Ju-A A Lee and Jae-Hyun Kim

Transcription

1 Ju-A A Lee and Jae-Hyun Kim Wireless Information & Network Engineering Research Lab, Korea {gaia, jkim}@ajou.ac.kr Abstract. IEEE i standard supports a secure access control for wireless LAN and IEEE 802.1X standard includes various authentication methods. It is expected that next-generation wireless LAN security techniques will be based on IEEE 802.1X and IEEE i standards. However users who are not familiar with a computer or an authentication method have difficulty to setup the network security based on IEEE i. Accordingly, this paper proposes the authentication scenario to minimize the participation by users, and the password method which is changed randomly and periodically. The proposed protocols provide convenience for nonprofessional computer users as well as secure home network environment against unwanted attacks such as a brute force attack or a replay attack.

2 2 1. Introduction Home network service has been integrated with various com-munication technologies for the convenient life. The service is closely related to the private information about electric home applications, electronic commerce, medicine service and banking service. But contrary to the device directly connected with another in wire LAN, the connection of wireless LAN (WLAN) is exposed to other devices in the range of access point (AP). This property offers the chance that the neighbor or man near the house can receive the traffic and the malicious intruder makes bad use of privacy. Therefore, authentication mecha-nisms have to be considered a mechanism that only an eligible user is authenticated to use resources of the home network. IEEE working group (WG) specifies an authentication procedure but it provides the only basic mechanism which can not protect the WLAN communications from the ineligible approach. IEEE i standardization group is working on the access control based on IEEE 802.1X and air traffic encryption to strengthen WLAN security techniques[1]. In conventional method, nonprofessional user is confused how to setup security information inside WLAN stations and APs. Furthermore there are various user levels of computer knowledge in home network. Because of this reason, the way to setup authentication information should be prepared easily for users who are not familiar with a computer or an authentication. In this paper, we suggest the authentication scenario in order to easily protect the users from intrusion even if the users don t have the knowledge about the access control of WLAN in home network. And we propose the authentication procedures based on the scenario as well as the packet format to maintain the backward compatibility with legacy systems. The rest of the paper is organized as follows: Section II presents related works. In Section III, we describe the proposed authentication scenario and the security mechanisms for home network. A performance analysis of the proposed security mechanisms is presented in Section IV. Finally Section V concludes the paper.

