Master in Cybersecurity: Secure Communications

Lesson 2: L1 and L2 security

Course 2022-2023

Antonio Pastor antopast@inf.uc3m.es

 Lesson outline
1. Physical layer (L1):
v Guided transmission media & Structured Cabling System (SCS).
v Wireless transmission.
v Physical layer security.
2. Link layer (L2):
v Main link layer functions.
v Main protocols: Ethernet, PPP, IEEE 802.11
3. Ethernet:
v IEEE 802.3/Ethernet frame format
v LAN interconnection: Hubs, bridges, switches
v Spanning Tree Protocol (STP)
v Virtual LAN (VLAN)
v Ethernet attacks and countermeasures
4. Point-to-Point Protocol (PPP):
v PPP frame format
v PPTP and L2TP VPNs
5. Access Control at Link Layer:
v Authentication, Authorisation and Accounting/Auditing (AAAA)
v Remote Authentication Dial-In User Service (RADIUS)
v Extensible Authentication Protocol (EAP)
v IEEE 802.1x
2
 Bibliography

William Stallings. “Data & Computer Communications”,

6th edition. Chapters 3, 13, 14. Prentice Hall International.
2000.
L/D 004.7 STA

Michael Watkins, Kevin Wallace. “CCNA Security Official

Exam Certification Guide (Exam 640-553)” . Chapter 6.
Cisco Press. 2008.

Yago Fernández, Antonio Ramos, Jean Paul García.

“RADIUS/AAA/802.1x”. Capítulos 1, 2. Ra-Ma. 2008.

3
 Physical layer (L1)

uA Physical Layer protocol should specify:

v Transmission medium:
ü Guided: Twister pair, coaxial cable, optical fibre
ü Wireless: Infrared, radio, micro-wave
v Physical interfaces:
ü e.g. RJ-45, RJ-11, RS-232
v Data transmission:
ü Data encoding/decoding: e.g. NRZ-L, 64-QAM
ü Data synchronization: External or embedded clock

v Procedures and functions:

ü e.g. RS-232 Flow Control & associated circuits

4
 Guided transmission media (I)

u Twister pair:
v Telephone cable:
ü 1 pair = 2 copper wires
ü Analog voice range: 20 Km (a.k.a. last mile)
v Unshielded Twisted Pair (UTP)
ü 4 pairs = 8 copper wires
ü Data transmission range: 100m
ü Different categories (qualities):
Ø Cat.3 (16MHz, 10Mbps) – Cat. 6 (250MHz, 1Gbps)
v Shielded/Screened Twisted Pair (STP/ScTP), Foil
Twisted Pair (FTP):
ü Four pairs as UTP, but protected with foil or metal
jacket to achieve higher speeds:
Ø Cat.7 (600MHz, 10 Gbps) – Cat. 8 (2GHz, 40Gbps)
u Coaxial cable:
v More bandwidth and better electromagnetic isolation
than Twister pair
v Baseband or wideband transmission (e.g. Cable TV) 5
 Guided transmission media (&II)

u Optical transmission:
v Data transmission using light pulses:
ü Immune to electro-magnetic interference
ü More bandwidth than any copper medium
ü Optical fibre acts as a waveguide
v Optical fibre: Transparent silica glass
core surrounded by cladding with a lower
index of refraction:
ü Light traverses the core by means of internal
reflection
v Optical fibre may have several traverse
modes:
ü Multi-mode optical fibre
ØMore dispersion, short range (≤ 2 Kms)
ü Single-mode optical fibre:
ØLess dispersion, long range (≤ 50 Kms)
6
 Structured Cabling
System (SCS) (I)
u Standards for the deployment of data cabling inside
buildings with a physical star topology.
v Ethernet: Logical bus topology.
v Token Ring: Logical ring topology.
u Also standardises the cabling and interconnections:
v Twister pair
v Optical fibre
u SCS composed by:
v Work area
v Horizontal cabling
v Telecommunication enclosures
v Vertical (Backbone) cabling
v Equipment room
v Entrance facilities

7
 Structured Cabling System
(SCS) (&II)
Patch panel Horizontal cabling (≤ 90 m, UTP)
interconnection
(≤ 5m, UTP) Wall socket
Work Area
Patch cable (≤ 5m, UTP)
(≤ 500m, UTP or MM Optical Fibre)
Backbone or Vertical cabling

Telecommunications
Floor enclosure

Building room Entrance facility

Equipment room (Campus room)

Campus backbone cabling (≤ 2 Km, SM Optical Fibre)

