250 likes | 381 Views
Thinking Outside the Box: Extending 802.1X Authentication to Remote “Splitter” Ports by Combining Physical and Data Link Layer Techniques. Presentation by: Arun Saha. Arun Saha, Mart Molle Department of Computer Science & Engineering University of California, Riverside. Overview.
E N D
Thinking Outside the Box:Extending 802.1X Authentication to Remote “Splitter” Ports by Combining Physical and Data Link Layer Techniques Presentation by: Arun Saha Arun Saha, Mart Molle Department of Computer Science & Engineering University of California, Riverside
Overview • Proposal of very small easy-to-use Ethernet switch. • Switch to Switch authentication • without any third party authentication server • without disclosing all secrets • Specifically, detecting man-in-the-middle attack using physical properties of the link.
Problem Statement • How to accommodate large number of wired networked computers within small floor area? • Issues: • Limited number of ports on wall • Wiring clutter should be as little as possible • Reconfiguration of host layout should be easy • Goal: Combine the following features • convenience of bus topology • superior performance and security of star topology
We propose Splitters • The monolithic switch is replaced by: • “main” switch module locked in telecom closet • “slave” modules called Ethernet Splitters • Splitter properties: • Single chip implementation • VLAN-capable • Powered over Ethernet cable • At least three external interfaces
String Topology of Splitters Splitters will always be connected in a linear chain to the main switch. Maximum number of hosts = Ratio of backbone link speed to access link speed.
Cabling costs reduced • Assume ‘m’ hosts located in same work area form a single splitter chain. Change in component count: • Inside telecom closet m to 1 • Inside wall m to 1 • At work area • Patch cables: m to 2m • Splitter: 0 to m (assuming worst case, i.e. one splitter supports one host) • Savings: (m – 1) permanent items in (2)
Security & Control • Equivalent Security to a Monolithic Switch: • In both cases, Client exchanges 802.1X authentication frames with the main switch (authenticator). • Splitters maintain separation between traffic tagged with different VLAN Ids. • Splitters prevent an intruder from gaining unauthorized access to the backbone link. • Administrator can control the splitters remotely from main switch.
Two forms of authentication Between User PC and main Switch: Standard 802.1X Authentication Between Splitters: Incremental authentication (our proposal)
Incremental Splitter Authentication • The splitter chain grows by adding one new splitter at a time to the end of the chain. • The last one in the existing chain authenticates the new one.
Notion of authentication • Network administrator writes site-specific secret data into splitter memory. • All splitters in a domain contain same secret. • A splitter does not have any singular identity to authenticate itself. • It responds to challenges based on the site-specific secret.
Definition: Bonafide & Alien Splitters • The last splitter of the existing chain exchange authentication messages with new splitter and classifies the later as • Bonafide splitter or • Alien • There is a possibility that a device does not know site-specific data but still responds to challenges correctly.
Man-in-the-middle attack • Intruder may try to sneak in to the backbone link using a laptop. Then, it will have access to all traffic in and out of the hosts attached to the downstream splitters. • We design authentication mechanism such that, both U and Y detect the existence of the attacker. X U Y
Timing Diagram • U is last splitter in existing chain • Assume there is some method to measure round trip time, 2T1. • Excess delay = time beyond RTT. • Tbonafide = T2 • Talien = 2T1+2T3+T2
So far… We can detect man-in-the-middle attack if: • Authenticator can estimate the round trip time, 2T1 • Challenge Involved: Received Signal contains echoes of past transmitted signals in various amounts. • Supplicant can respond to challenge messages from authenticator in two symbol times (approx.) • Challenge Involved: Authentication mechanism should be such that, responder can generate responses absolutely quickly. The offline computation time can be large, but, online time is restricted.
Ways of estimating T1 (or 2T1) • by Digital Echo Canceler • by Automatic Gain Control (AGC) • by Resistor Detection Algorithm used in Power over Ethernet
Exchanging Authentication Messages • Authentication messages are sent as ordinary Ethernet frames when the link is operating at full duplex mode. • Finite State Machine for Ethernet MAC needs to be modified. • Receiver can minimize T2 as follows: • A Mask string is computed offline and kept ready before challenge comes. • Preamble of response frame is started as soon as preamble of challenge frame starts arriving. • Incoming octet from Challenge frame payload is XORed with one byte of mask and sent back.
Splitter Authentication Initialization • All bona fide splitters and main switch knows • a prime number ‘p’ and ‘a’relatively prime to ‘p’. • An array of bits ‘A’ of length 2l • ‘r’ (r > l) bit linear feedback shift register (LFSR) made of same polynomial • Splitters exchange their public keys and agree on a common number, ‘B’ (Diffie-Hellman key exchange) • Splitters exchange ‘k’ (k > l) bit authentication messages containing two parts (intermixed with one another): • Position: A ‘l’ bit string signifying the starting index in array • Body: A ‘k – l’ bit string which is a challenge or response
Initial Contents 15 14 13 12 1001 1100 1010 0110 11 10 9 8 7 6 5 4 3 2 1 0 B B P B B P P B B B P P B B B B After 1 shift 0011 1001 0100 1101 After 2 shifts 0111 0010 1001 1010 After 3 shifts 1110 0101 0011 0101 After 4 shifts 1100 1010 0110 1010 After 5 shifts 1001 0100 1101 0100 After 6 shifts 0010 1001 1010 1001 Computation of Position bits; l = 5, k = r = 16 • LFSR is initialized with rightmost ‘r’ bits of ‘B’. • Shifted until ‘l’ unique least significant [log2k] bits are found. • In this case, position bits are: 13, 10, 5, 4 and 9. I.e. these bit positions in authentication message are the Position bits. LFSR for x16+x15+x14+1 LFSR iterations
U1 Time constraint f(U1) X1 f(X1) U2 Challenge Response Messages U X U sends challenge U1 X responds with • Response f(U1) • And own challenge X1 U responds with • Response f(X1) • And own challenge U2 • Short online computation time, long offline computation time preparing for next challenge.
Computation of Response mesg. in transceiver • Position bits in Ui are used to create mask string to answer challenge Ui+1. Same for Xi. • Example computation of f(X2): • Let Position bits in X1 be 01100 i.e. 12 • (k – l) bits of A starting from 12, i.e. A12-22 will be used for masking • Some randomly generated bits are put as position bits The final mask is composed of random bits and portion of A placed appropriately.
Recapitulation • Small, inexpensive, easy-to-use Ethernet switch. • Inter splitter authentication • both splitter challenge each other • without any third server • Detecting man-in-the-middle attack to protect integrity of backbone chain.
Location Based Authentication • To validate whether the originator of the message is really at the position claimed. • The work presented can be viewed as location based authentication in single dimension.
THANK YOUQuestions & Answers A. Saha, M. Molle