Call for Paper - November 2022 Edition
IJCA solicits original research papers for the November 2022 Edition. Last date of manuscript submission is October 20, 2022. Read More

Penetration Testing of IEEE 802.1X Port-based Authentication Protocols using Kali Linux Hacking Tools

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2021
Authors:
Michael Kyei Kissi, Michael Asante
10.5120/ijca2021921186

Michael Kyei Kissi and Michael Asante. Penetration Testing of IEEE 802.1X Port-based Authentication Protocols using Kali Linux Hacking Tools. International Journal of Computer Applications 174(26):19-26, March 2021. BibTeX

@article{10.5120/ijca2021921186,
	author = {Michael Kyei Kissi and Michael Asante},
	title = {Penetration Testing of IEEE 802.1X Port-based Authentication Protocols using Kali Linux Hacking Tools},
	journal = {International Journal of Computer Applications},
	issue_date = {March 2021},
	volume = {174},
	number = {26},
	month = {Mar},
	year = {2021},
	issn = {0975-8887},
	pages = {19-26},
	numpages = {8},
	url = {http://www.ijcaonline.org/archives/volume174/number26/31838-2021921186},
	doi = {10.5120/ijca2021921186},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

Extensible Authentication Protocol (EAP) was designed to provide a general structure for several different authentication methods. IEEE 802.1X uses EAP as an authentication tool. The IEEE 802.1X standard defines a client-server authentication and access control protocol that restricts unauthorized users from connecting to a network. This paper aims at using penetration testing to conduct security assessment of some IEEE 802.1x Port-Based Authentication protocols (PEAP, EAP-TTLS and Inner Authentication Method MSCHAPv2 and PAP). Vulnerabilities identified were exploited using Kali Linux with its Aircrack-ng tools.

References

  1. Kissi, M. K. and Asante, M., (2020). Penetration Testing of IEEE 802.11 Encryption Protocols Using Kali Linux Hacking Tools. International Journal of Computer Applications (0975 – 8887) Volume 176 – No. 32, June 2020.
  2. Kothaluru, R. T. and Youshah, M. S. M., (2012). Evaluation of EAP Authentication Methods in Wired and Wireless Networks. School of Computing, Blekinge Institute of Technology, Sweden.
  3. Kachhara, S. and Kumar, K. A., (2018). Implementation of IEEE 802.1x Port-based Authentication Mechanism for Ethernet. International Journal of Computer Trends and Technology (IJCTT) – Volume 64 Number 1 – October 2018.
  4. Kumar, U., Kumar, P. and Gambhir, S., (2014). Analysis and Literature Review of IEEE 802.1x (Authentication) Protocols. International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-3, Issue-5, June 2014
  5. Thomas, T. and Stoddard, D., (2011). Network Security First-Step, Second Edition, Indianapolis, Cisco press, ch. 6, pp. 169-192.
  6. IEEE Computer Society, (2012). Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Standard, IEEE, March 2012.
  7. Baheti, Akshay, (2015). "Extensible Authentication Protocol Vulnerabilities and Improvements". Retrieved from http://scholarworks.sjsu.edu/etd_projects/425 (Accessed on November 20, 2016)
  8. Robyns P., (2014). Wireless Network Privacy. Hasselt University
  9. Strand L., (2004). Logical port entities diagram. Retrieved from http://www.tldp.org/HOWTO/8021X-HOWTO/intro.html. (Accessed on July 6, 2018)
  10. Wikimedia (2010). 802.1X involved protocols diagram. Retrieved from http://upload.wikimedia.org/wikipedia/commons/1/1f/802.1X_wired_protocols.png. (Accessed on July 7, 2018).
  11. Aboba B., Levkowetz E. H., Vollbrecht J., Carlson J., and Blunk L., “Extensible Authentication Protocol (EAP)”. RFC 3748, IETF, June 2004.
  12. Blunk L. and Vollbrecht J., (1998). PPP Extensible Authentication Protocol (EAP). RFC 2284, IETF, March 1998.
  13. Memon A. Q., Raza A. H. and Iqbal S., (2010). WLAN Security. Halmstad University School of Information Science, Computer and Electrical Engineering. Technical report, IDE1013, April 2010.
  14. Aboba B., and Calhoun P., (2003). RADIUS support for EAP. RFC 3579, IETF, September 2003.
  15. Congdon P., Aboba B., Smith A., Zorn G., and Roese J., (2003). IEEE 802.1X RADIUS Usage Guidelines. RFC 3580, IETF, September 2003.
  16. Madjid N. and Mahsa N., (2005). “AAA and Network Security for Mobile Access: RADIUS, DIAMETER, EAP, PKI and IP Mobility”. John Wiley & Sons Ltd. The Atrium, Southern Gate, Chichester, West Sussex P0198SQ, England. ISBN-13 978-0-470-01194-2. January 2005.
  17. Ramachandran, V. (2011), BackTrack 5 Wireless Penetration Testing, Master Bleeding Edge Wireless Testing Techniques with BackTrack 5: Packt Publishing, Birmingham UK
  18. Macnally C., (2001). Cisco LEAP protocol description. Protocol description, IETF, September 2001.
  19. Gast M., (2004). TTLS and PEAP Comparison. InteropNet Labs. Retrieved from www.opus1.com/www/whitepapers/ ttlsandpeap.pdf (Accessed on December 29, 2017).
  20. Interlink Networks, Inc (2003). Configuring PEAP and TTLS in the Interlink Networks RAD-Series and Secure.XS RADIUS Servers.
  21. Hoeper K. and Chen L., (2009). Recommendation for EAP Methods Used in Wireless Network Access Authentication. Computer Security Division Information Technology Laboratory, NIST Special Publication 800-120, September 2009.
  22. Gast M., (2004). Inner Authentication Methods, InteropNet Labs. Retrieved from www.opus1.com/www/whitepapers/8021xinnerauthmethods.pdf. (Accessed on December 29, 2017).
  23. Schneier B., Mudge, and Wagner D., (1999). Cryptanalysis of Microsoft's PPTP Authentication Extensions. CQRE '99, October 1999.
  24. Eisinger J., (2001). Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2). University of Freiburg
  25. Rahbar, A. (2012). Weaknesses in MS-CHAPv2 authentication. Retrieved from https://blogs.technet.microsoft.com/srd/2012/08/20/weaknesses-in-ms-chapv2-authentication (Accessed on July 16, 2018)
  26. Ghering M., (2016). Evil Twin vulnerabilities in Wi-Fi networks. Radboud University
  27. Rebane R., (2016). Security of passwords in Eduroam. University of Tartu, Institute of Computer Science, Computer Science Curriculum.
  28. Marlinspike M., (2012). Divide and Conquer: Cracking MS-CHAPv2 with a 100via Internet Archive: Wayback Machine, July 2012. Retrieved from https://web.archive.org/web/20160316174007/https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/. (Accessed on September 7, 2018).
  29. Lamotte W., Robyns P., Bonné B., Quax P., (2014). Exploiting WPA2 Enterprise Vendor Implementation Weaknesses through Challenge Response Oracles. Hasselt University.

Keywords

IEEE 802.1x, EAP, PEAP, TTLS, PAP, MSCHAPv2, Penetration Testing, Wireless Network, WLAN, Kali Linux