【转】A Technical Comparison of TTLS and PEAP

A Technical Comparison of TTLS and PEAP

by Matthew Gast author of 802.11 Wireless Networks: The Definitive Guide
10/17/2002


Related Reading

802.11 Wireless Networks: The Definitive Guide
Creating and Administering Wireless Networks
By Matthew Gast

Broadly speaking, wireless LAN security has two major issues. Authentication of network users is not strong, so unauthorized users may be able to access network resources. Traffic encryption is also weak, so attackers are able to recover transmissions. Strong authentication is a key component of wireless LAN security because it prevents unauthorized users from gaining network access. Wireless LAN protocols are also designed in such a way that bolstering the access control also makes it quite easy to shore up the encryption of traffic, to the point where deploying products to improve authentication will also provide greater privacy of the information traveling over the wireless LAN.

In response to the concern about weak authentication, the industry began developing a series of stronger authentication protocols for use with wireless LANs. The key standard for wireless LAN authentication is the IEEE 802.1x standard, which is in turn based on the IETF‘s Extensible Authentication Protocol (EAP). EAP, and thus 802.1x, provides an authentication framework. It supports a number of authentication methods, each with its own strengths and weaknesses. Part of the challenge to deploying 802.1x on a wireless network is to decide on the type of authentication that will be used. The authentication method is the key decision to make in deploying a wireless network, since it will drive all the product choices you make.

TLS-based Authentication Methods

802.1x was initially developed for authentication of users on traditional wired LANs, and therefore did not require strong encryption. Eavesdropping is certainly possible on wired networks, though it requires physical access to network equipment. Wireless networks are much easier to perform traffic analysis on because physical access to the network does not require physical access to the network equipment. Frames on wireless networks can be easily intercepted in transit with wireless network analysis software. Wireless networks also have additional authentication requirements. Without physical access to the equipment, users need to ensure that they are connecting to legitimate access points that are part of the organization‘s network, not "rogue" access points set up as part of a man-in-the-middle attack. In addition to the requirement for user (client) authentication, wireless network users also need to authenticate the networks they connect to.

These two requirements, strong encryption to prevent eavesdropping and mutual authentication to ensure that sensitive information is transmitted only over legitimate networks, must drive your wireless authentication strategy. In practice, only methods based on the IETF‘s well-known Transport Layer Security (TLS) standard can satisfy strict encryption and authentication requirements. Three TLS-based protocols have been developed for use with EAP and are suitable for deployments with wireless LANs:

  • EAP-Transport Layer Security (EAP-TLS)
  • Tunneled Transport Layer Security (TTLS)
  • Protected EAP (PEAP)

Major differences between the protocols are summarized in this table:

Detailed Comparison of TLS-based Methods

  EAP-TLS (RFC 2716) TTLS (Internet draft) PEAP(Internet draft)
Software
Client implementations Cisco, Funk, Meetinghouse, Microsoft, Open1x (open source) Funk, Meetinghouse Microsoft
Supported client platforms Linux, Mac OS X,Windows 95/98/ME, Windows NT/2000/XP Linux, Mac OS X, Windows 95/98/ME, Windows NT/2000/XP Windows XP
Authentication server implementations by Cisco, Funk, HP, FreeRADIUS (open source), Meetinghouse, Microsoft Funk, Meetinghouse Cisco
Authentication methods Client certificates Any[1] Any EAP method[2]
Protocol Operations
Basic protocol structure Establish TLS session and validate certificates on both client and server Two phases: (1) Establish TLS between client and TTLS server (2) Exchange attribute-value pairs between client and server Two parts: (1) Establish TLS between client and PEAP server (2) Run EAP exchange over TLS tunnel
Fast session reconnect No Yes Yes
WEP Integration Server can supply WEP key with external protocol (e.g. RADIUS extension)
PKI and Certificate Processing
Server Certificate Required Required Required
Client Certificate Required Optional Optional
Cert Verification Through certificate chain or OCSP TLS extension (current Internet draft)
Effect of private key compromise Re-issue all server and client certificates Re-issue certificates for servers (and clients if using client certificates in first TLS exchange)
Client and User Authentication
Authentication direction Mutual: Uses digital certificates both ways Mutual: Certificate for server authentication, and tunneled method for client Mutual: Certificate for server, and protected EAP method for client
Protection of user identity exchange No Yes; protected by TLS Yes; protected by TLS

[1] Currently, CHAP, PAP, MS-CHAP, and MS-CHAPv2 are implemented in addition to EAP.

[2] Only the "generic token card" method is implemented in current shipping products.

