Describing and Implementing 802.1X and EAP Introduction ‘When using W-FI in a coffee shop or at grandma's house, WPA2 Personal is usually gaad enough. As you star to consider serious security requirements forthe wireless antarprise, WPA2 Enterprise becomes essential Two of the cornerstones of WPA2 Entarprise are IEEE 802 1X and EAP. IEEE 802.1X and EAP Frameworks ‘Separating authentication from encryption 's an important element to improve secunity Ifthe authentication method is strong, it could be too heavy to be reused in a process that would encrypt each packet On the other hand, i the algorithm that is used forthe encryption process 1s, vary fast, could be foo weak to resist a brute-force altack A fast algorithm should be used for packet encryption but never to send & [password that wil ramain the samo from one session to the next session 802.1X and Its Components Ina wireless network, authentication isthe first thing that must be strengthened. A common authentication key forall users in the same WLAN presents too many risks. When one machine key i compromised, all the others are exposed. This risk leads fo the need forindvidual authentication keys, which, in tur, lead to issues of scaling the use of so many individual keys, ‘Supplicant Authenticator Authentication Server $$} 802.1X traffic only ———— tp Wireless Client : ‘Access Point acting : EAP plugin for ‘as Authenticator RADIUS server Fortunately, the same issue has been identified in many other contexts, for exemple, when @ user plugs a new device into a switch. Even if physical secur limits the number of external users thal can access the corporate network, the ently ofthe User or the nature ofthe device ‘also needs to be identified before allowing access, ‘The 802 1X protocol defines port based access contro! The protocol defines three roles + Supplicant: This role isthe machine (\ypically a PC) that wants to access the network + Authenticator: This roles the point of access (a switch for example) The authenticator is the point of entrance to the network + Authentication server: This role fs a machine, somewhere in the network, that keeps alist of conditions by which access is granted or relused. Inthe 802.1X process, the supplicant connects to the authenticator. At this point, the port on the switch is connected from a physical standpoint, however, the 802.1X process has not authorized the port, and no trames are passed from the port on the supplicant to the ‘itching fabric. To be alowed to send and receive traffic, the supplicant must sond a form of authentication, thats, an ID. ithe supplicant that is tlached tothe switch does not send an ID, the port remains unauthorized. In this state, the port cannot pass user trafic The authenticator (typically @ switch) rece'ves the ID from the PC (the supplicant). Next, the suitch passes the ID information to an ‘authentication server (typically @ RADIUS server) thal can venty the identification information. The RADIUS server responds fo the switch with 2 Success or Failure message. Ifthe response isa success, the partis authorized and user trafic is allowed to pass through the port, asi ‘would pass through a switch port that connects to an access device. Ifthe response s a failure, the port remains unauthorized and cannot pass data trafic If there is no response fom the server, the port remains unauthorized and does not pass trafic. 802.1X over Wireless “The authenticator can be a switch in a wirad network, or an AP or wireless LAN controller in a wireless networkClient Authenticator RADIUS Server Access Request —————»> +——— Access Success + Access Success Inthe latter case, the following four steps occur. 1. The supplicant sends an authentication request and receives an authentication response with a Success status. For this reason, wireless networks that use 802 1X ae often viewed as having open authentication 2 The supplicant sends an association request and receivas an association response with an AID. However, in this case, even after association is granted, the lagical port ramains blocked. The wireless ciant cannot access the network further and must go through the ‘authentication mechanism. The supplicant can start the process, or the authenticator can take the iniaive by asking fr the credentials. In either case, the supplicant sends authentication credanbats fo the auteniicator 3. The authenticator receives aultentication credentials from the supplicant and encapsulates 802.1X traffic that is bound for the ‘authentication server and sends it tothe server All other natwark trafic and al other atfompis fo accass network resources are blocked + After receiving RADIUS traffic thats bound forthe cont, the authenticator (wireless LAN controll or AP) encapsulates it and sends the information tothe client. While the server authenticates te client as @ network user, this process also allows the clent to validate the server and ensure thatthe chent isnot logging in to a rogue AP and network Inthe 802.1X model, three roles are defined. This method does not mean that three physical machines are needed. n small networks, a RADIUS comiponent can be coniigured on the wireless LAN controller or on standalone AP. Unique Eneryption Keys ‘An important aspect of 802 1X s that it authenticates each supplicant individually. Wireless networks usually take advantage of this individual authentication toad individual encryption AP [O=| sve [=z] [O=s] ox a red [O=3] [O=s] oe‘While authenticating each other through 802.1X, the client and RADIUS servers derive an indwvidual key that is unique to this device and this session. The RADIUS server sends an access Success message and the session key 10 the AP. The AP forwards the Sucoess message to the cont and stores the session key The client and the AP use the session key in the four way handshake to create encryption keys. The four-way handshake is used to create encryption keys fr the session, and also lo create a broadcast or multicast key that's common forall clients. When the client disconnects, the AP reluins fo its intial state fr that client, allowing only 802 1X trafic to pass. Each time thatthe client connects to the netwotk, it associates with an AP, and it must reauthenticate to the RADIUS server and obtain a new key Using 802 1X authentication means that each wireless clint can be grantod 2 new. dynamic key each time the cant accesses the network Because these keys are dynamic and session. based, is extremely dificult for an intruder to learn the system Kays and use them to access the WLAN. Each user has a unique key for this connection time only. The AP has all he session keys for each associated client, which allows the AP to ‘communicate with each client. Because each client uses a unique key to encrypt and decrypt data, another user who captures the traffic cannot decrypt the information. EAP Overview £802.1X EAP provides an authentication framework in which the supplicant connects to an AP. The data port thraugh the AP is blocked until ‘authentication occurs and opens only if it succeeds. Client Authenticator RADIUS Server Association Request ——>| <+— Association Response EAPOL Start ————>| +— EAPOL Request/identity ——] — EAPOL Response/identity —->|——._ EAP. Responseridentity over RADIUS ————> +<— EAP Request EAP Response ———>| |< EAP Request over RADIUS, EAP Response over RADIUS. ——————> <— EAP Success }<——— EAP Success & Encryption Key over RADIUS <+—— Key Management ———>| EAPOL = Extensible Authentication Protocol over LAN “Tho 802 1X architecture does nat contain protocol details for wireless clients to send their credentials to the authentication server, nor does it ‘specify how this authentication should occur. Dial-up ISPs had the same issue wih the daling-aulhentcation issues of CHAP or PAP over PPP for cients. To solve this problem, the IETF designed EAP. EAP is a general protocol for authentication that also supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, pubic key authentication, and smart cards ‘The assumption behind EAP is thatthe authentication process fs always the same. A cient requests access and fs queried forts identity. The ‘lent proves its identily and receives an answer (Success or Failure) from the authentication server. EAP defines a typical header to matcit ‘each of these stegs. With EAP, the type of packet (request, denval, and so on) and the direction (from cent to server or the reverse) are defined in the header, and the next step (the expected next packel) is also implied. This method creates stabilty and simplifies the identity ‘exchange. EAP Packet EAP does not specify which type of