supported by the party authentication to improve roaming

UCLouvain - BelgiumIP Networking Lab - http://inl.info.ucl.ac.be

Damien LEROY

BELNET Security Conference - April 30th, 2009

Using tunnels and three party authentication to

improve roaming security

Supported by the Walloon Region

Security of WiFi RoamingBSC 2009

D. LeroyUCL Belgium, Apr 2009

IP networking labContent

(I) Introduction to WiFi Roaming

(II) Remote authentication : risks for the visited network

(III) Security risks for the mobile user

(IV) Solutions based on VPN

(V) ALAWN project

IP networking lab

“WiFi Roaming”

HInternet

IP networking lab

“WiFi Roaming”

HInternet

IP networking lab

“WiFi Roaming”

HInternet

IP networking labScenario 1 : Open WiFi Access

Internet

HInternet

ILLEGAL ACTIVITIES

IP networking lab

Scenario 1 : Open WiFi Access

HInternet

!!!!!!

IP networking labScenario 2 : Temporary credentials

Internet

server

tempusername+

IP networking labScenario 3 : Remote authentication

Internet

user: smith@H-Networkpasswd : in H

server

IP networking labScenario 3 : Remote authentication

Internet

user: smith@H-Networkpasswd : in H

server

(V) ALAWN project

Authenticated Wireless Roaming via Tunnels: Making Mobile Guests Feel at Home

M. Manulis, D. Leroy, F.K., O.B., JJ.Q.UCL Belgium, March 2009

IP networking labThe Eduroam Project

eduroamEurope

eduroamAPAN

UNINETT

LITNET

TERENA

SURFnetUKERNA

HEAnet

BELNETRESTENA

RENATER

CESNET

ACOnet

PIONIER

SWITCH

CARNet

HUNGARNET

RoEduNet

European Root

RedIRIS

AARNet

NCHCUESTC

APAN Root

NRENs that have joined

NRENs that are in the process of joining

IP networking lab

Authentication within Eduroam

Stockholms universitet

Internet

SU SUuser: Beck@SU.se

RADIUS

server

SwedishAuthority

BelgianAuthority

IEEE802.1XTTLS+PAP

RADIUS

server

RADIUS

serverRADIUS

server

IP networking lab

Roaming with Eduroam

Internet

user: Beck@SU.seSU SU

RADIUS

server

RADIUS

server

IP networking lab

Internet

http://www.swedbank.se/

RADIUS

server

RADIUS

server

IP networking lab

Internet

RADIUS

server

RADIUS

server

IP networking lab

User abuse : Access to illegal data

Internet

server

user: Beck@SU.se

ILLEGAL ACTIVITIES

IP networking lab

server

User abuse : Access to illegal data

Internet

!!!!!!

server

SwedishAuthority

server

BelgianAuthority

server

IP networking lab

server

User abuse : Attack on the Internet

InternetSPAM

user: Beck@SU.se

server

IP networking lab

Score each mail based on :

How do spam filters work ?

๏ Content : “viagra”, “diploma”, “free videos”, ...

๏ “Packaging” :Large images, lots of receivers, ...

๏ Well known spam-sender (often attacked hosts)Based on shared databases

IP networking lab

high score -> mark as spam

IP networking lab

high score -> mark as spam

IP networking lab

How are these databases built up?

๏ Based on previous “mass spam” activities

๏ Based on IP addresses of senders

๏ Open databases

IP networking lab

server

InternetSPAM

user: Beck@SU.se

server

IP networking lab

server

InternetSPAM

user: Beck@SU.se

server

In PYZOR database : add 130.104.*.* (=UCL)

IP networking lab

server

Internet

PYZOR database : ...130.104.*.* (=UCL)...

UCLUCL

server

IP networking labAccess control based on IP

๏ Some services (e.g., website) have their access control based on source IP.

‣ Digital libraries

‣ Intranet

‣ ...

๏ The mobile user will have access to these services ! (more complex filtering could be added)

IP networking lab

Summary

Security risks for visited network

Open WiFi Temp. cred. Remote auth.