EAP-TLS

EAP-TLS uses a TLS handshake as the basis for authentication. TLS has many attractive attributes that make attractive for security-related use. It is well documented and has been analyzed quite extensively. Study of the protocol has not yet revealed significant weaknesses in the protocol itself. (Several implementations have suffered from bugs, however.)

TLS authenticates peers by exchanging digital certificates. In EAP-TLS, certificates are used to provide authentication in both directions. The server presents a certificate to the client, and, after validating the server‘s certificate, the client presents a client certificate. Naturally, the certificate may be protected on the client by a passphrase, PIN, or stored on a smart card, depending on the implementation. One flaw in EAP-TLS protocol noted by many observers is that the identity exchange proceeds in the clear before exchange of certificates, so a passive attack could easily observe user names.

Digital certificates are the Achilles heel of EAP-TLS. The use of certificate authentication of clients mandates a concurrent PKI roll-out. If you do not already have a PKI in place, the additional work involved in issuing and managing certificates is quite large. In comparison with other PKI-enabled protocols, EAP-TLS may impose a greater certificate management overhead because of the need to revoke certificates as users have wireless LAN access revoked.

The bottom line: EAP-TLS is secure, but the requirement for client certificates is too big a hurdle for most institutions to deal with.

TTLS and PEAP

Both TTLS and PEAP were developed in response to the PKI barrier in EAP-TLS. Client certificates are not ideal for user authentication for a variety of reasons. Other older methods of user authentication are as secure as certificate-based authentication, but without the high management overhead. Both TTLS and PEAP were designed to use older authentication mechanisms while retaining the strong cryptographic foundation of TLS.

The structure of TTLS and PEAP are quite similar. Both are two-stage protocols that establish security in stage one and then exchange authentication in stage two. Stage one of both protocols establishes a TLS tunnel and authenticates the authentication server to the client with a certificate. (TTLS and PEAP still use certificates to authenticate the wireless network to the user, but only a few certificates will be required, so it is much more manageable.) Once that secure channel has been established, client authentication credentials are exchanged in the second stage.

TTLS uses the TLS channel to exchange "attribute-value pairs" (AVPs), much like RADIUS. (In fact, the AVP encoding format is very similar to RADIUS.) The general encoding of information allows a TTLS server to validate AVPs against any type of authentication mechanism. TTLS implementations today support all methods defined by EAP, as well as several older methods (CHAP, PAP, MS-CHAP and MS-CHAPv2). TTLS can easily be extended to work with new protocols by defining new attributes to support new protocols.

PEAP uses the TLS channel to protect a second EAP exchange. Authentication must be performed using a protocol that is defined for use with EAP. In practice, the restriction to EAP methods is not a severe drawback because any "important" authentication protocol would be defined for use with EAP in short order so that PEAP could use it. A far greater concern is client software support. PEAP is backed by Microsoft, and clients are beginning to become available for recent professional versions of Windows (XP now, with Windows 2000 support coming shortly). Suppliers of PEAP clients for other operating systems have yet to materialize, which may restrict PEAP to being used only in pure Microsoft networks.

One major difference between TTLS and PEAP as this article was written is that TTLS is much more widely implemented. TTLS products are available from multiple vendors and have been proven interoperable by a number of public demonstrations. TTLS software is also available for a wide range of client operating systems. In contrast, PEAP products are only beginning to come to market. The first public interoperable PEAP demonstration I am aware of took place at the Networld+Interop trade show in Atlanta last month. The demonstration required the use of a late pre-release copy of CiscoSecure ACS, the only authentication server that currently supports PEAP, as well as a Windows XP client. Although nothing in the PEAP specification prevents development of software for non-Windows systems, it is hard to see Microsoft taking the initiative to develop PEAP clients for other client platforms.

Conclusion

Selection of an authentication method is the key decision in securing a wireless LAN deployment. The authentication method drives the choice of authentication server, which in turn drives the choice of client software. Fortunately, selecting an authentication method is a reasonably straightforward endeavor. Unless you have a well-oiled PKI already deployed, bypass EAP-TLS to avoid the client certificate headaches. Though there is not a large technical difference between the TTLS and PEAP protocols, TTLS has a number of slight advantages. In addition to a slight degree of flexibility at the protocol level, products are available now and support a much wider variety of client operating systems.

