Presentation by: Arun Saha

Thinking Outside the Box:Extending 802.1X Authentication to

Remote “Splitter” Ports by Combining Physical and Data Link Layer Techniques

Presentation by: Arun Saha

Arun Saha, Mart MolleDepartment of Computer Science &

EngineeringUniversity of California, Riverside

A. Saha, M. Molle 2

Overview Proposal of very small easy-to-use

Ethernet switch. Switch to Switch authentication

without any third party authentication server without disclosing all secrets

Specifically, detecting man-in-the-middle attack using physical properties of the link.

A. Saha, M. Molle 3

Typical work area scenario

A. Saha, M. Molle 4

A view of single link segment

back

A. Saha, M. Molle 5

Problem Statement How to accommodate large number of wired

networked computers within small floor area? Issues:

Limited number of ports on wall Wiring clutter should be as little as possible Reconfiguration of host layout should be easy

Goal: Combine the following features convenience of bus topology superior performance and security of star topology

A. Saha, M. Molle 6

We propose Splitters

The monolithic switch is replaced by: “main” switch module locked in telecom closet “slave” modules called Ethernet Splitters

Splitter properties: Single chip implementation VLAN-capable Powered over Ethernet cable At least three external interfaces

A. Saha, M. Molle 7

String Topology of Splitters

Maximum number of hosts = Ratio of backbone link speed to access link speed.

Splitters will always be connected in a linear chain to the main switch.

A. Saha, M. Molle 8

Cabling costs reduced

Assume ‘m’ hosts located in same work area form a single splitter chain. Change in component count:

1. Inside telecom closet m to 12. Inside wall m to 13. At work area

• Patch cables: m to 2m• Splitter: 0 to m (assuming worst case, i.e. one splitter

supports one host) Savings: (m – 1) permanent items in (2)

A. Saha, M. Molle 9

Security & Control Equivalent Security to a Monolithic Switch:

In both cases, Client exchanges 802.1X authentication frames with the main switch (authenticator).

Splitters maintain separation between traffic tagged with different VLAN Ids.

Splitters prevent an intruder from gaining unauthorized access to the backbone link.

Administrator can control the splitters remotely from main switch.

A. Saha, M. Molle 10

Two forms of authentication

Between User PC and main Switch: Standard 802.1X Authentication

Between Splitters: Incremental authentication (our proposal)


Incremental Splitter Authentication The splitter chain grows by adding one

new splitter at a time to the end of the chain.

The last one in the existing chain authenticates the new one.


Notion of authentication Network administrator writes site-specific

secret data into splitter memory. All splitters in a domain contain same

secret. A splitter does not have any singular

identity to authenticate itself. It responds to challenges based on the site-

specific secret.


Definition: Bonafide & Alien Splitters The last splitter of the existing chain

exchange authentication messages with new splitter and classifies the later as Bonafide splitter or Alien

There is a possibility that a device does not know site-specific data but still responds to challenges correctly.


Man-in-the-middle attack

Intruder may try to sneak in to the backbone link using a laptop. Then, it will have access to all traffic in and out of the hosts attached to the downstream splitters.

We design authentication mechanism such that, both U and Y detect the existence of the attacker.

Y

U

X


Timing Diagram U is last splitter in

existing chain Assume there is some

method to measure round trip time, 2T1.

Excess delay = time beyond RTT.

Tbonafide = T2 Talien = 2T1+2T3+T2


So far…We can detect man-in-the-middle attack if:

Authenticator can estimate the round trip time, 2T1• Challenge Involved: Received Signal contains echoes

of past transmitted signals in various amounts.

Supplicant can respond to challenge messages from authenticator in two symbol times (approx.)

• Challenge Involved: Authentication mechanism should be such that, responder can generate responses absolutely quickly. The offline computation time can be large, but, online time is restricted.


Ways of estimating T1 (or 2T1)

by Digital Echo Canceler by Automatic Gain Control (AGC) by Resistor Detection Algorithm used in Power

over Ethernet


Exchanging Authentication Messages

Authentication messages are sent as ordinary Ethernet frames when the link is operating at full duplex mode.

Finite State Machine for Ethernet MAC needs to be modified.

Receiver can minimize T2 as follows: A Mask string is computed offline and kept ready before

challenge comes. Preamble of response frame is started as soon as preamble

of challenge frame starts arriving. Incoming octet from Challenge frame payload is XORed

with one byte of mask and sent back.


Splitter Authentication Initialization All bona fide splitters and main switch knows

a prime number ‘p’ and ‘a’ relatively prime to ‘p’. An array of bits ‘A’ of length 2l

‘r’ (r > l) bit linear feedback shift register (LFSR) made of same polynomial

Splitters exchange their public keys and agree on a common number, ‘B’ (Diffie-Hellman key exchange)

Splitters exchange ‘k’ (k > l) bit authentication messages containing two parts (intermixed with one another): Position: A ‘l’ bit string signifying the starting index in array Body: A ‘k – l’ bit string which is a challenge or response


Computation of Position bits; l = 5, k = r = 16

LFSR is initialized with rightmost ‘r’ bits of ‘B’.

Shifted until ‘l’ unique least significant [log2k] bits are found.

In this case, position bits are: 13, 10, 5, 4 and 9. I.e. these bit positions in authentication message are the Position bits.

LFSR for x16+x15+x14+1

LFSR iterations

Initial Contents 1001 1100 1010 0110After 1 shift 0011 1001 0100 1101After 2 shifts 0111 0010 1001 1010After 3 shifts 1110 0101 0011 0101After 4 shifts 1100 1010 0110 1010After 5 shifts 1001 0100 1101 0100After 6 shifts 0010 1001 1010 1001

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

B B P B B P P B B B P P B B B B


Challenge Response Messages

Short online computation time, long offline computation time preparing for next challenge.

U sends challenge U1

X responds withResponse f(U1)And own challenge X1

U responds withResponse f(X1)And own challenge U2

U XU1

f(U1)

X1f(X1)

U2

Time constraint


Computation of Response mesg. in transceiver Position bits in Ui are used to create mask string to

answer challenge Ui+1. Same for Xi. Example computation of f(X2):

Let Position bits in X1 be 01100 i.e. 12 (k – l) bits of A starting from 12, i.e. A12-22 will be used for masking Some randomly generated bits are put as position bits

The final mask is composed of random bits and portion of A placed appropriately.


Recapitulation Small, inexpensive, easy-to-use Ethernet

switch. Inter splitter authentication

both splitter challenge each other without any third server

Detecting man-in-the-middle attack to protect integrity of backbone chain.


Location Based Authentication

To validate whether the originator of the message is really at the position claimed.

The work presented can be viewed as location based authentication in single dimension.

THANK YOU

Questions & Answers

A. Saha, M. Molle

Presentation by: Arun Saha

Documents

Transcript of Presentation by: Arun Saha