Wikipedia

Extensible Authentication Protocol: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
jkk
Tags: Reverted Mobile edit Mobile web edit
Monkbot (talk | contribs)
Bots
3,695,952 edits
m Task 18 (cosmetic): eval 20 templates: hyphenate params (26×);
Line 12:
{{Main|Lightweight Extensible Authentication Protocol}}
 
The [[Lightweight Extensible Authentication Protocol]] (LEAP) method was developed by [[Cisco Systems]] prior to the [[IEEE]] ratification of the [[802.11i]] security standard.<ref>{{cite magazine|title=Ultimate wireless security guide: An introduction to LEAP authentication|author=George Ou|date=January 11, 2007|url=http://www.techrepublic.com/article/ultimate-wireless-security-guide-an-introduction-to-leap-authentication/|magazine= [[TechRepublic]] |accessdateaccess-date = 2008-02-17}}</ref> Cisco distributed the protocol through the CCX (Cisco Certified Extensions) as part of getting 802.1X and dynamic [[Wired Equivalent Privacy|WEP]] adoption into the industry in the absence of a standard. There is no native support for LEAP in any [[Windows operating system]], but it is widely supported by third party client software most commonly included with WLAN (wireless LAN) devices. [[Lightweight Extensible Authentication Protocol|LEAP]] support for Microsoft Windows 7 and Microsoft Windows Vista can be added by downloading a client add in from Cisco that provides support for both LEAP and EAP-FAST. Due to the wide adoption of LEAP in the networking industry many other WLAN vendors{{Who|date=January 2015}} claim support for LEAP.
 
LEAP uses a modified version of [[MS-CHAP]], an [[authentication]] protocol in which user credentials are not strongly protected and easily compromised; an exploit tool called ASLEAP was released in early 2004 by Joshua Wright.<ref>{{cite web|title=Look Before You LEAP|date=October 1, 2003|author=Dan Jones|url=http://www.unstrung.com/document.asp?doc_id=41185|publisher=Unstrung|accessdateaccess-date=2008-02-17|url-status=dead|archiveurlarchive-url=https://web.archive.org/web/20080209200945/http://www.unstrung.com/document.asp?doc_id=41185|archivedatearchive-date=February 9, 2008}}</ref> Cisco recommends that customers who absolutely must use LEAP do so only with sufficiently complex passwords, though complex passwords are difficult to administer and enforce. Cisco's current recommendation is to use newer and stronger EAP protocols such as EAP-FAST, [[Protected Extensible Authentication Protocol|PEAP]], or EAP-TLS.
 
==={{anchor|EAP-TLS}}EAP Transport Layer Security (EAP-TLS)===
EAP Transport Layer Security (EAP-TLS), defined in RFC 5216, is an IETF [[open standard]] that uses the [[Transport Layer Security]] (TLS) protocol, and is well-supported among wireless vendors. EAP-TLS is the original, standard wireless LAN EAP authentication protocol.
 
EAP-TLS is still considered one of the most secure EAP standards available, although TLS provides strong security only as long as the user understands potential warnings about false credentials, and is universally supported by all manufacturers of wireless LAN hardware and software. Until April 2005, EAP-TLS was the only EAP type vendors needed to certify for a WPA or WPA2 logo.<ref>{{cite web|title=Understanding the updated WPA and WPA2 standards|url=http://blogs.techrepublic.com.com/Ou/?p=67|publisher=techrepublic.com|accessdateaccess-date=2008-02-17}}</ref> There are client and server implementations of EAP-TLS in 3Com, Apple, [[Avaya]], Brocade Communications, Cisco, Enterasys Networks, Fortinet, Foundry, Hirschmann, HP, Juniper, Microsoft, and open source operating systems. EAP-<span lang="Vi" dir="ltr">TLS</span> is natively supported in Mac OS X 10.3 and above, [[wpa_supplicant]], Windows 2000 SP4, Windows XP and above, Windows Mobile 2003 and above, Windows CE 4.2, and Apple's iOS mobile operating system.
 