Matthew Gast is a member of the business development team at NetScreen Technologies, where he works with strategic partners and alliances. He is also the author of O‘Reilly‘s 802.11 Wireless Networks: The Definitive Guide.

http://archive.oreilly.com/pub/a/wireless/2002/10/17/peap.html

时间: 2024-10-05 04:28:15

【转】A Technical Comparison of TTLS and PEAP的相关文章

.net中使用ODP.net访问Oracle数据库(无客户端部署方法)

.net中使用ODP.net访问Oracle数据库(无客户端部署方法) 分类: c# database2012-01-05 15:34 6330人阅读 评论(1) 收藏 举报 oracle数据库.netcomponentsdll ODP.net是Oracle提供的数据库访问类库,其功能和效率上都有所保证,它还有一个非常方便特性:在客户端上,可以不用安装Oracle客户端,直接拷贝即可使用. 以下内容转载自:http://blog.ywxyn.com/index.php/archives/326

局域网概念

基本简介 局域网(Local Area Network,LAN)是指在某一区域内由多台计算机互联成的计算机组.一般是方圆几千米以内.局域网可以实现文件管理.应用软件共享.打印机共享.工作组内的日程安排.电子邮件和传真通信服务等功能.局域网是封闭型的,可以由办公室内的两台计算机组成,也可以由一个公司内的上千台计算机组成. 主要特点 广域网(WAN),就是我们通常所说的Internet,它是一个遍及全世界的网络.局域网(LAN),相对于广域网(WAN)而言,主要是指在小范围内的计算机互联网络.这个"

局域网的安全技术

安全技术 特别是当要把相离较远的节点联接起来时,架设专用通信线路的布线施工难度大.费用高.耗时长,对正在迅速扩大的连网需求形成了严重的瓶颈阻塞.WLAN就是解决有线网络以上问题而出现的,WLAN为Wireless LAN的简称,即无线局域网.无线局域网是利用无线技术实现快速接入以太网的技术.与有线网络相比,WLAN最主要的优势在于不需具有广阔市场前景.它已经从传统的医疗保健.库存控制和管理服务等特殊行业向更多行业拓展开去,甚至开始进入家庭以及教育机构等领域.无线局域网有线局域网相比优势不言而喻,

Windows 10 Technical Preview ISO 下载地址

Windows 10 Technical Preview ISO 下载页面    http://windows.microsoft.com/zh-cn/windows/preview-iso 产品密钥    NKJFK-GPHP7-G8C3J-P6JXR-HQRJR 简体中文版: Windows 10 Technical Preview (x64)    4.06 GB 下载地址    http://go.microsoft.com/fwlink/p/?LinkId=522104 Windows

FJoi2017 1月21日模拟赛 comparison(平衡树+thita重构)

题目大意: 经黄学长指出,此题原题出自2014湖北省队互测 没有人的算术 规定集合由二元组(A,B)构成,A.B同时也是两个这样的集合,即A.B本身也是二元组 规定二元组S为严格最小集合,S=(S,S),规定T为严格最大集合T=(T,T) 刚开始我们有两个集合S和T,即全局最小集合和全局最大集合,编号分别为0,n+1 下面我们规定集合的比较规则,是递归定义的 我们称集合X(X1,X2)等于Y(Y1,Y2)当且仅当 X1=Y1 并且 X2=Y2 我们称集合X(X1,X2)小于Y(Y1,Y2)当且仅

DedeCMS Error Warning!Technical Support:DedeCms错误警告

当前位置:主页 > dedecms > dede模板标签使用说明 > DedeCMS Error Warning!Technical Support:DedeCms错误警告(2) 解说,最好有步骤的,我是小白!1.这是提示您的数据库链接失败,可能你下载的模板包含了data文件夹,修改下文件配置就可以了.多素材给你个参考方法2.打开\data\common.inc.php文件3.织梦CMS(dedecms)的数据库连接文件内容如下:<?php//数据库连接信息$cfg_dbhost

The YubiKey -- COMPARISON OF VERSIONS

COMPARISON OF YUBIKEY VERSIONS   BASICSTANDARD & NANO BASICEDGE & EDGE-N PREMIUMNEO & NEO-N FIDO U2F SPECIALSECURITY KEY PRICE – SINGLE QUANTITY $25 $30 $50 $18   Buy Now Show Details Buy Now Show Details Buy Now Show Details Buy Now Show Deta

[算法]Comparison of the different algorithms for Polygon Boolean operations

Comparison of the different algorithms for  Polygon Boolean operations. Michael Leonov 1998 http://www.angusj.com/delphi/clipper.php#screenshots http://www.complex-a5.ru/polyboolean/comp.html http://www.angusj.com/delphi/clipper.php#screenshots Intro

What technical details should a programmer of a web application consider before making the site public?

What things should a programmer implementing the technical details of a web application consider before making the site public? If Jeff Atwood can forget about HttpOnly cookies, sitemaps, and cross-site request forgeries all in the same site, what im