authentication to use. EAP simply defines the authentication steps and headers EAP separates the authentication itself fom the authentication process. EAP can be used with most types of authentication, and several layers of consecutive authentications can occur within the same EAP frameworkData (Depends on the Method) Length (Total Length of Packet) Fone 2 Response Success Identifier (to Match Request-Response) Failure EAP carries an Authentication Type field. Anew authentication type can be used itis fist ratified, EAP dofines four massage typos: Request, Response, Success, and Failure. In the EAP process, any sido can have the initiative, though the AP usualy starts the process by sending an identiy request message. Because ofthis flexbilty, several mechanisms are defined to alow client authentication. Some of these mechanisms authenticale the client ‘and some mechanisms authenticate the server and the cient. Other mechanisms authenticate the device, the user, or the device and the Depending on the level of secur thats needed, network administrators can implement the chosen mechanism, such as the following partial lst for wireless: + PEAP + EAP-FAST = EAPTLS: Inwiroless networks, all these protacols rely on 802 1X to block the data flaw at the wireless LAN controlar or AP level, and ely on EAP to carry the authentication exchange between the user client device and the authentication server. 802.1X and EAP address authentication but nol encryption. You can use 802.1X and EAP with or without encryption. From the controll or AP perspective, the important issue is the encryption that's chosen If this encryption occurs at Layer 2, must be decrypted at the AP level For 802 1X and EAP authentication al packets must be relayed between the client and the authentication server The content ofthe EAP messages is of no importance to the controller and AP. which simply relay the information. On the wireless client, the typo of EAP that's configured must maich the configuration on the authentication server Sources of AAA A RADIUS sorveris a type of AAA server RADIUS isa group of protocols that define network accass conditions and behaviors. A RADIUS. server s software that defines the concitons by which access to the network is granted or refused,Cisco ISE % (Global or Centralized AAA Server) Mobile Client = C0000O WLAN Controller Active Directory (Local AAA Server) (Optional) ‘These conditions can range from group membership (typical in a Windows environment) to the VLAN of origin tothe time of day. The Conditions can also be very specific (for example, @ user location or even the air temperature) Configuring a RADIUS sorver comprises defining these conditions, which can be cumulative (al conditions must be met for access to bo {granted) or not (one condition is enough to alow access). The RADIUS sofware does not need to contain all the information thas ‘necessary to verify the Condition; rather, the RADIUS server can point to an external resource. For example, Windows group membership can bbe matched against Microsoft Acive Directory, and temperature can be read from an external sensor. The RADIUS server simply needs to be Configured to find the relevant information. ‘Bocause the RADIUS sarver is an authentication server, it can generate the initial key (master Key) to bo used for encryption (per 802 1X specications), ‘AAA functionalty can be provided, as follows: + Locally by a Cisco Wiroless LAN Controller (WLC; referred to as the local EAP) + Globally by a AAA RADIUS server, as follows = Cisco Identity Services Engine (ISE) = Cisco Secure Access Control Server (ACS) ~ Microsoft Server that's configured for RADIUS ~ ARADIUS-compliant server ‘local EAP allows a controler fo act an authentication server for wireless clients. The local EAP can use the local user database or an LDAP database to authenticate users. The local EAP can be used as a backup for RADIUS authentication. This approach allows wireless clients 10 authenticate even ifthe controler loses connectivity fo the RADIUS server Which three characteristics correctly describe EAP? (Choose thres ) supports multiple authentication methods the type of packet and the direction are defined inthe header to create stability and simply the entity exchange 1 defines oniy two message types: Success and Failure ) defines four message types: Request, Response, Success, and Failure J Fequires an AES encryption key of atleast 128 bitsEAP Authentication ‘An important element of authentication is ensuring only the authentication server can read the credentials thatthe client sends and that the Credentials are sent to the correct authentication Server Certificates and Digital Signatures So Common Key \ Cleartext Encrypted Cleartext Message ———* Result ——— > Message Pat Bob “The credentials can be encrypted before they are sont. Two types of encryption exis: symmetric and asymmetric. Symmetric encryption is also referred fo as encryption using symmetric keys, which means that the same algorithm and key thal are used fo encrypt the message are used, in reverse, to decrypt the message. The key can be generated on one side and transmitted to the other side over a secured transmission, or it ‘an be a common password that is configured the same way on both sides ‘Atypical example ofthis system is letter shifting. In this encryption technique. if letters ina word are shifted forward using an index of ‘wo, "a* becomes "c,"*b" becomes "d" and so on. To decrypt the message, tha liters are sifted in the opposite direction (loward "a" rather than toward"), using the same algorthm (index of two) ‘Symmetric key encoding is good for encryption because itis usually simple and fast Pat's Bob's Public Key Public Key Key 2 Key 1 Key 3 Key 4 er ™~e Cleartext Encrypted Cleartext Message Result Message Pat BobAsymmetnc keys are more robust. With asymmetric keys, a user generates two keys (n the example that is shown inthe figure, pubic {Key 1) ‘and privata [Key 2). These keys are built on a mathomatical algorithm so that they work in pairs. Only Key 2 can decrypt what is encrypted by Key 1 and vice varsa. Using one Key to guess the second key is nat easy to do, “To understand how asymmetric keys can be used to encrypt, suppose that users Pat and Bob (for and B) want to exchange a secret message. Pat wants fo make suto that Bob wil be the only person who can read what he sends Pat gonaratos a pair of koys (1 and 2), and Bob generates another pair of keys (3 and 4). Data that is encrypted using Key 1 can be decrypted ‘only using Key 2. Data thats encrypted using Key 2 can be decrypted only using Key 1. Data thats encrypted using Key 3 can be decrypted ‘only using Key 4, and data thats encrypted using Key 4 can be decrypted only using Key 3 ‘To exchange the secret message, Bob sends one of his keys to Pat (for example, Key 3). Ths Kay's the public key of Bob bocauso its given ‘away. Pat uses Key 3 to encrypt the message, because he knows that Bob, who has Key 4, willbe the only person who can decrypt what he ‘encrypts with Key 3. Bob does not give away Key 4, which isthe private key. ‘When Bob wants to answer Pat, he asks Pat to send him his public key (for example, Key 1). He encrypts his message with Key 1, knowing ‘hal only Key 2 (Pal) can decrypt i Digital Signatures ‘This lave of socracy is suficiont for message exchange. Bob can freely give his public key to anyone wha wants to send a message to him, knowing tha he wil be the only one wio can read what 's encrypted wit this pubic key. He can even post his public Key on the Internet in @ public key repository So, as ong as Bod Keeps his private key secre, he is protected, Pat's Bob's Publ Key ? 