CHAPTER 2

AUTHENTICATION & ENCRYPTION

By SA'AD UMAR 11032249

2.0 AUTHENTICATION & ENCRYPTION

2.1 Authentication: There are three main authentication methods used in WLANs namely [8]: Open authentication Shared Key authentication, and 802.1x authentication.

2.1.1 Open Authentication: This is the default authentication. It is also referred to as null authentication because it provides very little or no security. As far as the station knows the SSID of the AP it can be authenticated to connect to the network.

Fig(3):Open Authentication [9] 2.1.2 Shared Key authentication: In shared key authentication, both station and AP must have an identical or common key configured on both of them for authentication to take place. The process is initiated by the station sending an authentication request to the AP. A challenge is randomly generated and sent by the AP to the station. The station responds by using the shared key to encrypt the challenge and sends it back to the AP. The AP then uses the shared key to encrypt the challenge and compares results with the one received from the station. If both results match the station is authenticated and given access to the network. However if it differs, the stations request for authentication is declined by the AP.

Fig(4):Shared Authentication [9] 2.1.3 802.1x Authentication : The use of EAP methods for authentication in wireless networks is defined by the IEEE 802.1x standard. It involves three parties; the supplicant which is normally a client device or a station that wishes to connect to a WLAN/LAN, the authenticator which is normally an Access Point, and the authentication server which is normally a RADIUS server. EAP frames in 802.1x are carried as EAP over LAN (EAPOL).

Fig(5):IEEE 802.1x authorization dialog [10] The dialog illustrated above is as follows [10]: 1. 2. 3. 4. The identity of the STA is requested by the AP using EAPOL. The STA responds by sending its identity to the AP. The identity of the STA is forwarded to the AS by the AP through EAP. An EAP authentication dialog (which may be EAP-TLS, EAP-TTLS, PEAP, EAPSIM etc.) ensues between the STA and AS. 5. If a successful dialog is accomplished, the STA and AS share a session key. 6. The session key is sent from the AS to the AP as a RADIUS Accept message. 7. The AP then sets its controlled port to authorize the STAs MAC address and traffic is allowed between the STA and the LAN/WLAN.

2.2 Encryption:
This is the process of transforming a readable message otherwise known as Plaintext into an encrypted unreadable format otherwise known as Ciphertext [11]. The main reason for encryption is that if the encrypted message is intercepted by an unauthorized person, then the ciphertext should be unreadable and should not be decryptable unless by the genuine receiver of the message.

Fig(6):A Generic Encryption Process [12] There are two types of encryption techniques that are commonly used. These are symmetric encryption which is commonly known as secret key encryption, and asymmetric encryption which is commonly known as public key encryption. 2.2.1 Symmetric or Secret-key Encryption: This encryption technique requires the use of a shared secret-key between a sender and receiver. The sender uses the shared secret-key to encrypt the message before sending. The receiver uses the same key to decrypt the message as it is received. Below is a diagrammatic illustration of how this is achieved.

Fig(7):Encryption and Decryption with Symmetric key [13] Secret-key encryptions are faster than public key encryptions. They are also hard to break if using a large key size. However, key distribution is very difficult as it requires a very secure
9

means to deliver keys securely. It also provides limited security as it can provide confidentiality but not authenticity. The two main types of symmetric algorithm are Stream and Block cipher. The block cipher divides messages into groups of bit known as blocks and encrypts each block separately, while the stream cipher uses a keystream generator and encrypts a message bit by bit [12].

Fig(8):Block Cipher Method [12]

Fig(9):Stream Cipher Method [12] Below are examples of algorithms used in symmetric key encryption [12]: Data Encryption standard (DES) Triple DES (3DES) Advanced Encryption Standard (AES) Blowfish
10

IDEA RC4, RC5 and RC6

2.2.2 Asymmetric or Public-Key Encryption: This encryption technique requires the use of different keys for encryption and decryption known as the public and private keys. The public key, as the name implies is known by every entity on the network while the private key is unique and known to only its user on the network. These two keys are different but complementary such that a message encrypted by a private key can only be decrypted by the corresponding public key and vice-versa. Below is a diagrammatic illustration of the process.

Fig(10):Encryption and Decryption with Asymmetric Keys [13] Asymmetric encryption is slower than symmetric encryption; however, it provides confidentiality, authenticity and more scalable key management which the symmetric encryption doesnt. The three message formats that asymmetric encryption uses to provide confidentiality and/or authenticity are: Open message format The senders uses its private key to encrypt the message which the receiver decrypts using the corresponding public key. This provides authenticity because the private key used is unique the sender alone, but confidentiality is not ensured. Secure message format The sender uses the public key to encrypt the message which the receiver decrypts using its corresponding public key. This ensures confidentiality but not authenticity because they public key is known by all in the network. Secure and Signed format The senders uses both its private and public key to encrypt a message which is decrypted at the receiver using the corresponding public
11

and private key. This provides both authenticity and confidentiality because both keys are used.

Fig(11):Various message formats in Asymmetric Encryption [12] Below are examples of asymmetric key encryption algorithms [12] RSA Elliptic Curve Cryptosystem (ECC) Diffie-Hellman El Gamal Digital Signature Standard (DSS)

The table below states the differences between symmetric and asymmetric system.

12

Table 1: Differences between Symmetric and Asymmetric Systems [12] 2.2.3 Hybrid Encryption Methods (Public Key Cryptography): To complement between the strengths and weaknesses of the symmetric and asymmetric methods of encryption, a hybrid system was used to merge the two methods which is known as public key cryptography. This system uses the symmetric method to encrypt the message and the asymmetric method to encrypt the symmetric shared secret keys. This is illustrated by the diagram below:

Fig(12):Hybrid Encryption Method [12]

13