password and some passwords are not strong, it is easy for the attacker to extract the secret key from them.

Lightweight Extensible Authentication Protocol (LEAP)

– Includes mutual authentication and Pairwise Master Key derivation.

Client (C) Authentication Server (S) Request Identity

Response Identity (username of client c) and request s s= Random Challenge

Response (Authenticate Client)

Success and Request c c=Random Challenge

(Authenticate AS)

Calculate Challenge Hash Using User- Supplied Password H(EPassword(s))

Calculate Challenge Hash Using User- Supplied Password

Public Key Approaches:

Transport Layer Security (EAP-TLS)

Client Authentication Server (AS) Request Identity

Response Identity

Request c

c= random number Response c

s, CertAS s = random number

CertAS= AS certificate

p = random number

CertClient = Client Certificate Response E(ASpubkey, p), CertClient

SignatureClient = Client Digital SignatureClient

Signature Authenticate Client Both calculate Pairwise Master Key = F (c, s, p)

Request (TLS finish) contains hash of handshake messages

Authenticate AS

Response (TLS finish)

Summary of Symmetric and Public Key Approaches

 _{LEAP is well understood and widely deployed.}

 _{EAP-TLS is a public key approach that provides strong security. EAP-TLS satisfies all}

properties, except identity privacy and fast reconnect. EAP-TLS does not provide a way to authenticate clients who do not have a certificate that are signed by the CAs that the AS trusts.