9 Public Key Key 2 Key 1 Key 3 Key 4 ey 2 Key fe, Key 3 Key Cleartext Cleartext Message Message Pat Bob Public keys that are mado widely available and private keys that aro kept socret are usod for socure exchanges in networks. A server sands ts public key to client, uno uses this key to encrypt a password, knowing thal only the server can decrypt the password, Inthis system, the idenbty of the sender is not protected. If Pat wants to send a message to Bob, and if Bob receives the message, decrypts it, {and reads Pat as the sender name, Bob assumes thal Pal yviote and sent the message. However this fact cannot be guaranteed because the Public key that belongs to Bob can be givan to another person Another person can pretond to bo Pat, write a message, encrypt it wth tho public key that belongs to Bob, and post i. Bob has no way of knowing if Pat was truly the orginal sender. A this point, the system must become a litle more complex to become far more effective, Pat has two keys. Only Key 2 (his private key) can ocrypt what is encrypted with Key 1 (his public Koy). The oppasita is also true: only Key 4 (his public kay) can decrypt what's encrypted with Key 2 (his private key). To enhance secunty, when Pet wants lo send a message to Bob, he starts by encrypting it with Key 2 (hs private Key). Oni Key 1 (his public key) can decrypt the result Next, Pal uses Key 3, the pubic key that belongs fo Bob, to re-enciypt the result @ second time. Only Bob can decrypt this encryption using Key 4 (his private key) When Bob receives the message, he tries to use Key 4 to decrypt it ‘and obtains an unreadable result. He understands that there fs a second level of encryption. Because he knows thal the message supposedly comes fom Pat, ho tries to use Key 1 (Pat's pubic key) and gets a readablo mossago. He can thus be certain that Pat sent the messago, because he could decrypt t ith the public key that belongs to Pat‘Applying the public key thal belongs to Bob allows Pat to encrypt the message so thal only Bob can decrypt it applying his own private key is poof of his identity. This process guarantees that Bob can Wenbly Pal as the sander The keys cannot be duplicated oF forged, and because ‘thoy are unique pais, only Key 2 can decrypt whats oncrypted by Koy 1, which also moans that if Key 2 can decrypt tno message, the only possibilty is that Key 1 encrypted it No other key can preduce an identical result Pat does not neod to encrypt the entre message that he sends to Bob. Pat could choose instead to use a hashing algoritim and encrypt the ‘output This epproach has the same effect and is much less compute-ntensve, This process is known as digitally signing his message with an electronic signature (One of the downsides of using asymmetric encryption is thatthe Keys need to be much larger than symmetnic Kays (8 to 10 tes larger), and ‘asymmetric encryplion and decrypton requires considersble compute power ‘Trusted Third Party Pal applies his private key for encryption before encrypting the data @ second time, using the public Key that belongs to Bob, to prove his identity This approach provides a higher level of socurty, but the lavel needs tobe higher stil Therefore, alast stop must be added tothe process, Pat's Public Key Bob's Signature 5 Public Key <———_—— Fe Key 2 Key 1 Key 3 Key 4 "y 2 Key ey 'y 3 Key Cleartext Encrypted, Cleartext Message Result Message Pat Bob ‘What proves to Bob thatthe public key that he has for Pati truly Pat's public key? Someone else could have created a pair of kay, laboled ‘one as the public key thal belongs to Pa, sent ito Bob, and used the other key to sign the message. If Bob answers this type of message, the attacker could read fis answor Bob needs a guarantee thatthe public Koy genuinely belongs to Pat The best way ta achiave ths quarantea isto physically exchange the Koys. Bob and Pat meet and exchange a medium with a key on i. Pat and Bob know each otter and lve in the same neighbortiood, such an ‘exchange 's possible; othanwise, t's not Anotier possibly isto use a third person. Pal can give his public Key fo someone Ne trusts to gve it to Bob. But how can Bob be sure tha the Person he meets s the one that Pat sent? Bob would need another person to testy fo the wentiy ofthis person. ‘Simply put, the problem les in nding a third person who Bob and Pat tust to confi their dentites. For @ nontechnical comparison, consider the use of a drving license. Aa local agent (for example, the Department of Motor Vehicies in California) ssues a license, which serves as proof ‘of identity. The rest of te state and the rest of the entire United States trusts ths local agent. If you want to open a bank account, the bank will ‘rust your driving lcense as proof of identity In computer terms, the same logic applies A few hundred trusted authorities act as the third party that can tastiy that a particular public Key ‘genuinely belongs to Pat. To accomplish ths task, these authorities use the key that belongs to Pal and ad to the end of i some data that, ‘contains his name, the validity duration, and a hash that contains a signed message that is encrypted with a private key that belongs fo the authority.Because the authority is well known, is public key is implemented in the operating system of most computers. When receiving the public key ‘that bolongs to Pat, the computer that belongs to Bob tries to road the authorty hash using the public key of that authonty, which is installed on the computer. Ifthe process is successful, the public key truly belongs to Pat. Ir the process fails, @ pop-Up window appears thal warns Blob that the key isnot coroctly signed and asks ihe wants to trust it ‘Tohave a public key that a trusted third party signs, Pat must prove his identity and usually pay a fee for this level of security. Certificate Funetion “The process of the authonity adding some data tothe end of Pat's public key creates a cotiicato. This authority ks more common rerted to asa CA Acertficae s therelore a document that ttansports a public key to which a trusted thid-party CA has added a message, such as the ‘one thal is described inthe previous example, and signed using its private key. Cetiicales are used for transporting public keys. Changed ers Honore tes opciones ‘eeu eotiese Vesey cael esi a conor yuh ‘ntcrcon stun Vow hcxifesste Soe whee} umn wath catig aden, © Tress cae teva eestor enteoar rele don al e ‘maich he name ofthe ste Doyeument toposes? Cee) Cre) (igen) device A receives a cetficate that device B sends toi device A cen use the certificate signature to venty thal the certificate is genuine and {he cartiicate truly holds the public key of device B. Davioe can use the key from the certficate fo encrypt the messages that it sends to device B, knowing that device B, using is prvate key, willbe the only one that can decrypt these messages. “There are cases in which the third party signaturo is unnecessary. Whon a wireless LAN controller reboots after its inital configuration, 2 Certificate is generated. This certificate 's called self-signed because no external autionty confirms i When the administrator connects to the \web interface of tis controler, a waming appears, signaling that the CA for this certificate fs not known. Because the administrator trusts the ‘physical cabo that inks tothe controler, the cerifcata can be accopted as valid, although its sof-signed. CAs aro usually required in public ‘networks, in which the level of trust i low PKI Terminology and Components. ‘APK\ provides a framework on which you can base security services, such as encryption, authenticaion, and nonrepuciation. A PK allows for very scalable solutions and iis becoming an extremely important authentication solution for VPNs. A PKi uses certan terminology to name its components. ay Enochian Pai [Asenace ramenor hats needed to suppor lage scale publi key base tecnnooges lea [Te tte te ary na signs pubic Keys n network [cenneses Documents tat ons nares to pubic Keys that he CA sionsPKI Terminology \Wnen you apply these concepts in practice, itis important to understand the supparting framework A PKI is the service framework that is ‘needed to support large-scale, pubic Key. Dased technologies. tis a Set of technical, organizational, and legal Components tnat are needed 10 estabish @ system. The public key infrastructure enables large-scale use of public key cryptography to provide authentily, conidentally, Integy, and nonrepuciation services ‘Two very important terms must be defined when talking about a PKI ‘+ CA: This component isthe trusted third party that signs the public Keys of entities ina PK-based system. + Certificate: This component is a document nat binds the name ofthe ently and Is public key, which he CA signed P&I Components PKI is more than just a CA and ts users. Along with implementing the enabiing technology, bulaing a large PKI involves a signicant amount of organizational and legal work. Thare are five main areas of a PK": ‘+ CAs for key managoment + [Link], such as psopla, devices, and servers + Storage and protocols + Supporting organizational framework, which is known as practices and user authentication using LRAS + Supporting tegal framework x508v3 “Tho X 509 is 2 ubiquitous and well-known standard that defines basic PKI formals, such as a certficate and CRL format, to enable basic Inkeroperabily. “Tho standard has bean widely used for years with many Internet applications, such as SSL and IPsec. The X 509 version 3 (X 5003) standards define the format of a digital certificate, This