8
 Wireless transmission

u Analog/digital data transmitted by Frequency bands

modulating a carrier frequency in:
Name Frequency
v Amplitude: AM/ASK
v Frequency: FM/FSK VLF 3-30KHz
v Phase: PM/PSK LF 30-300KHz
u Electromagnetic signals for MF 300-3000KHz
wireless communications:
HF 3-30MHz
v Radio:
ü 30 MHz - 1 GHz VHF 30-300MHz
ü Omnidirectional UHF 300-3000MHz
v Microwaves:
ü Highly directional
SHF 3-30GHz
ü Earth- or satellite-based EHF 30-300GHz
v Infrared: Light 300-3000GHz
ü Line of Sight (LOS) or direct reflection
ü Do not cross walls

9
Electromagnetic spectrum

10
 Physical layer security

u Wired media:
v TEMPEST: NATO standards to prevent data leaking through
electro-magnetic emissions (EMSEC):
ü Cable shielding to ground (i.e. Faraday cage)
ü Cable crosstalk à Separate plaintext/encrypted links (RED/BLACK)
ü Optical fibres do not radiate at all
v Physical security to prevent cable/fibre tapping:
ü E.g. USS Annapolis (SSN 760) submarine
v Data Diode: One direction communication
ü Electrical (e.g. re-wiring) or optical (e.g.one direction diode)
ü Application for traffic monitoring, backups, different security levels
domains

11
 Physical layer security (II)

u Wireless transmission:
v 2 main threats:
ü Broadcast (anyone in range can access)
ü superposition (overlapping multiple signal at receiver)
v Spread-spectrum modulations may evade detection and
jamming:
ü Direct Sequence Spread Spectrum (DSSS)
ü Frequency hopping

12
Source: http://www.eetimes.com/document.asp?doc_id=1271899
 Link Layer (L2)

u Main functions:
v Addressing: Each device on the Local Area Network (LAN)
has a unique identifier, usually called a hardware or physical
address.
v Data framing: Encapsulation of data packets into frames that
are sent over the physical layer.
v Media Access Control (MAC): Procedures used by devices
to control access to the shared transmission medium.
v Error control: To detect errors during the physical layer
transmission (e.g. CRC)
u Link layer protocols:
v IEEE 802.3/Ethernet
v Point-to-Point Protocol (PPP)
v IEEE 802.11 (a.k.a. WiFi)
v …
13
 Introduction to Ethernet
u Ethernet is the most popular LAN technology:
v 90% of Internet traffic starts and ends in Ethernet NICs.

u Ethernet benefits:
v High performance:
ü From 10 Mbps to 400 Gbps:
Ø10Mbps, 100Mbps, 1Gbps, 10Gbps, 40Gbps, 100Gbps,
400 Gbps
Ø800Gbps & 1,6 Tbps are being specified.
ü Simple strict-match forwarding:
Ø<Dest. MAC addr.,VLAN> → Output port(s)
v No configuration needed (‘Plug-and-play’):
ü Globally unique MAC addresses.
ü Backward MAC address learning.
ü Spanning Tree Protocol (STP) [IEEE 802.1D].
v Low cost and many different vendors. Source: Ethernet Alliance

14
 IEEE 802.3/Ethernet DIX
frame format
6 bytes 6 bytes 2 bytes 0-1500 bytes 0-46 4 bytes

Dest addr Src addr Length/Type LLC/Payload Pad FCS

u Destination MAC address

u Source MAC address
u Length/Type:
v IEEE 802.3: Length of LLC PDU.
v Ethernet DIX: Type of payload (e.g. IPv4 Type = 0x0800).
v IEEE 802.3 or Ethernet? Length > MTU (1500 bytes or 05DC) à Ethernet
u LLC/Payload:
v IEEE 802.3: Logical Link Control (LLC) PDU.
v Ethernet: Payload data.
u Padding:
v Minimum Ethernet frame size: 64 bytes (because of CSMA/CD).
u Frame Check sequence (FCS)
v Cyclic Redundancy Check (CRC-32).
v Does NOT provide integrity (from a security point of view).

