PROTOCOL:
IEEE802.1x - EAPOL: EAP over LAN authentication
(IEEE 802.1X RADIUS: Remote Authentication Dial In User Service)

 

PURPOSE:

The 802.1X (EAPOL) protocol provides effective authentication regardless of whether one implements 802.11 WEP keys or no encryption at all. If configured to implement dynamic key exchange, the 802.1X authentication server can return session keys to the access point along with the accept message. The access point uses the session keys to build, sign and encrypt an EAP key message that is sent to the client immediately after sending the success message. The client can then use contents of the key message to define applicable encryption keys.

 

REFERENCE:

 

MODELER:

 

ALICE_BOB:

 Client -> Authenticator : EAPOL_Start
 Auth -> Client : EAPOL_Request_Identity
 Client -> Auth : EAPOL_Response (= NAS_ID, NAS_PORT, {Secret_Key}MD5)
 Auth -> Server : Access-Request (= NAS_ID, NAS_PORT, {Secret_Key}MD5)
 Server -> Auth : Access-Challenge 
 Auth -> Client : Access-Challenge 
           where  Access-Challenge = Message    
 Client -> Auth : Access-Chall-Response 
           where  Access-Chall-Response : {Message}Secret_Key
 Auth -> Server : Access-Chall_Response 
 Server -> Auth : Access_Accept
 Auth -> Client : EAPOL_Success

 

PROBLEMS:
2
 

ATTACKS:
None

 

NOTES:

Agents involved: Client, Authenticator, Radius Serv