format is extensively used inthe infrastructure of the Internat in the folowing ways: + Socure web servers use X 5003 for wobsite authentication in the SSL and TLS protocols. + Web browsers use X 500V3 for services that implement cliont certificates in the SSL protocol + User mail agents that support mal protection using the S/MIME protocol use X 5093. + IPsec VPNs, where certificates can be used as a public Key distnbuton mechanism for IKE RSA-based authentication, use X S09V3. Crtficates are public information. They contain the binding betwoen the names and public koys of entities and they are usualy publishod in a centralized directory so other PKI users can easily access them. Inthe CA authentication procedure, th fst step you take, when contacting the PKI, is ta securaly obtain a copy of the public key ofthe GA, The public key ofthe CA verifies al of the certificates that the CA issued. This key is vital forthe proper operation of the PKI Retrieval of CA Certificates Retrieval of CA cartiicates is a process that is used for proper authentication inthe wireless network + Inband retrieval of a GA certificate + Out-of band authentication of @ CA certificate Admin Out-of-Band Authentication of the ‘Submitter Public Key eo = certificate Enterprise NetworkInthe figure, te folowing steps occur: 1. Pat and Bob request the CA certificate that contains the CA public key. 2. On receipt ofthe CA certificate, ther systems very the validity ofthe certificate, using public key cryptography. 3. Pat and Bob follow up the tachnicalverication that their system doss by contacting the CA administrator and verifying the public key and serial number ofthe certificate. Certificate Enrollment Cerificate enrolment is another procedure that you Would use in a wireless network to obtan proper authentication. + In-band request fora certitcate + Verification of user credentiais and prvieges + Outof band authentication of @ user public key cA cA ‘Admin Out-of. Bang Authentication of the Submitter Public Key =o = certificate ( L Enterprise Network ) ‘Aor rtroving the CA certficate, Pat and Bob perform the folowing stops to submit certificate requests to the CA 1. Each oftheir two systems forwards a cerficate request that includes ther public key with some identiying information. Al his infortion is encrypted using the public key ofthe CA, 2. On eceipt ofthe certificate requests, tne CA administrator contacts Pat and Bob to Confirm their submit and the public key. 3. The CA administrator issues the carticate by adding more data to the certificate request and digitally signing al of 4 The and user manually retrieves the cerbficato or the SCEP automatically ratrieves the cerficata, and the certficata is installed on the system Certificates That Use Authentication ‘These certificates have the folowing attibutes: ‘+ Authentication no longer requires the presence of the CA server += Users exchange their certificates that contain pubic keys.~~ £—— B. z = ‘When the certificates thatthe same CA signed are installed, Bob and Pat aro ready to authenticate each other a follows: ‘+ Bob and Pat exchange cortifcates. The CA is no longer involved, + Each party verities the digital signature on the certificate by hashing the plaintext potion of the certificate, decrypting the digital signature using the CA public key, and comparing the results Ifthe results match, the certificate is verffed as being signed by a trusted thid party ‘The venfication by the CA that Bob is Bob and Pat s Pat wil be accepted PKI in the WLAN ‘The PK\ provides you wilh a scalable and manageable way to implement strong encryption using digital certficates. The PKI manages ‘encryption keys and identity information for the human and mechanical components ofa network that participates in secured communications Pat's Certificate Workgroup Switch’In the enterprise WLAN, PK{ is used as follows: + CAs generate digital certificates for users (clans) and servers. CAs have CA certiicates that validate the user and server certificates + liens request a user certificate trom a CA and use the cerficate to authenticate to the server using the EAP process, Not all EAP variants use cent cortficates (EAP-TLS does) + Servers request a server cotficato fom the CA, which the client uses to validate the authentic ofthe server. A server can also use a self signed certificate in which tacts as its own CA. + Cisco WLCS use preinstalled server cetficates or can request a server cetficate from a CA EAP Types “There are several EAP types, which are variations of the protocol ofacitatediferentiations in usage Extensible Authentication Protocol-Transport Layer Security EAP-TLS is used estenswvely in wreless authentication wih 802 1X and EAP CCerincates are used extensively In witeless authentication win 802 1X and EAP, because they are @ way to authenticate and generate enciyption material over an untrusted link. EAP-TLS 1s the most typical method of appying these certificates. inaons 7 6,10) ane Windows Phone 81+ en suppor Lina Mac O53 703 (and ater, ADpIETOS, and Anon Esc cent renuies a user oeriicte EAP TLS suppered RADIUS sever nrastucure requremenis RADIUS senerrequres a server cerita ca serer (PA) [ceteate management Chen and RADIUS serve oaicales are manages ‘[Link] EAP-TLS, you must install a certfcate (a public and a private key) on the authentication server and the client. An authentication server pair of keys and a client pair of keys must be generaled and signed using a PKI, and installed onthe authentication server and cent ‘TLSis inlended to be an altematwve, standardized version ofthe widely deployed SSL encryption mechanism. SSL has long been used for secure web exchanges. ‘TLS 1.2/s the protocol that is used when you use HTTPS on th Intamet to validate th web server identity so that you can send protected information, such as your cred card details. A certificate is usually sent from the web server side so thal your browser can Confirm the server identity and encrypt the content that is sent othe server EAP-TLS uses a certificate to authenticate a user or machine. Carifcatas are issued to users and computars by @ CAar an RA (most likely an LRA) and are used to validate entity. The maintenance of tis CA (which is part of a PKI) might be a barrier to EAP-TLS deployment for some ‘customers. Esch clent (user) must have ther own cerbfcate that's personally issued and installed on their machine to perform TLS ‘aulhenticaion. Each RADIUS server must also have is own certificates EAP-TLS has native support on Windows 7, and 10 and Windows Phane 8 1 It also has nave support on the Apple iOS, Mac OS X, and ‘Android platforms. Third-party supplicants can be used for nan-Windows supportAuthenticator Certificate Supplicant Authentication Authority ‘Server Start ———+> AP Blocks All Requests Until <— Request Identity ‘Authentication Completes Identity ——>. Identity ——> <— Sener Cerificate. “<—Server Certificate — Client Cerificate» 1———Client Certificate—> Encrypt Random Session Keys Generated Bemis a + Pairwise Master Key <— Key Management WPA Key Management Used + Protected Data Session -> {tthe baginning of the authentication process, EAP-TLS uses the 802.1X aulhentication framework. Therefore, to allow [Link] EAP, the WLAN portion uses open authentication unt the association pase. “The Glen sends a stat rame to he AP to show that uses 802 1X and EAP. The authenticator retums a request idently message to the chent ‘The cient sends its identity, user, or machine name. The autherticaton server then sends is certfcate, which proves its identity and provides the cent wih a means of sending back encrypted ftames. The cient answers with ts oun certificate ‘The start EAPOL isthe intial message thatthe cient or AP sends to iniate an EAP dialog ‘The clent can answer with the machine certificate, user certificate, or the machine certificate and the user certificate, depending on the ‘ype of EAP-TLS that's used A this stage, the client and authentication server have proven their identies and have a way to send encrypted messages to each other. \Which kind of encrypted messages can thay send? They can use the cther end cerficate to directly encrypt the data that they want to transmit (over the ar This method is fina for exchange of informaton between supplicant and authentication server, but itis insufficient for client data ‘encryption, fortwo reasons: + Public and private keys are an efciont way to prtect information, but thay are too CPLLinensive fr fast data encryption and decryption + Public and private keys alow the creaton of an encrypted tunnl between the endpoints (i