529 research outputs found

    IPv6 Network Mobility

    Get PDF
    Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

    Classification of EAP methods and Some Major Attacks on EAP

    Get PDF
    This paper presents an overview of authentication protocol and analysis of Extensible Authentication Protocol (EAP) and its place in securing network. In general, authentication procedure adds extra messages to the original message flow and results in throughput reduction/ increase in processing time. Extensible Authentication Protocol (EAP) is a framework which aims to provide a flexible authentication for wireless networks. A number of specific widely used EAP methods are examined and evaluated for their advantages and susceptibility to types of attack. In addition, we evaluate how we communicate between two entities over the network

    Simple authentication and security layer incorporating extensible authentication protocol

    Get PDF
    There are many methods that support user authentication and access control, important roles in the establishment of secure communication. Particularly, we examine Simple Authentication and Security Layer (SASL) and Extensible Authentication Protocol (EAP) and propose EAP-Advanced Encryption Standard-Pre-Shared-Key (EAP-AES-PSK). SASL is an authentication framework in connection-oriented protocols. EAP is an authentication framework providing multiple authentication methods. SASL is vulnerable to the dictionary attack, replay attack, and Man-In-The-Middle attack as well as the re-keying issue. We propose to incorporate EAP into SASL to enhance the security of SASL and to provide a pathway for easy incorporation of future EAP enhancements into SASL. Standalone EAP still faces some common attacks. We propose EAP-AES-PSK, a new EAP method, to provide strong authentication and we implement this method on the Cyrus SASL implementation: one of the publicly available SASL implementations. This project is evaluated through the verification of functionality of a SASL application incorporating EAR Further, we argue how the common security risks associated with SASL are addressed, and we complete a performance evaluation of the new method incorporated into SASL

    Security of Eduroam Passwords

    Get PDF
    Tartu Ülikool on otsustanud, et ĂŒlikooli traadita ĂŒhenduse kasutajanimi ja parool peab ĂŒhtima ĂŒlikooli kontos kasutusel oleva kasutajanime ja parooliga. See tĂ€hendab, et juhul kui ĂŒlikooli eduroam vĂ”rgul leidub mĂ”ni nĂ”rkus, on seda potentsiaalselt vĂ”imalik Ă€ra kasutada kasutajate ĂŒlikooli kontole ligipÀÀsuks. Antud uurimistöö on avastanud ĂŒhe sellise nĂ”rkuse, milles luuakse vĂ”ltsitud traadita ĂŒhenduse pÀÀsupunkt, et saada kĂ€tte kasutaja autentimiseks kasutatava protokolli kasutajapoolset vastust. Selle vastuse pĂ”hjal on rĂŒndajal vĂ”imalik kĂ€tte saada kasutaja parooli rĂ€si, mida on omakorda vĂ”imalik kasutada Tartu Ülikooli Samba serveriga autentimiseks. Antud uurimistöö sisaldab eduroami ning rĂŒnnakus vaja minevate protokollide kirjeldusi ning ettepanekuid, kuidas Tartu Ülikooli eduroami turvalisemaks muuta.The University of Tartu has decided that the university's eduroam accounts will share the same user credentials as the rest of the university's services. This could potentially be abused by exploiting weaknesses in wireless security in order to gain access to a user's university account. The aim of this research was to uncover any such weaknesses. In the course of the research, an attack was discovered, which uses a spoofed access point to capture a handshake between the user and the authenticator, which can be used to retrieve a hash of the user's password. That hash is then used to authenticate to the university's Samba server. The thesis also provides the reader with details on how eduroam and the protocols used in the attack work, and discusses potential improvements to strengthen the security of Tartu University's eduroam

    Extensible Authentication Protocol Vulnerabilities and Improvements

    Get PDF
    Extensible Authentication Protocol(EAP) is a widely used security protocol for Wireless networks around the world. The project examines different security issues with the EAP based protocols, the family of security protocols for Wireless LAN. The project discovers an attack on the subscriber identity module(SIM) based extension of EAP. The attack is a Denial-of-Service attack that exploits the error handling mechanism in EAP protocols. The project further proposes countermeasures for detection and a defense against the discovered attack. The discovered attack can be prevented by changing the protocol to delay the processing of protocol error messages
    • 

    corecore