How does EAP/PEAP integrate with modern security protocols?

Question

How exactly does Extensible Authentication Protocol (EAP)/Protected EAP integrate into modern security protocols?

What I know (or not know) so far...

It's used by wireless networks utilizing authentication methods based upon Point to Point Protocol (PPP). I have searched, but can't find an answer that makes sense to me. The name implies that it's a protocol, but from what I've read the articles call it an Authentication Framework. There are definitions of all the major security protocols/algorithms; e.g. MD5, SHA1, ISAKMP, TLS, etc.

I've tried looking at wireshark captures with EAP data traffic. CloudShark Example. But the descriptions of the data are less than helpful. Here is a description of the "protocol's" data flow. The picture is quite helpful, but what confuses me is the exchanges of "EAP Methods". Which seem almost analogous to SSL/TLS cipher suites.

Is EAP a way for wireless protocols to agree on algorithms, and each device provides their own implementation conforming to this framework?

In which case, why is there an EAP-TLS? This seems to put another added layer onto the wire for just performing TLS. Can someone fill in the gaps for me?

Answer 1

Your understanding is already pretty good. As you say, there are a variety of EAP protocols: LEAP, PEAP, EAP-FAST, EAP-TLS, etc. Each one works differently, but they all do the same thing: authenticate a user before allowing them access to a wireless network. You could call EAP a protocol, or you could call it a framework of protocols, where each variant like EAP-FAST is a protocol. It doesn't make much difference, and I find that different documents are not always consistent with each other (or even internally!)

To answer your bolded question, basically it's yes. A client and access point will have certain EAPs enabled, and if they support the same one, the client can try to authenticate. Each EAP is a protocol, and will have different implementations. e.g. if your iPhone is logging in to your Cisco access point using EAP-TLS, then Apple EAP-TLS is talking to Cisco EAP-TLS - and because the protocol is standardised, they (should) communicate successfully.

Why is there an EAP-TLS? Remember, that the EAP occurs before the client is allowed access to the network. At that point they don't have an IP address, so it's not possible to use normal TLS. I think re-using TLS as a part of EAP is a very good idea - the security requirements are very similar for EAP as for HTTPS, so it makes sense to use a protocol that's mature (despite recent revelations!).

One challenge for EAP-TLS (and PEAP) is that the process of certificate issue and verification is less clear. Normally the network administrator needs to install the access point's certificate on all clients. If certificate verification is not done, then the clients are vulnerable to an Evil Twin attack.

Answer 2

So I hope I do not make myself look like a idiot but I will try to help explain this from my understanding of it. I should note, this is not my full time job so please be kind if I have something really off:)

These protocols, and I believe eap is a protocol, peap is protected eap, so it is probably the same protocol with additional encryption, are used to authenticate at layer 2. This means the client has to communicate authentication information to devices it is directly connected to. In the old days this was pretty basic, you dial in over a phone line and send your user name and password usually in clear text.

As Wireless came out they had the same problem to solve, they had to authenticate people to give access to the network so they used what they knew, ppp or other protocols that authenticate over layer 2, it has been too long since I used dialup so I do not remember the different options. The problem now was that it was a shared medium, unlike a phone line, so they had to develop better ways to protect the username and password, they started this in dialup as well but it was not a huge concern because most people did not worry about their line being tapped.

So they started to build these safer methods of authenticating over Layer 2, hence was born eap. Now of eap, I believe, eap TTLS is the most secure but the hardest to get configured right. EAP-FAST is a spinoff of TLS in that it also uses tokens/certs but instead of an out of band way to deploy them is negotiates this inband which may make it less secure, LEAP I believe is not recommended to be used and was mostly used for AP to AP communication. Anyway, all these use different methods of establishing a EAP session in a secure manner in order to transfer the username and password in an encrypted fashion. With the exception of TLS, TTLS and PEAP, the methods used establish keys through negotiation not through something defined out of band, of the out of band ones PEAP can be configured to not verify certs so that is why I believe it is less secure then TLS and TTLS. Once the encrypted tunnel, or keys, are established the username and password are sent using the inner protocol which can be clear text, mschap or some others, do not know them off the top of my head, the important thing for this discussion is they are encrypted at layer 2 to the access device, then encrypted via PSK from the access device to the RADIUS server. If the PSK is learned and the inner method is cleartext then anyone can sniff the wire and read the password in wireshark.

