Method of identifying mobile devices Srinivas Tenneti

Method of identifying mobile devices

Srinivas Tenneti

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 2TECHSEC-201014657_05_2008_c1

Mobile3G/4G

Wi-Fi

At home

At work

EMPLOYEE

CONTRACTOR

GUEST

Who?When?

How?Where?Device?

Device Where Who How

Motivation for the problem Enterprises want to deploy context

aware access control method.

Context aware access control is to grant policy to different resources based on their type, location, identity, and the operating system or applications running on the endpoint devices.

Traditional network access control methods relied on giving access mainly based on whether the device complied with the policy or not.

Identifying the device and the user is very critical for deploying context aware access control method.


Network Access High Level Diagram

3560-X

3750-X

4500

AP 1142

Wireless End Points

6K or 7K

6K

WirelessEnd points

Linksys AP

ISR 3945

Remote Worker

4K

ACS

Active DirectoryCA Server

RSA Auth Mgr

MSE 3300

Data Center/Service Block

AP 1142 AP 1142

ACS

MDM

WAN

ISE


Alice Bob

I want to talk

Ok, what is your username

passwordpassword

Here is my user name

Respond to the challenge K

Here is response = MD5(K)

Password based authentication


Alice Bob

I want to talk, My Id is “Alice”

Ok, This is my certificate

Establish encrypted tunnel

I_d requestI_d response

challenge requestchallenge response

Challenge requestChallenge response

Certificate only on the server

The server Bob only presents its certificate.

The Secure tunnel is established by Bob without really knowing who Alice is.

An attacker can waste the resources on the Bob by challenging with different IDs.


Alice Bob

I want to talk, Here is my certificate

Ok, This is my certificate

Authenticate each other

Both Alice and Bob authenticate each other using Digital Certificates.

Digital certificates once deployed can be used for wired variety of applications. For example, SSL, IPSec, 802.1x, DNSSec, and so on..

This provides high level of trust but Bob does not know with what device Alice is connecting with.

Certificates deployed on both Alice and Bob


Existing methods to solve this problem Biometrics – voice, facial. The constraint is mainly on deploying

on large number of endpoints, and the user’s reluctance to use bio-metrics.

Software or hardware tokens : This is based on symmetric cryptography. The problem is with deploying on large number of endpoints and it is still not able to identify the device the user is connecting with.


Solution to the problem

Both the endpoints and the servers must use digital certificates.

The digital certificate must contain both the user information coupled with device specific information.

When the user presents the certificate the authentication server can authenticate the user, and also authorize based on the device specific information.

The device specific information used is UDID.


Properties of this solution

Mutual authentication.

Identification of the device and the user.

Provide different access scenarios based on the device type.

If a user leaves or if it is compromised then the user and the device can be removed from the group.


Components involved in this solution

PKI, digital certificates and enrollment of digital certificates.

802.1x protocol

EAP authentication methods.

Radius protocol.


Extensible Authentication Protocol (EAP)

Transports arbitrary authentication information in the form of EAP payloads

–Establishes and manages connections; allows authentication by encapsulating various types of authentication exchanges

It is not an authentication mechanism itself–Actual authentication mechanisms are called EAP Methods

EAP provides a flexible link layer security framework–Simple encapsulation protocol -- no dependency on IP

–Few link layer assumptions

• Can run over any link layer (PPP, 802, etc.)

• Assumes no reordering, can run over lossy or lossless media

Defined by RFC 3748


Protocol Version1 Byte

Packet Type1 Byte

Packet Length2 Byte

Packet BodyN Byte

DST MAC SRC MAC Type Data FCS

Packet Type Packet Description

EAP Packet (0)Both the Supplicant and the Authenticator Send this PacketUsed During Authentication and Contains EAP Method Information Required to Complete the Authentication Process

EAPOL Start (1) Sent by Supplicant When It Starts Authentication Process

EAPOL Logoff (2)Sent by Supplicant When It Wants to Terminate the 802.1X Session

EAPOL Key (3)Sent by Switch to the Supplicant and Contains a Key Used During TLS Authentication

EAPOL Frame Format


How Is RADIUS Used Here?

RADIUS acts as the transport for EAP, from the authenticator (switch) to the authentication server (RADIUS server)

RFC for how RADIUS should support EAP between authenticator and authentication server—RFC 3579

RADIUS is also used to carry policy instructions (authorization) back to the authenticator in the form of AV pairs

Usage guideline for 802.1X authenticators use of RADIUS - RFC 3580 AV Pairs : Attribute-Values Pairs.

