Model Checking Timed Automata pada proses Authentikasi Security Protocol Pada Jaringan Berbasis Nirkabel

ABSTRAKSI: Protokol authentikasi EAP MD5 dan EAP TLS adalah protokol keamanan yang masih sering dijumpai pengunaannya saat ini. Protokol Keamanan tersebut menggunakan proses authentikasi pada jaringan nirkabel dengan menggunakan IEEE 802.1x sebagai media transmisinya. Terdapat 3 komponen yang berperan pada IEEE 802.1x yaitu suplican , authenticator dan authentication server. Ketiga komponen inilah yang akan dimodelkan dengan menggunakan timed automata untuk melihat kondisi yang terjadi jika dilakukan serangan dengan menggunakan man in the middle attack dan dilakukan penambahan aspek waktu pada protokol tersebut. Salah satu bentuk pengecekan terhadap model adalah dengan menggunakan timed automata. Timed Automata adalah finate automata klasik yang dapat memanipulasi waktu, berkembang terus menerus dan mensinkonisasikan dengan waktu mutlak[2]. Tugas akhir ini mengkhususkan diri pada proses memodelkan protokol authentikasi EAP MD5 dan EAP TLS dengan menggunakan Timed Automata dengan menambahkan kemungkinan retransmisi berdasarkan aspek waktu. Setelah model selesai maka berikutnya dilakukan pengecekan terhadap model berdasarkan aturan yang ada apakah dapat berjalan sesuai dengan aturan tersebut. Dari hasil verfikasi model tersebut dengan menggunakan alat UPPAAL maka dapat dilihat bahwasannya protokol authentikasi EAP MD5 dan EAP TLS dapat dimodelkan dengan menggunakan timed automata dan sesuai dengan aturan yang terdapat pada RFC protokol tersebut.Kata Kunci : EAP MD5, EAP TLS, Timed Automata, UPPAALABSTRACT: Authentication protocols EAP MD5 and EAP TLS are security protocols that are still frequently encountered use today. This Security Protocol using the process of authentication on a wireless network using the IEEE 802.1x as the transmission medium. There are three components that use a role in the IEEE 802.1x are suplican, authenticator and authentication server. These three components will be modeled using timed automata to see the condition that occurs when an attack carried out by using the man in the middle attack and carried out additional aspects of the time in the protocol. One form of model checking is use timed automata. Timed automata are classic finate automata that can manipulate time, developing continuously and synchronously with the absolute time [2]. This final project focuses on the modeling process authentication protocols EAP MD5 and EAP TLS using Timed Automata with the added possibility of retransmission based on the aspect of time. Once completed, the next model to be checked against an existing model based on whether the rules can be run in accordance with these rules. From the results verify the model using UPPAAL tool, it can be seen authentication protocols EAP MD5 and EAP TLS can be modeled using timed automata, and in accordance with the rules contained in the RFC protocol.Keyword: EAP MD5, EAP TLS, Timed Automata, UPPAA

Selection of EAP-authentication methods in WLANs

IEEE 802.1X is a key part of IEEE802.11i. By employing Extensible Authentication Protocol (EAP) it supports a variety of upper layer authentication methods each with different benefits and drawbacks. Any one of these authentication methods can be the ideal choice for a specific networking environment. The fact that IEEE 802.11i leaves the selection of the most suitable authentication method to system implementers makes the authentication framework more flexible, but on the other hand leads to the question of how to select the authentication method that suits an organisation’s requirements and specific networking environment. This paper gives an overview of EAP authentication methods and provides a table comparing their properties. It then identifies the crucial factors to be considered when employing EAP authentication methods in WLAN environments. The paper presents algorithms that guide the selection of an EAP-authentication method for a WLAN and demonstrates their application through three examples

Analysing the EAP-TLS handshake and the 4-way handshake of the 802.11i standard

The IEEE 802.11i standard has been designed to enhance security in wireless networks. The EAP-TLS handshake aims to provide mutual authentication between supplicant and authentication server, and then derive the Pairwise Master Key (PMK). In the 4 -way handshake the supplicant and the authenticator use PMK to derive a fresh pairwise transient key (PTK). The PMK is not used directly for security while assuming the supplicant and authenticator have the same PMK before running 4- way handshake. In this paper, the EAP-TLS handshake and the 4-way handshake phases have been analysed with a proposed framework using Isabelle tool. In the analysis, we have found a new Denial-of-Service (DoS) attack in the 4-way handshake. The attack prevents the authenticator from receiving message 4 after the supplicant sends it out. This attack forces the authenticator to re-send the message 3 until time out and subsequently to de-authenticate supplicant. This paper has proposed improvements to the 4-way handshake to avoid the Denial-of-Service attack

Fast Authentication in Heterogeneous Wireless Networks

The growing diffusion of wireless devices is leading to an increasing demand for mobility and security. At the same time, most applications can only tolerate short breaks in the data flow, so that it is a challenge to find out mobility and authentication methods able to cope with these constraints. This paper aims to propose an authentication scheme which significantly shortens the authentication latency and that can be deployed in a variety of wireless environments ranging from common Wireless LANs (WLANs) to satellite-based access networks

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Compact extensible authentication protocol for the internet of things : enabling scalable and efficient security commissioning

Internet of Things security is one of the most challenging parts of the domain. Combining strong cryptography and lifelong security with highly constrained devices under conditions of limited energy consumption and no maintenance time is extremely difficult task. This paper presents an approach that combines authentication and bootstrapping protocol (TEPANOM) with Extensible Authentication Protocol (EAP) framework optimized for the IEEE 802.15.4 networks. The solution achieves significant reduction of network resource usage. Additionally, by application of EAP header compacting approach, further network usage savings have been reached. The EAP-TEPANOM solution has achieved substantial reduction of 42% in the number of transferred packets and 35% reduction of the transferred data. By application of EAP header compaction, it has been possible to achieve up to 80% smaller EAP header. That comprises further reduction of transferred data for 3.84% for the EAP-TEPANOM method and 10% for the EAP-TLS-ECDSA based methods. The results have placed the EAP-TEPANOM method as one of the most lightweight EAP methods from ones that have been tested throughout this research, making it feasible for large scale deployments scenarios of IoT

Particularities of security design for wireless networks in small and medium business (SMB)

Small businesses often have small budgets, which often means no fulltime IT staff or no possibility to hire a security consultant to set up a wireless LAN properly. This paper tries to develop a methodology for designing security for wireless networks in SMB. There are more security options to choose from, when setting up a wireless network, thus the security features needed for a company must be carefully taken in consideration. The benefits from one security feature must be balanced with the implementation and maintenance cost and with the risk of not getting the security level wanted.security, wireless, communication networks