User authentication

Administrative cost

Ease of use (for user)

Blacklisting based on IP

Access based on IP

Attack on the infrastruct.

(V) ALAWN project

IP networking lab

Stealing credentials

Internet

user: hisname@hisnet.com

RADIUS

server

3rd partyAuthority

IEEE802.1XTTLS+PAP

RADIUS

server

RADIUS

server

IP networking lab

Pharming

Internet

http://www.google.com

IP networking lab

Sniffing

Internet

RADIUS

server

IP networking lab

Fake Access Point

Internet

user: Beck@SU.se

RADIUS

server

IEEE802.1XTTLS+PAP

RADIUS

server

SSID:EDUROAM

IP networking lab

Fake Access Point

Internet

user: Beck@SU.se

RADIUS

server

IEEE802.1XTTLS+PAP

RADIUS

server

SSID:EDUROAM

IP networking lab

Fake Access Point

Internet

user: Beck@SU.se

RADIUS

server

IEEE802.1XTTLS+PAP

RADIUS

server

SSID:EDUROAM

It is able to :• steal cred.• do pharming• sniff traffic

IP networking labSecurity risks for F and M

Open WiFi Temp. cred. Remote auth.

User authenticationAdministrative cost for F

Ease of use (for user)Blacklisting based on IP

Access based on IPAttack on the infrastruct.

F maliciousFake access point

(V) ALAWN project

IP networking lab

Internet

For the user : via username/pwd (or certificate)

For the home network : via certificate or no auth (cert must be distributed !)

VPN server

authentication

IP networking lab

Internet

For the user : via username/pwd (or certificate)

For the home network : via certificate or no auth (cert must be distributed !)

VPN server

authentication

IP networking lab

Internet

VPN server

http://ww

edbank.se/

IP networking lab

Internet

VPN server

http://ww

edbank.se/

IP networking lab

Yes because :

VPN, a solution for previous issues ?

๏ The requests are sent with the IP address of the home network

๏ If M sends spam over the Internet, only his home network is blamed

๏ It protects the user from a malicious visited network

IP networking lab

Yes but :

๏ Only authentication between H and M :

‣ F does not authenticate / know M and H

‣ M does not always check H auth (F can do pharming)

๏ On user’s demand

‣ If M wants to meet some security goals

‣ F cannot force M to create VPN to H

IP networking lab

The previous table, updated

Remote auth. VPN

User authentication (by F)Administrative cost for F

IP networking lab

Combining IEEE802.1X and VPN

๏ Firewall of F blocks everything

๏ User connects with his credentials for IEEE802.1X

๏ F opens the VPN port as destination port, only from this user, and to its home network (inferred from IEEE802.1X)

IP networking lab

Using both IEEE802.1X and VPN to reach security goals is possible. But :

Combining IEEE802.1X and VPN

๏ Need both infrastructures

๏ Once the user is authenticated, how the tunnel is forced to H ?

‣ Filtering based on IEEE8021.X decision ?

๏ Two init phases can take some time (few seconds) to succeed

(V) ALAWN project

IP networking lab

Some words about the project

The ALAWN project

๏ A Walloon Region project

๏ In collaboration with :

‣ CRID (Research Centre on IT and Law - FUNDP - Namur)

‣ Crypto Group - UCL

‣ IP Networking Lab - UCL

IP networking lab

The proposal - Step 1

Internet

RADIUS

server

RADIUS

server

RADIUS

server

RADIUS

server

3-party

crypto authentication

& key exchange

IP networking lab

Internet

RADIUS

server

RADIUS

server

RADIUS

server

RADIUS

server

IP networking lab

Internet

RADIUS

server

RADIUS

server

RADIUS

server

RADIUS

server

IP networking lab

The proposal

Internet

://www.sw

RADIUS

server

IP networking lab

Goals for the protocol

Remote Auth. and Key Exchange (RAKE)

๏ Authentication between M, H and F

๏ Key exchange

๏ (Negotiation of session parameters)