15
 MAC Addresses
1 1 22 bits 24 bits
G L Vendor OUI NIC identifier

u Common to all IEEE standards (enables Ethernet-WiFi bridging):

v e.g. Ethernet (802.3), WiFi (802.11), Bluetooth (802.15.1), …
u 48 bits long:
v G L Flags (lower bits of first MAC address byte):
ü Group flag = 0 → Unicast address; 1 → Broadcast/Multicast address
ü Local flag = 0 → Globally unique address; 1 → Locally unique address
v Organisationally Unique Identifier (OUI), identifies the vendor of the NIC:
ü E.g.: 00-19-a9-2f-ec-00 (Cisco:2f-ec-00)
ü May be useful for the enumeration phase of an attack:
Ø IPv6 addresses may be auto-generated from MACs (i.e. SLAAC)
v Network Interface Controller (NIC), uniquely identifies this vendor NIC:
ü Each Ethernet NIC comes with a (globally) unique MAC address from factory.
ü Static value (although it can be modified) à Should not be used for authentication, but it
enables device/user tracking:
Ø Privacy issues (especially in WiFi) à iOS8 random MACs, SLAAC privacy extension
u Flat MAC address space (no aggregation):
v Unicast addresses: 00-21-70-BB-62-91 (Dell:BB-62-91)
v Broadcast address: FF-FF-FF-FF-FF-FF
v Multicast addresses: 01-80-C2-00-00-00 (e.g. STP BPDU Dest. Addr.)
16
 LLC/SNAP

Bytes: 1 1 1-2 3 2 Variable

DSAP SSAP Control OUI Protocol ID DATA

LLC [SNAP]

u Logical Link Control (LLC):

v Destination Service Access Point (DSAP): Upper destination layer
v Source Service Access Point (SSAP): Upper source layer
ü Usually DSAP == SSAP, but 1 octet was not enough à SNAP
v Control, like HDLC:
ü Information Frame (16 bits): Receive Seq. Num. (7 bits) + Poll/Final bit (1 bit) + Send Seq.
Num. (7 bits) + ‘0’ (1 bit)
ü Supervisory Frame (16 bits): Receive Seq. Num. (7 bits) + Poll/Final bit (1 bit) + ‘0000’ (4 bits)
+ Type (2 bits) + ‘01’ (2 bits)
ü Unnumbered Frame (8 bits): Type (3 bits) + Poll/Final bit (1 bit) + Type (2 bits) + ‘11’ (2 bits)
u Subnet Access Protocol (SNAP):
v If LLC.DSAP = LLC.SSAP = 0xAA à SNAP
v Organizationally Unique Identifier (OUI): Identifies vendor, for proprietary protocols
v Protocol ID: Identifies protocol data
ü If SNAP.OUI=0x000000 à SNAP.Protocol ID = EtherType

17
 LAN interconnection:
Hubs, Bridges, Switches
u Initially, an Ethernet LAN was just a (yellow) coaxial cable:
v Physical Bus topology: All stations receive all frames.
v Medium access controlled by Carrier-Sense Multiple Access /
Collision Detection (CSMA/CD):
ü CSMA = Listen the medium before start sending.
ü CD = Stop transmitting if a collision is detected. Source: Bob Metcalfe (1973)
u Hubs/Repeaters allowed to extend the LAN range (but only up to
2.5 Km @10Mbps because CSMA/CD):
v Logical bus topology/Physical star topology (SCS).
v Backwards-compatible LANs (even nowadays).
u Bridges were designed to interconnect IEEE LAN technologies:
v Split a LAN in separate collision domains à ‘Unlimited’ LAN size.
v Still single broadcast domain (i.e. one IP subnet).
v “Transparent” bridges: Hosts are unaware of them.
u Nowadays Ethernet Bridges are simply known as Switches:
v Full-duplex interfaces = No collisions à CSMA/CD no longer needed.
v Ethernet forwarding based on exact match of destination MAC address:
ü <Dst addr> → Output port
ü Broadcast/Multicast/Unknown MAC addresses are just flooded by all ports.
v Ethernet “routing” based on Backwards Learning over an Spanning Tree.
18
 Backward MAC address
learning
u No need to configure the forwarding table of Ethernet bridges/switches:
v Start with empty forwarding tables.
v Source MAC address learned by forwarding frames.
u Unknown/broadcast/multicast frames are just flooded, i.e. sent by all
ports but the arriving one.

A < B Data

B < A Data B < A Data

A 0 0 0 B
1 2 1
1

DA Out Port DA Out Port DA Out Port

A 1 A 2 A 1
B 0 B 0 B 0
C 0 C 1 C 1

19
 Spanning Tree (I)
u Backward learning requires a loop-free topology. Otherwise:
v Broadcast storms: Ethernet has no TTL field to drop looping frames.
v Invalid forwarding tables: Looping frames may come from wrong ports.

