1 / 11

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow. Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN standard for authentication. What is PEAP ?. PEAP is an 802.1x authentication protocol typically designed for access control in wireless LANs

fredricka-elijah
Download Presentation

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Master Thesis ProposalBy Nirmala BulusuAdvisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN standard for authentication

  2. What is PEAP ? • PEAP is an 802.1x authentication protocol typically designed for access control in wireless LANs • It makes use of two well known protocols • Extensible Authentication Protocol • Transport Layer Security

  3. IEEE 802.1x - Overview • Is a port based access control mechanism. • Transports data between the Client (Supplicant) and the server [RADIUS]

  4. What is EAP ? • Protocol for communication between Supplicant and an Authenticator • EAP messages encrypted directly over a LAN medium – EAPOL defined • Access Point [Authenticator] forwards these EAP messages encapsulated in RADIUS packets to RADIUS server • EAP allows authenticator to serve only as an carrier without needing to know the EAP authentication protocol type.

  5. EAP–TLS • Transport Layer Security [TLS] exchange of messages provides mutual authentication with both client and server validating each other via certificates. • Imposes substantial administrative burden • Requires a full fledged PKI infrastructure support established. • The client certificates must be managed, revoked and distributed

  6. Need for PEAP • Wireless AP broadcasts all traffic hence can easily collect data if within the broadcast range • PEAP answers this by transmitting user-sensitive data in an encrypted channel - the established TLS tunnel • Wireless Encryption seen to be weak • Using PEAP the data within the tunnel cannot be decrypted without the TLS master secret and the key is not shared with the Access point • With PEAP only server side PKI infrastructure based digital certificates are used to authenticate EAP servers.

  7. EAP –TLS Test Bed in LAB

  8. Goal of Thesis • Implement a basic server-side working model of the PEAP protocol on a Linux Server based on the IETF internet draft proposal [www.ietf.org/internet-drafts/ draft-josefsson-pppext-eap-tls-eap-06.txt ] • Perform a comparison between the two 802.1x EAP standards – TTLS and PEAP. • Deliverables • A thesis report documenting the implementation details of the PEAP module on freeradius and xsupplicant. Should also include the configuration details of the wireless network set-up and lessons learned in this thesis project. • The source code of the PEAP module.

  9. Thesis Plan • Work Done Till Date • Installing and Configuring the Client Side software – Xsupplicant [www.open1x.org] • Installing and configuring Radius Server - FreeRadius [www.freeradius.org] • Installing and configuring OpenSSL. [www.openssl.org] • Set-up a test bench to test EAP-TLS with the above configured software. • Running Xsupplicant, Cisco AP-1200 and FreeRadius with EAP type set to TLS. Successfully established the Authentication.

  10. Thesis Plan Contd…. • Work in Progress • Study and analyze both the Client [Xsupplicant] and Server side [Free Radius] implementations of the IEEE 802.1x EAP protocol. • Work to be done • Implement the Server Side Code with PEAP modules to authenticate PEAP Users. • Configure Xsupplicant, FreeRadius and the Access Point to support EAP type PEAP. • Test the implementation of the PEAP modules. • Run and test Xsupplicant, Cisco AP-1200 and FreeRadius set-up configured to EAP type TTLS and EAP type PEAP. • Study and analyze the logs showing the protocol handshakes using packages like ethereal and tcpdump. • Compare performance of the two protocols TTLS and PEAP. • Write Thesis

  11. References [1] Protected EAP (IETF draft, work in progress) March 2003: http://www.globecom.net/ietf/draft/draft-josefsson-pppext-eap-tls-eap-06.html [2] IEEE 802.1X Port Based Network Access Control, by Paul Congdon: http://www.ieee802.org/1/files/public/docs2000/P8021XOverview.PDF [3] The Unofficial 802.11 Security Web Page. Security analyses of 802.11 http://www.drizzle.com/~aboba/IEEE/ [4] PPP Extensible Authentication Protocolhttp://www.ietf.org/rfc/rfc2284.txt [5] PPP EAP-TLS Authentication Protocol http://www.ietf.org/rfc/rfc2284.txt [6] PEAP – Product Documentation http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_ias_protocols_peap.asp

More Related