Secure Authentication System for Public WLAN Roaming

Yasuhiko Matsunaga

Ana Sanz Merino

Manish Shah

Takashi Suzuki

Randy Katz

2

Agenda

Single sign-on to confederated wireless networks with authentication adaptation

Privacy information protection using policy engine

Improve security of web-based WLAN authentication by binding 802.1x link level authentication

Performance Measurement

3

Loose Trust Relationship in Current Public Wireless LAN Roaming

User

WLAN Service Provider

ID Provider

(ISPs, Card Companies)

WLAN Service Provider

Strong Trust

Strong Trust

No Trust

Weak Trust

Each WLAN system is isolated, deploys different authentication schemes

Users have to maintain different ID and credentials

4

Challenges and Our Solutions Confederate service providers under different trust

levels and with different authentication schemes to offer wider coverage

Alleviate user burden of maintaining different identities and credentials per WLAN provider SSO Roaming with Authentication Adaptation

Select proper authentication method and protect privacy of user information per WLAN provider Policy Engine Client

Avoid theft of wireless service without assuming pre-shared secret between user and network L2/Web Compound Authentication

5

The Single Sign-on concept

Single username and password Users authenticate only the first time Inter-system handover with minimal user intervention Each network may deploy its own authentication scheme

Coffee shop(provider A)

Street(provider B)

Office(provider C)

ID Provide

r

Confederation

Initial Sign-on

Single sign-on

6

Single Sign-on Technology

Currently two technologies clearly accepted by industry:

RADIUS: Proxy-based authentication scheme Liberty Alliance: Redirect-based authentication

scheme

We adopted both of them for our implementation

Need authentication adaptation framework

7

Authentication Adaptation Flow

User Terminal

(3)Select authentication

method according to

user’s preferences

WLAN Service Provider

(1) Request authentication

(2) Announce:- provider id- authentication methods- charging options- required user information

(4) Submit:- selected authn. method- selected charging option- user information

(5) Authenticate the user

8

Client-side Policy Engine Control automatic submission of user

authentication information according to communication contextContext includes trust level of provider,

cost, etc. Authentication/Authorization flow

adaptationSwitch between Proxy-based (Radius) and

Redirect-based (Liberty-style) single sign on

9

Policy Engine Architecture

WLAN providerClient

PolicyEnforcementPoint

WebBrowser

PolicyCheckEngine

EAP/802.1X

PolicyRepository

Context

End User

Apple

t

Auth Info.Repository

AAAServer

Capability

Policy

10

Security Threats of Web-based Authentication and Access Control

Web Server

IP/MAC spoofing->

Theft of Service

Rogue AP ->DoS

Lack of cryptographic bindings causes several security vulnerabilities

External

Network

Gate-control (IP/MAC)

No Message Integrity Check

->Message Alteration

No Data Encryption

->Eavesdropping

11

L2/Web Compound Authentication

Access Point

Client

RADIUS/Web Server(1) 802.1x TLS

guest authentication

External Network

(2) Establish L2 Session

Key

(3) Web Auth (with L2

session key digest)

(4)Firewall Control

• Prevent theft of service, eavesdropping, message alteration• Don’t work for L2 DoS attack – out of scope

12

WLAN Single Sign on Testbed

MCMC

FirewallWeb Portal

Web Server

Client

Radius

Identity Provider

RadiusExternal Network

HTTPS

Service Provider #1

RADIUS

FirewallWeb

Radius

Client

Radius

802.1x

RADIUS Web

Service Provider #2

SOAP HTTPS

13

Authentication Adaptation User Interface

14

Layer 2 Roaming User Interface

15

Delay Profile Evaluation

Proxy-based (RADIUS)

Redirect-based (Liberty)

Local Roaming Local Roaming

Web Authentication 0.184 0.188  0.175 1.467

Policy Engine 0.318

Link Layer (802.1x) Authentication 0.124

Total 0.626 0.630 0.617 1.909

(Units: sec)

16

Conclusions1. Secure public WLAN roaming made possible by

accommodating multiple authentication scheme and ID providers with an adaptation framework

2. Policy Engine reflects user authentication scheme preference and protects privacy of user information

3. Compound L2/Web authentication ensures cryptographically-protected access

4. Confirmed with prototype, measured performance shows reasonable delay for practical use

5. Exploits industry-standard authentication architectures: Radius, Liberty alliance

backup

18

(1)Monthly/Pre-paid

Subscribers(2)One-time

Users

(3)Non-Subscribers

Free & Advertisement Contents

(Hotspot Owner Pays)

Premium Contents & External Network

Access (Subscriber Pays)WLAN

Infra-structur

e

User Category

ServicesAAA

Servers

Public Wireless LAN Service Model The network is ‘open’ to users without pre-shared secret

19

802.1x/11i/WPA L2 Network Authentication and Access Control

(1) Mutual TLS authentication with pre-shared

key (2) Establish L2 session key dynamically

External Network

(3) Only successfully-

decrypted packets are forwarded

Conventional ‘Closed-style’ authentication: Only hosts with pre-shared key can access the network, Mainly for Corporate WLAN

20

L2/Web Authentication ComparisonWeb-based 802.1x/WPA/11i

Support Most public WLAN providers

Corporate Networks(only on 802 LAN/MANs)

Pre-shared Secret

Not necessary (use credit-card authorization)

Necessary

Encryption None Per-station RC4, AES(802.11i)

Authentication SSL-protected Password

EAP-TLS (certificate-based)

Access Control IP/MAC address Cryptographic

Accounting Fine-grained Only at boot time

21

Our Approach Compound L2/Web authentication to ensure users

to have cryptographically-protected wireless LAN access

Use 802.1x ‘guest’ authentication mode, embed L2 session key digest in web authentication At layer 2, do not assume pre-shared secret Digest embedding is necessary for avoiding race attack

After Web authentication, user gets full access Otherwise, users have limited access to free contents

L2 DoS protection is out of scope

22

Race Attack Scenario

Legitimate Client AP RADIUS/Web

L2 Auth

K1 K1

Malicious Client (MAC Spoofer)

L2 Auth

L2 Auth

K2K2

Firewall

(L2 Session key verify NG)

Bind (MAC, MD5(K1)

Bind (MAC, MD5(K2))

• Theft of service can be prevented by authentication binding• L2 DoS attack is still possible

L2 Auth

Web Auth+ MD5(K1)

(Why L2 session key digest embedding is necessary)

23

Compound Authentication Testbed

Access Point

Client

RADIUS/Web Server(1) 802.1x TLS

guest authentication

External Network

(2) Establish L2 Session

Key

(3) Web Auth (with L2

session key digest)

(4)Firewall Control

Xsupplicant 0.6libwww-perl 5.6.9

Cisco AIR-350

FreeRADIUS 0.8.1Apache 2.0.40

Attacker

(rejected)