Saturday, November 21, 2015

Authentication Methods for WiFi Networks - Part 1

Legacy Authentication Methods (developed for use with PPP)
  • PAP
    • Provides no protection to user identity.
  • CHAP
    • Slightly more evolved than PAP
    • Password is encrypted with an MD5 hash.
  • MS-CHAPv1
    • Microsoft version of CHAP and later defined in RFC
    • Password is encrypted with an MD5 hash.
  • MS-CHAPv2
    • Uses much stronger hashing algorithm in place of MD5. However, this hashing algorithm has also found to be vulnerable. Using offline dictionary attacks password can be obtained.
    • Supports additionally mutual authentication

  • Password encrypted using MD5 hash can be easily recovered as MD5 is highly susceptible to offline dictionary attacks.
  • Mutual authentication is needed to create dynamic encryption keys.

EAP Methods for Inner Authentication (should be used after establishing a tunnel): 

  • EAP-MD5
    • Offers only One-Way authentication (only client is validated). Since 
    • Mutual authentication is needed to create dynamic encryption keys hence after authentication, messages are not encrypted.
    • Username in clear text: If identity is known, hacker can try to get the password using social engineering techniques.
    • Weak MD5 hash of the password.
    • Similar to EAP-MD5, except it uses OTP as the response.
    • Similar to EAP-OTP, except with hardware tokens are used to generate OTP.
  • EAP-MSCHAPv2: Technically same as EAP-MSCHAPv2 but different nomenclature.

  • Inner authentication (each relevant for specific user credential) should be used only with outer authentication method otherwise insecure.
  • About EAP-LEAP:
    • EAP-LEAP is largely similar to EAP-MSCHAPv2. Hence, suffer from same weaknesses. This method should never be used.
    • EAP-LEAP is not a tunneled authentication method.
    • EAP-LEAP is not an open standard and must be licensed from Cisco.

No comments:

Post a Comment