3 Wireless Access Point EAP : Extensible Authentication Protocol Laptop computer Ethernet Radius Server Beacon (RSNIE : Robust Security Network Information Element) Open System Authentication Request Open System Authentication Response Associate Request(RSNIE) Associate Response EAPoL-Start EAP-Request/Identity EAP-Response/Identity Radius-Access-Request EAP Authentication Protocol Exchange EAP-Success Radius-Access-Accept 4-way EAP-Key handshake (4-way handshake) Access allowed 3 2. Related Works IEEE i provides enhanced security in the medium access control (MAC) layer for the IEEE networks[2]. One of the major missions of IEEE i is to define a robust security network (RSN). The definition of an RSN according to the IEEE i specification is a security network that only allows the creation of robust security network associations. To provide associations in an RSN, IEEE i defines authentication, encryption improvements, key management, and key establishment. In the first stage, IEEE i starts with Open System Authentication defined IEEE And the WLAN station is authenticated and associated with an AP. At the end of this stage, IEEE 802.1X port remains blocked and no data packets can be exchanged. The second stage consists of IEEE 802.1X authentication which employs extensible authentication protocol (EAP) to authenticate users. A user can surf the Internet after the completion of 4-Way Handshake execution in the third stage. The IEEE 802.1X standard specifies how to implement port-based access control for IEEE 802 LANs, including wireless LAN[3]. In IEEE 802.1X, the port represents the association between a WLAN station and an AP. Basically IEEE 802.1X has three entities which are a supplicant, an authenticator, and a backend authentication server. In the context of a WLAN, the supplicant is a WLAN station, the authentica-tor is an AP, and the authentication server can be a centralized remote access dial-in user service (RADIUS) server. IEEE 802.1X employs EAP as an authentication frame-work that can carry many authentication protocols, between the supplicant and the authenticator[4], [5]. The proto-col between the authenticator and the authentication server is not specified in the IEEE 802.1X standard. Instead, IEEE 802.1X provides RADIUS usage guidelines in the Annex. The EAP messages in EAP over LAN or wireless LAN (EAPoL) contain the authentication information and the RADIUS proto-col is used to carry EAP messages to the authentication server from the authenticator. EAP is a method of conducting an authentication conversation between a supplicant and an authentication server[5]. The authentication methods in EAP include message digest 5 (MD5), transport layer security (TLS), tunneled TLS (TTLS) and so on. These method protocols have features as follows. EAP-MD5[6]: EAP-MD5 uses challenge handshake authentication protocol (CHAP[7]) which is a chal-lenge-response process for the user authentication por-tion. It is one of the most popular EAP types because it is easy to use. The authentication server asks for the password by sending RADIUS-Access-Challenge. The password hash is then sent by using EAP-Re-sponse, which is further encapsulated by RADIUS-Access-Request. EAP-TLS[8] : EAP-TLS provides a way to use certificates for both the supplicant and the server to authenticate each other. Therefore, the forged APs can be detected. Both the supplicant and the authentication server need to have valid certificates when using EAP-TLS. EAP-TTLS[9] : EAP-TTLS extends EAP-TLS to exchange additional information between the supplicant and the authentication server by using the secure tunnel established by TLS negotiation. An EAP-TTLS negotiation comprises two phases: the TLS handshake phase and the TLS tunnel phase. During phase one, the TLS process is used for the supplicant to authenticate the authentication server by using certificates. In phase two, the authentication of the supplicant can use any non-eap protocols[10]. To apply these protocols mentioned above to the user s device, the user has to know how to setup these authentication protocols. Accordingly, it needs a simple and easy way to authenticate the home network users. In this paper, we consider the home network user and discuss how to provide automatic authentication mechanism for the users.

4 Sever transmits EAP-Request/Identity Server receives EAP-Response/Identity A.N. is included in EAP-Response/Identity? A.N. of WLAN station No == A.N. in MAC.T.? Server authenticate the WLAN station using the password in A.N.T. The WLAN station is authenticated? A.N. of WLAN station No and password to the == the current A.N.? WLAN station Server transmits EAP-Success No No A.N. : authentication number A.N.T. : authentication number management table MAC. : MAC address MAC.T. : MAC address management table Authenticate the WLAN station using the appointed password transmit the current A.N. The WLAN station is authenticated? Server transmits EAP-Failure No 4 3. WLAN Security Mechanisms for Home Network It is inconvenient to use the current method for access control of WLAN, for example, users have to setup the authentication information in WLAN stations and APs. In addition, the technical terms of the authentication properties obstruct the secure access of the users without related knowledge. This may causes the serious problem of security that intruder easily can access the network. Therefore we propose the access control scenario that offers convenience and this method minimizes the user s participation. In the scenario, we assume that the WLAN user needs an appointed password to be authorized at the first time. The appointed password can be registered to an authentication server by user. On the other way, WLAN station seller transfers the MAC address to the service provider which can register the password based on the MAC address to the authentication server. Then the authentication server periodically changes the password at random by software without user s participation. And the server distributes the changed password to all WLAN stations in home network. After receiving the changed password from the authentication server, the WLAN stations use the new password to next connection with an AP. Through this scenario the user can easily access the home network with security even though the user has insufficient knowledge about the authentication. To support the mentioned scenario, an authentication protocol requires additional message exchanges including information which is not specified in Standards[7], [9]. The periodic password change may cause a problem for WLAN users, when the password is changed while a user takes the WLAN station out of home. The WLAN station needs to be authenticated again when the user brings the WLAN station back home. However the WLAN station can not obtain the authority without user s assistance since the password is already changed. Other stations in home network are also needed to know the new password to keep the authority. The proposed protocols solve the problem by adding the authentication number. The authentication number is an index number which corresponds to each password. It is numbered randomly whenever the password is changed. The authentication server manages two tables. One is the MAC address management table which records the MAC addresses of the authenticated stations and the authentication number. The other is the authentication number management table. When the password is changed, the password and the authentication number are recorded in the authentication table.