IP networking lab

Authentication

Security Goals

IP networking lab

Authentication

Security Goals

๏ H must authenticate M as one of the registered mobile devices

๏ M must authenticate H as its home network

IP networking lab

Authentication

Security Goals

๏ F must authenticate H as a roaming partner

๏ H must authenticate F as a roaming partner

IP networking lab

Authentication

Security Goals

๏ F must authenticate H as a roaming partner

๏ H must authenticate F as a roaming partner

๏ F trusts H to correctly authenticate M

๏ M trusts H to correctly authenticate F

IP networking lab

Key establishment

Security Goals

๏ Protection of communication between M, H and F

➡ KT (tunnel key)

๏ End-to-end protection

➡ KM,H (end-to-end key)

KM,H; KT

IP networking lab

KT, the key shared between H-F-M

What are the keys used for ?

๏ To infer the key used for “wireless” communication

๏ To negotiate connection parameters (when it stops, accounting, mobility, ...)

IP networking lab

KM,H, the key shared between H and M

What are the keys used for ?

๏ For fully-encrypting the communication between M and H

๏ To negotiate connection parameters that should not be known/modified by F, shared between H and M

IP networking lab

Additional constraints

RAKE protocol

๏ RTT should be as low as possible

๏ The mobile device should not do “hard computation”

IP networking labThe protocol in itself (simplified)

SU SUAuth.

server

M FAuth.

server

M|rM|H

Internet

F|rF|M|rM

sid=F|rF|M|rM|H|rH

kt=PRFkM(0,sid)X=EncekF(kt)

μH=MACαM(0,sid)

rH|X|μH|σH(∗)kt=DecdkF(X)rH|μH

kt=PRFkM(0,sid)KT =PRFkt(1,sid)KM,H = PRFkM(2,sid)μM=MACαM(1,sid)

μMKT =

PRFkt(1,sid)μM,σF(∗)

KT =PRFkt(1,sid)KM,H = PRFkM(2,sid)

IP networking labThe protocol in itself

๏ A full security model has be defined

๏ Protocol has been proved

๏ For the ones interested in details : M. Manulis, D. Leroy, F. Koeune, O. Bonaventure and J.-J. Quisquater,

Authenticated Wireless Roaming via Tunnels: Making Mobile Guests Feel at Home, Proceedings of the ACM Symposium on

Information, Computer and Communications Security (ASIACCS 2009),

Sydney, Australia, March 2009

IP networking lab

Additional constraints, results

RAKE protocol

๏ RTT should be as low as possible

๏ The mobile device should not do “hard computation”

IP networking lab

The proposal

Internet

RADIUS

server

RADIUS

server

IP networking lab

The proposal

Internet

RADIUS

server

RADIUS

server

IP networking labWhy using a tunnel ?

๏ Tunnel from F to H is not encrypted, it is only used to permit M to send packet to his home network

๏ Technical interests have been shown at the beginning of the presentation

๏ We showed with CRID that it also has legal advantages : R. Robert, M. Manulis, F. De Villenfagne, D. Leroy, J. Jost, F. Koeune, C. Ker, J.-M. Dinant, Y. Poullet, O. Bonaventure, and J.-J. Quisquater, WiFi Roaming: Legal Implications and Security Constraints, Int. J. of Law and Information Technology 2008 16: 205-241

IP networking labTechnical choices

๏ The RAKE protocol :

‣ Extending IEEE802.1X (EAP)

๏ The tunnel :

‣ Use a L2TP tunnel

๏ Encryption between H and M :

‣ Optional

‣ Using IPSec (ESP)

IP networking labExtending 802.1X for RAKE

๏ IEEE802.1X is now widely used

๏ It uses EAP (the Extensible Authentication Protocol) for authentication

๏ EAP can be easily extended

IP networking lab

How does IEEE802.1X work ?