A B
1 4
3
2

C 6 D
8 5
7

E
20
 Spanning Tree Protocol (STP)

Dest. Src. Len. LLC STP BPDU

802.3+LLC
Root ID Cost Bridge ID Port ID

u Each switch/bridge has a unique identifier:

v Bridge ID (64 bits) = Priority (16 bits) + MAC (48 bits)
v BPDUs are not authenticated in any way.
u Bridges broadcast their STP BPDUs by all ports
periodically (2 secs) and run the following algorithm:
v The bridge with the lowest ID is the ST Root Bridge. Link rate STP cost
v The port receiving the best BPDU is enabled (Root port). 10 Mbps 100
v In a shared link, the bridge with the best BPDU enables that port
for forwarding the link frames (Designated port). 100 Mbps 19
v All other ports do not forward frames (Blocked ports). 155 Mbps 14
u BDPU A is better than BPDU B if: 1 Gbps 4
1. A.Root ID < B.Root ID or 10 Gbps 2
2. A.Cost < B.Cost or
>10 Gbps 1
3. A.Bridge ID < B.Bridge ID or
4. A.Port ID < B.Port ID
21
 Spanning Tree (&II)
u STP creates a Spanning Tree (ST) without loops:
v All links outside the spanning tree are blocked (i.e. do not forwards frames).
ü Unicast/multicast/broadcast frames sent/flooded only via ST branches (non-blocked ports).
v Shortest paths to get to the root bridge (not necessarily to other places).

ST root bridge:
(0.1.1) 0 (0.0.0)
A B
1 4
3 (0.1.4)
(0.1.2) 2 (0.1.3)

4 0
1
C 6 D
8 3 2 5
(0.2.8) 7 (0.2.6) (0.2.5)
(0.2.7)
DA Out Port
A 4
(RootId.Cost.BridgeId) (0.3.9) B 4
9
Root port: C 4
D 4
Designated port: E E 2
Blocked port:
22
 Virtual LANs (VLANs)

u A physical Ethernet LAN can be split in several Virtual LANs (VLANs):

v Each VLAN behaves as a fully independent LAN:
ü Different broadcast domains/IP subnets.
ü VLANs can only be interconnected by a router (or switch with L3 = router).
v Modern switches also consider the frame VLAN for forwarding it:
ü <Dest. MAC addr., VLAN> → Output port(s)
u VLANs may employ the same Spanning Tree or different ones:
v Multiple Spanning Tree Protocol (MSTP).
u Frames are assigned to VLANs implicitly (ingress port) or explicitly
(VLAN Tag):
v Native port (e.g. access ports): All traffic (standard Ethernet frames) from that
port is from the same VLAN.
ü Devices that do not support VLAN Tags must be placed in a native port.
v Trunk port (e.g. inter-switch port): Link traversed by different VLANs. Ethernet
frames are tagged with the VLAN they belong to.
ü Trunk ports can also have a native VLAN for untagged frames.
u Manual configuration or VLAN management protocols:
v Cisco’s VLAN Trunk Protocol (VTP) and Dynamic Trunking Protocol (DTP).
v IEEE Multiple VLAN Registration Protocol (MVRP).
23
 VLAN Tag [802.1Q]
u IEEE 802.3/Ethernet frame with VLAN tag:
6 bytes 6 bytes 4 bytes 2 bytes 0-1500 bytes 0-42 4 bytes
Dest Addr Src Addr VLAN Tag Type/Length Payload Pad FCS

0x8100 PCP CFI VLAN ID

16 bits 3 bits 1 bit 12 bits
u VLAN ID:
v Up to 4094 VLANs.
u Priority Code Points (PCP):
v 8 Classes of Service (CoS) [IEEE 802.1p].
u Canonical Format Identifier (CFI):
v Defined for Token Ring-Ethernet interconnection (no longer used).
u Not all devices understand VLAN Tags:
v Native ports: PCs, servers.
v Trunk ports: Switches, routers, servers.

24
 Ethernet exercise

1. What is the resulting Spanning Tree of this topology? Show the final
BPDUs of each Switch as well as the final state of all ports.
2. Show the MAC Tables of Switches S22 and S50, after running STP,
and taking into account that all applications are client-server.
3. What is the reason that there is no traffic in S30-S40 link, whereas
S40-S50 is overloaded? How could you solve this issue?
4. We want to define a VLAN per department, which are spread all over
the 5 building of the campus, and each building floor may be shared
between different departments. There is only one PC/server per port,
and they do not support 802.1Q.
a) Specify which links should be native, and which ones should be trunk ones.
b) Specify the format of a Ethernet frame sent by the engineering (VLAN 3) computer
E to its server C that has been captured in link S20-S22.
c) Is it possible to share server A between different departments (VLANs)? How? 25
 Attacks to Ethernet LANs

u Ethernet security:
v Ethernet (nor STP) does not implement any security mechanism:
ü Neither encryption, nor integrity protection, nor authentication.
ü Assumes physical security à Disable unused ports.
ü VLANs may help, by segmenting the LAN.
v IEEE 802.1x provides Access Control:
ü General security mechanism against outsiders.
ü Does not provide encryption nor integrity protection.
u Attacks to Ethernet LANs:
v MAC address spoofing: NIC impersonation.
v MAC table overflow: Data snooping & DoS.
v STP attacks: DoS & data snooping.
v LAN storm: DoS.
v Trunking & VLAN hopping attack: VLAN intrusion.
26
 MAC address spoofing

