DOC PREVIEW
SJSU CS 265 - Extensible Authentication Protocol

This preview shows page 1-2-3-4-5-6 out of 17 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Beyond Traditional IEEE 802.11 Security to 802.1X/Extensible Authentication ProtocolTwo types of WLANAdhoc ModeFigure 1.0 An Adhoc NetworkInfrastructure ModeFigure 2.0 An Infrastructure Mode Client/Server NetworkIEEE 802.11OSI Reference ModelEAP System ArchitectureFigure 3.0 EAPEAP Extensible Authentication Protocol (EAP)Figure 4.0 EAP in RADIUS RFC 2869802.1xFigure 5.0- 802.1xFuture Work/Protocols802.1x/EAP=802.11iConclusions:Figure 6.0- Relationship between EAP client, backend authentication server and NASFigure 7.0- EAP/MD5 ConversationFigure 8.0- EAP/TLSTable 1.0 Definitions of AcronymsAcronymPhrasePPPEAPIEEE 802.11IETF802.11a/b/g/…802.1xRadiusWEPTLS or TTLSCiphersuiteWi-Fi AllianceReferences802.1x/Extensible Authentication ProtocolBeyond Traditional IEEE 802.11 Security to 802.1X/ExtensibleAuthentication ProtocolDocument Revision #: 0.4Date of Issue: April 13, 2003Project Members: Marie WaldrickRevision 0.4/ April 13, 2003 Page 1802.1x/Extensible Authentication ProtocolTable of ContentsBeyond Traditional IEEE 802.11 Security to 802.1X/Extensible Authentication Protocol 1Two types of WLAN 3Adhoc Mode 3Figure 1.0 An Adhoc Network 3Infrastructure Mode 4Figure 2.0 An Infrastructure Mode Client/Server Network 4IEEE 802.11 5OSI Reference Model 7EAP System Architecture 8Figure 3.0 8EAP Extensible Authentication Protocol (EAP) 9Figure 4.0 EAP in RADIUS RFC 2869 9802.1x 10Figure 5- 802.1x 10Future Work/Protocols 10802.1x/EAP=802.11i 10Figure 6- Relationship between EAP client, backend authentication server and NAS 13Figure 6- EAP/MD5 Conversation 14Figure 7- EAP/TLS 15Table 1.0 Definitions of Acronyms 16References 17Revision 0.4/ April 13, 2003 Page 2802.1x/Extensible Authentication ProtocolTwo types of WLANAdhoc ModeFigure 1.0 An Adhoc NetworkRevision 0.4/ April 13, 2003 Page 3ISPWeb ServerAccess pointLaptop134Laptop802.1x/Extensible Authentication ProtocolInfrastructure ModeClient/ServerFigure 2.0 An Infrastructure Mode Client/Server NetworkRevision 0.4/ April 13, 2003 Page 4File ServerAuthentication ServerAccess pointLaptop51324802.1x/Extensible Authentication ProtocolIEEE 802.11IEEE 802.11 WLAN security is in the Data Link Layer of the OSI reference model. Part of the IEEE 802.11 standard provides a mechanism to protect the privacy of information that is transmitted through the air.The IEEE 802.11 standard provides three things. - Service set identifier (SSID) - Media Access Control (MAC) address filtering - Wired Equivalent Privacy (WEP) The first is called open authentication where the service set ID (SSID) is supplied. The SSID is short for Service Set Identifier which is a 32-character unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect to the Basic Service Set (BSS). The SSID differentiatesone WLAN from another, so all access points and all devices attempting to connect toa specific WLAN must use the same SSID. A device will not be permitted to join the BSS unless it can provide the unique SSID. Because an SSID can be sniffed in plain text from a packet it does not supply any security to the network. An SSID is also referred to as a Network Name because essentially it is a name that identifies a wireless network. The second type is by a shared key. The access point sends the client device a challenge text packet that the client must then encrypt with the correct WEP key and return to the Access Point. If the client has the wrong key, no authentication will occur and no association will take place with the Access Point. Static wired equivalent privacy (WEP) keys are either 40 or 128 bits that are staticallydefined by the network administrator on the access point and all clients that communicate with the access point. This mechanism, Wired Equivalent Privacy (WEP) defines an encryption method but does not define how the secret keys are to be distributed to the client and to the Access Point nodes. In the network community, it is now generally agreed that IEEE 802.11 is insecure forwireless networks.Access points are open signals that can potentially be picked up by anyone. Sharing compatible WLAN adapters and settings in the adhoc mode without an access point may allow an attacker to gain unauthorized access to clients. These are 802.11 b or 802.11a WLAN cards. Revision 0.4/ April 13, 2003 Page 5802.1x/Extensible Authentication ProtocolIf the infrastructure mode is used with an Access Point, the default settings must havebeen changed on the Access Points to enable the WEP encryption protocol. By now however, the encryption protocol has been broken: 802.11a/b WEP RFBy itself, 802.11 has management methods that are not authenticated. These messages are listed below:beaconprobe request or responseassociation request or responsere-association request or responsedisassociationde-authenticationThese messages are open to denial-of-service (DoS) attacks. Possible Solutions:Change the default SSID to something that does not identify your company or address. Filter addresses at MAC (Media Access Control) level. This means define which clients can have access to the network via the Access Point. This can be too administratively overbearing. Another option is to use a RADIUS Server where user-based authentication is centrally managed. A RADIUS (Remote Authentication Dial-in User Service) server does not address security of communications while they are “in the air”, it only prevents unauthorized people from accessing the ”wired” network. By far, the most secure way to protect a network(s) is through a Virtual Private Network (VPN) with a firewall installed before the wireless network structure. Then with the wireless network, a combination of 802.1x and Extensible Authentication Protocol (EAP)can be used. EAP and 802.1x are discussed in the following report. Revision 0.4/ April 13, 2003 Page 6802.1x/Extensible Authentication ProtocolOSI Reference ModelRevision 0.4/ April 13, 2003 Page 7Physical Layer One OSIFrequency Hoping Spread SpectrumDirect Sequence Spread SpectrumInfrared Data Link Layer TwoOSINetwork Layer ThreeOSIPresentationLayer SixOSI802.11 (Media Access Control)TransportLayer FourOSIIPSec, SSL, SSH (Encapsulation)Transport Control Protocol (TCP)Session Layer FiveOSIApplication Layer SevenOSIInternet Protocol (IP)L2TP-vpn encryption802.1x/Extensible Authentication ProtocolEAP System Architecture PPP is well known and well deployed in many


View Full Document

SJSU CS 265 - Extensible Authentication Protocol

Documents in this Course
Stem

Stem

9 pages

WinZip

WinZip

6 pages

Rsync

Rsync

7 pages

Hunter

Hunter

11 pages

SSH

SSH

16 pages

RSA

RSA

7 pages

Akenti

Akenti

17 pages

Blunders

Blunders

51 pages

Captcha

Captcha

6 pages

Radius

Radius

8 pages

Firewall

Firewall

10 pages

SAP

SAP

6 pages

SECURITY

SECURITY

19 pages

Rsync

Rsync

18 pages

MDSD

MDSD

9 pages

honeypots

honeypots

15 pages

VPN

VPN

6 pages

Wang

Wang

18 pages

TKIP

TKIP

6 pages

ESP

ESP

6 pages

Dai

Dai

5 pages

Load more
Download Extensible Authentication Protocol
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Extensible Authentication Protocol and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Extensible Authentication Protocol 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?