The authentication server sends its certificate, and the client sends its certificate, thus proving their identity to each other.. The authentication server sends the EAP Start Request I
Trang 1EAP-TLS Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) is a commonly used EAP method for wireless networks In EAP-TLS, a certificate must be installed on both the authentication server and the supplicant For this reason, it is considered one of the most secure methods available This would require both client and server key pairs to
be generated first and then signed by a CA server The communication used by EAP-TLS
is similar to SSL encryption; however, TLS is considered the successor to SSL EAP-TLS establishes an encrypted tunnel in which a user certificate is sent inside it
Note: EAP-TLS is defined in RFC 2716
Figure 17-12 shows the process of EAP-TLS
As you can see, the process begins with an EAP Start message Next, the AP requests the client’s identity The client responds with its identity, and this is sent via EAP over RA-DIUS to the authentication server The authentication server sends its certificate, and the client sends its certificate, thus proving their identity to each other Next, symmetric ses-sion keys (also called master sesses-sion keys) are created The authentication server sends the
EAP Start
Request Identity
Server Sends Its Cert
Client Sends Its Cert Client Sends Its Cert
Server Sends Its Cert
AP or Controller Master Key Sent to
Encryption Between Client and AP Using WEP or WPA/WPA2
Symmetric Session Keys Generated
Authentication Server Authenticator
Client
Figure 17-12 EAP-TLS Process
Key
Topic
Trang 2master session key to the AP or controller to be used for either WEP or WPA/WPA2 en-cryption between the AP and the client You configure EAP-TLS in the same location as WEP by selecting 802.1x in the Layer 2 security drop-down (refer to Figure 17-6) The EAP method is between the server and the client, so the AP really doesn’t care You sim-ply select 802.1x
EAP-FAST Extensible Authentication Protocol-Flexible Authentication via Secure Tunnel (EAP-FAST) is a protocol that was developed by Cisco Systems Its purpose was to address weaknesses in Lightweight Extensible Authentication Protocol (LEAP), another Cisco-de-veloped EAP method The concept of FAST is similar to TLS; however, EAP-FAST does not use PKI Instead, EAP-EAP-FAST uses a strong shared secret key called a Protected Access Credential (PAC) that is unique on every client
EAP-FAST negotiation happens in two phases, phase 1 and phase 2, but it is during phase 0 that the PAC is provisioned After the PAC has been distributed, phase 1 can happen In phase 1, the AAA server and the client establish a TLS tunnel after authenti-cating each other using the PAC After phase 1 establishes the secure TLS tunnel, phase 2 authenticates the user to the AAA server using another EAP method, with either pass-words or generic token cards
Figure 17-13 shows the details of EAP-FAST negotiation using generic token card authen-tication for the user
EAP-FAST negotiation occurs as follows:
1. The client sends an EAPoL start to the AP
2. The AP, which is the authenticator, sends back an EAP Identity Request Message
3. The client sends a response to the authenticator It is forwarded to the authentication server (AAA server) in a RADIUS packet
4. The authentication server sends an EAP-FAST start message that includes an Author-ity ID (A-ID)
5. The client sends a PAC based on the received A-ID The client also sends a PAC Opaque reply to the server The PAC Opaque is a variable-length field that can be in-terpreted only by the authentication server The PAC Opaque is used to validate the client’s credentials
6. The authentication server decrypts the PAC Opaque using a master key that was used
to derive the PAC key The authentication server sends an EAP-TLS Server hello along with the Cipher Trust Protocol Set
7. If the keys match, a TLS tunnel is established, with the client sending a confirmation
8. The server sends an identity request inside the TLS tunnel using a protocol such as Extensible Authentication Protocol-Generic Token Card (EAP-GTC)
9. The client sends an authentication response
10. The server sends a Pass or Fail message The Pass message indicates that the client is successfully authenticated
Trang 3Identity Request
Pass/Fail Authentication Response (EAP-GTC)
TLS Tunnel
EAP Start
EAP Request Identity EAP Response Identity
EAP-FAST Start (AID)
Cipher Trust Protocol Set EAP Request Challenge (AID)
Confirm Cipher Trust Protocol Set
Authentication Server (AAA Server) Authenticator
Client
Figure 17-13 EAP-FAST Negotiation
PEAP