A 0 0 0 B
1 2 1
1

Bcast < B
DA Out Port
A 2
B 01
E
E 1

u To impersonate a MAC address (e.g. router or server NIC) it is

only necessary to send one broadcast/multicast/unknown frame
with a spoofed source MAC address:
v Because of dynamic backward learning!
v All traffic will be switched to attacker until victim sends some frame
(attacker can just keep sending spoofed frames).
u Countermeasures:
v Statically assign MAC addresses to ports:
ü Static configuration is cumbersome: Only for important MACs (e.g. router)
v Sticky addresses: Do not allow MAC addresses changing ports, stick to
first port.
ü But be aware that MACs may change ports legitimately because mobility or
STP recovery.
27
 MAC table overflow

A 0 0 0 B
1 2 1
1
DA Out Port

Bcast < E1

Bcast < E2

Bcast < E3
A E1 1
2
B E2 0
1
E
E E3 1

u Data snooping in Hub-based LANs was trivial because frames flooded the
whole LAN:
v Now Switches only send frames to the port where the destination MAC is.
v But if MAC is unknown, frames are flooded like Hubs did.
u Hardware MAC address tables have a limited size à Denial of Service (DoS):
v An attacker sends many frames to the switch with bogus source MAC addresses to
overload the switch MAC table and overwrite real ones.
v Real MAC addresses are now unknown à Frame flooding à Snooping.
u Countermeasure:
v Limit the number of MAC addresses that can be learnt in an access port.
ü Bad idea in an uplink port.

28
 LAN traffic analysis

u But there are legitimate uses for traffic snooping:

v Traffic analysis (e.g. Wireshark).
v Intrusion Detection/Prevention System (IDS/IPS) probes.
u Physical network Tap:
v Copies traffic in tapped cable into monitor ports.
v Only thing that scares NSA TAO! [1] Network Tap Device
u Port mirroring (e.g. Cisco SPAN) copies all
ingress/egress frames from a port to another one
(even in a different switch with RSPAN):
v Beware of port rates or some traffic may be dropped:
mirror_port.tx_rate ≥ mirrored_port.tx_rate + mirrored_port.rx_rate
u Security mechanisms can also be abused!
v E.g. Vodafone Greece case [2].
v Protect switch access and review configurations periodically.
[1] R. Joyce. "Disrupting Nation State Hackers". USENIX Enigma 2016 Conference. San Francisco (USA). 27 January 2016.
[2] V. Prevelakis and D. Spinellis. "The Athens Affair". IEEE Spectrum, vol. 44, no. 7, pp 26-33. 29 June 2007.
29
 Attacks to Spanning Tree
Protocol (STP)

u To become the ST Root it is only necessary to

send a BPDU with the lowest priority (or lower
MAC):
v ST Root forwards a lot of traffic:
ü Data snooping/Black hole/Overload your access switch.
v DoS by creating an unstable Spanning Tree:
ü It may cause loops while the ST stabilises à Broadcast
storms.
u Countermeasures:
v BPDU Guard: Specify which ports can receive STP
BPDUS (not from access ports).
v Root Guard: Specify which ports cannot receive the
BPDU from the ST Root (not from access bridges).

30
 LAN storms

u Frames sent to broadcast/multicast are

received by all hosts and switches in the LAN:
v Amplified DoS: A single broadcast frame generates
many copies.
v Increase switch CPU utilization to 100%
u Countermeasures:
v VLANs: Split LAN in separate broadcasting
domains.
v Storm Control: Block broadcast/multicast/unknown
traffic when some rate threshold is surpassed:
ü Itcan also disable the overloaded port or send a SNMP
trap.

31
 Trunk & VLAN hopping attacks

u An attacker may set up a trunk port with the

switch to infiltrate any VLAN:
v Cisco’s Dynamic Trunking Protocol (DTP) and IEEE’s
Multiple VLAN Registration Protocol (MVRP).
u Double tagging:
v If the attacker is in the same native VLAN than the next
trunk port, it can Double Tag its frames so the external
tag is removed in the next trunk, exposing the inner
VLAN Tag (target VLAN).
u Countermeasures:
v Disable VLAN trunking on access ports.
v Disable DTP/MVRP and configure VLAN trunks
manually.
v Reserve a native VLAN just for trunk ports.