Extending 802.1X for RAKE

RADIUS

server

physical layer connection PORTBLOCKED

EAP start

EAP-request identity

IP networking lab

RADIUS

server

EAP start

EAP-response identity : dleroy

(in RADIUS packet)EAP-response identity : dleroy

IP networking lab

RADIUS

server

EAP start

EAP requests/responses following the EAP method

IP networking lab

RADIUS

server

EAP start

EAP-success EAP-success PORTOPEN

IP networking lab

RADIUS

server

EAP start

EAP-success EAP-success PORTOPEN

Ethernet or WiFi (keys derived from previous negotiations)

IP networking lab

We have implemented it

๏ In “Host AP” project (hostapd & wpa_supplicant)

๏ An open-source implementation

๏ hostapd works with most Linux & BSD drivers

๏ wpa_supplicant works with most Linux, BSD & Windows drivers

IP networking labExtending 802.1X for RAKE

๏ In next months, we would like to test it in real situations

๏ With hostap :

‣ On laptop and mobile devices

‣ On access point (on OpenWRT OS)

‣ On basic Linux server

๏ If you want to test the protocol in your network in a few months... please ask us

IP networking lab

Tunnel between F and H

Internet

RADIUS

server

RADIUS

server

IP networking lab

Internet

RADIUS

server

RADIUS

server

IP networking lab

A L2TP tunnel

๏ The AP acts as layer 2 bridge

๏ Advantages:‣ Even the IP address is allocated by H

‣ Do not have to rely on F technical config (e.g., IPv4/v6)

‣ Less security risks for F

‣ Transparent for M (the host and the user)

IP networking labOn Expected Increase of Latencies

๏ For each request, a RTT “H-F” is added

‣ City : 30-60ms for residential hosts (3-4ms for well-connected hosts) [LP03]

‣ Country (USA): <150ms [LP03]

‣ Intercontinental : <250ms for 90% residential [DHGS07]

๏ ITU-T recommendations: one-way latency <400ms may be acceptable (e.g., VoIP)

IP networking lab

Encryption between M and H

Internet

IP networking labEncryption between M and H

๏ Kept optional (negotiated)

๏ Using KM,H (only known by M and H)

๏ Encryption method negotiated

‣ more suitable : IPSec ESP in tunnel mode

IP networking labComparison with previous solutions

Remote auth. VPN RAKE

User authentication (by F)Administrative cost for F

IP networking lab

Constraints

Summary on our proposal

✓ The tunnel increases the latency for some destinations

✓ The partnership has to be decided earlier

✓ Need (light) modifications of host, AP or the egress router, and authentication server.

IP networking lab

Advantages

✓ If the user sends spam, the user’s home network is blamed (and blacklisted), not the visited network

✓ Visited network does not care about the user activities

✓ Traffic can be encrypted

IP networking lab

Advantages

✓ Tunnel is initiated (and forced) by F and H, not by the user

✓ H does verify F authentication (>< TTLS)

✓ Same services as “at home”

Questions ?

ip networking labhttp://inl.info.ucl.ac.be

Damien Leroydamien.leroy@uclouvain.be

supported by the party authentication to improve roaming

Documents

wifi service management platform - winncom.com · proxy aaa...

roaming authentication and end-to-end …

global roaming from sprint -...

vendor: cisco exam code: 642-902 exam name: … · how is...

raid roaming · raid roaming raid roaming is a single...

hpe remote device access install guide...supported proxies:...

1 anonymous roaming authentication protocol with id-based...

secure authentication system for public wlan roaming

release notes - openidm 5 - forgerock backstage...new...

secure roaming authentication mechanism for wi-fi …

secure authentication system for public wlan …...secure...

maps™ lte sgs emulator call from a roaming lte ue and a...

sp c361sfnwauthentication, ldap authentication, kerberos,...

2008_wifi authentication and roaming authentication

composable secure roaming authentication … journal of...

acl authentication of incoming rsh and rcp requests · acl...

authentication identity · 2020. 6. 10. · shibboleth...

wi-trust - itu.int · features comparison legacy hotspot...

workshop roaming services: eduroam / govroam ·...

volte roaming service using new volte roaming architecture