So the other side of this is centralized management, since these are layer 2 communications device cannot get to your backend RADIUS server directly to properly authenticate, so part of the role of 802.1x is that your client talks to the access device, wired or wireless, the access device then talks at layer 3(IP) to the RADIUS server that does the authentication and returns attributes for access control as well as authentication status, but it is the access device that sets the access control and negotiates with the client directly.

So how does this fit into today's security?

1. It allows secure centralized management

2. It offers encryption from end to end

3. It facilitates the secure granting of access control to networks, via vlan assignments and downloadable ACL's

4. It abstracts the authentication source from the device, that is the RADIUS server is never reachable from the device prior to authentication.

5. If done right it offers higher layer 2 security then wired connections (although this is debatable in my mind)

Lastly, the bolded question:

Is EAP a way for wireless protocols to agree on algorithms, and each device provides their own implementation conforming to this framework?

EAP is used to define keys to be used by your symmetric encryption algorithms, I believe as part of the EAP negotiation it also negotiates the symmetrical encryption algorithm as well. Of course this would happen after the EAP authenticates the user.

So it does 2 things, exchange username/password and securely transfer symmetric keys from negotiated algorithms.

Answer 3

The analogue of PPP in the EAP world is 802.1x or EAPoL (EAP over LAN). It is a very basic multicast protocol that sits atop Ethernet frames and which is only available on the interface itself.

From that point on, it is up to the Authenticator (more commonly known as the Access Point or NAS) to propagate the authentication information to some higher layer (as one of the sub-variants of EAP), or to relay it on to some AAA server by way of another protocol such as RADIUS or Diameter.

The EAP protocol itself is very very basic. It's purpose is to be as simple as possible, so that it can run on the low-spec firmware that you typically find on network access points. EAP only exposes enough to this actor to determine whether the client has been Authenticated, Rejected, or more information is required.

The higher layers are then processed by some "smarter" higher-level, centralised authority in the form of the AAA server.

I have often thought to myself that this is kind of like a brute security guard at a night-club, who is paid just to be muscle, and doesn't really care about who you are or where you come from. Behind him in the background is a shadowy figure who does know all this stuff, and when you ask the guard to get in he looks back at his boss who either nods or shakes his head (or he may come over to talk to you to get more information if he's unsure).

To the guard, all that is important is the nod or shake; the authority figure probably has a lot more going on such as assessing your appearance, seeing if you could be a trouble maker, or perhaps your name is on his clip-board.

This scales nicely too, because if the crowds get bigger you can add more guards, but you still only need the single central authority.

Okay, I suppose this whole metaphor could apply to any decentralised authentication protocol really, but I guess the point I'm trying to make is the simplicity of your interaction with the guard, and his mere understanding of the situation.

The various different methods by which the central authority can determine your eligibility for admission are like the specific versions of EAP (EAP-SIM, EAP-MD5). EAP is only mandated to support a basic subset of those available, and if your device doesn't speak the one that is accepted it won't get in (kind of like waving your gold-card for the club down the road).

EAP has limited tunneling capability also, which can be used to set up a tunnel between your device and the authority using TLS/SSL which can then carry a more detailed authentication dialogue, perhaps using certificates (EAP-TLS), another layer of EAP (PEAP) or some other arbitrary AAA protocol (tunneled over EAP-TTLS). I suppose this is analogous to the authority figure coming over to you himself, under the watchful eye of the guard.

I suppose the key point to take away is that everybody readily understands "Yes", "No" or "more info required". This is basic EAP. The more sophisticated reasoning by which someone might admit you to their Network is more nuanced ... typically secretive ... and centralised, and the means by which this is determined is embodied in the more specific EAP variants that sit atop basic EAP.