32
Double-Tag VLAN Hopping

VLAN 10

33
 LLDP/CDP
6 bytes 6 bytes 2 bytes 0-1500 bytes 4 bytes
Ethernet LLDP Multicast Ethertype:
01-80-C2-00-00-oE
Src Addr 88-CC LLDPDU FCS
LLDP
End of
Chassis ID Port ID TTL Optional Optional
TLV TLV ... TLV
LLDPDU
TLV TLV TLV

u L2 Discovery Protocol
v Protocol typical used for network inventory
ü Cisco discovery protocol (CDP)
Ø 1st developed (1994). Cisco Propietary
ü Link Layer Discovery Protocol (LLDP)
Ø IEEE 802.1.AB standardized 2005.
v LLDP collects local device information
(Mgmt. IP, device ID, port ID) and
advertises it to neighbours.
v Neighbours store this info and offer
through SNMP
v No security in the protocol 35
 LLDP/CDP attacks

u Attacks to LLDP:
v MAC address spoofing: NIC impersonation.
v Information disclosure: Collect valuable info (vendor, Sw
version, topology,..)
v Information poisoning: inject false topologies in
LLDP/MIB table
v DoS attacks
ü Flooding LLDP messages
ü Fuzzers (http://www.cs.utexas.edu/ftp/techreports/tr07-24.pdf )
u Countermeasures:
v Disable if no necessary (cdp can be active by default)
v Limit to needed interfaces (avoid at device level)
v Rate limit. 36
 Dial-up access
AAA
Server
DIUS
User RA
NAS
Modem
PSTN ISP Internet

Point-to-Point Protocol (PPP)

IPv4
u Users connected to the Internet with modems that called their ISP using the
telephone line:
v ISP deployed Network Access Servers (NASes) in local Points of Presence (POPs)
with rows of modems to receive user calls:
ü IPv4 datagrams encapsulated in PPP frames.
v How to centralise Authentication, Authorization and Accounting (AAA)?
ü Remote Access Dial-in User Service (RADIUS) protocol.
ü User accounts in AAA server, database or LDAP directory.
u Dial-up access still used nowadays to connect to Remote Access Servers
(RAS) as a backup mechanism (PSTN does not fail, has 99.999%
availability)
u PPP is still used in multiple technologies access (xDSL ,FFTH, etc) and
exploitable [1]
[1] March 2020: Linux pppd vulnerability: https://www.kb.cert.org/vuls/id/782301/ 37
 Point-to-Point Protocol (PPP)
Bytes 1 1 1 1 or 2 Variable 2 or 4 1
Flag Address Control Flag
Protocol Information FCS
01111110 0xFF 0x03 01111110
0x0021 IPv4 Datagram
0x8021 IPv4 Network Control Protocol (IPCP)
0xC021 Link Control Protocol (LCP)
u PPP [RFC1661] is a link layer protocol that provides:
v Datagram encapsulation over physical ‘point-to-point’ links:
ü HDLC framing over serial lines (e.g. modem dial-up) [RFC1662].
ü PPP over Ethernet (PPPoE) [RFC2516].
v Link Control Protocol (LCP) subprotocol to negotiate, establish and
configure link characteristics, e.g.:
ü Maximum Receive Unit (MRU).
ü Field compression and FCS negotiation [RFC1570].
ü Multilink PPP [RFC1990].
ü Microsoft Point-To-Point Encryption (MPPE) [RFC3078]
ü Authentication protocol: PAP, CHAP, EAP.
v Supports multiple L3-specific Network Control Protocols (NCPs):
ü Internet Protocol Control Protocol (IPCP) [RFC1332]:
Ø IPv4 address option.
Ø DNS server address option [RFC1877].
38
 PPP Authentication

u Password Authentication Protocol (PAP) [RFC1334]:

v PAP Protocol:
1. User sends Request with username and password in plaintext!
2. NAS checks credentials and sends ACK or NAK.
v PAP assumes PSTN is secure (PPPoE? WiFi?).
u Challenge-Handshake Authentication Protocol (CHAP) [RFC1994]:
v CHAP Protocol:
1. User sent user name and request auth
2. NAS sends a Challenge.
3. User sends a Response = md5(ID|secret|challenge).
4. NAS checks the Response and sends a Success or Failure.
v Vulnerable to dictionary or brute force attacks against user password (‘secret’).
u MS-CHAPv2 [RFC2759]:
v Provides mutual authentication by piggybacking a second Challenge for the
server on the Response message and its second Response on the final Success.
v Can be broken just by breaking a 56-bit DES key! [1].
u Extensible Authentication Protocol (EAP) [RFC3748]:
v Generic authentication protocol with multiple authentication methods.
v Authenticator do not need to know each authentication method (pass-trough)
v Requires an encapsulation protocol: PPP, EAPOL, RADIUS, PEAP.