this case, the authentication server and the Cent). The AP (or contol) is transparent and cannot read the encrypted dialogue for authentication. In a wreless envionment, the encryption must occur in the wireless space, which means ft must stap at the AP leval. The AP is responsible for encrypting and decrypting all data packets. The AP doos nct need to extond encryption ino the wired network Using only cartifcates is insuficient for wireless encryption in an EAP-TLS authentication scheme Instead, you would use the encrypted tunnel between the authentication Server and the cient to genarate a symmetric kay, which is used forthe encryption ofthe data packels, From the exchanged cerbiicates and randomly generated numbers that are exchanged immediately ater the ‘authentication phase, the two ends generate a common value thatis called tha master session key “The authentication server sends the master key to he contolay The encryption occurs between he client and the AP EAP-TLS is used in environments in which deploying and maintaining certificates for all users is necessary to ensure a high level of security EAP-TLS is secure, bu the need to deploy cetitcates on each clients sometimes aburden, Protected Extensible Authentication Protocol EAP can be seen as a compromise between EAP-TLS, which relies entirely on @ cerificate-based infrastructure, and EAP-FAST, which does not require a certificate exchange between the client and the authentication server.Servers authentication win TLS te tye autneneation method PEAP-GTe cien-sae asnenicaton wth EAP aunentcation ypes PEAP-US-CHAP2 [ctenis o notrequte conreaes| fie RADIUS senercan set ssue cereale or can purchase a Sener centcate per sener Tome PKI ent The RADIUS sewer requires a server erifeate The RADIUS sever ses up a apie PAI sener fo ase Sever coricsies neti passwords | atows one-xayautnencaton types to be use Proxy 19 LDAP UNDG Active Erect, and Kerberos With PEAP, a certfcate is required but only on the server side. The philosophy behind PEAP iste pretend to perform a TLS exchange to fst Create a lunne! in which the real authentication will occur The secured tunnel is effectively created inthis fst phase, bul the cent is not required to have a certificate or send a certificate. However, for an outside eavesdropper, the exchange occurs es if certificates were ‘exchanged Cisco, Microsoft, and RSA Security jointy proposed and developed PEAP. There are two implementations of PEAP. = [Link] «+ PEAP-AMS-CHAPV2 ‘The [Link] authentication mechanism allows generic authentication to several databases using token cards, such 8s LDAP, OTP. and so ‘The [Link]? authentication machanism allows authentication to databases that support MS-CHAPV?, including Microsof Active Directory. ‘As for other 802.1X and EAP types, dynamic encryption can be used with PEAP ‘Authenticator External ‘Supplicant Authentication User DB Server ‘Start ———> AP Blocks All Requests Until Request Identity: ‘Authentication Completes: entity —_—»———— Identity ——> Sy ee Sor Cotes — ey rretnester Secret» Pre Masior Socrot—> Efaypted Tutnel Esablished Client-side EAB in EAP Aapenteaton ? << Pairwise Master Key +— Key Management—p WPA Key Management Used Protected Data Session > \With PEAP. you must installa par of kays on the authentication server bofore a wirolass exchange. The client machin simply needs to support PEAP {At he beginning ofthe authentication process, PEAP uses the 802 1X authentication framework. Therefore, to allow end-to-end EAP. the WLAN portion uses open authentication until the association phase. ‘The clent sends a start frame to the AP to show that i uses 802.1X and EAP. The AP retumns a request fr identity to the client. This itl handshake between the client and AP is simiarto the EAP-TLS handshake. Specific to PEAP is that ine clint answer may be wrong. Ifthe, Cent identifier is cient @exemple com, another value, such as nobody@[Link], can be sent to hide the cent information from a possible eavesdropper. With EAP-TLS, the cliont identity is not citcal because the authantication relies on a certificate. With PEAP and MS-CHAPy2, the authentication relies on a usemame and password, so the ability to hido the user identity is important‘Alter receiving the client identife, the authentication server sends a certificate, regardless of whether it recognizes the cient ientier or not ‘The cient authentcates the server using a CA process to verity the diaitalcertiicata ofthe sorver Ing TLS exchange, the client sends is own certificate. In PEAP, the client generates a master encryption key, encrypts this key using the ‘server public key. and sends the encrypiad key tothe authentication server. From the perspective ofan attacker. tis phase could be the client cortfeate phase, ‘This phase is known as Phase 1. The authentication server and clant now have a tunnel through which they can exchange encrypted Information. From an attacker perspective, the transaction is complete, andthe client starts exchanging data with the neNwork. n eaity, inside the encrypted tunnel, a second (protected) authentication phase stats Phase 2 begins with an EAP server sending an (optional) EAP Request/identty frame to the clent, which is protected by the TLS tunnel that was negotiated in Phase 1. The cient responds with an EAP Response!identity message containing the user ID ofthe cient The server knows tho client idontty. Next, the client must prove that's the user that it claims to be. The clant dacs so by sending is credentials, using GTC or [Link]? (password-based authentication) {A this point, just as inthe other EAP methods, the server and client have proven ther respective identities and have a way to exchange tencrypied messages, The authentication server and client use their exchanged values and random numbers that are sent fo each other to {generata a common valuo, which s called the master session key This key can be used to directly gonerato a WEP key or as an inal value for furor negotiation betwoon the cient and AP, ‘The RADIUS server sends the session key fo the wireless LAN controle or AP in a success packet. The clent and wireless LAN controler or ‘AP use the key during the session, EAP is widoly usod in tho wirless environment EAP might not be as secure as EAP-TLS, butt offers 2 level of security that is suffciont for ‘most industrial environments EAP-FAST EAP-FAST provides 2 way to ensure as much security as EAP-TLS but without the naod to manage certificates on the clint or server sido. To ‘achieve his secu, the Same ARA server on which authentication accu's generates a cient credential, which is called a PAC. [Aunque shared reeds used to mutually authenticate the cient and sever Te PAC i generated in Phase 0 raeene gener Jasscuea wan pacar user ID and aunonyy Removes tne need fr PA 7 [Resear tonnal i establahed mPhase 2 |The cent authenicated via he secure tunnel n Phase 2 EAP-FAST has three phases: + Phase 0: Tho PAC needs fo be instaled onthe cont, and can be installed manually or via @ trusted connection where the client is ‘authenticated using another method (for example, certifcate-based [TLS] or password-besed [MS-CHAP v2). + Phase 1: The AAA server and the end user, or client, use the PAC to aulienticate each other and establish a secure tunnel, Aprocess similar fo TLS is used fo veniy the idently of the AAA server and fo establish a secure tunnel between the client and AAA server. The PAC replaces the digtal certificate that's used in EAP-TLS and eliminate the need lor @ PKI to manage the cetiicates, + Phase 2: Tho RADIUS server authenticates the usor credentials with anatner EAP, whichis protactod by the TLS tunnel that is created in Phase 1 Tha common means of authentication are password and GTCs PAC Creation The primary element ofthe EAP-FAST process is the PAC, which replaces cetiicales in EAP-TLS. The PAC is a unique shared credential thats used to mutually authenticate the client and server. The PAC is associated with a partcuar client username and a server [Link]. The PAC eliminates the need for a PKI and digital certificates,PAC ey carats of ne PAC: PAC Opaqve [A sever generis the PAC key PAC Opaque, and PAGO PAC rey characte of PAC- Opaque er userrio Key etme PAG. Opanie[senanoted win amasierkey PAC no conan ne AD Server (A-ID) Master Key Oo; PAC PAC-Info: AID Creating a PAC comprises these steps 41. Aserver AID maintains 2 local key (master key), which only the server knows. 2. Whon a cient identity, sometimes refered fo as the 1D, requasts 2 PAC from the server, the server generates a randomly unique PAC key and PAC. Opaque field fr this cient 43. The PAC-Opaque field contains the randomly generated PAC key, slong with other information such as the IID and key lifetime. 