MONTHLY ONLINE EXCLUSIVE ARCHIVE
Under the Hood: Wireless Authentication
Current Online Exclusive
Online Exclusive Archive
What exactly does the IEEE 802.1x specify? And why are there so many flavors of the Extensible Authentication Protocol (EAP) algorithm?
The authentication of both users and networks is a critical component of wireless LAN security. However, unlike data encryption -- the other major component of wireless network security -- authentication was not specified in the original 802.11 wireless LAN standards. As a result, the wireless industry has rallied around a protocol called 802.1X as a standard authentication framework for 802.11 LANs.
The IEEE 802.11 Task Group I, for example, is drafting amendments to the 802.11 specifications to include 802.1X. Vendors such as Cisco have implemented 802.1X and compatible authentication algorithms in their products. These algorithms are based on the Extensible Authentication Protocol (EAP), which is specified in IETF RFC 2284.
EAP was originally created for use with Point-to-Point Protocol (PPP)-based WANs such as dial-up networks. There are now many derivatives of EAP for use in 802.11 and other LANs. The 802.1X standard leaves the choice of the algorithm up to the network implementer.
Cisco Aironet wireless LAN products support 802.1X and several authentication algorithms. These include EAP Cisco Wireless (also called Cisco LEAP) and EAP-Transport Layer Security (TLS). In addition, Cisco products will eventually support an emerging algorithm called Protected EAP (PEAP), currently an Internet Draft protocol. Similarly, Microsoft, in the newer versions of its operating systems, supports 802.1X and EAP-TLS and has announced plans to support PEAP.
It can be easy to confuse the various components and functions of wireless LAN authentication. Here, we'll take a close look at 802.1X, Cisco Wireless EAP, EAP-TLS, and the emerging PEAP algorithm.
What is 802.1X?
802.1X is a port-level access control protocol that sits between one of any number of optional authentication algorithms and an underlying LAN. It is not an authentication algorithm itself. Rather, it translates messages from an authentication algorithm into the appropriate frame formats of the LAN access types, below. The LAN type pertinent to this discussion is 802.11, but 802.1X can also be used as the authentication method for other 802-based LANs, including 802.3 Ethernet or 802.5 Token Ring networks (see diagram).
802.1X leaves both the choice of authentication algorithm and key management method up to each EAP authentication type. The Cisco LEAP algorithm, for example, derives a per-user, per-session encryption key as an enhancement to the IEEE 802.11b standard for Wired Equivalent Privacy (WEP)-based encryption, explains Pejman Roshan, a Cisco technical marketing engineer.
Specifically, a piece of the 802.1X protocol called the Port Authentication Entity (PAE) runs on the three components of a secure wireless network system: the client device, the access point (AP), and the back-end authentication server such as a Remote Authentication Dial-In User Service (RADIUS) server, Roshan explains. In the Cisco product line, these components, respectively, are the Cisco Aironet® 350 Series client adapter, the Cisco Aironet 1200 Series Access Point, and the Cisco Secure Access Control Server.
In 802.1X terminology, when the PAE is functioning on the client device being authenticated, it is called the supplicant. The PAE function on the AP is called the authenticator, and the software on the back-end server is called the authentication server. The authentication server must support the same EAP authentication algorithm in use by the client.
Step by Step: Cisco LEAP
The Cisco derivative of EAP is based on mutual authentication, which means that both the user and the AP to which the user is attempting to connect must be authenticated before access onto the corporate network is allowed. Mutual authentication protects enterprises from unauthorized (or "rogue") APs serving as a potential launching pads for entry into the network.
Cisco LEAP is based on a username/password scheme and uses the following basic authentication process:
- A client connects to the wireless medium.
- The client sends a start message to an AP.
- The AP sends an access request on behalf of the client to the authentication server.
- The client sends its username to the AP, which forwards it to the authentication server.
- The authentication server sends a challenge back.
- The AP forwards the challenge to the client as an EAP message over 802.1X.
- The client runs the challenge through the Cisco LEAP algorithm, mixes challenge and user password together, and responds with a value, which the AP forwards to the authentication server.
- The authentication server runs the user password through the Cisco LEAP algorithm, which processes the challenge and client response, then compares its derived value with the value it received from the client. If the two values match, the authentication server sends a success message to the AP, which passes it to the client.
- Now, the client sends a challenge to the authentication server to authenticate the AP (the network), and proceeds through the reverse Cisco LEAP process.
- If the network is successfully authenticated, the client passes a success message through the AP to the authentication server, which opens a port. The user is live on the network.
- Cisco LEAP RADIUS server a WEP key for that session and stores it in the AP.
- The Cisco LEAP client locally derives the WEP key.
The basic handshaking process using EAP-TLS, which also supports mutual authentication, is nearly identical to that of Cisco LEAP. However, EAP-TLS uses digital certificates instead of usernames and passwords to fulfill the mutual challenge. When a client requests access, the response from the authentication server is a server certificate. The client has a certificate, signed by an in-house or third-party certificate authority, that has been preconfigured by the network administrator.
The client will reply to the authentication server's challenge with its own certificate, rather than with a password. Using its digital certificate, the client also validates the server certificate. Based off the certificate values, the EAP-TLS algorithm can derive dynamic WEP keys, and the authentication server will send the client the WEP key for use during that session.
Certificate-based algorithms like EAP-TLS are highly secure, as it is nearly impossible to forge a certificate digitally signed by a certificate authority, notes Roshan. "On the other hand, the management of certificates can be more complex and expensive than username/password-based authentication," he adds.
In PEAP, the conversation between the EAP peer and the backend server is
encrypted, and integrity is protected within a TLS channel. Mutual
authentication is required between the EAP peer and the backend server.
The client uses EAP-TLS to validate the server and create a TLS-encrypted channel between client and server. The client uses some other EAP mechanism-such as Microsoft Challenge Authentication Protocol (MSCHAP) Version 2, for example-over this encrypted channel to enable server validation. Because the challenge/response packets are sent over a TLS encrypted channel, the password and the key are not exposed to offline dictionary attacks.
* * *
There are many other EAP-based derivatives that can be used within the 802.1X framework. For most organizations, Cisco recommends combining the security benefits of mutual authentication with the management simplicity of username/password authentication, at least on the client.
Return to the Packet home page.