460 likes | 933 Views
802.1x deployment meeting 11 April 2005. 802.1x. Agenda. Welcome and Introductions (5 mins) JFH – the 802.1x protocol (20 mins) Andy Cattell – the Oddessy client (20 mins) General discussion (to lunchtime). Introduction to 802.1x.
E N D
802.1x deployment meeting 11 April 2005 802.1x
Agenda • Welcome and Introductions (5 mins) • JFH – the 802.1x protocol (20 mins) • Andy Cattell – the Oddessy client (20 mins) • General discussion (to lunchtime)
Introduction to 802.1x Slides pinched from Tom Rixom (Alfa-Ariss) without permission, and edited and extended by Josh Howlett (UOB)
Overview • EAP • 802.1X • Tunnelled Authentication • WIFI Client in Windows • Configuration example • UOB deployment considerations • Questions?
EAP • Extensible Authentication Protocol. • Originally defined for PPP links (ie. dial-up), to replace PAP and CHAP. • It is not an authentication protocol in itself! • It provides mechanisms for: • allowing peers to negotiate which authentication protocol (or 'method' or 'type') they are going to use • transporting the agreed authentication protocol. • indicating success or failure of the authentication protocol • EAP itself is very simple – the authentication protocols it carries vary from simple to complex!
EAP Types • EAP-MD5 (Built-in Windows) • Username and challenge • EAP-TLS (Built-in Windows) • Client/server certificates (PKI) • EAP-MSCHAPV2 (Built-in Windows) • Windows credentials • EAP-OTP • One time passwords • EAP-GTC • Generic Token Cards • Lots more!
EAP • Bindings: EAP method ie. EAP-MD5 EAP Transport protocol ie. PPP over serial
802.1x • Defines “Port Based Network Access Control” • Authenticated switch-port or wireless access point • Uses EAP for authentication • Jargon: 'Supplicant' = laptop/PC/printer/etc; 'Authenticator' = switch/AP; 'Authentication Server' = RADIUS server. • Enables authentication and VLAN allocation based on user credentials
EAP over LAN & RADIUS • 802.1x requires EAP transported over two protocols • EAP over LAN (EAPOL): between supplicant and authenticator (within Ethernet frames) • EAP over RADIUS: between authenticator and authentication server (within UDP/IP packets)
EAP over LAN and RADIUS • Bindings: EAP method EAP (W)LAN RADIUS UDP/IP
Tunnelled Authentication • EAPOL messages are not encrypted. • Not acceptable in broadcast wireless environments! • Development of secure 'tunnelled' EAP methods. • These establish a secure TLS tunnel, bound to EAP, between the supplicant and the authentication server. • Credentials are transported securely through the tunnel; this is the 'inner authentication'.
Tunnelled Authentication • Uses TLS tunnel to protect data • The client MAY use the servers root CA certificate OR a user certificate to authenticate the server. This is not mandatory, but use of certificates allows authentication of auth server. • Tunnelled methods also generate session keys for encryption of link between client and switch/AP.
Tunnelled authentication • Bindings: EAPOL keys Inner authentication Tunnelled EAP method EAP EAPOL keys (W)LAN RADIUS UDP/IP
Tunnelled methods • PEAP • Protected EAP • An inner EAP exchange is transported within the TLS tunnel. • Advocated by Microsoft and Cisco. • TTLS • Tunnelled Transport Layer Security • An inner DIAMETER exchange is tunnelled within the TLS tunnel. • Advocated by Funk. • Both quite similar, TTLS perhaps better designed.