As you’ve seen with EAP-TLS, certificates are required on both the client and the server With EAP-FAST, no certificates are required; rather, the PAC takes care of things With Protected EAP (PEAP), only a server-side certificate is used This server-side certificate is used to create a tunnel, and then the real authentication takes place inside The PEAP method was jointly developed by Cisco Systems, Microsoft, and RSA PEAP uses Mi-crosoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) or Generic Token Card (GTC) to authenticate the user inside an encrypted tunnel
To authenticate to Microsoft Windows Active Directory, you would use MS-CHAPv2 Figure 17-14 shows the PEAP process
In PEAP, the following occurs:
1. The client sends an EAPoL start, and the authenticator returns a request for identity This is similar to the other EAP methods
2. The client returns its identity, and it is forwarded to the AAA server
3. The AAA server sends a server certificate and begins establishing a TLS tunnel
4. The client returns a premaster secret
Key
Topic
Trang 4Identity Request/Response
EAP MSCHAPv2 Challenge
EAP MSCHAPv2 Response
EAP Success/Fail
This Is Where the User Enters Credentials
Protected Tunnel
Tunnel Established
Start
Request Identity
Identity
Server Cert (EAP-TLS)
Pre-Master Secret
Authentication Server (ACS) Authenticator
Client
Figure 17-14 PEAP Process
5. The tunnel is established
6. The AAA server sends an identity request to the client
7. The AAA client sends an identity response
8. The server sends an EAP-MS-CHAPv2 challenge
9. The client enters credentials into a popup, and that is sent back as an EAP-MS-CHAPv2 response
10. The server returns a pass or fail If it’s a pass, the user can send traffic
LEAP Lightweight Extensible Authentication Protocol (LEAP) gets honorable mention here mainly because it is a Cisco EAP method that is still seen in 802.11b networks LEAP is vulnerable to an offline exploit, and you should avoid it if possible LEAP uses a propri-etary algorithm to create the initial session key
Authentication and Encryption
Now that you understand some of the methods used to authenticate users, it’s time to ex-plore some encryption methods The beginning of this chapter discussed WEP The prob-lem with WEP is that it can be broken easily Therefore, other methods have been established in an effort to provide more strength in encryption In the following sections, you will learn about Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2)
Key Topic
Trang 5WPA Overview WPA was introduced in 2003 by the Wi-Fi Alliance as a replacement for WEP WPA uses Temporal Key Integrity Protocol (TKIP) to automatically change the keys TKIP still uses RC4; it just improves how it’s done This is a major improvement over static WEP WPA can optionally support Advanced Encryption Standard (AES), but it’s not mandatory WPA is based on 802.11i draft version 3 WEP uses RC4 encryption, which is very weak The better alternative was to use AES encryption, but that would have required an equip-ment upgrade To avoid an equipequip-ment upgrade, WPA was developed to use TKIP and a larger IV than WEP This would make it more difficult to guess the keys while not requir-ing new hardware Instead, you could simply perform a firmware upgrade in most cases WPA offers two authentication modes:
■ Enterprise mode:Enterprise mode WPA requires an authentication server RADIUS
is used for authentication and key distribution, and TKIP is used with the option of AES available as well
■ Personal mode:Personal mode WPA uses preshared keys, making it the weaker op-tion, but the one that is most likely to be seen in a home environment
Figure 17-15 shows the process of WPA authentication
At the beginning of negotiations, the client and AP must agree on security capabilities After the two agree on the same level of security, the 802.1x process starts This is the standard 802.1x process, as outlined previously After successful 802.1x authentication, the authentication server derives a master key and sends it to the AP The same key is de-rived from the client Now the client and the AP have the same Pairwise Master Key (PMK), which will last for the duration of the session
Security Capability Discovery
802.1x Authentication
4-Way Handshake for Key
2-Way Group Key Handshake
Authentication Server Authenticator
Client
Figure 17-15 WPA Authentication
Key
Topic
Trang 6Next, a four-way handshake occurs (see Figure 17-16), in which the client and authentica-tor communicate and a new key called a Pairwise Transient Key (PTK) is derived This key confirms the PMK between the two, establishes a temporal key to be used for message encryption, authenticates the negotiated parameters, and creates keying material for the next phase, called the two-way group key handshake
When the two-way group key handshake occurs, the client and authenticator negotiate the Group Transient Key (GTK), which is used to decrypt broadcast and multicast trans-missions
