Extensible Authentication Protocol is the key that provides access to various network clients and authentication servers. EAP initiated by the server are crucial for wireless networks. This article gives a technical insight into the protocol and its various types.
Nowadays, wireless networks are common in homes and working offices. Even though most of us have worked on a wireless network system, little do we know that the internal security aspects of a wireless system - in which many security protocols are composed. In general, authentication is one the key components of a security system. In specific, authentication protocols enables a secure mode of communication between servers (hosts) and terminals (clients) in a network system.
Technically speaking, an authentication protocol is a type of cryptographic protocol with the purpose of authenticating entities wishing to communicate securely. There are many different authentication protocols such as Challenge-handshake authentication protocol (CHAP), Host Identity Protocol (HIP), Password Authentication Protocol (PAP) and many others. In this Extensible Authentication Protocol (EAP) is also one of them.
This article defines the Extensible Authentication Protocol (EAP), an authentication framework which supports multiple authentication methods.
About EAP
Extensible Authentication Protocol, or EAP, is an authentication framework frequently used in wireless networks and Point-to-Point connections. In the technical literature, it is defined in RFC 3748, which has been updated by RFC 5247. EAP is an authentication framework providing for the transport and usage of keying material and parameters generated by EAP methods. There are many methods defined by RFCs (Request for Comments) and a number of vendor specific methods and new proposals exist.
EAP is not a wire protocol; instead it only defines message formats. Each protocol that uses EAP defines a way to encapsulate EAP messages within that protocol's messages. The WPA (Wi-Fi Protected Access) and WPA2 standard has adopted five EAP types as its official authentication mechanisms.
EAP typically runs directly over data link layers such as Point-to-Point Protocol (PPP) or (Institute of Electrical & Electronics Engineers) IEEE 802, without requiring IP. EAP provides its own support for duplicate elimination and retransmission, but is reliant on lower layer ordering guarantees. Fragmentation is not supported within EAP itself; however, individual EAP methods may support this.
Applicability
Extensible Authentication Protocol is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.
EAP was designed for use in network access authentication, where IP (Internet Protocol) layer connectivity may not be available. However, according to RFC 3748, the use of EAP for other purposes, such as bulk data transport is not recommended. Since EAP does not require IP connectivity, it provides just enough support for the reliable transport of authentication protocols.
EAP authentication is initiated by the server (authenticator), whereas many authentication protocols are initiated by the client (peer). As a result, it may be necessary for an authentication algorithm to add one or two additional messages (at most one roundtrip) in order to run over EAP.
Working Mechanism
In communications using EAP, a user requests connection to a wireless network through an access point (a station that transmits and receives data, sometimes known as a transceiver). The access point requests identification (ID) data from the user and transmits that data to an authentication server. The authentication server asks the access point for proof of the validity of the ID. After the access point obtains that verification from the user and sends it back to the authentication server, the user is connected to the network as requested.
According to RFC 3748, the technical sequence of EAP authentication exchange proceeds as follows:
(1) The authenticator sends a Request to authenticate the peer. The Request has a Type field to indicate what is being requested. Examples of Request Types include Identity, MD5-challenge (Message-Digest algorithm 5), etc. The MD5-challenge Type corresponds closely to the CHAP authentication protocol [RFC1994]. Typically, the authenticator will send an initial Identity Request; however, an initial Identity Request is not required, and may be bypassed. For example, the identity may not be required where it is determined by the port to which the peer has connected (leased lines, dedicated switch or dial-up ports), or where the identity is obtained in another fashion (via calling station identity or MAC address, in the Name field of the MD5-Challenge Response, etc.).
(2) The peer sends a Response packet in reply to a valid Request. As with the Request packet, the Response packet contains a Type field, which corresponds to the Type field of the Request.
(3) The authenticator sends an additional Request packet, and the peer replies with a Response. The sequence of Requests and Responses continues as long as needed. EAP is a 'lock step' protocol, so that other than the initial Request, a new Request cannot be sent prior to receiving a valid Response. The authenticator is responsible for retransmitting requests. After a suitable number of retransmissions, the authenticator should end the EAP conversation. The authenticator must not send a Success or Failure packet when retransmitting or when it fails to get a response from the peer.
(4) The conversation continues until the authenticator cannot authenticate the peer (unacceptable Responses to one or more Requests), in which case the authenticator implementation must transmit an EAP Failure (Code 4). Alternatively, the authentication conversation can continue until the authenticator determines that successful authentication has occurred, in which case the authenticator must transmit an EAP Success (Code 3).
EAP Methods
EAP is an authentication framework, not a specific authentication mechanism. It provides some common functions and negotiation of authentication methods called EAP methods. There are currently about 40 different methods defined. Methods defined in (Internet Engineering Task Force) IETF RFCs include EAP-MD5, EAP-OTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, and EAP-AKA, and in addition a number of vendor specific methods and new proposals exist. Commonly used modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, PEAP, LEAP and EAP-TTLS. Requirements for EAP methods used in wireless LAN (Local Area Network) authentication are described in RFC 4017.
The standard also describes the conditions under which the AAA (Authentication, Authorization and Accounting) key management requirements described in RFC 4962 can be satisfied.
Some of the EAP methods are explained below:
LEAP: The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary EAP method developed by Cisco Systems prior to the IEEE ratification of the 802.11i security standard. Cisco distributed the protocol through the CCX (Cisco Certified Extensions) as part of getting 802.1X and dynamic WEP (Wired Equivalent Privacy) adoption into the industry in the absence of a standard. There is no native support for LEAP in any Windows operating system, but it is widely supported by third party client software most commonly included with WLAN (wireless LAN) devices. Due to the wide adoption of LEAP in the networking industry, many other WLAN vendors claim support for LEAP.