5 Wireless Access Point WLAN station Ethernet Authentication Server 5 The proposed EAP-MD5 procedure by using the authentication number is as follows. 1. The WLAN station associates with an AP using Open System Authentication with wired equivalent privacy (WEP) turned off. Then the AP asks for the user s identity. 2. The WLAN station transmits an EAP-Response message which contains the identity and the authentication number of the WLAN to the server. 3. The server confirms whether the authentication number transmitted by WLAN station is the same as the authentication number recorded in the MAC address management table. 4. If both authentication numbers are the same, the server sends the EAP-MD5 challenge to the station. 5. The station encodes the MD5-challenge by using its password and transmits the encoded MD5- challenge (MD5-response) to the server. 6. After receiving the MD5-response, the server decodes the message by using the password corresponding to the authentication number in the authentication management table. And the server decides whether the station is valid or not according as the MD5-challenge and the decoded MD5- response are the same or not. 7. If the station is valid and the authentication number of the station is different from the current authentication number, the server transmits the current authentication number and password to the station for the next authentication. 8. The WLAN station which received the current authentication information updates the authentication information for itself. This message is encoded using the password of the WLAN station for protection from the man-in-the-middle attack. 9. The server rewrites the authentication number in the MAC address management table and transmits the EAP-Success message after receiving EAP-Response message.

6 Wireless Access Point WLAN station Ethernet Authentication Server 6 The proposed EAP-TTLS procedure by using the authentication number is as follows. 1. The user s WLAN station associates with an AP using Open System Authentication. Then the AP asks for the user s identity 2. The WLAN station transmits an EAP-Request message encapsulated in an EAPoL frame to the AP, which contains the MAC address of the WLAN station. 3. The server is authenticated to the WLAN station using its security certificate and a TLS connection is established between them. The encryption key for the TLS connection will be used for air traffic encryption. 4. Inside the TLS connection (inside box), the exchanged messages are encapsulated into TLS records that are again encapsulated into EAP-Request and EAP-Response messages. In the existing procedure, the WLAN station informs the AP of a user name and a password. In addition, we propose that the WLAN station sends the authentication number in the same EAP-Response message. After receiving it, the AP relays it to the server. 5. The server then verifies the authentication number whether the MAC address and the authentication number of the WLAN station are the same as the stored data in the MAC address management table. If the authentication number is verified, the server completes the course of authentication by using the password corresponding to the authentication number management table. At this point, the authentication method is able to use many protocols. Here, we assume that CHAP is used. 6. After authenticating the WLAN station, if the authentication number of the station is different from the current authentication number, the server transmits the current authentication number and password to the WLAN station. The WLAN station which received the current authentication information updates the authentication information for itself. 7. The server rewrites the authentication number in the MAC address management table after receiving EAP-Response message. 8. The EAP-TTL procedure ends by sending the EAP-success message to the WLAN station.

