1 / 28

An Initial Security Analysis of the IEEE 802.1x Standard

An Initial Security Analysis of the IEEE 802.1x Standard. 965002102 徐振翔 975002013 陳昱任 975002039 許琇筑 2011/11/17. Outline. Introduction IEEE 802.1x Standard Man-in-Middle, Session Hijack attack Proposed solution Conclusion Reference. Introduction.

aderes
Download Presentation

An Initial Security Analysis of the IEEE 802.1x Standard

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Initial Security Analysis of the IEEE 802.1x Standard 965002102 徐振翔975002013 陳昱任975002039 許琇筑2011/11/17

  2. Outline • Introduction • IEEE 802.1x Standard • Man-in-Middle, Session Hijack attack • Proposed solution • Conclusion • Reference

  3. Introduction • The IEEE 802.1X standard based on IEEE 802.11 standard. • Introduction of IEEE 802.1X standard. • Use Man-in-Middle, Session Hijack attack against IEEE 802.1X authentication and access control.

  4. 802.11 Security • A wireless network is broadcast by nature, and the media is reachably-broadcast. • Authentication and data encryption. • The 802.11 standard for WLAN communications introduced the Wired Equivalent Privacy (WEP) protocol.

  5. Basic Security Mechanisms • Two Model: ad-hoc and infrastructure mode. • A wireless client establish a relation with an AP, called an association. • Unauthenticated and unassociated • Authenticated and unassociated • Authenticated and associated

  6. STA and AP exchange authentication Management frames between state 1 and 2. Open system ,share key and Mac-address based control list. WEP was designed to provide confidentiality. 802.11 State Machine

  7. WEP Protocol • The WEP protocol is used in 802.11 networks to protect link level data during wireless transmission. • It relies on a secret key k shared between the communicating parties to protected the body of a transmitted frame of data. • Encryption of a frame proceeds: checksumming and encryption.

  8. WEP Protocol (2)

  9. Outline • Introduction • IEEE 802.1x Std and RSN • Man-in-Middle, Session Hijack attack • Proposed solution • Conclusion

  10. IEEE 802.1x and RSN • IEEE 802.1x is a security framework must provide network access authentication. • RSN (Robust Security Network) provides mechanisms to restrict network connectivity to authorized entities only via 802.1x.

  11. Supplicant: An entity use a service via a port on the Authenticator. Authenticator: A service provider. AAA Server: A central authentication server which directs the Authenticator to provide the service after successful authentication. IEEE 802.1x Setup

  12. EAP is built around the challenge-response communication paradigm. Four type messages: EAP Request, EAP Response, EAP Success, EAP Failure. Extensible Authentication Protocol (EAP)

  13. Dual Port Model • The AP (Authenticator) must permit the EAP traffic before the authentication succeeds.

  14. The EAP Over Lan (EAPOL) protocol carries the EAP packets between authenticator and supplicant. An EAPOL key message provides a way of communicating a higher-layer negotiated session key. EAPOL

  15. RADIUS • Remote Authentication Dial-In User Service (RADIUS) Protocol. • The Authentication server and the authenticator communicate using the RADIUS.

  16. A Typical Authentication Session using EAP EAPOL RADIUS

  17. What RSN Provides • 1.Per-packet authenticity and integrity between the AAA(RADIUS)server and AP. • 2.Scalability and Flexibility. • 3.Access control.(session-hijack attack) • 4.One-way Authentication.(Man-In-Middle attacks)

  18. Outline • Introduction • IEEE 802.1x Std and RSN • Man-in-Middle, Session Hijack attack • Proposed solution • Conclusion

  19. Attack • MIM (Man-in-Middle) attack. • Session Hijacking. • Denial of Service (DoS).

  20. Man-in-Middle • An attacker forge this packet on behalf of the authenticator and potentially start a simple Man-in-Middle attack.

  21. Session Hijacking • The session hijack by spoofing a 802.11 MAC disassociate message.

  22. Denial of Service (DoS) • EAPOL Logoff, EAPOL Start message spoofing. • EAP failure message spoofing. • Spoofing of 802.11 management frames. • Large number of associate request.

  23. Outline • Introduction • IEEE 802.1x Std and RSN • Man-in-Middle, Session Hijack attack • Proposed solution • Conclusion

  24. Per-packet Authenticity and Integrity • Lack of per-packet authenticity and integrity in IEEE 802.11 frames has been a key contributor in many of the protocol’s security problems. • There are currently no plans by the IEEE to add integrity protection to management frame. • The session hijack attack primarily exploited.

  25. Authenticity and Integrity of EAPOL messages • Addition of an EAP authenticator attribute.

  26. Outline • Introduction • IEEE 802.1x Std and RSN • Man-in-Middle, Session Hijack attack • Proposed solution • Conclusion

  27. Conclusion • Because the transport medium is shared, permits attackers easy and unconstrained access. • Our attacks demonstrate that the current RSN architecture does not provide strong access control and authentication.

  28. Reference • Arunesh Mishra, William A. Arbaugh, “An Initial security analysis of the IEEE 802.1x Standard”. • N.Borisov, L.Goldberg, D.Wagner, “Intercepting Mobile Communications: The Insecurity of 802.11”. Proc., Seventh Annual International Conference on Mobile Computing and Networking, July, 2001, pages 180-188. • IEEE, Lan man standard of the ieee computer society. Wireless lan media access control and physical layer specification. IEEE standard 802.11, 1997.

More Related