529 research outputs found
IPv6 Network Mobility
Network Authentication, Authorization, and Accounting has
been used since before the days of the Internet as we know it
today. Authentication asks the question, âWho or what are
you?â Authorization asks, âWhat are you allowed to do?â And fi nally,
accounting wants to know, âWhat did you do?â These fundamental
security building blocks are being used in expanded ways today. The
fi rst part of this two-part series focused on the overall concepts of
AAA, the elements involved in AAA communications, and highlevel
approaches to achieving specifi c AAA goals. It was published in
IPJ Volume 10, No. 1[0]. This second part of the series discusses the
protocols involved, specifi c applications of AAA, and considerations
for the future of AAA
Classification of EAP methods and Some Major Attacks on EAP
This paper presents an overview of authentication protocol and analysis of Extensible Authentication Protocol (EAP) and its place in securing network. In general, authentication procedure adds extra messages to the original message flow and results in throughput reduction/ increase in processing time. Extensible Authentication Protocol (EAP) is a framework which aims to provide a flexible authentication for wireless networks. A number of specific widely used EAP methods are examined and evaluated for their advantages and susceptibility to types of attack. In addition, we evaluate how we communicate between two entities over the network
Simple authentication and security layer incorporating extensible authentication protocol
There are many methods that support user authentication and access control, important roles in the establishment of secure communication. Particularly, we examine Simple Authentication and Security Layer (SASL) and Extensible Authentication Protocol (EAP) and propose EAP-Advanced Encryption Standard-Pre-Shared-Key (EAP-AES-PSK). SASL is an authentication framework in connection-oriented protocols. EAP is an authentication framework providing multiple authentication methods. SASL is vulnerable to the dictionary attack, replay attack, and Man-In-The-Middle attack as well as the re-keying issue. We propose to incorporate EAP into SASL to enhance the security of SASL and to provide a pathway for easy incorporation of future EAP enhancements into SASL. Standalone EAP still faces some common attacks. We propose EAP-AES-PSK, a new EAP method, to provide strong authentication and we implement this method on the Cyrus SASL implementation: one of the publicly available SASL implementations. This project is evaluated through the verification of functionality of a SASL application incorporating EAR Further, we argue how the common security risks associated with SASL are addressed, and we complete a performance evaluation of the new method incorporated into SASL
Designs of a Secure Wireless LAN Access Technique and an Intrusion Detection System for Home Network
Recommended from our members
Selection of EAP-authentication methods in WLANs
IEEE 802.1X is a key part of IEEE802.11i. By employing Extensible Authentication Protocol (EAP) it supports a variety of upper layer
authentication methods each with different benefits and drawbacks. Any one of these authentication methods can be the ideal choice for a specific networking environment. The fact that IEEE 802.11i leaves the selection of the most suitable authentication method to system implementers makes the authentication framework more flexible, but on the other hand leads to the
question of how to select the authentication method that suits an organisationâs requirements and specific networking environment. This paper gives an overview of EAP authentication methods and provides a table comparing their properties. It then identifies the crucial factors to be considered when employing EAP authentication methods in WLAN environments. The paper presents algorithms that guide the selection of an EAP-authentication method for a WLAN and demonstrates their application through three examples
Security of Eduroam Passwords
Tartu Ălikool on otsustanud, et ĂŒlikooli traadita ĂŒhenduse kasutajanimi ja parool peab ĂŒhtima ĂŒlikooli kontos kasutusel oleva kasutajanime ja parooliga. See tĂ€hendab, et juhul kui ĂŒlikooli eduroam vĂ”rgul leidub mĂ”ni nĂ”rkus, on seda potentsiaalselt vĂ”imalik Ă€ra kasutada kasutajate ĂŒlikooli kontole ligipÀÀsuks. Antud uurimistöö on avastanud ĂŒhe sellise nĂ”rkuse, milles luuakse vĂ”ltsitud traadita ĂŒhenduse pÀÀsupunkt, et saada kĂ€tte kasutaja autentimiseks kasutatava protokolli kasutajapoolset vastust. Selle vastuse pĂ”hjal on rĂŒndajal vĂ”imalik kĂ€tte saada kasutaja parooli rĂ€si, mida on omakorda vĂ”imalik kasutada Tartu Ălikooli Samba serveriga autentimiseks. Antud uurimistöö sisaldab eduroami ning rĂŒnnakus vaja minevate protokollide kirjeldusi ning ettepanekuid, kuidas Tartu Ălikooli eduroami turvalisemaks muuta.The University of Tartu has decided that the university's eduroam accounts will share the same user credentials as the rest of the university's services. This could potentially be abused by exploiting weaknesses in wireless security in order to gain access to a user's university account. The aim of this research was to uncover any such weaknesses. In the course of the research, an attack was discovered, which uses a spoofed access point to capture a handshake between the user and the authenticator, which can be used to retrieve a hash of the user's password. That hash is then used to authenticate to the university's Samba server. The thesis also provides the reader with details on how eduroam and the protocols used in the attack work, and discusses potential improvements to strengthen the security of Tartu University's eduroam
Extensible Authentication Protocol Vulnerabilities and Improvements
Extensible Authentication Protocol(EAP) is a widely used security protocol for Wireless networks around the world. The project examines different security issues with the EAP based protocols, the family of security protocols for Wireless LAN. The project discovers an attack on the subscriber identity module(SIM) based extension of EAP. The attack is a Denial-of-Service attack that exploits the error handling mechanism in EAP protocols. The project further proposes countermeasures for detection and a defense against the discovered attack. The discovered attack can be prevented by changing the protocol to delay the processing of protocol error messages
- âŠ