Title: Secure Authentication System for Public WLAN Roaming
1Secure Authentication System for Public WLAN
Roaming
- Yasuhiko Matsunaga
- Ana Sanz Merino
- Manish Shah
- Takashi Suzuki
- Randy Katz
2Agenda
- Single sign-on to confederated wireless networks
with authentication adaptation - Privacy information protection using policy
engine - Improve security of web-based WLAN authentication
by binding 802.1x link level authentication - Performance Measurement
3Loose Trust Relationship in Current Public
Wireless LAN Roaming
(ISPs, Card Companies)
ID Provider
Strong Trust
WLAN Service Provider
WLAN Service Provider
Strong Trust
No Trust
Weak Trust
User
- Each WLAN system is isolated, deploys different
authentication schemes - Users have to maintain different ID and
credentials
4Challenges and Our Solutions
- Confederate service providers under different
trust levels and with different authentication
schemes to offer wider coverage - Alleviate user burden of maintaining different
identities and credentials per WLAN provider - SSO Roaming with Authentication Adaptation
- Select proper authentication method and protect
privacy of user information per WLAN provider - Policy Engine Client
- Avoid theft of wireless service without assuming
pre-shared secret between user and network - L2/Web Compound Authentication
5The Single Sign-on concept
Single sign-on
ID Provider
Office (provider C)
Street (provider B)
Initial Sign-on
Coffee shop (provider A)
Confederation
- Single username and password
- Users authenticate only the first time
- Inter-system handover with minimal user
intervention - Each network may deploy its own authentication
scheme
6Single Sign-on Technology
- Currently two technologies clearly accepted by
industry - RADIUS Proxy-based authentication scheme
- Liberty Alliance Redirect-based authentication
scheme - We adopted both of them for our implementation
- Need authentication adaptation framework
7Authentication Adaptation Flow
(1) Request authentication
User Terminal
WLAN Service Provider
(2) Announce - provider id - authentication
methods - charging options - required user
information
(3)Select authentication method according to
users preferences
(4) Submit - selected authn. method - selected
charging option - user information
(5) Authenticate the user
8Client-side Policy Engine
- Control automatic submission of user
authentication information according to
communication context - Context includes trust level of provider, cost,
etc. - Authentication/Authorization flow adaptation
- Switch between Proxy-based (Radius) and
Redirect-based (Liberty-style) single sign on
9Policy Engine Architecture
End User
WLAN provider
Client
Policy Enforcement Point
Policy Check Engine
Auth Info. Repository
Capability
AAA Server
Web Browser
Applet
Policy
Policy Repository
Context
EAP/ 802.1X
10Security Threats of Web-based Authentication and
Access Control
- Lack of cryptographic bindings causes several
security vulnerabilities
Rogue AP -gtDoS
Web Server
No Data Encryption -gtEavesdropping
Gate-control (IP/MAC)
No Message Integrity Check -gtMessage Alteration
External Network
IP/MAC spoofing-gt Theft of Service
11L2/Web Compound Authentication
RADIUS/Web Server
(1) 802.1x TLS guest authentication
(2) Establish L2 Session Key
Client
Access Point
(4)Firewall Control
(3) Web Auth (with L2 session key digest)
External Network
- Prevent theft of service, eavesdropping, message
alteration - Dont work for L2 DoS attack out of scope
12WLAN Single Sign on Testbed
Identity Provider
External Network
Web Server
Radius
RADIUS
SOAP
HTTPS
Service Provider 1
Service Provider 2
Radius
Fire wall
Radius
Radius
Fire wall
RADIUS
Web
Web Portal
Web
HTTPS
802.1x
Client
Client
MC
MC
13Authentication Adaptation User Interface
14Layer 2 Roaming User Interface
15Delay Profile Evaluation
(Units sec)
16Conclusions
- Secure public WLAN roaming made possible by
accommodating multiple authentication scheme and
ID providers with an adaptation framework - Policy Engine reflects user authentication scheme
preference and protects privacy of user
information - Compound L2/Web authentication ensures
cryptographically-protected access - Confirmed with prototype, measured performance
shows reasonable delay for practical use - Exploits industry-standard authentication
architectures Radius, Liberty alliance
17backup
18Public Wireless LAN Service Model
- The network is open to users without pre-shared
secret
AAA Servers
User Category
Services
(1)Monthly/Pre-paid Subscribers
Premium Contents External Network Access
(Subscriber Pays)
(2)One-time Users
WLAN Infra-structure
Free Advertisement Contents (Hotspot
Owner Pays)
(3)Non-Subscribers
19802.1x/11i/WPA L2 Network Authentication and
Access Control
- Conventional Closed-style authentication Only
hosts with pre-shared key can access the network,
Mainly for Corporate WLAN
(1) Mutual TLS authentication with pre-shared key
(2) Establish L2 session key dynamically
(3) Only successfully- decrypted packets are
forwarded
External Network
20L2/Web Authentication Comparison
21Our Approach
- Compound L2/Web authentication to ensure users to
have cryptographically-protected wireless LAN
access - Use 802.1x guest authentication mode, embed L2
session key digest in web authentication - At layer 2, do not assume pre-shared secret
- Digest embedding is necessary for avoiding race
attack - After Web authentication, user gets full access
- Otherwise, users have limited access to free
contents - L2 DoS protection is out of scope
22Race Attack Scenario
(Why L2 session key digest embedding is necessary)
Legitimate Client
Malicious Client (MAC Spoofer)
AP
RADIUS/Web
Firewall
L2 Auth
Bind (MAC, MD5(K1)
L2 Auth
K1
K1
L2 Auth
Web Auth MD5(K1)
Bind (MAC, MD5(K2))
L2 Auth
(L2 Session key verify NG)
K2
K2
- Theft of service can be prevented by
authentication binding - L2 DoS attack is still possible
23Compound Authentication Testbed
RADIUS/Web Server
(1) 802.1x TLS guest authentication
(2) Establish L2 Session Key
Client
Access Point
FreeRADIUS 0.8.1 Apache 2.0.40
Cisco AIR-350
(4)Firewall Control
(3) Web Auth (with L2 session key digest)
Xsupplicant 0.6 libwww-perl 5.6.9
External Network
(rejected)
Attacker