无线网络EAP认证方法.ppt

EAP methods for works
报告者:曾萍萍
导师:张永平
2007/9/12
2
Outline
Introduction
EAP Requirements
Methods
Possible attacks on EAP
Mobility issues
RFID
WiMAX
Conclusions
2007/9/12
3
Introduction (1/2)
EAP (Extensible Authentication Protocol)
Sited on wireless situation.
Valid identity of the user or device attempting to access work.
Various EAP methods available for use in the variety of works.
EAP definition in does not specify an exact method, algorithm or procedure for the authentication but rather specifies a framework into which a particular method can be plugged.
WLAN (Wireless LAN)
(a, b, g)
The base of authentication methods
Pre-shared key: home office, small office
Password based security: enterprises
Certificate based security: enterprises
2007/9/12
4
Introduction (2/2)
WLAN (Wireless LAN)
Authentication and authorization
WEP
Share secret
Drawback: key usually static
WPA ()
Personal mode: shared key
Enterprise mode: authentication server
AAA (authentication, authorization and accounting) server
RADIUS (remote authentication dial-in user service)
Data protection
WEP
RC4
WPA ()
TKIP (Temporal key integrity protocol )
2007/9/12
5
EAP Requirements
Mandatory requirements
Generation of symmetric keying material
Mutual authentication support
Self-protecting
Synchronization of state
Resistance to dictionary attacks
Protecting against man-in-middle attacks
Protected cipher suite negotiation
mended requirements
Fragmentation
End-user identity hiding
Optional requirements
Channel binding
Fast reconnect
Enterprise-specific requirements
Enterprise architecture framework
Reuse of existing work layout
2007/9/12
6
Methods
Legacy based methods
EAP-MD5
Certificate based methods
EAP-TLS
EAP-TTLS
EAP PEAP
Password based methods
LEAP
SPEKE
EAP SIM
EAP AKA
2007/9/12
7
Methods (Legacy based methods)EAP-MD5
Username and password
MD5 message hashing algorithm
Very simple EAP method
No change keys mechanism
Cannot fulfill the requirement