WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring - - PowerPoint PPT Presentation

wpa and rsn authentication protocols
SMART_READER_LITE
LIVE PREVIEW

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring - - PowerPoint PPT Presentation

Jan 18, 2024 277 likes •521 views

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation Weaknesses in the WEP protocol 1. No protection against message tampering 2. Incorrect usage of an encryption algorithm 3. Replayable authentication

slide-1
SLIDE 1

1 CS 6204, Spring 2005

WPA and RSN Authentication Protocols

Sean Kugele

slide-2
SLIDE 2

2 CS 6204, Spring 2005

Motivation

Weaknesses in the WEP protocol

  • 1. No protection against message tampering
  • 2. Incorrect usage of an encryption algorithm
  • 3. Replayable authentication method

Proposed Solutions

  • WPA (Wifi Alliance)
  • RSN / WPA2 (802.11i)
slide-3
SLIDE 3

3 CS 6204, Spring 2005

WPA and RSN

♦ Separate the user authentication and

message protection process

  • Allows for dynamic key management
  • Allows existing authentication protocols used in

wired environments to be adapted for use in WLANs

♦ Adopted the 802.1x authentication model

  • Three entities (Client, AS, NAS)

♦ EAP used to communicate during

authentication process

slide-4
SLIDE 4

4 CS 6204, Spring 2005

802.1x model

slide-5
SLIDE 5

5 CS 6204, Spring 2005

Extensible Authentication Protocol (EAP)

♦ Used to encapsulate other authentication

protocols

♦ Four Message Types

  • Request
  • Response
  • Success
  • Failure
slide-6
SLIDE 6

6 CS 6204, Spring 2005

EAP Message Flow

slide-7
SLIDE 7

7 CS 6204, Spring 2005

Paper’s Goal

♦ Define the characteristics of a “good”

authentication protocol

♦ Survey the existing authentication protocols

and determine how well they satisfy these characteristics

slide-8
SLIDE 8

8 CS 6204, Spring 2005

Desired Properties of WLAN Authentication

1.

Mutual Authentication

2.

Identity Privacy

3.

Dictionary Attack Resistance

4.

Replay Attack Resistance

5.

Derivation of Strong Session Keys

6.

Tested Implementation

7.

Delegation

8.

Fast Reconnect

slide-9
SLIDE 9

9 CS 6204, Spring 2005

Three Categories for Proposed Protocols

♦ Secret Key Methods ♦ Public Key Methods ♦ Tunneled Methods

slide-10
SLIDE 10

10 CS 6204, Spring 2005

Secret Key Methods

♦ The client and AS have a shared secret and

establish a trust relationship by proving mutual knowledge of that secret

Pros: Efficiency, require little computational power Cons: Difficult to prevent dictionary attacks without introducing computational

  • verhead
slide-11
SLIDE 11

11 CS 6204, Spring 2005

Secret Key Methods

1.

Lightweight Extensible Authentication Protocol (LEAP)

2.

Kerberos v5

3.

EAP-Secure Remote Password (EAP-SRP)

slide-12
SLIDE 12

12 CS 6204, Spring 2005

Lightweight Extensible Authentication Protocol (LEAP)

slide-13
SLIDE 13

13 CS 6204, Spring 2005

Kerberos v5

slide-14
SLIDE 14

14 CS 6204, Spring 2005

EAP-Secure Remote Password (EAP-SRP)

slide-15
SLIDE 15

15 CS 6204, Spring 2005

Public Key Methods

♦ Public/Private key pair used for

  • authentication. Certificates are generally

used to establish trust

Pros: Solves dictionary attack vulnerability Cons: More complicated to deploy than secret key methods

slide-16
SLIDE 16

16 CS 6204, Spring 2005

Public Key Methods

1.

EAP-TLS

2.

ID-Based Cryptography

3.

Greenpass

slide-17
SLIDE 17

17 CS 6204, Spring 2005

EAP-Transport Layer Security (EAP-TLS)

slide-18
SLIDE 18

18 CS 6204, Spring 2005

ID-based Cryptography

slide-19
SLIDE 19

19 CS 6204, Spring 2005

Greenpass

slide-20
SLIDE 20

20 CS 6204, Spring 2005

Tunneled Methods

Authentication divided into two phases:

1. The client authenticates the AS using EAP-TLS. The resulting session key is used to establish an encrypted tunnel for further communications 2. The AS authenticates the client through the encrypted tunnel.

– Allows the use of a less secure legacy protocol for client authentication

Pros:

1. Tunnel hides client’s identity by encrypting the contents of the EAP Response-Identity message 2. Provides resistance to dictionary attacks and replay attacks, even if the protocol used for client authentication does not

Cons:

1. Vulnerable to a Man-in-the-Middle Attack

slide-21
SLIDE 21

21 CS 6204, Spring 2005

Tunneled Methods

1.

Protected EAP (PEAP)

2.

EAP-Tunneled TLS (EAP-TTLS)

slide-22
SLIDE 22

22 CS 6204, Spring 2005

PEAP vs. EAP-TTLS

♦ These methods differ only in the supported

methods for client authentication

– PEAP supports all EAP methods – EAP-TTLS supports legacy password protocols, such as LEAP, in addition to all EAP methods.

slide-23
SLIDE 23

23 CS 6204, Spring 2005

Protocol Comparison

slide-24
SLIDE 24

24 CS 6204, Spring 2005

Conclusions

♦ LEAP and Kerberos not sufficiently secure due to

dictionary attack vulnerability

♦ EAP-SRP and ID-based Cryptography lack

current implementations for WLANs, so they may contain unknown vulnerabilities

♦ EAP-TLS provides strong security, but lacks

support for delegation or identity privacy

♦ Greenpass, Eap-TTLS, and PEAP are the most

promising because they combine EAP-TLS with possible support for delegation and identity privacy