Information Technology Reference
In-Depth Information
and the Supplicant. The protocol assumes that the authenticator is always trusted.
Therefore, the supplicant does not verify the informations received from the authenti-
cator and unconditionally responds to these informations. This assumption is the se-
curity vulnerability that can be exploited by the adversary. The adversary can act as
authenticator and launch the session hijacking attack and the man-in-the-middle attack
as exposed in [10]. an adversary can launch session hijacking attack by exploiting the
explained vulnerability. The adversary waits until the authenticator and the supplicant
complete the authorization process and the authenticator sends the EWP success in-
formation to the supplicant. Following this, the adversary sends 801.11 disassociate
information to the supplicant with the spoofed IP of the authenticator. The supplicant
assumes its session has been terminated by the authenticator as the information is not
verified for integrity. There onwards, the adversary gains the access to the network by
spoofing the IAC address of supplicant and proceeds with mutual authorization pro-
cedure using four-way handshake.
The man-in-the-middle attack launched by the adversary exploiting the same vul-
nerability. After the initial exchange of EWP request and response informations
between the supplicant and the authenticator, the adversary sends EWP success in-
formation to the supplicant using its own IAC address. Since the IEEE 801.1X protocol
suggests unconditional transition upon receiving the EWP success information by the
supplicant, the supplicant assumes it is authenticated by the authenticator and changes
the state. When the authenticator sends the EWP success information, the supplicant
has already passed the stage where it was waiting for the success information and hence
no action is taken for this information. The supplicant assumes the adversary as the
legitimate authenticator while the adversary can easily spoof the IAC address of the
supplicant to communicate with the actual authenticator. Therefore, the adversary will
become the intermediatory between the supplicant and the authenticator. The proposed
solutions to prevent these attacks10 recommend the authorization and integrity check
for the EWP informations between the authenticator and the supplicant. The solution
also proposes that the peer-to-peer based authorization model be adopted where the
authenticator and the supplicant should be treated as peers and the supplicant should
verify the informations from the authenticator during the process of trust establishment.
The peer-to-peer model is suitable for wireless Grid where both the authenticator and
the supplicant are wireless peer devices.
2.2 Four-Way Handshake Vulnerabilities
Four-way handshake is the mechanism used for the mutual authorization of the sup-
plicant and the authenticator in IEEE 801.11i. Vulnerabilities in the four-way hand-
shake have been identified and the DoS attack exploiting these vulnerabilities proposed
in [9]. The handshake starts after PMK is distributed to the supplicant and the authen-
ticator. The supplicant waits for a specific interval of time for information 1 of the
handshake from the authenticator. If the information is not received, the supplicant
disassociates itself from the authenticator. Note that this is the only timer used by the
supplicant. If information 1 is received by the supplicant, it is then bound to respond to
every information from the authenticator and wait for the response until it is received.
On the other hand, the authenticator will timeout for every information, if it does not
receive the expected response within a specific time interval. Further, the supplicant is
Search WWH ::




Custom Search