Unlike most TLS implementations of [[HTTPS]], such as on the [[World Wide Web]], the majority of implementations of EAP-TLS require mutual authentication using client-side [[X.509]] certificates without giving the option to disable the requirement, even though the standard does not mandate their use.<ref name="opensecurewireless"/><ref name="rfc5216s211"/> Some have identified this as having the potential to dramatically reduce adoption of EAP-TLS and prevent "open" but encrypted access points.<ref name="opensecurewireless">{{cite web|title=Open Secure Wireless |first=Christopher |last=Byrd |date=5 May 2010 |url=http://riosec.com/files/Open-Secure-Wireless.pdf |accessdateaccess-date=2013-08-14 |url-status=dead |archiveurlarchive-url=https://web.archive.org/web/20131212085700/http://riosec.com/files/Open-Secure-Wireless.pdf |archivedatearchive-date=12 December 2013 }}</ref><ref name="rfc5216s211">{{citation|title=RFC 5216: The EAP-TLS Authentication Protocol|date=March 2008|publisher=[[Internet Engineering Task Force]]|quote=The certificate_request message is included when the server desires the peer to authenticate itself via public key. While the EAP server SHOULD require peer authentication, this is not mandatory, since there are circumstances in which peer authentication will not be needed (e.g., emergency services, as described in [UNAUTH]), or where the peer will authenticate via some other means.}}</ref> On 22 August 2012 [[hostapd]] (and wpa_supplicant) added support in its [[Git (software)|Git]] repository for an UNAUTH-TLS vendor-specific EAP type (using the hostapd/wpa_supplicant project RFC 5612 Private Enterprise Number),<ref>{{cite web | title= Add UNAUTH-TLS vendor specific EAP type | work= [[hostapd]] | accessdateaccess-date= 2013-08-14 | url= http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commit;h=065d2895b4693e8c923580dbfa31123297c8bb7d | url-status= dead | archiveurlarchive-url= https://archive.today/20130213070147/http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commit;h=065d2895b4693e8c923580dbfa31123297c8bb7d | archivedatearchive-date= 2013-02-13 }}</ref> and on 25 February 2014 added support for the WFA-UNAUTH-TLS vendor-specific EAP type (using the [[Wi-Fi Alliance]] Private Enterprise Number),<ref>{{cite web | title= HS 2.0R2: Add WFA server-only EAP-TLS peer method | work= [[hostapd]] | accessdateaccess-date= 2014-05-06 | url= http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=8e5fdfabf69a7692d1a0d04f00fa103e9ff72010 | url-status= dead | archiveurlarchive-url= https://archive.today/20140930045346/http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=8e5fdfabf69a7692d1a0d04f00fa103e9ff72010 | archivedatearchive-date= 2014-09-30 }}</ref><ref>{{cite web | title= HS 2.0R2: Add WFA server-only EAP-TLS server method | work= [[hostapd]] | accessdateaccess-date= 2014-05-06 | url= http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=b61e70c4f37837baf17956817f8d80a586f75770 | url-status= dead | archiveurlarchive-url= https://archive.today/20140930045348/http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=b61e70c4f37837baf17956817f8d80a586f75770 | archivedatearchive-date= 2014-09-30 }}</ref> which only do server authentication. This would allow for situations much like HTTPS, where a wireless hotspot allows free access and does not authenticate station clients but station clients wish to use encryption ([[IEEE 802.11i-2004]] i.e. [[WPA2]]) and potentially authenticate the wireless hotspot. There have also been proposals to use [[IEEE 802.11u]] for access points to signal that they allow EAP-TLS using only server-side authentication, using the standard EAP-TLS IETF type instead of a vendor-specific EAP type.<ref>{{cite web|title=Open Secure Wireless 2.0 |first=Christopher |last=Byrd |date=1 November 2011 |url=http://riosec.com/open-secure-wireless-2.0 |accessdateaccess-date=2013-08-14 |url-status=dead |archiveurlarchive-url=https://web.archive.org/web/20131126183610/http://riosec.com/open-secure-wireless-2.0 |archivedatearchive-date=26 November 2013 }}</ref>
 
The requirement for a client-side certificate, however unpopular it may be, is what gives EAP-TLS its authentication strength and illustrates the classic convenience vs. security trade-off. With a client-side certificate, a compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side certificate; indeed, a password is not even needed, as it is only used to encrypt the client-side certificate for storage. The highest security available is when the "private keys" of client-side certificate are housed in [[smart card]]s.<ref>{{cite book|url=https://books.google.com/books?id=5x7iLC7fKIAC&pg=PA244|title=Microsoft Exchange Server 2003 Unleashed|author=Rand Morimoto |author2=Kenton Gardinier |author3=Michael Noel |author4=Joe Coca|year=2003|publisher=Sams|isbn=978-0-672-32581-6|page=244}}</ref> This is because there is no way to steal a client-side certificate's corresponding private key from a smart card without stealing the card itself. It is more likely that the physical theft of a smart card would be noticed (and the smart card immediately revoked) than a (typical) password theft would be noticed. In addition, the private key on a smart card is typically encrypted using a PIN that only the owner of the smart card knows, minimizing its utility for a thief even before the card has been reported stolen and revoked.
 
