Security Analysis of EAPFAST

Debalina Ghosh and Ashima Gupta

Introduction

Wireless networks use radio waves as the media of communication. The media is therefore open to access by anyone and hence vulnerable to a variety of attacks as listed by a NIST report [1] device theft, denial of service, malicious hackers, malicious code, theft of service, and industrial and foreign espionage. These can be implemented as traffic analysis, passive and active eavesdropping, session hijacking, man in the middle attack, unauthorized access and replay attack. Add to that the fact that wireless creates portability it becomes even harder to track a moving attacker. Wireless security therefore requires user authentication, message authentication to ensure integrity and encryption to ensure channel privacy. A number of protocols proprietary and otherwise have been implemented to handle these requirements.We intend to analyse the EAPFAST protocol and examine whether there are any security vulnerabilities in this project.

Overview of EAPFAST

EAP type authentication is based on a three-party model: the client, which requires access; the authenticator, which grants access; and the authentication server, which gives the permission. The client has an identity and some credentials to prove that it is who it claims to be. The client is connected to the network through an authenticator's port. The authenticator and the authentication server may reside in one physical location e.g. the AP or in two separate physical locations. At some point, the authenticator communicates with the authenticator server, which decides on an authentication protocol. A set of exchanges then occurs between the client, the authenticator, and the server; at the end of this exchange, a success or failure state is reached. If the authentication succeeds, the authenticator allows network access to the supplicant through the port. EAP has two major characteristics. First, it separates the message exchange from the process of authentication by providing an independent exchange layer. This achieves the second characteristic of orthogonal extensibility, i.e. the authentication processes can extend the functionality by adopting a newer mechanism without necessarily effecting a corresponding change in the EAP layer. EAP-FAST is a publicly accessible IEEE 802.1X EAP type developed by Cisco Systems. It is available as an IETF informational draft [2],[3]. submitted by Cisco on February 8, 2004. EAP-FAST is compliant with IEEE 802.1X and IEEE 802.11i

Reports

Final Report

References

[1] Tom Karygiannis and Les Owens. Wireless Network Security 802.11, Bluetooth and Handheld Devices. NIST Special Publication 800-48
[2]N. Cam-Winget, D. McGrew, J. Salowey and H.Zhou. Dynamic Provisioning using EAP-FAST.http://www.ietf.org/internet-drafts/draft-cam-winget-eap-fast-provisioning-01.txt.
[3] N. Cam-Winget, D. McGrew,J.Saloway and H.Zhou. The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method(EAP-FAST). http://www.ietf.org/internet-drafts/draft-cam-winget-eap-fast-03.txt.