Internet DRAFT - draft-park-radext-ssk-update
draft-park-radext-ssk-update
Park
Jung
RADIUS EXTENSION Jung
Internet Draft Soongsil University
Intended status: Informational July 3, 2014
Expires: January 2015
Shared Secret Key update for RADIUS Accounting
draft-park-radext-ssk-update-02.txt
Abstract
There is a shared secret key in the existing method to authenticate
RADIUS accounting messages between the RADIUS server and the access
point. If this key is exposed, the attacker can utilize this key to
operate the Rogue AP as a normal AP. In this case, a problem arises
regarding to the creation of forged user accounting information and
transmission to the RADIUS Server. Furthermore, there is some
inconvenience for the administrators because each server and AP have
to be accessed directly to configure the SSK. This draft proposes
the technique for periodic updates of the shared secret key by the
RADIUS server to resolve this problem.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
PARK Expires January 3, 2015 [Page 1]
Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014
This Internet-Draft will expire on August 3, 2014.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction ................................................ 2
2. Terminology ................................................. 2
3. The existing RADIUS Accounting Protocol and the problem of SSK 3
3.1. RADIUS accounting Protocol.............................. 3
3.2. Problem of the SSK...................................... 4
4. SSK update protocol ......................................... 4
4.1. Overview ............................................... 4
4.2. Key update request procedure............................ 5
4.3. Key update response procedure........................... 5
4.4. Key store .............................................. 6
5. Security Considerations...................................... 6
6. IANA Considerations ......................................... 7
7. References .................................................. 7
8. Acknowledgement ............................................. 7
1. Introduction
The existing RADIUS Accounting RFC claims that there is no issue of
security because the shared secret key is configured on the AP and
it is not transmitted to the network. However the AP is easily
exposed to anyone and is vulnerable to various attacks. These
environments have a risk of exposing the shared secret key and the
attacker can create a Rogue AP by using the IP, MAC, and shared
secret key of the existing AP. Then the attacker can create forged
accounting information and transmit it to the RADIUS server to cause
billing problems.
PARK Expires January 3, 2015 [Page 2]
Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014
Conclusively, the existing shared secret key not only has a high
risk of exposure but also creates an inconvenience for the
administrator because it requires manual configuration. To resolve
this issue, we used the method of updating the shared secret key in
the RADIUS periodically through the server.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [RFC2119].
Remote Authentication Dial In User Service (RADIUS)
Hash Message Authentication Code (HMAC)
The following terms are defined and used in this document:
Shared Secret Key (SSK)
3. The existing RADIUS Accounting Protocol and the problem of SSK
3. 1 RADIUS Accounting Protocol
The existing RADIUS accounting protocol is defined in RFC 2866. In
addition to in addition to verification and authorization, the
RADIUS provides the technique of collecting the billing information
of the user's information and storing it on the server. When the
RADIUS accounting function is active and the authentication process
of the user is complete, a billing for the accounting process is
executed. When the user accesses the AP, the AP sends an accounting-
request message to the RADIUS accounting server to alert that the
specific user has initiated an access and when the user ends the log
out, the accounting-request message is sent to notify the
termination of the connection which conclusively records on the
accounting server how long the user was connected. An authorization
value called by the authenticator is used for the authentication of
these request and response messages. This value is an output hash
value of a MD5 calculated function on received access request values
(Code, ID, Length, Request Authenticator, Attributes). The AP and
the RADIUS Server must have the shared secret key to send and
examine these hash values.
PARK Expires January 3, 2015 [Page 3]
Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014
3.2 Problem of the SSK
The existing SSK is stored in the RADIUS server and AP by the
administrator and is encrypted when it is a RADIUS. However, the SSK
can be seen on the configuration in freeRADIUS which is the open
source RADIUS used by most system administrators to build a RADIUS
server. Furthermore, while there are APs that store shared key? with
encryption, there are APs that can easily expose the key on the
administration webpage, so that there are additional problems of
exposure that were not acknowledged before. In addition to these
problems, there is the inconvenience of modifying the values
manually on the AP and RADIUS servers by the administrator. There
are numerous of APs in various locations so it is difficult for the
administrator to look for all of these APs.