===EAP-MD5===
EAP-MD5 was the only IETF Standards Track based EAP method when it was first defined in the original RFC for EAP, RFC 2284. It offers minimal security; the [[MD5]] [[hash function]] is vulnerable to [[dictionary attack]]s, and does not support key generation, which makes it unsuitable for use with dynamic WEP, or WPA/WPA2 enterprise. EAP-MD5 differs from other EAP methods in that it only provides authentication of the EAP peer to the EAP server but not mutual authentication. By not providing EAP server authentication, this EAP method is vulnerable to man-in-the-middle attacks.<ref>{{cite web|title = Alternative Encryption Schemes: Targeting the weaknesses in static WEP|url=https://arstechnica.com/articles/paedia/security.ars/4|website = Ars Technica | accessdateaccess-date = 2008-02-17}}</ref> EAP-MD5 support was first included in [[Windows 2000]] and deprecated in [[Windows Vista]].<ref>{{citation | chapter-url = http://support.microsoft.com/kb/922574 | publisher = Microsoft | title = Knowledge Base | chapter = 922574}}</ref>
 
===EAP Protected One-Time Password (EAP-POTP)===
EAP Protected One-Time Password (EAP-POTP), which is described in RFC 4793, is an EAP method developed by RSA Laboratories that uses one-time password (OTP) tokens, such as a handheld hardware device or a hardware or software module running on a personal computer, to generate authentication keys. EAP-POTP can be used to provide unilateral or mutual authentication and key material in protocols that use EAP.
 
The EAP-POTP method provides two-factor user authentication, meaning that a user needs both physical access to a token and knowledge of a [[personal identification number]] (PIN) to perform authentication.<ref>{{cite web|url=http://www.juniper.net/techpubs/software/aaa_802/sbrc/sbrc70/sw-sbrc-admin/html/EAP-027.html |title=EAP-POTP Authentication Protocol |publisher=Juniper.net |accessdateaccess-date=2014-04-17}}</ref>
 
===EAP Pre-Shared Key (EAP-PSK)===
Line 44:
 
===EAP Tunneled Transport Layer Security (EAP-TTLS)===
EAP Tunneled Transport Layer Security (EAP-TTLS) is an EAP protocol that extends [[Transport Layer Security|TLS]]. It was co-developed by [[Funk Software]] and [[Certicom]] and is widely supported across platforms. Microsoft did not incorporate native support for the EAP-TTLS protocol in [[Windows XP]], [[Windows Vista|Vista]], or [[Windows 7|7]]. Supporting TTLS on these platforms requires third-party Encryption Control Protocol (ECP) certified software. [[Microsoft Windows]] started EAP-TTLS support with [[Windows 8]],<ref>[https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11) Extensible Authentication Protocol (EAP) Settings for Network Access]</ref> support for EAP-TTLS<ref>{{cite web|url=http://forums.wpcentral.com/windows-phone-8/200619-802-1x-eap-ttls-support.html |title=802.1x / EAP TTLS support? – Windows Phone Central Forums |publisher=Forums.wpcentral.com |accessdateaccess-date=2014-04-17}}</ref> appeared in Windows Phone [[Windows Phone 8.1|version 8.1]].<ref>{{cite web|url=https://technet.microsoft.com/library/dn643706.aspx |title=Enterprise Wi-Fi authentication (EAP) |publisher=Microsoft.com |accessdateaccess-date=2014-04-23}}</ref>
 
The client can, but does not have to be authenticated via a [[certificate authority|CA]]-signed [[public key infrastructure|PKI]] certificate to the server. This greatly simplifies the setup procedure since a certificate is not needed on every client.
Line 63:
 
===EAP Flexible Authentication via Secure Tunneling (EAP-FAST)===
Flexible Authentication via Secure Tunneling (EAP-FAST; RFC 4851) is a protocol proposal by [[Cisco Systems]] as a replacement for [[Lightweight Extensible Authentication Protocol|LEAP]].<ref>{{cite web|title=Ultimate wireless security guide: A primer on Cisco EAP-FAST authentication|url=http://articles.techrepublic.com.com/5100-1035-6148557.html|archive-url=https://web.archive.org/web/20080324094115/http://articles.techrepublic.com.com/5100-1035-6148557.html|url-status=dead|archive-date=2008-03-24|publisher=techrepublic.com|accessdateaccess-date=2008-02-17}}</ref> The protocol was designed to address the weaknesses of LEAP while preserving the "lightweight" implementation. Use of server certificates is optional in EAP-FAST. EAP-FAST uses a Protected Access Credential (PAC) to establish a TLS tunnel in which client credentials are verified.
 
EAP-FAST has three phases:<ref>{{cite web|url=http://www.ciscopress.com/articles/article.asp?p=369223&seqNum=5 |title=EAP-FAST > EAP Authentication Protocols for WLANs |publisher=Ciscopress.com |accessdateaccess-date=2014-04-17}}</ref>
 
{| class="wikitable"
Retrieved from "https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol"