Professional Documents
Culture Documents
Peap TTLS
Peap TTLS
1. 2. 3. 4. 5. 6. 7. 8. EAP-TLS Drawbacks PEAP EAP-TTLS EAP-TTLS Full Example Security Issues PEAP vs. EAP-TTLS Other EAP methods Summary
So far
EAP was introduced, it doesnt provide enough security for wireless environments. EAP-TLS provides protection from most attacks
EAP-TLS Drawbacks
Lack of user identity protection
Passed in the EAP/Identity and in the certificate
EAP-TLS Extensions
Two quite similar protocols are developed in order to improve the weaker points of EAP-TLS.
In both, the main idea is to establish a TLS channel and then using the TLS tunnel in order to pass the identity of the user and perform the authentication protocol.
4
Secured Link
Client
NAS
Backend Server
Can be the same machine or separated The NAS doesnt have to know PEAP
Code Type
Code: 1- Request 2- Response Identifier Used to match response to request Type- 25 (PEAP) Flags: Length included, More fragments, Start flag
8
PEAP Phase 1
EAP-Request / Identity EAP- Response / Identity [My Domain] EAP-Request (Type = PEAP, start)
PEAP Server
PEAP Phase 2
EAP-Request / Type = X (MD5, OTP, etc) Establish EAP method and Perform authentication Client
EAP-Success / EAP-Failure PEAP Server
Transfer of the generated key from the PEAP server to the 10 NAS if on different machines
EAP-TTLS
Developed by Funk Software. Internet draft: draft-ieft-pppext-eap-ttls02.txt on ietf.org
Provides: mutual authentication, key generation , client identity privacy and data cipher suite negotiation
11
Client NAS (EAP,AAA) TTLS Server (TLS,AAA) AAA Server EAP-TTLS conversation, TLS Channel
Authenticate (EAP, PAP, CHAP, etc)
13
EAP-TTLS Layers
EAP-TTLS
EAP
Code Type
TLS Data.
Code: 1- Request 2- Response Identifier Used to match response to request Type- 21 (EAP-TTLS) Flags: Length included, More fragments, Start flag
15
AVPs
In PEAP the data exchanged between the client and the server over the TLS channel is EAP packets. In EAP-TTLS, AVPs attribute-values pairs are exchanged. Encrypted by TLS and encapsulated in EAP-TTLS packets. The AVPs format of EAP-TTLS is compatible with the Diameter & Radius AVP format. This allows easy translation of AVP packets by the EAP-TTLS server between the client and the AAA server (using Radius for example).
16
Data
AVP Code + Vendor ID : Used to identify attributes V: Does Vendor-ID appear M: 0- This AVP can be ignored if not supported 1- If this AVP isnt supported, fail the negotation
17
EAP-TTLS - Phase 1
EAP-Request / Identity EAP- Response / Identity [My Domain]
EAP-TTLS Phase 2
Exchange AVPs over the TLS Channel, encapsulated in EAPTTLS
EAP-Success/ EAP-Failure
Client
LAN
Radius Radius
TTLS Server
AAA
Client EAP-Request/Identity
Access Point
TTLS Server
AAA
EAP-Response/Identity Radius Access Request: Data-Cipher-Suite+ EAP-Response/Identity Radius Access Challenge: EAP-Request/TTLS-Start EAP-Request/TTLS-Start EAP-Response/TTLS: client_hello RAR: EAP-Response/TTLS: client_hello RAC: EAP-Request/TTLS (server_hello,certificate, server_key_exchange,server_hello_done)
23
Client
Access Point
TTLS Server
AAA
EAP-Request/TTLS (server_hello,certificate,server_key_exchange,srv_hello_done)
EAP-Response/TTLS (client_key_exchange,CCS,client_finish) RAR: EAP-Response/TTLS (client_key_exchange,CCS,client_finish) RAC: EAP-Request/TTLS (CCS, server_finish) EAP-Request/TTLS (CCS, server_finish)
Client
Access Point
TTLS Server
AAA
Radius Access-Accept [RAA] RAC: EAP-Request/TTLS (Data-Cipher-Suite) EAP-Request/TTLS (Data-Cipher-Suite) EAP-Response (No data) RAR: EAP-Response (No data) RAA: Data-Cipher-Suite, Data-Keying-Material, EAP-Success
EAP-Success
25
Usage of tunneling:
Enables using existing protocols over a protected layer Provides client identity protection:
Identity passed over the TLS channel If the client is to be authenticated using a certificate, can be done after the TLS channel was established
26
No No Protected (TLS)
28
Additional Issues
In addition to the security issues we introduced about PEAP & EAP-TTLS , they have some additional features: Same as in EAP-TLS: Support for fragmentation of long messages Support for fast re-connection to the network (using TLS resumption abilities) Exchange of information between the client and the authentication server. (EAP-TTLS: AVPs, PEAP: Latest draft defines something similar TLVs) Example for such information: language settings for notifications
29
EAP-SRP (Secure Remote Password) Usage of DH in order to authenticate both sides. (The DH exchange is protected via usage of hash and salt) Does not use certificates at all Mutual authentication Uses user id and password
30
32
Summary (1)
EAP enables usage of diverse methods in order to perform authentication. It defines the exchange of message until authentication process is done. EAP-TLS makes use of the existing TLS protocol in order to provide safe mutual authentication.
PEAP and EAP-TTLS use TLS to authenticate server and offer tunneling of other methods in order to authenticate the client.
33
MD5
TLS
TTLS
PEAP
MS-CHAPv2
EAP
802.1X
PPP
802.11
34
Summary (3)
What to use? A few examples: On a wired network EAP-MD5 is probably enough for most uses. Can be tunneled through PEAP/EAP-TTLS for extended security and server authentication If a certificate system is existing EAP-TLS can be used to provide a high level of security. If an existing non-EAP authentication system exists- EAPTTLS is the only option to enable its usage in a secure way. EAP-SecurID can be used tunneled if OTPs are to be used. LEAP can be used if the NAS is from cisco.