Analysis of EAP-GPSK Authentication Protocol
نویسندگان
چکیده
The EAP-GPSK protocol is a lightweight, flexible authentication protocol relying on symmetric key cryptography. It is part of an ongoing IETF process to develop authentication methods for the EAP framework. We analyze the protocol and find three weaknesses: a repairable Denial-of-Service attack, an anomaly with the key derivation function used to create a short-term master session key, and a ciphersuite downgrading attack. We propose fixes to these anomalies, and use a finite-state verification tool to search for remaining problems after making these repairs. We then prove the fixed version correct using a protocol verification logic. We discussed the attacks and our suggested fixes with the authors of the specification document which has subsequently been modified to include our proposed changes.
منابع مشابه
Extensible Authentication Protocol - Generalized Pre-Shared Key (EAP-GPSK) Method
Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This memo defines an Extensible ...
متن کاملAnalysis of Improved EAP - SIM based Authentication Protocol
Remote EAP-SIM authentication has an overwhelming impact on the authentication delay. RADIUS protocol can be used for local authentication which reduces authentication latency. However, in case of EAP-SIM authentication, where triplets are to be retrieved from a remote authentication gateway (AuC), this does not help much. An Improved EAP-SIM authentication method was proposed in [2]. In this p...
متن کاملEAP Extensions for EAP Re-authentication Protocol (ERP)
The Extensible Authentication Protocol (EAP) is a generic framework supporting multiple types of authentication methods. In systems where EAP is used for authentication, it is desirable to not repeat the entire EAP exchange with another authenticator. This document specifies extensions to EAP and the EAP keying hierarchy to support an EAP method-independent protocol for efficient re-authenticat...
متن کاملA Threat Analysis of The Extensible Authentication Protocol
Acknowledgement I wish to express my sincere gratitude to Professor Michel Barbeau, my supervisor, for his encouragement and guidance during the course of this project. Thank you for always being there and helping me whenever I needed. ii Abstract Security is always a major concern for wireless LAN development. This type of development is suffering today from different security problems due to ...
متن کاملA Modular Security Analysis of EAP and IEEE 802.11
We conduct a reduction-based security analysis of the Extensible Authentication Protocol (EAP), a widely used three-party authentication framework. EAP is often found in enterprise networks where it allows a client and an authenticator to establish a shared key with the help of a mutually trusted server. Considered as a three-party authenticated key exchange protocol, we show that the general E...
متن کامل