In Figure 17-16, you can see that the AP first generates a random number and sends it to the client The client then uses a common passphrase along with this random number to derive a key that is used to encrypt data to the AP The client then sends its own random number to the AP, along with a Message Integrity Code (MIC), which is used to ensure that the data is not tampered with The AP generates a key used to encrypt unicast traffic
to the client To validate, the AP sends the random number again, encrypted using the de-rived key A final message is sent, indicating that the temporal key (TK) is in place on both sides
The two-way handshake that exchanges the group key involves the generation of a Group Master Key (GMK), usually by way of a random number After the AP generates the GMK, it generates a group random number This is used to generate a Group Temporal Key (GTK) The GTK provides a group key and a MIC This key changes when it times out
or when a client leaves the network
To configure WPA, set the Layer 2 security method by choosing WWLLAANNss >> EEddiitt Then select the Security tab and choose WWPPAA++WWPPAA22 from the drop-down, as shown in Figure 17-17 To allow WPA, ensure that TKIP is selected This is automatically done for you when you select the WWPPAA PPoolliiccyy check box
WPA2 Overview WPA2, as its name implies, is the second attempt at WPA WPA was not designed to be just a firmware upgrade; instead, you might need new hardware to use it The reason for
Random Number Random Number
Resend Random Number
Derive PTK Derive PTK
Install PTK Install PTK
PTK Done
Authenticator Client
Figure 17-16 WPA Four-Way Handshake
Trang 7Figure 17-17 Configuring a WPA Policy
the more-capable hardware requirement is that WPA2 was designed to use AES encryp-tion WPA was designed based on the 802.11a draft but was released in 2003, whereas 802.11i was released in 2004 By the time 802.11i was ratified, it had added more support for 802.1x methods and AES/CCMP for encryption The Wi-Fi Alliance then released WPA2 to be compatible with the 802.11i standard
It was mentioned that AES is used for encryption Advanced Encryption Standard-Cipher Block Chaining Message Authentication Code Protocol (AES/CCMP) still uses the IV and MIC, but the IV increases after each block of cipher
Comparing WPA to WPA2, you can see that
■ WPA mandates TKIP, and AES is optional
■ WPA2 mandates AES and doesn’t allow TKIP
■ WPA allows AES in its general form
■ WPA2 only allows the AES/CCMP variant
■ With WPA2, key management allows keys to be cached to allow for faster connec-tions
To configure WPA2, from the WWLLAANNss >> EEddiitt page, select the WWPPAA22 PPoolliiccyy option Then select either AAEESS and TTKKIIPP or just AAEESS as the default value, as shown in Figure 17-18 Then select the authentication key management option; the choices are 802.1x, CCKM, PSK, and 802.1X+CCKM
Trang 8Figure 17-18 Configuring a WPA2 Policy
Key Topic
Trang 9Table 17-2 Key Topics for Chapter 17
Paragraph from the section “Pre-shared Key Authentication with Wired Equivalent Privacy”
Steps describing the WEP process
334
Exam Preparation Tasks Review All the Key Topics
Review the most important topics from this chapter, denoted with the Key Topic icon Table 17-2 lists these key topics and the page number where each one can be found
Complete the Tables and Lists from Memory
Print a copy of Appendix B, “Memory Tables” (found on the CD) or at least the section for this chapter, and complete the tables and lists from memory Appendix C, “Memory Tables Answer Key,” also on the CD, includes completed tables and lists to check your work
Trang 10Definition of Key Terms
Define the following key terms from this chapter, and check your answers in the glossary:
Management Frame Protection (MFP), Infrastructure MFP, Message Integrity Check (MIC), Frame Check Sequence (FCS), Client MFP, Initialization Vector (IV), supplicant, authentication server, authenticator, Extensible Authentication Protocol (EAP), Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), Extensible Authentication Protocol-Flexible Authentication via Secure Tunnel (EAP-FAST), Protected EAP (PEAP), Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2), Generic Token Card (GTC), Lightweight Extensible Authentication Protocol (LEAP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), Temporal Key In-tegrity Protocol (TKIP), Advanced Encryption Standard (AES), Pairwise Master Key (PMK), Pairwise Transient Key (PTK), Group Transient Key (GTK), Message Integrity Code (MIC), Group Master Key (GMK), Group Temporal Key (GTK)
References
Infrastructure Management Frame Protection (MFP) with WLC and LAP Configuration Example: http://tinyurl.com/5zbe2o