Secure Authentication System for Public WLAN Roaming

1
Secure Authentication System for Public WLAN
Roaming

• Yasuhiko Matsunaga
• Ana Sanz Merino
• Manish Shah
• Takashi Suzuki
• Randy Katz

2
Agenda

• Single sign-on to confederated wireless networks
  with authentication adaptation
• Privacy information protection using policy
  engine
• Improve security of web-based WLAN authentication
  by binding 802.1x link level authentication
• Performance Measurement

3
Loose Trust Relationship in Current Public
Wireless LAN Roaming
(ISPs, Card Companies)
ID Provider
Strong Trust
WLAN Service Provider
WLAN Service Provider
Strong Trust
No Trust
Weak Trust
User

• Each WLAN system is isolated, deploys different
  authentication schemes
• Users have to maintain different ID and
  credentials

4
Challenges and Our Solutions

• Confederate service providers under different
  trust levels and with different authentication
  schemes to offer wider coverage
• Alleviate user burden of maintaining different
  identities and credentials per WLAN provider
• SSO Roaming with Authentication Adaptation
• Select proper authentication method and protect
  privacy of user information per WLAN provider
• Policy Engine Client
• Avoid theft of wireless service without assuming
  pre-shared secret between user and network
• L2/Web Compound Authentication

5
The Single Sign-on concept
Single sign-on
ID Provider
Office (provider C)
Street (provider B)
Initial Sign-on
Coffee shop (provider A)
Confederation

• Single username and password
• Users authenticate only the first time
• Inter-system handover with minimal user
  intervention
• Each network may deploy its own authentication
  scheme

6
Single Sign-on Technology

• Currently two technologies clearly accepted by
  industry
• RADIUS Proxy-based authentication scheme
• Liberty Alliance Redirect-based authentication
  scheme
• We adopted both of them for our implementation
• Need authentication adaptation framework

7
Authentication Adaptation Flow
(1) Request authentication
User Terminal
WLAN Service Provider
(2) Announce - provider id - authentication
methods - charging options - required user
information
(3)Select authentication method according to
users preferences
(4) Submit - selected authn. method - selected
charging option - user information
(5) Authenticate the user
8
Client-side Policy Engine

• Control automatic submission of user
  authentication information according to
  communication context
• Context includes trust level of provider, cost,
  etc.
• Authentication/Authorization flow adaptation
• Switch between Proxy-based (Radius) and
  Redirect-based (Liberty-style) single sign on

9
Policy Engine Architecture
End User
WLAN provider
Client
Policy Enforcement Point
Policy Check Engine
Auth Info. Repository
Capability
AAA Server
Web Browser
Applet
Policy
Policy Repository
Context
EAP/ 802.1X
10
Security Threats of Web-based Authentication and
Access Control

• Lack of cryptographic bindings causes several
  security vulnerabilities

Rogue AP -gtDoS
Web Server
No Data Encryption -gtEavesdropping
Gate-control (IP/MAC)
No Message Integrity Check -gtMessage Alteration
External Network
IP/MAC spoofing-gt Theft of Service
11
L2/Web Compound Authentication
RADIUS/Web Server
(1) 802.1x TLS guest authentication
(2) Establish L2 Session Key
Client
Access Point
(4)Firewall Control
(3) Web Auth (with L2 session key digest)
External Network

• Prevent theft of service, eavesdropping, message
  alteration
• Dont work for L2 DoS attack out of scope

12
WLAN Single Sign on Testbed
Identity Provider
External Network
Web Server
Radius
RADIUS
SOAP
HTTPS
Service Provider 1
Service Provider 2
Radius
Fire wall
Radius
Radius
Fire wall
RADIUS
Web
Web Portal
Web
HTTPS
802.1x
Client
Client
MC
MC
13
Authentication Adaptation User Interface
14
Layer 2 Roaming User Interface
15
Delay Profile Evaluation
(Units sec)
16
Conclusions

• Secure public WLAN roaming made possible by
  accommodating multiple authentication scheme and
  ID providers with an adaptation framework
• Policy Engine reflects user authentication scheme
  preference and protects privacy of user
  information
• Compound L2/Web authentication ensures
  cryptographically-protected access
• Confirmed with prototype, measured performance
  shows reasonable delay for practical use
• Exploits industry-standard authentication
  architectures Radius, Liberty alliance

17
backup
18
Public Wireless LAN Service Model

• The network is open to users without pre-shared
  secret

AAA Servers
User Category
Services
(1)Monthly/Pre-paid Subscribers
Premium Contents External Network Access
(Subscriber Pays)
(2)One-time Users
WLAN Infra-structure
Free Advertisement Contents (Hotspot
Owner Pays)
(3)Non-Subscribers
19
802.1x/11i/WPA L2 Network Authentication and
Access Control

• Conventional Closed-style authentication Only
  hosts with pre-shared key can access the network,
  Mainly for Corporate WLAN

(1) Mutual TLS authentication with pre-shared key
(2) Establish L2 session key dynamically
(3) Only successfully- decrypted packets are
forwarded
External Network
20
L2/Web Authentication Comparison
21
Our Approach

• Compound L2/Web authentication to ensure users to
  have cryptographically-protected wireless LAN
  access
• Use 802.1x guest authentication mode, embed L2
  session key digest in web authentication
• At layer 2, do not assume pre-shared secret
• Digest embedding is necessary for avoiding race
  attack
• After Web authentication, user gets full access
• Otherwise, users have limited access to free
  contents
• L2 DoS protection is out of scope

22
Race Attack Scenario
(Why L2 session key digest embedding is necessary)
Legitimate Client
Malicious Client (MAC Spoofer)
AP
RADIUS/Web
Firewall
L2 Auth
Bind (MAC, MD5(K1)
L2 Auth
K1
K1
L2 Auth
Web Auth MD5(K1)
Bind (MAC, MD5(K2))
L2 Auth
(L2 Session key verify NG)
K2
K2

• Theft of service can be prevented by
  authentication binding
• L2 DoS attack is still possible

23
Compound Authentication Testbed
RADIUS/Web Server
(1) 802.1x TLS guest authentication
(2) Establish L2 Session Key
Client
Access Point
FreeRADIUS 0.8.1 Apache 2.0.40
Cisco AIR-350
(4)Firewall Control
(3) Web Auth (with L2 session key digest)
Xsupplicant 0.6 libwww-perl 5.6.9
External Network
(rejected)
Attacker