4. SSK update protocol
4.1 Overview
The existing configuration method of the SSK on the AP and RADIUS
server had the risk of exposure and is inconvenient for
administration but has been continually utilized. To resolve this
problem, we propose the method of updating the SSK periodically
between the AP and RADIUS server. In this method, the RADIUS server
uses the SSK to encrypt the existing SSK on the key update message
and then is transmitted by utilizing HMAC. Then the AP that received
the key update message from the server applies the new SSK and sends
a confirmation message to the RADIUS server. The updated SSK is
encrypted and stored in both sides. Through this operation process
of manual administration is resolved and the exposure of the SSK is
also prevented.
+------+ +---------+
| AP | | RADIUS |
+------+ +---------+
|<---------------------------------------------------|
(KUReq||L||MAC_R||MAC_AP||Essk0(SSK1)||T_R)||Hssk0(KUReq||L||MAC_R||MAC_AP||Essk0(SSK1)||T_R)
|--------------------------------------------------->|
Hssk1(KURes||L||MAC_AP||MAC_R||T_R+1)||KURes||L||MAC_AP||MAC_R||T_R+1
PARK Expires January 3, 2015 [Page 4]
Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014
Figure 1. SSK update protocol
4.1 Key update request procedure
The server sends an update message request to update the key in the
AP. The time stamp is used to prevent replay attacks and the AP and
RADIUS MAC and existing SSK is used to send an encrypted SSK.
Furthermore to confirm the integrity of the message, HMAC is
utilized in the of use hash values.
KUReq
Request message to inform the starting of Key update procedure.
L
Length of Mean.
MAC_R
RADIUS server's MAC address field.
MAC_AP
AP's MAC address filed.
Essk0(SSK1)
The newly updated value of SSK which is encrypted with SSK0.
T_R
Refers to the value of the time stamp transmitted from RADIUS server.
Hssk0
HMAC encryption using SSK0
4.2 Key update response procedure
The AP updates the key from the server and notifies the result of
the key update process to the server. The server that received the
update confirmation message modifies the SSK and stores it.
Hssk1
PARK Expires January 3, 2015 [Page 5]
Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014
HMAC encryption using SSK1
KURes
Response message to inform the result of Key update procedure
L
Mean length.
MAC_AP
AP's MAC address filed.
MAC_R
RADIUS server's MAC address field.
T_R+1
Adding 1 to the value on the time stamp received from the RADIUS
server to prevent replay attacks.
4.3 Key store
The problem of the existing SSK is that it is easily exposed on the
administration page of the AP and RADIUS server. The SSK transmitted
with the update protocol is stored in the server and the AP with
encryption.
5. Security Considerations
The security aspect was not considered with the existing SSK because
it was not shared within the network. This brought up the issue of
easy SSK exposure on administration modes of the AP and the RADIUS
and the SSK was easily found on the configuration of the widely used
open source RADIUS server of freeRADIUS. However, there is no risk
of exposure with the SSK update protocol because the SSK is updated
periodically and the key is saved with encryption after the
configuration of the initial key. However the SSK is shared for the
update so network security must be guaranteed. HMAC is utilized for
hashing when transmitting the key to ensure the security matters of
the network.
PARK Expires January 3, 2015 [Page 6]
Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014
6. IANA Considerations
This document makes no request of IANA.
7. References
[1] [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June
2000.
[2] [RFC2865] Rigney, C., Willens, S., Rubens, A. and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)", RFC
2865, June 2000.
8. Acknowledgements
This research was supported by the MSIP(Ministry of Science,
ICT&Future Planning), Korea, under the ITRC(Information Technology
Research Center)) support program (NIPA-2014-H0301-14-1010)
supervised by the NIPA(National IT Industry Promotion Agency)
PARK Expires January 3, 2015 [Page 7]
Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014
Authors' Addresses
Jungsoo Park
Soongsil University
369, Sangdo-ro, Dongjak-gu,
Seoul 156-743, Korea
Email : ddukki86@ssu.ac.kr
Seungwook Jung
Sonngsil University
369, Sangdo-ro, Dongjak-gu,
Seoul 156-743, Korea
Email : seungwookj@ssu.ac.kr
Souhwan Jung
Soongsil University
369, Sangdo-ro, Dongjak-gu,
Seoul 156-743, Korea
Email: souhwanj@ssu.ac.kr
PARK Expires January 3, 2015 [Page 8]