7 ( 6 1) ( 16 1) N D N C total memory size = + bytes N D + + bytes N C 7 4. Evaluation of Our Proposed Mechanism 4.1 Security analysis EAP-MD5 is more vulnerable to unwanted attacks than other authentication methods. One of such attacks is a brute force attack. A brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities, for example, exhaustively working through all possible keys in order to decrypt a message. To protect the brute force attack, at least, the password should be changed by every month. The proposed protocol is robust to the brute force attack since it changes the password periodically. It also helps to detect a replay attack. By using the replay attack, an attacker could pretend to be an authorized user to access a network. For example, an attacker can simply intercept and replay a challenge message and response message to be authenticated. However owing to change of the password, the response message also changed on a periodic basis in proposed protocol. Therefore, even though the attacker receives the same challenge message as previous interceptive message, it is difficult for the attacker to be authenticated. In case of the mutual authentication, these security problems will be eliminated. Instead of security, the proposed mechanism gives automatic authentication under the environment the password is changed. 4.2 The burden of the authentication server Since the server has to manage two tables, we need to calculate the required memory size for practical implementation. First of all, for the MAC address management table, the MAC address consists of 6 bytes and the authentication number occupies 1 byte on the assumption whose range is from 0 to 255. The authentication number in the authentication number management table also occupies 1 byte like the MAC address management table. And if the password uses the WEP2 encryption, it will require the memory size of 16 bytes. We can calculate the total memory size by (1) total memory size = (6+1) bytesxn D +(16+1) bytesxn C where is the number of WLAN stations and is the number of the used authentication number. If we assume that there are 30 WLAN stations and 100 records of the changed password, the total required memory capacity is 1.91 Mbytes.

8 8 5. Conclusion The home network environment is sensitive to privacy, but wireless communication is exposed to the access of unauthorized people. In addition, most of home network users do not know well how to prevent from the unwanted access. Therefore we introduced WLAN authentication mechanism for home network users. First of all we proposed the authentication scenario which uses the periodically changed password. The change of password makes home network safe without authentication knowledge of users. Second, we proposed the procedure to support the scenario for EAP-MD5 and EAP-TTLS. Compared with the existing authentication protocol, the proposed protocol supports a protection against a brute force attack and a replay attack. Because it is difficult to find out the randomly changed password, WLAN users can protect from these attacks. The use of the proposed mechanism will provide secure and convenient WLAN access mechanism for home network and will contribute to authentication mechanisms for other wireless communication technologies in home network such as Bluetooth, Zigbee, or UWB. References [1] IEEE, LAN/MAN Specific Requirements Part 11: Wireless Medium Access Control(MAC) and Physical Layer(PHY) Specification: Specification for Robust Security, IEEE Std i/D3.2, Apr [2] C. He and J. C. Mitchell, Security Analysis and Improvements for IEEE i, in proc. the 12th Annual Network and Distributed System Security Symposium (NDSS'05), San Diego, USA, Feb. 3-4, 2005, pp [3] IEEE Standards for Local and Metropolitan Area Networks Port-Based Network Access Control, IEEE Std 802.1X, Jun H. Luo and P. Henry, A Secure Public Wireless LAN Access Technique That Supports Walk-Up Users, in proc. GLOBECOM 2003, vol. 22, no. 1, pp , Dec [4] B. Aboba et al., Extensible Authentication Protocol, IETF RFC 3748, Jun [5] D. Potter et al., PPP EAP MS-CHAP-V2 Authentication Protocol, internet draft, Jan [6] W. Simpson, PPP Chanllenge Handshake Authentication Protocol (CHAP), IETF RFC 1994, Aug [7] B. Aboba, PPP EAP TLS Authentication Protocol, IETF RFC 2716, Aug [8] P. Funk, EAP Tunneled TLS Authentication Protocol, internet draft, Jul [9] J. C. Chen and Y. P. Wang, Extensible Authentication Protocol (EAP) and IEEE 802.1x: Tutorial and Empirical Experience, cs.nthu.edu.tw/wire1x/. [10] J. A. Lee, J. H. Kim, J. H. Park and K. D. Moon, A Secure Wireless LAN Access Technique for Home Network, in Proc. IEEE VTC'06-Spring, Melbourne, Australia, May. 7-10, [11] Y. Ma and X. Cao, How to Use EAP-TLS Authentication in PWLAN Environment, in Int. Conf. Neural Networks&Signal Processing, Nanjing, China, Dec , 2003.