4, The PAC-Opaque field is encrypted withthe master key '5. APAC- Info field, which contains the AID, is also created, “The PAC comprises three pats + PAC key: The client uses this 32-octet key to establish the Phase 1 EAP-FAST tunnel. This key maps as the TLS premaster secret The ‘AAA server randomly generates the PAC Key. ‘+ PAC-Opaque: This vatiablo-longth fold is sont to the AAA sorvor during tho establishment ofthe Phase 1 EAP-FAST tunnel. Tho PAC- ‘Opaque feld can be interpreted only by tne AAA server to recover the required information for the server to validate the client identity and authontication. ‘+ [Link]: This variable-length feld is used to provide, at minimum, the AD or PAC issuer. her useful (but not mandatory) information, such 2 the PAC-key ile, can also be convayad by the AAA Server to the lent during PAC provisioning or ratreshment The server maintains local key (master key) thet only the server knows. ‘When the PAC is created, itis sent to the client. The PAC. can be sent during the autoprovisioning in Phase 0 of as a PAC refresh in Phase 2A PAC can aiso be manually created and installed on the cient. One PAC is required foreach client. After the PAC is created, tne server forgets the PAC and rlies on the master kay and the PAC-Opaque fold PAC Exchange “Tho PAC exchange is shown inthe diagramClient (14D) Server (A-ID) When EAP-FAST session starts, server sends its A-ID in MasterKey= (CO) EAP-FAST start packet Client selects PAC based on A-ID. —areeea“— | Client returns PAC-Opaque to server, PAC-Opaque = Server decrypts PAC Key, HID and lifetime in —( PAC-Opaque, using Master Key. WAU = = Now server and client possess the PAC key (as shared secret) to establish TLS tunnel ‘The PAC exchange follows this process: ‘+ Won an EAP-FAST session fs inated, the server sonds its AID in an EAP-FAST start packet o the client + The client uses the 1D to choose the PAC to use for this session ‘+ The cient sends the PAC-Opaque field from the correct PAC to the server. + The server uses the master key to decrypt the PAC-Opaque feld and retrieve the PAC key, ID, and PAC lifetime ‘+ Now the server and the cont have the PAC key, which is used as a shared secret to establish a TLS tunnel. EAP-FAST Authentication EAP-FAST PAC provisioning s similar to pair of certificates thal are installed on client machine in EAP-TLS. [At the boginning of the authentication process, EAP-FAST uses the 802.1X authentication framawork. Therefore to allow end-to-end EAP. the WLAN portion uses open authentication until the association. The AP restcis al trafic from the clent unt the clent has authenticated to the RADIUS server. —_ —— Authenticator External Authentication User DB ‘Supplicant Server Start ————> AP Blocks All Requests Until <— Request Identity Authentication Completes Identity ———»——— Identity ———> —ad —A PAC Opaque ——> PAC Opague —> Establish a Secure Tunnel (PAC and 1LS) Cr Server Auihgnticate Client tec + Pairwise Master Key — Key Management» — WPAor Cisco Centralized Key Management Used Protected Data Session -> od“Tho clint sends a start frame tothe AP to show thatt uses 802 1X and EAP The AP retums a raquest identity tothe clit. The clint sends fan NAI adatess, in email format, to the AP, which passes i to the RADIUS server. The server and clent mutually authenticate each olher, using Phases 1 and 2 of the EAP-FAST pracess. This authentication gives the same result as EAP-TLS authentication: The authentication Servar and lions now have a way to Send encrypted data to each other The next steps are the same as for EAP-TLS and all ones EAP types in wireless networks. The aunentcation sever and the client use their exchanged values and random numbers that are sent to each other to generate a common value, which is called the master session key. This key can be used to diectly generate a WPA2 key or be an intial value for further negotiation between te client and the AP. ‘The RADIUS server sends the session key o the wireless LAN controller or AP in @ success packet. The clent and wireless LAN controller or AP use the keys during the session EAP-FAST is considered tobe a very obust authentication mechanism. Its anly constraint isthe necessity to have a sorver that can generata ‘and manage PACS and a client thal can Support EAP-FAST. Most Cisco liens Support EAP-FAST, and the Cisco ISE is @ RADIUS-equipped server with EAP-FAST capabilties, Which type of key that can be used to encrypt a message? double-sided skeleton encryption pparacentiic Which three characteristics corectly descrite symmebic encryption? (Choose three.) The same algorithm and key that are used to encrypt the message are used, in reverse, to decrypt the message. ‘The key can be generated on one side and transmitted tothe other side over a secured transmission, Keys must ba created as pairs. The key can be a password that is common io both sides. Date that is encrypted with one key, can only be decrypted withthe other. ‘hash value can be created and encrypted instead of encrypting the entire message. this process ' a digital signature. Asyimmetic encryption can only be used one way. Which three charactristics correctly describe asymmetric encryption’ (Choose three ) (The same algorithm and key that are used to encrypt the message are used, in everse, to decrypt the message. The keys can be generated on one side and transmitted tothe other side over a secured transmission. |) Keys must be created as pairs |) The keys can be passwords that are common to both sides. Data encrypted with one key, can only be decrypted withthe othr Arash valve can be created and encrypted instead of encrypting the entire message; this process is @ digital signature. Asymmetric encryption can only be used one way‘Which statement best defines PKI? the trusted thid-party entity that signs public keys in @ network © cocumant that binds names to public keys that the CA signs, ) _e seivice framework that is needed to suppor large-scale, public Key-based technologies © wellknown standard that defines the format ofa digital cetficate and CRL to enable basic interoperability Wi-Fi Alliance WPA, WPA2, and WPAS Security ‘When WEP was found to be weak and easily breakable, ho IEEE 80211 committee and the Wi-Fi Aliance worked to replace it “Two generations of solutions emerged: from the WI-FI Alliance, WPA emerged, and from the IEEE, 802.11i emerged. The W-Fi Alliance released WPA2 as an update to WPA and based on 802.111. These solulons offer an authentication and encryption framework. WPAZ, which is 802 ‘11-compliant, is the current standard for enterprise networks. WPA Authentication Modes WPA determines two modes of wreless protected access: [Link] mode, which uses PSKS, or WPA. Enterprise mode, which uses. 1802 1X and EAP Sn Jaumenncaton server requres [utnentication server notrequres RADIUS used for aunentcalon ana ey Gstibuon [Snare secret used or aunetcaton Cenatzes access conor Loca access cont Eneypion uses TOP and oponal AES [Eneypion uses TKIP and oplonal AES WPA Personal \[Link] uses the same ctyplograpic tools @s WPA-Enterprise but uses a shared key to aulhenticale WLAN clients, ‘This shared key is used to create the PMK thal is used inthe four-way handshake that creates the encryption key for the session. The shared key mechanism of authentication that is used in WPA-Personal does not provide @ per-user or pet-devioe authentication, every device and ‘every AP that is part of this WLAN uses the same shared key. “Tho ky hat is used for encryption i unique per user and per session, thanks to the randomizing that occurs during the four-way handshake However, the shared key thats used to authenticate isthe same for everyone. “Tho primary advantage of WPA. Personal in a WLAN deployment is that it does net require tne use of 2 AAA server, and itcan be an ‘advantaga in some scenarios. Hawever you naed to be awara that WPA. Personal is nat nearly as secure as WPA-Enterpise (Ins fact is true ‘whether you use WPA, WPA2, or WPA3), WPA Enterprise \[Link] uses the base WPA protection features and cryptographic features of WPA-Personel, but WPA-Enlerprise adds 802.1% and EAP-based authentication to the certification. Cient and server authentication happen via the EAP process. WPA-Enterprise \WPA Enterprise uses the base WPA protection features and cryptographic features of WPA-Personal, but WPA-Enterprise adds 802.1% and EAP-based authentication to the cartfication. Ciant and server authertication happon Via the EAP process In WPA-Enterprise, the master session key that is used to generale the cryplographic key through the four-way handshake is derived during EAP authentication. The EAP authentication process provides the AAA features thal are missing in WPA-Personal allowing each user or device to be individually authenticated.