RADIUS Header EAP PayloadUDP HeaderIP Header

RADIUS Header EAP PayloadUDP HeaderIP Header AV Pairs


Certificate enrollment processCertificationRequestInfo ::= SEQUENCE {version INTEGER { v1(0) } (v1,...),subject Name,subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},attributes [0] Attributes{{ CRIAttributes }}}SubjectPublicKeyInfo { ALGORITHM : IOSet} ::= SEQUENCE {algorithm AlgorithmIdentifier {{IOSet}},subjectPublicKey BIT STRING}PKInfoAlgorithms ALGORITHM ::= { ... -- add any locally defined algorithms here -- }Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}

CRIAttributes ATTRIBUTE ::= {... -- add any locally defined attributes here -- }Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {type ATTRIBUTE.&id({IOSet}),values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})}

Subject name that could be name, IP address,

mac-address

CertificationRequest ::= SIGNED { EncodedCertificationRequestInfo }(CONSTRAINED BY { -- Verify or sign encoded CertificationRequestInfo -- })EncodedCertificationRequestInfo ::= TYPE-IDENTIFIER.&Type(CertificationRequestInfo)SIGNED { ToBeSigned } ::= SEQUENCE {toBeSigned ToBeSigned,algorithm AlgorithmIdentifier { {SignatureAlgorithms} },signature BIT STRING}

Signs the request with private key


Generate private key

x.509 request

scep request

pkcs#10

Generate certx.509 cert

send the certificate

send the certificate

store the cert

endpoint SCEP client SCEP Server CA server

SCEP enrollment process


Internet

Campus

CA server

Mobile device Mobile device

SCEP Proxy

Enrolling Certs on Mobile devices


802.1X Port Access Control Model

Request for Service(Connectivity)

Backend AuthenticationSupport

Identity StoreIntegration

Authenticator• Switch• Router• WLAN AP

Identity Store/Management• MS Active Directory• LDAP• NDS• ODBC

Authentication Server• IAS / NPS• ACS• Any IETF RADIUS server

Supplicant• Desktop/laptop• IP phone• WLAN AP• Switch

Layer 2Layer 3


802.1X Protocols

EAP RADIUS Store-Dependent

Layer 2Layer 3

EAP over LAN(EAPoL)

EAP over WLAN(EAPoW)

SupplicantAuthenticator

Authentication Server


High level exchange

Actual authentication is between client and auth server using EAP. The switch is an EAP conduit, but aware of what’s going on

802.1X RADIUS

EAP—Method Dependent

Port Unauthorized

Port Authorized

EAPOL-Logoff

EAP-Auth Exchange Auth Exchange w/AAA Server

Auth Success & Policy InstructionsEAP-Success

EAP-Identity-Request

EAPOL-Start

EAP-Identity-Response

SSC

802.1X

Port Unauthorized


EAP-TLS Authentication

AuthenticatorClient

RADIUS Server

CertificateAuthority

Start

IdentityIdentity

Request Identity

Random Session Keys Generated

Broadcast Key

Key Length

AP Sends Client Broadcast key, Encrypted

with Session Key

Encrypted ExchangeEncrypted Exchange

Server Certificate Server Certificate

Client Certificate Client Certificate

Only for wireless

today; wired in 802.1X-rev

SSC


Mobile device entering the network

campus

CN=mikeCN=UDID

1

Authenticationserver

CA server

2

Check if both CNs’ match

3

The Mobile device joins the wireless network using EAP-TLS

The Mobile device presents the certificate

Authentication Server looks up the CN (eg mike) against the CA server. If successful authenticatesThe device.

Authentication Server checks the UDID of the device against the authorization policy. If successful Then the device is authorized in the network.


Removing a user from the group

ISE periodically pulls the CRL information from the CA server.

When a user needs to be removed then certificate pertaining to the user is revoked.

ISE would check the CRL list and deny the access to the user if the user is found in the CRL list.


EAP request

Start request from the device


Switch request identity from the device

Request identity


Host responds with iden

Username = toby1


Switch ask the client certificate

Start EAP-TLS


Server initiates the SSL session

ssl session starts


Server sends the certificate to the client

Server sends the certificate


Endpoint sends certificate

Client sends certificate


access-request packet

username

access-req


access-accept

radius accept


Testing the keys

Encrypted handshake message


Problems with above protocol The remote endpoint is forced to reveal its identity without

knowing the identity of the server.

The SSL Server Hello Done message is long 2546 bytes, in test scenario, which is delivered in 3 EAP fragments.

802.1x for wired users does not support encryption.


Future work • Pairing Based Handshake (PBH) can be used to prevent the

identity of the client when initiating the request.

• The IDA of the user can be combination of ( UDID + MAC + Serial number of the device).

• The Wireless LAN controller or the access layer switch can directly authenticate the user instead of passing it to the radius server.


Conclusion Identity of the device and the user is very critical in building a

strong authentication.

The existing methods of bio-metrics or one time passwords are difficult to deploy for large number of end points.

Digital certificates with the device information can identify the device and the user.

Digital certificates can solve the problem today but in future different pairing based handshakes can make the authentication more efficient.

Documents

Method of identifying mobile devices Srinivas Tenneti