Passive security analysis of current TLS implementations and configurations in the eduroam EAP-TLS environment

The eduroam network connects institutions using the protocols RADIUS and EAP to ensure a personalized login into the network while keeping the separation between Identity Providers (IdP), which hold account information, and Service Providers (SP), which provide Internet access. To ensure the privacy of the users and to keep the credentials secret from the visited institutions, the login has to be encrypted. Most EAP methods use the well-known security protocol Transport Layer Security (TLS) to achive this. The most commonly used EAP methods are TTLS (Tunneled TLS) and PEAP (Protected EAP), which both rely on EAP-TLS. EAP-TLS specifies the usage of TLS inside EAP. Like for most other federated networks, where the members have to trust each other, the security of the whole network depends on the security of the weakest link. In EAP-TLS, there are two relevant classes of devices for the security analysis: The supplicants (acting as TLS clients) and the authentication servers (acting as TLS servers). This thesis gives an overview of the current operational practices in the usage of TLS in EAP-TLS and aims to determine if security problems exist. This is achieved by a passive analysis of the EAP and TLS handshake messages exchanged in the process of the eduroam login. By passively analyzing the traffic, one can learn about the capabilities of the client, since the client sends its capabilities in the Client Hello message of the TLS handshake. The server on the other hand reacts on the Client Hello. To assess the server fully, one has to simulate different clients and capture the corresponding answer. Since this thesis focuses on a passive analysis, it deals with the current status of client implementations and configurations. The reaction of the servers is captured and analyzed, but the complete analysis of the servers will be part of a future work