|[Link] mode dictates thal the authenticaton phase should be done using @ supported EAP type + EAPTLS + EAP (PEAP) or EAP-MS.CHAPY2 + [Link] + [Link] Other EAP types might be allowed but they are not officially supported and must be a vendor specific option, The use of EAP implies that an authentication server is used in an 802.1X wreless network. WPA also provides for @ GTK thet is used to decrypt broadcast and muticast ati WPA2 Authentication and Key Management \WPA2 Authentication |WPA2's he curent implementation ofthe 802.111 secuiy standard and deprecatas the use of WEP, WPA, and TKIP. WPA2 supports 802.1X land EAP or PSK authentication, IEEE 802.11n and 802.1 tac support WPAZ + PSKis for a home or smal office and is also known as WPA2-Personal + 802.1X with EAP is used by enterprise-class networks and is oft referrd to as WPA2-Entarpriso, on [sca trereaP fa [Curent implementation of 60218 Uses AES using COM> Uses fournay nandstake ‘The characteristics of AES-CCMP are as folows ‘+= [Link] is the encryption algorithm that is used in the 802.111 secur protocol + [Link] uses the AES block cipher but esticts the key length to 128 bis. ‘+ AES-CCMP incorporates two sophisticated cryptographic techniques (counter mode and CBC-MAC) and adapts them to Ethemet ames to provide a robust secunty protocol between the mobie cent and the AP. ‘+ AES isa very strong cipher, but countor mode makes i dificult for an eavesdropper to spot pattoms, and the CBC-MAC message intogity method ensures that messages have not been tampered with ‘+ AES-CCMP requires updated hardware for cryplography. (Vendors have long since updated W- ‘equipment to meet the requirements.) \[Link] uses the same shared key and four-way handshake of WPA, butt uses AES-CCMP to encrypt and protect frames. Strong keys should stl bo used with WPA2-Personal, bacause itis susceptible to the same tools that can attack WPAPersonal |WPA2-Enterprise uses the same 802. 1X or EAP authentication and four-way handshake of WPA, but il uses the AES-CCMP to encrypt and protect frames, ‘Authentication and Key Management \WPAis the stop-gap security measure that replaced WEP, but it was next replaced (deprecated) by WPA2. WPA used TKIP with MIC. WPA ‘and WPAZ use @ PMK as a seed key forthe four-way handshake to denve the encryplion key and pass the multicast or broadcast group key.AP. WLC EAP Success «==: EAP Success «== 1 | <—————— ANonce 2 PTK|—___— sNonce (MIC) >| | PTK [Link] Handshake 3 |e Ready to Use MIC, GTK OK, Use > WLC = wireless LAN controller a vesvormy oan vr agp tus snaenes ene se key, and which has been mutually derved during the EAP authentication. This PMIK is nt to the authonticatar in tha EAP Succass massage, but I's not forwarded to he supplicant because tne supplicant derived iis Own copy ofthe master Session kay, and thetefore the PM ‘The four-way handshake is es follows ‘+ The authenticator sends an EAPOL key frame that contains an ANonce. The ANonce is @ random number that the authenticator generates. ~ Tho supplicant generates an SNonce, which is a random number thatthe supplicant generates, ~ The supplicant derves a PTK from the ANonce, SNonce, PMK, authenticator MAC address, and supplicant MAG address, += The supplicant sends an EAPOL key frame that contains an SNonce and a MIC (generated from the PTK). ~ The authenticator derives the PTK from the ANonce, SNonce, PMI, authenticalor MAG address, and supplicant MAG address, and validates the MIC in the EAPOL key frame. «+ If he validation is successful tho authenticator sends an EAPOL key fram that contains the GTK, the multicast or broadcast encryption key ~ When validating the MIC from ths frame, the supplicant installs its PTK and the GTK. ‘+ The supplicant sends an EAPOL key feme to confi tha the temporal keys are installed. When validating the MIC from this frame, the authenticator installs the PTK for this client [At this point, the supplicant and authenticator have verified that they each have a matching PMK, and each share the same PTK and GTK. “Tho GTK is a temporal kay that is used to sacure the broadcast and mulicast traffic from the AP to all supplicants (stations). The PTK is used to secure the unicast data trafic between the AP and the indwidual stabons, ‘Two-Way Group Key Handshake [Link] group key handshake also exists. The GTK may need fo be updated when a preset timer expites or a when a station eaves the network It prevents the station from receiving more mulicast or broadcast messages from the AP. Il works very much tke Steps 3 and 4 of the four-way handshake, + The AP sends the new GTK by encrypting it withthe station PTK (and also uses a MIC). + The staton acknowledges the new GTK and replies ito the AP. again using a MIC.WPA3 Authentication and Key Management Wras \WPA2 improved socurty over WPA. For yoars, users accepted WWPA2 and took for granted that open networks have no security. no ‘authentication, and no eneryption. One of the major problems of WPA2-Personal is that if hackers crack the PMK, they simply need to capture the four-way handshake and thoy own your network WPAS brings many new defenses to W-FI that aim to change the limitations of WPA2 7a + SAE + OWE) ‘+ Suite 8 Cryptogrephy (GCM and ECC) = DPP DPP (also known as Wi-Fi Easy Connect) and W-Fi Enhanced Open (based on OWE) are not pat ofthe WPAS certification process, and ‘Supports not mandatory. DPP is not expected to be supported on Cisco controllers, Simultaneous Authentication of Equals \With an open network, there is no security and therefore no encryption. The network is let open (one can join when in ranga, and one can ‘soe the traffic of averyane alse). You can protect the network with WPA2 PSK (pro-sharod keys), where security is buon a sharad password, or passphrase. A major limitation of PSK is that tis susceptible to offine cracking An attacker can capture an association and use Offine tools to find the passphrase. \[Link] brings increased protection to individual users by providing more robust security, even when users choose passwords that {all short of typical complexity recommendations. This capabilty is enabled through SAE, which improves on the PSK mettod in WPA2- Personal. The technology is resistant 10 offline dictonary attacks in which an adversary attempts to determine & network password by tying possible passwords without further network itoraction ‘The encryption with WPA3-Personal is more indviulized. Users on a WPA3-Personal network can never snoop on the WNPA3-Personal trafic of another user, even wen the user has the WL-FI password and is successfuly connected. Furthermore, ifan outsider determines the password, itis not possible to passively cbserve an exchange and determine the session keys, so this securily provides forward secrecy of, network trafic In addon, an outsider cannot decrypt data that are captured prior to the cracking |WPAS provides improvements to the general WI-FI encryption «+ Natural password choice: W2A3 allows usors to choose passwords tha ara easier fo remember, «+ Ease of use: WPAS delivers enhanced protection with ne change to the way users connect to a network. «+ Forward secrecy: WPA3 protects data trace even if a password is compromised after the data was transmitted «+ Defense against attacks: \VPA3 is well suited for mesh networks and provides defense against passive attacks, active attacks, and ictonary attacks «+ Standards: WPAS is defined as part ofthe 802.11 standard and gonoralized in IEEE 802.11-2016, based on the DH kay exchange protocol «+ Transition mode: WPAS provides coexistence of WPA2 and WPAS, with easy adoption. “+ PMP: WWPA3 is PMF enabled and mandatory‘Opportunistic Wireless Encryption concerning deficiency of W-Fi, since its inception, is the lack of builtin securily, encryption, or privacy on open public networks. A user wit the right tools could snoop on users wio are connected to Wi-Fi hotspots in cafes, Holes, and other public areas. This snooping could be passive, such as monitoring websites that are vsited or capturing unsecured email login credentials, or active, such as hacking a session t (gain access fo a user's website login Enhanced Open is a Wi-Fi Alliance certification that preserves the convenience of open networks (no need fora shared password) while reducing some ofthe risks that are