[1] M. Marlinspike, D. Hulton. “Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate”. Defcom 20. Jul. 2012.
39
 Extensible Authentication
Protocol (EAP)
Bytes 1 1 2 1 Variable

Code ID Length Type Request/Response Type-Data

u EAP Codes: Supplicant Authenticator AuthN. Server

(e.g. User) (e.g. NAS) (e.g. AAA Server)
1. Request: To request authentication.
2. Response: To provide credentials. Request Identity
3. Success (No Type, nor Type-Data):
Successful authentication.
Response Identity
(RADIUS)
4. Failure (No Type, nor Type-Data):
Unsuccessful authentication. Request 1
u EAP ID: Response 1
v Increases with each EAP Request.
v To correlate Response with its Request.

…
…
u Request/Response Types:
1. Identity: To identify user. Request n
2. Notification: To send a text message. Response n
3. Nak (Response only): Unsupported
authentication method.
Success/Failure Success/Failure
v EAP Method
40
 EAP Methods
u EAP-MD5 [RFC3748]:
v PPP CHAP
u EAP-OTP (One-Time Password) [RFC2289]:
v hashn(seed), hashn-1(seed), … hashn-i(seed) = OTPi
u EAP-GTC (Generic Token Card) [RFC3748]:
v Text from Hardware Token or Coordinates Card.
u EAP-MS-CHAPv2 [RFC2759]:
v PPP MS-CHAPv2
u EAP-SIM/EAP-AKA [RFC4186, RFC4187]:
v Employ the Subscriber Identity Module (SIM)/UMTS Subscriber Identity Module (USIM) of a
GSM/UMTS terminal
u EAP-TLS (Transport Layer Security) [RFC5216]:
v TLS messages encapsulated in EAP ones (TLS over EAP): Mutual authentication with client
certificates (but non-anonymous client identity sent in clear-text).
u EAP-TTLS (Tunnelled TLS) [RFC5281]:
v Two phases: 1) TLS over EAP authentication with anonymous client identity, 2) Exchange of
Attribute-Value Pairs (AVP) over TLS over EAP.
u PEAP (Protected EAP) [draft-josefsson-pppext-eap-tls-eap-10]:
v Two phases: 1) TLS over EAP authentication with anonymous client identity, 2) 2nd EAP
session (e.g. EAP-MS-CHAPv2) tunnelled in TLS over EAP (i.e. EAP-TLS)
u Cisco EAP-LEAP, Cisco EAP-FAST, …
41
 Remote Access Dial-in User
Service (RADIUS)
u RADIUS [RFC2865] is a stateless client-server AAA protocol:
v Runs over IP/UDP (port 1812).
v RADIUS Client-Server have a Shared Secret (SS).
v User roaming: Supports Proxies that route messages between realms based
on Network Access Identifier (NAI):
ü e.g. “user@uc3m” NAI à to “uc3m” realm
u Code:
1. Access Request
2. Access Accept
3. Access Reject
4. Accounting Request
ü Acct-Status-Type AVP = (Start | Stop)
5. Accounting Response
6. Interim Accounting:
ü Session time, Input octets, Output packets, …
11. Access Challenge
u Authenticator:
v In request: Random number employed as nonce (e.g. in Access-Request) for
User-Password encryption:
up1[ 0,15] = passwd[ 0,15] XOR md5(SS|Authenticator)
up2[16,31] = passwd[16,31] XOR md5(SS|up1[0,15])
v In Response: md5 of request packet
ResponseAuth = md5(Code|ID|Length|RequestAuth|Attributes|SS)
u Multiple vector attacks (SS, password, pre-compute md5 hashed,etc..) 42
v https://www.untruth.org/~josh/security/radius/radius-auth.html
 RADIUS Attribute-Value Pairs
1. User-Name
2. User-Password
3. CHAP-Password
4. NAS-IP-Address
5. NAS-Port
6. Service-Type
7. Framed-Protocol
8. Framed-IP-Address
9. Framed-IP-Netmask
10. Framed-Routing
12. Framed-MTU
22. Framed-Route
26. Vendor specific:
v MS-MPPE-Recv-Key
v …
27. Session-Timeout
30. Called-Station-Id
31. Calling-Station-Id
79. EAP-Message
80. Message-Authenticator
u Provide integrity:
v Message-authenticator = HMAC-MD5(SS, Type|Identifier|Length|Request Authenticator|Attributes)
(AVPs)
40. Acct-Status-Type
41. Acct-Delay-Time
42. Acct-Input-Octets
43. Acct-Output-Octets
44. Acct-Session-Id
45. Acct-Authentic
46. Acct-Session-Time
47. Acct-Input-Packets
48. Acct-Output-Packets
49. Acct-Terminate-Cause
85. Acct-Interim-Interval
64. Tunnel-Type
65. Tunnel-Medium-Type
66. Tunnel-client-Endpoint
67. Tunnel-Server-Endpoint
69. Tunnel-Password
mandatory
81. Tunnel-Private-Group-ID
43
 PPP + EAP-MD5 + RADIUS
Dial-up Example
User NAS RADIUS AAA Server
(EAP Supplicant) (EAP Authenticator) Proxy (EAP AuthN. Server)