Tunnelled methods • Bindings: EAPOL Keys EAP-MSCHAP, EAP-XXX PAP, CHAP, MSCHAP, etc EAP Diameter PEAP TTLS EAP EAPOL keys (W)LAN RADIUS UDP/IP
Security model CA root certificate CA server certificate Inner authentication Pass-word Tunnelled EAP method RADIUS LDAP NTLM SQL etc. EAP (W)LAN RADIUS UDP/IP IP Keys Supplicant Authenticator EAP server Authn server Shared secret Can be distinct servers, or one
802.11 Ciphers • Ciphers encrypt data “on the wire” between the supplicant and the access point. • A key is a big random number known only by supplicant and authenticator. • Keys may be: • Shared: pre-configured on authenticator and supplicant • Dynamic: sent by the authentication server to supplicant and authenticator • Client and WAP must use the same cipher; if not, 802.1x authentication may succeed, but forwarded data will be garbled.
802.11 Ciphers • WEP • The much maligned 802.11b cipher sub-system • Uses RC4, a common stream cipher • Employs either 64 or 128 bit keys • Problems • Required shared keys originally management & security issues • Shared keys also prone to dictionary attack • WEP is fundamentally broken: the key can be recovered if sufficient data is collected (part of the encrypted frame is predictable)
802.11 Ciphers • Fixing WEP • 802.11i was intended by IEEE to replace WEP, but was taking too long for the “WiFi alliance” (a vendor association) • Wifi Alliance implement a subset of 802.11i called “WPA” (May 2003) • 802.1x EAPOL dynamic key distribution • TKIP: automatic re-keying • Broadcast key rotation • Adding to confusion, some vendors have selected other subsets. • 802.11i finally ratified in June 2004; “WPA2” is the Wifi Alliance’s implementation. • Many improvements; notably the replacement of RC4 with AES
802.1X WIFI Scenario • The WIFI Client (or 'supplicant' in 802.1x jargon) associates with the Access Point. • The Access Point requires 802.1X and sets the Clients “port” to the “Unauthenticated” state. • The Access Point then starts EAPOL communication by sending the EAPOL-Identity message to the Client • The 802.1X Client picks up the EAPOL communication and calls the appropriate EAP module to handle the EAP authentication • After successful authentication the EAP RADIUS Server and Client generate the link encryption keys (based on the TLS tunnel) • The RADIUS Server sends the keys (with the Access Accept) to the Access Point • The Access Point sets the Clients “port” to the “Authenticated state” allowing the client to communicate with the Intranet • The Access Point then uses the keys to encode a WEP key in an EAPOL key message • The Access Point sends the EAPOL key to the Client • The Client decodes the WEP key in the EAPOL key message using the MPPE keys it generated and sets the WEP key • WIFI Client takes over to set-up rest of the connection (DHCP, etc)
Configuration examplePEAP (Wired, Windows 2K) Step 1 • Start Wireless Configuration service
Configuration examplePEAP (Wired, Windows 2K) Step 1 • Start Wireless Configuration service
Configuration examplePEAP (Wired, Windows 2K) Step 2 • Connection properties
Configuration examplePEAP (Wired, Windows 2K) Step 2 • Connection properties
Configuration examplePEAP (Wired, Windows 2K) Step 3 • Authentication properties
Configuration examplePEAP (Wired, Windows 2K) Step 3 • Authentication properties
Configuration examplePEAP (Wired, Windows 2K) Step 4 • PEAP properties
802.1x deployment • Network • Mainly Cisco Aironet 1200 • Multiple broadcast SSIDs • Run 802.1x in parallel to existing service? • Switches: many may not support 802.1x! • WAP/Switch configuration very simple • DHCP • VLAN allocation issues
802.1x deployment • Authentication server • Currently use MS IAS 2000 • Probably inadequate • EAP support requires some software updates • Policy implementation is weak • Does PEAP, but not TTLS • Use FreeRADIUS to terminate EAP, with NTLM authentication to domain controllers?
802.1x deployment • EAP type • One of PEAP/TTLS or both? • If only one, which? • Some considerations • Only PEAP with MS-CHAP is built into Windows natively • TTLS perhaps the better protocol; it would allow PAP inner authentication • SecureW2 open source (ex-commercial) TTLS client for Windows • MacOS X Panther and Linux supports both TTLS and PEAP