Presentation is loading. Please wait.

Presentation is loading. Please wait.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN."— Presentation transcript:

1 Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN standard for authentication

2 What is PEAP ?  PEAP is an 802.1x authentication protocol typically designed for access control in wireless LANs  It makes use of two well known protocols Extensible Authentication Protocol Transport Layer Security

3 IEEE 802.1x - Overview  Is a port based access control mechanism.  Transports data between the Client (Supplicant) and the server [RADIUS]

4 What is EAP ? Protocol for communication between Supplicant and an Authenticator EAP messages encrypted directly over a LAN medium – EAPOL defined Access Point [Authenticator] forwards these EAP messages encapsulated in RADIUS packets to RADIUS server EAP allows authenticator to serve only as an carrier without needing to know the EAP authentication protocol type.

5 EAP–TLS  Transport Layer Security [TLS] exchange of messages provides mutual authentication with both client and server validating each other via certificates.  Imposes substantial administrative burden Requires a full fledged PKI infrastructure support established. The client certificates must be managed, revoked and distributed

6 Need for PEAP  Wireless AP broadcasts all traffic hence can easily collect data if within the broadcast range PEAP answers this by transmitting user-sensitive data in an encrypted channel - the established TLS tunnel  Wireless Encryption seen to be weak Using PEAP the data within the tunnel cannot be decrypted without the TLS master secret and the key is not shared with the Access point  With PEAP only server side PKI infrastructure based digital certificates are used to authenticate EAP servers.

7 EAP –TLS Test Bed in LAB

8 Goal of Thesis  Implement a basic server-side working model of the PEAP protocol on a Linux Server based on the IETF internet draft proposal [www.ietf.org/internet-drafts/ draft- josefsson-pppext-eap-tls-eap-06.txt ]  Perform a comparison between the two 802.1x EAP standards – TTLS and PEAP.  Deliverables A thesis report documenting the implementation details of the PEAP module on freeradius and xsupplicant. Should also include the configuration details of the wireless network set-up and lessons learned in this thesis project. The source code of the PEAP module.

9 Thesis Plan  Work Done Till Date Installing and Configuring the Client Side software – Xsupplicant [www.open1x.org] Installing and configuring Radius Server - FreeRadius [www.freeradius.org] Installing and configuring OpenSSL. [www.openssl.org] Set-up a test bench to test EAP-TLS with the above configured software. Running Xsupplicant, Cisco AP-1200 and FreeRadius with EAP type set to TLS. Successfully established the Authentication.

10 Thesis Plan Contd….  Work in Progress Study and analyze both the Client [Xsupplicant] and Server side [Free Radius] implementations of the IEEE 802.1x EAP protocol.  Work to be done Implement the Server Side Code with PEAP modules to authenticate PEAP Users. Configure Xsupplicant, FreeRadius and the Access Point to support EAP type PEAP. Test the implementation of the PEAP modules. Run and test Xsupplicant, Cisco AP-1200 and FreeRadius set- up configured to EAP type TTLS and EAP type PEAP. Study and analyze the logs showing the protocol handshakes using packages like ethereal and tcpdump. Compare performance of the two protocols TTLS and PEAP. Write Thesis

11 References [1] Protected EAP (IETF draft, work in progress) March 2003: http://www.globecom.net/ietf/draft/draft-josefsson-pppext-eap-tls-eap-06.html http://www.globecom.net/ietf/draft/draft-josefsson-pppext-eap-tls-eap-06.html [2] IEEE 802.1X Port Based Network Access Control, by Paul Congdon: http://www.ieee802.org/1/files/public/docs2000/P8021XOverview.PDF http://www.ieee802.org/1/files/public/docs2000/P8021XOverview.PDF [3] The Unofficial 802.11 Security Web Page. Security analyses of 802.11 http://www.drizzle.com/~aboba/IEEE/ [4] PPP Extensible Authentication Protocol http://www.ietf.org/rfc/rfc2284.txt http://www.ietf.org/rfc/rfc2284.txt [5] PPP EAP-TLS Authentication Protocol http://www.ietf.org/rfc/rfc2284.txt http://www.ietf.org/rfc/rfc2284.txt [6] PEAP – Product Documentation http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/wind owsserver2003/proddocs/entserver/sag_ias_protocols_peap.asp http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/wind owsserver2003/proddocs/entserver/sag_ias_protocols_peap.asp

Download ppt "Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN."

Similar presentations

Authentication.

Authentication.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
P1451.5 Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Implementing Security for Wireless Networks Presenter Name Job Title Company.

Implementing Security for Wireless Networks Presenter Name Job Title Company.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP 802.3802.5802.11 802.1x EAP API.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.

Similar presentations

Ads by Google