PSTN ISP Internet

EAP EAP over PPP EAP in RADIUS over UDP EAP in RADIUS over UDP

PPP LCP negotiation (EAP)

EAP Request/Identity Identity? à AAA Server
RADIUS Access Request
EAP Response/Identity (EAP Response/Identity)

EAP-MD5 Request RADIUS Access Challenge (EAP-MD5 Request)

EAP-MD5 Response RADIUS Access Request (EAP-MD5 Response)

EAP Success RADIUS Access Accept (Framed-IP-Address, …)

PPP IPCP negotiation (IP opt.)
RADIUS Account Request (Start)
RADIUS Account Response (Start)
RADIUS Account Request (Stop)
PPP Link down!
RADIUS Account-Response (Stop)
44
 IEEE 802.1x

u IEEE 802.1x enables access control in Ethernet and WiFi

networks:
v Based on EAP + RADIUS.
v Each 802.1x controlled port is either:
ü Port unauthorized: No access.
ü Port authorized: LAN access.
v An uncontrolled port is necessary
to reach AAA Servers with RADIUS.
u EAP over LAN (EAPOL):
v Types:
1. EAP-Packet: Packet body = EAP Message.
2. EAPOL-Start: To start EAP authentication.
3. EAPOL-Logoff: To close 802.1x session.
4. EAPOL-Key: Key exchange for 802.11i.

14 bytes 1 byte 1 byte 2 bytes 0 - 1496 bytes 4 bytes

Ethernet header Protocol Packet Packet Body
Packet Body FCS
Type=0x888e Version Type Length
45
 IEEE 802.1x Example
Ethernet | 802.11 / EAPOL / EAP(Method)

IP / UDP / RADIUS / EAP(Method) RADIUS Access-Accept AVPs:

- Tunnel-Type: VLAN
- Tunnel-Medium-Type: IEEE-802
- Tunnel-Private-Group-Id: <VLAN ID>
Source: http://www.itcertnotes.com/2011/05/ieee-8021x-port-based-authentication.html

46
 Example of IEEE 802.11
Authentication with PEAP

802.11 / EAPOL / EAP

802.11 / EAPOL / EAP / TLS

EAP-TLS

802.11 / EAPOL / EAP / TLS / EAP

PEAP

802.11 / EAPOL-Key PEAP(MS-CHAPv2) = EAP-TLS / EAP(MS-CHAPv2)

PEAP(EAP-TLS) = EAP-TLS / EAP-TLS(client cert.)
Source: http://layer3.wordpress.com/tag/eap-authentication/ 47
 DIAMETER (RFC 6733)

u Evolve from RADIUS

v Discard Radius shared secrets security
u Main Functionality:
v Authentication, Authorization, and Accounting (AAA)
v Request & answer commands
u Features:
v Reliable transport
ü TCP/SCTP
ü Each message has a positive/negative Ack.
Ø Capability Exchange Request (CER) / Answer (CEA)
ü Failover support
v Agent support
ü Proxies, Relies, Redirects
ü Explicit behavioural defined.
v AVP (Atribute Value Pair)
ü Allows to extend the base protocol

u Inmutable through agents

48
v detect duplicate messages
 DIAMETER Security

u Base protocol Security

v Internally (basically none)
ü Agent mode only if “P” flag is present
ü Failover procedure
ü Hop-by-Hop id
v Externally at layer 4:
ü TLS over TCP
ü DTLS over SCTP
ü IPSec
ØLegacy solution, not recommended
u Security consequences of TLS/IPSec
v Not applied
v More insecure than RADIUS.

49