associated with accessing an open, unsecured network. WLFi Enhanced Open networks provide ‘unauthenticated data encryption fo users, an improvement over traditional open networks with no protection at all, This protection is transparent fo the user ‘Based on OWE, which is dofined in the IETF RFC 8110 specification and the W-FiAliance OWE spocification, WF Enhanced Open benefits users ky providing data encryption that maintains the ease of use of open networks and benefits network providers because there are no public passphrases to maintain, share, or manage. ‘The advantage of OWE is that passive attacks are prevented. Unfortunately, active attacks sill enable an adversary to intercept trafic in some limited cases. Nevertheless, under the proposal of RFC 7435, which descnbes "Some Protection Most ofthe Time," OWE stil increases security rom a technical perspactve, the OWE handshake negotiates a new PMK using a DH key exchange. This handshake is encapsulated in information elements in the association or reassociation request and response frames. The resulting PM's used in a four-way handshake that negotiates and installs frame encryption keys. Wi-Fi Enhanced Open was publsited under the WPA general umbrella but is not part ofthe WPA mandatory certification process, and support for itis not mandatory. WPA3-Enterprise \WPAS also enhances the enterprise. With WPA, enterprise networks become more secure and their security algoritims become stronger. Entarprises, gavamments, and financial insttutions have groator security with WPA3-Entorprise. WPA3-Enterprise builds on WPA2 and ensures the consistent application of secunly protocols across the network. WPA3- Enterprise offers increased key sizes, specifically refering {othe CNSA suite. The US. National Securty Agency defined CNSA to protect top secret data on government and military networks, Bocause the CNSA suite mandates consistant security and employs strong cryptographic encryption, organizations that require top security have adopted it ‘Thus, WPA3 will support AES with GCM with 250-bi keys for encryption, and ECC based on 384-bil curves. This method is extremely fast to ‘computa, yet if provides as much secunty as a 3072-bit RSA key Also, SHA364 of the SHA.2 famiy wil be used, and employed RSA keys ‘must 80 atleast 3072 bits. In surnmary, this approach results in What fs called 192-bt security, because that is roughly the effective strength (of 384-bit elipic curves and SHA384 (the secuny is half the key length). \WPA2-Enlesprise offers an optional mode using 192-bit minimum-strength seculy protocols and cryptographic tools to better protect sensiive dala Wi Protected Access 3 and Wi-Fi Protected Access 2 \WPA2 continues to provide security and privacy for W.-FI networks and devices throughout the WLFi ecosystem. WPA2 devices will continue to interoperate and provide the recognized security that has been is halimark for more than a decade, WPA? will also continue to evolve to meet standards for interoperability and security in all WLFi certified devices. It will be available in Wi-Fi Certified devices for the foreseeable fulure, and all devices supporting WPAS will continue to work with WPAZ WPA3 Vulnerabilities Researchers have found five vulnerabiites in the SAE protocol that i used as part of WPA3-Personal. These vulnerabilties allow an atlacker to achieve the following. + Perform DoS by flooding spoofed authentication frames to an AP. + Switch clients from WPA3-Personal fo WPAZ-Personal on the WPA3-Transition made BSS. + Downgrade DH groups that are used in SAE. + Porform ECC and MODP side-channel timing attacks.CRA era EOE ce eer ar ey) ony Dee eee Ey Key attack (spoot [| MOOP (derive ee peace eee Loreena SSID, announce [| DH group key) AP response a) ood) (otro) Cisco (otro) Cisco Reece Roe) Reece COCCI) Roaice ees Not vuinerable, ees Crd era eer oer ee Sr) Roel enforces DH Prevanoed een discourages using | Group 19 (mode crn a) SCE (WPA3-PSK+WP oe) vey Impacted Client Devices (On client stations that implement [Link], the folowing situation are possible + ECC and MODP [Link] timing attacks can occur = If the vendor is not implementing constant-tme calculations ~ I mavare or a malicious appication (macnine CLI access) nas compromised the client + DH group downgrade can occur ~ Clients that support weak DH groups could be compromised + WPA3 Transition mode compromise can accu ~ Clients can be “downgraded from WPAS-Personal to WPA2 Personal Cisco Response to WPA3 Vulnerabilities ‘+ Cisco APs and witeless LAN controllers are not susceptible lo these attacks. + isco WLANs can be configured as WPA3-Personal only thus disabling WPA3-Transition mode ‘These vuinerabilties do not effect WPA2-Enterprise and WPA3-Enterprise. Cisco implemented protection mechanisms for contro plane trafic to protect the CPU from Dos attacks, ‘+ Only the required DH groups are allowed, downgrading isnot possible group (deduce Perea ety Seay (otro) Reece Reet Cee] Peal ‘+ Customers should avoid PSK WLANs in general, and when using PSK, use WPA3-PSK, nol WPA2-PSK or hybrid WPAS-PSK+WWPA- PSK + Customers should check with their endpoint vendor for WPAS vulnerability, Which two statements are characteristics of WPA2-Enterprise authentication? (Choose two ) DAnauthentication server is required, RADIUS is used for backup authentication, APS is requied. “The EAP process is used to authenticate the client and server 0D o/o'G Encryption uses TKIP and optional AESSummary Challenge ‘Which device in a WLAN serves as the authenticator for 802.1X? switch AP or wireless LAN controller ‘gateway router RADIUS server ‘Whici two statements correctly describe a RADIUS AAA server? (Choose two.) a a a a Itdefines the concitions by which access to the network is granted or refused. Conditions for access cannot be cumulative; a defined condition is enough to alow access. Group membership cannot be matched with external database It can generate the intial key (master key) to be used for encryption (per 802.1% specifications) Ituses various ports for authentication and authorization, Which two statements correctly describe CAs? (Choose two.) ‘They act asthe third party that can testi that a perbcular pubic Key genuinely Belongs fo an entity ‘All public Keys require paying & CA “Their pubic Key is usually mplemented in the operating system of most computers. “Their private key is implemented in the operating system of most computers. “Their private and public keys can be found in most operating systems, Which statement correctly describes a certificate? Itis documented proof from a bank of your ID. Itis a drving icense ‘A certiicato is an entity's public key, which is tox that contains tho entity's name, the vaiity duration, and a hash that contains a ‘signed message thal encrypted with a private key that belongs to @ CA. Icontains private and public keys. ‘Whici two statements correctly describe CAs? (Choose two.) o o oo They act asthe thd party thet can testy that « particular pubic Key genuinely Belongs to an entity ‘Al public keys requte paying @ CA “Their public Key is usually implomontad in the operating system of most computars ‘Their private key is implemented in the operating system of most computers. The'r private and pubic keys can be found in most operating systems,Which statement correctly describes a certificate? Itis documented proof from a bank of your ID, Its a driving license. ‘A certificate is an entity's public key, whichis text that contains the enfiy’s namo, the valcty duration, and a hash that contains @ Signed massage that is encrypted witha private key that bolongs to a CA It contains private and public keys Which throe statoments correctly describa how PKI is used in an entorprise WLAN? (Choose three.) CAs are used to generate digital certificates for users (clients) and servers CCients can request a user certificate from a CA and use the certificate to authenticate tothe server using IEEE 802.1 authentication Servers request a server ceticae rom the CA thatthe clent uses fo validate the authenticity of the server WLANs do not support the use of PK! and CA (Cisco WLCS must request a server certificate from a CA. WLAN PKI demands that users and servers have certificates WLAN PKI can only use rea Intrnat CAs. ‘Which two options are WPA, WIPA2, and WPA3 authentication modes? (Choose two ) o personal private enterprise lobal indspendent ‘Which three options are WPAS features? (Choose three ) ‘Simultaneous Authentication of Equals forward secrecy transition mode totaly unbreakable compatible wih WPA only valid on a mesh netwark ‘more vulnerable than WPA