LEAP uses a modified version of MS-CHAP, an authentication protocol in which user credentials are not strongly protected and are thus easily compromised. Along these lines, an exploit tool called ASLEAP was released in early 2004 by Joshua Wright . Cisco recommends that customers that absolutely must use LEAP do so only with sufficiently complex passwords, though complex passwords are difficult to administer and enforce. Cisco's current general recommendation is to use newer and stronger EAP protocols such as EAP-FAST, PEAP, or EAP-TLS.
EAP-TLS: EAP-Transport Layer Security (EAP-TLS), defined in RFC 5216, is an IETF open standard, and is well-supported among wireless vendors. The security of the TLS protocol is strong, provided the user understands potential warnings about false credentials. It uses PKI (Public Key Infrastructure) to secure communication to a RADIUS (Remote Authentication Dial In User Service) authentication server or another type of authentication server. So even though EAP-TLS provides excellent security, the overhead of client-side certificates may be its Achilles' heel.
EAP-TLS is the original, standard wireless LAN EAP authentication protocol. Although it is rarely deployed, it is still considered one of the most secure EAP standards available and is universally supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAP-TLS its authentication strength and illustrates the classic convenience vs. security trade-off. A compromised password is not enough to break into EAP-TLS enabled systems because the hacker still needs to have the client-side private key. The highest security available is when client-side keys are housed in smart cards. This is because there is no way to steal a certificate's corresponding private key from a smart card without stealing the card itself. It is significantly more likely that the physical theft of a smart card would be noticed (and the smart card immediately revoked) than a (typical) password theft would be noticed. Up until April 2005, EAP-TLS was the only EAP type vendors needed to certify for a WPA or WPA2 logo. There are client and server implementations of EAP-TLS in Microsoft, Cisco, Apple, and open source operating systems. EAP-TLS is natively supported in Mac OS X 10.3 and above, Windows 2000 SP4, Windows XP and above, Windows Mobile 2003 and above, and Windows CE 4.2.
EAP-MD5: EAP-MD5, defined in RFC 3748, is the only IETF Standards Track based EAP method. It offers minimal security; the MD5 hash function is vulnerable to dictionary attacks, and does not support key generation, which makes it unsuitable for use with dynamic WEP, or WPA/WPA2 enterprise. EAP-MD5 differs from other EAP methods in that it only provides authentication of the EAP peer to the EAP server but not mutual authentication. By not providing EAP server authentication, this EAP method is vulnerable to man-in-the-middle attacks. EAP-MD5 support was first included in Windows 2000 and deprecated in Windows Vista.
PEAP: Protected Extensible Authentication Protocol (PEAP) is a joint proposal by Cisco Systems, Microsoft and RSA Security as an open standard. It is already widely available in products, and provides very good security. It is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication.
The PEAP standard was created by Microsoft, Cisco, and RSA after EAP-TTLS had already come on the market. Even with its late start, Microsoft’s and Cisco’s size allowed them to quickly overtake EAP-TTLS in the market. So wide is the marketplace adoption of PEAP that even Funk Software, the inventor and backer of EAP-TTLS, had little choice but to support PEAP in their server and client software for wireless networks.
As of May 2005, there were two PEAP sub-types certified for the updated WPA and WPA2 standard. They are:
The terms PEAPv0 and PEAPv1 refer to the outer authentication method, the mechanism that creates the secure TLS tunnel to protect subsequent authentication transactions. EAP-MSCHAPv2, EAP-GTC, and EAP-SIM refer to the inner authentication method which facilitates user or device authentication.
EAP-SIM: EAP for GSM Subscriber Identity is used for authentication and session key distribution using the Global System for Mobile Communications (GSM) Subscriber Identity Module (SIM). EAP-SIM is defined in RFC 4186.
EAP-AKA: EAP for UMTS Authentication and Key Agreement is used for authentication and session key distribution using the Universal Mobile Telecommunications System (UMTS) Universal Subscriber Identity Module (USIM). EAP AKA is defined in RFC 4187.
Advantages
One of the advantages of the EAP architecture is its flexibility. EAP is used to select a specific authentication mechanism, typically after the authenticator requests more information in order to determine the specific authentication method to be used. Rather than requiring the authenticator to be updated to support each new authentication method, EAP permits the use of a backend authentication server, which may implement some or all authentication methods, with the authenticator acting as a pass-through for some or all methods and peers.
-
Network Access Server (NAS) devices (e.g., a switch or access point) do not have to understand each authentication method and may act as a pass-through agent for a backend authentication server. Support for pass-through is optional. An authenticator may authenticate local peers, while at the same time acting as a pass-through for non-local peers and authentication methods it does not implement locally.
Disadvantages
-
For use in PPP, EAP requires the addition of a new authentication Type to PPP LCP (Link Control Protocol) and thus PPP implementations will need to be modified to use it. It also strays from the previous PPP authentication model of negotiating a specific authentication mechanism during LCP. Similarly, switch or access point implementations need to support [IEEE-802.1X] in order to use EAP.
-
Where the authenticator is separate from the backend authentication server, this complicates the security analysis and, if needed, key distribution.
End Note
For the common computer users, Extensible Authentication Protocol (EAP) is not an stand-alone software and hence is not visible as an physical entity. Rather it is a software protocol used for the security of wireless networks. As this article is technical in nature, it is essential that computer users are aware of the several security protocols used for securing both wired and wireless networks.
—By: R. Manoj. The author is an Assistant Editor at Fanatic Media, Bangalore. He is also an Independent Researcher, specializing in Digital Security Systems. He has an active interest in designing security algorithms for securing mission critical systems. He can reached at infosecurity@fanaticmedia.com |
