Presentation on theme: "RadSec – A better RADIUS protocol"— Presentation transcript:
1 RadSec – A better RADIUS protocol Stig VenaasStefan Winter
2 Overview RADIUS overview RadSec overview What is wrong with RADIUS RadSec benefitsRadsec implementations, deployment and standardisation
3 RADIUS overview (1) Remote Authentication Dial In User Service First defined in RFC 2058 from 1997Typically used for modem pools/terminal serversRADIUS uses UDP and a shared secret between client and server for authentication and encryption of passwordsA user may specify a username/passwordRADIUS client sends message to RADIUS server with username in clear-text and password encryptedRADIUS server returns accept or rejectAccept might contain attributes that tell terminal server what access group, IP address etc the user should get
4 RADIUS overview (2) Now used a lot for wireless access Eduroam Enhanced with EAPEduroamMakes use of a hierarchy of RADIUS serversThe wireless access point in a network you visit may talk RADIUS to your home RADIUS serversRADIUS messages may travel through many servers and over long distancesEAP is used between client host (e.g. laptop) and the home RADIUS serverTLS connection between host and home RADIUS serverGood protection of credentials, but some information related to the user may be sent as unprotected attributes to the RADIUS client
5 Roaming in eduroam root Server .de .lu .nl .au . ... org1.lu org2.lu uni.auauthenticator1authenticator2dep1.uni.audep2.uni.au
6 RadSec overview RadSec is RADIUS over TLS Benefits A new transport layer for RADIUSReplaces UDPBenefitsSecurityReliabilityConvenienceWe will explain these benefits after discussing issues with RADIUS over UDP
7 RADIUS security Not very secure Uses MD5 and a shared secret for each client – server connectionMessage authenticationEncryption of some attributes (passwords/keys)There are several weaknessesParticularly if one can listen in on the traffic for a long timeOr, input known data and see how it gets encryptedMost attributes in clear-text, might help an attacker (privacy)For good security, one can use EAP with TLS tunnel between mobile node and home radius
8 RADIUS transport issues UDP client – server, simple retransmission schemeOne RADIUS message == one UDP datagramNot working well for large messages (>MTU)In particular over longer distances, congested linksRADIUS messages can get very large with EAPIf a RADIUS message is fragmented, loss of one fragment means loss of entire messageFor EAP/TLS this can be avoided with EAP fragmentationEach EAP fragment results in a RADIUS request going all the way from client to home RADIUS server, and a response backResults in many messages and long authentication time
9 RadSec security TLS for all RADIUS communications TLS connection per client – serverBoth client and server use certificatesStrong encryptionEncrypts everything, good for privacyStrong authenticationWith proper use of certificatesCertificates provide additional benefitsLater slide
10 RadSec reliability RadSec uses TLS over TCP TCP ensures reliable transportOne can send RADIUS messages larger than the MTU without fragmentationCopes better with packet loss than UDP fragmentsEAP message (fragments) can then be up to 1500 bytes, and the RADIUS messages will still not be fragmentedIt’s common to set EAP MTU to a much lower value to avoid RADIUS fragmentationThis means less RADIUS messages going back and forth, and less delay (an EAP message can easily be 8KB)Makes it easier to detect when a RADIUS server is down/unreachable (better server failover)
11 Other RadSec benefits Certificate based client authentication Does not care about IP addressesCan have e.g. travel kits with APs that can move to any location on the Internet that connect to the home RADIUS serverHome server need only verify the certificateCertificate based server authenticationDynamic roamingWhat if RADIUS client could look at user identity find uni.de server using DNS SRV records, contact uni.de server, and get a certificate from server stating that it is authorised to serve uni.deEduroam without a RADIUS hierarchy?
12 RadSec implementations RADIATORThe first implementation, commercial RADIUSradsecproxy (http://software.uninett.no/radsecproxy/)A RADIUS proxy that also supports radsecCan be used to radsec-enable clients/serversHas been installed in Linux-based APs to make them support RadSec, package for OpenWRTAlso used on hosts running FreeRADIUS serversAlso useful in hierarchies like eduroam where most nodes only do proxying (routing of RADIUS messages)LANCOM access pointsAPs with built in RadSec client
13 Mobile eduroam-in-a-fonera Eduroam travel kit7x9x2cm APRadSec enabled Fonera AP with OpenWRTCan be brought wherever eduroam is neededWith normal RADIUS, the server would need to be configured with the IP address of the clientUsing certificates, the server just need to verify the AP certificateHence, mobile with no re-configuration
14 Deployment and standardisation Used between .lu root and some sitesIn limited production use in .nl for 2 yearsSeveral NRNs (.de .no .pl and more) have done tests and are planning for deploymentIETF standardisationIETF radext wg considering adoptionHope to get an RFC specifying RadSecCurrent specification is
Your consent to our cookies if you continue to use this website.