A Modular Security Analysis of EAP and IEEE 802.11

Chris Brzuska; Hakon Jacobsen

doi:10.1007/978-3-662-54388-7_12

A Modular Security Analysis of EAP and IEEE 802.11

Chris Brzuska
, Hakon Jacobsen^*

^*Corresponding author for this work

Not published at Aalto University

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

5 Citations (Web of Science)

Abstract

We conduct a reduction-based security analysis of the Extensible Authentication Protocol ( EAP), a widely used three-party authentication framework. We show that the main EAP construction, considered as a 3P-AKE protocol, achieves a security notion which we call AKE(w) under the assumption that the EAP method employs channel binding. The AKE(w) notion resembles two-pass variant of the eCK model. Our analysis is modular and reflects the compositional nature of EAP. Furthermore, we show that the security of EAP can easily be upgraded by adding an additional key-confirmation step. This key-confirmation step is often carried out in practice in the form of a link-layer specific AKE protocol that uses EAP for bootstrapping its authentication. A concrete example of this is the extremely common IEEE 802.11 4-Way-Handshake protocol used in WLANs. Building on our modular results for EAP, we get as our second major result the first provable security result for IEEE 802.11 with upper-layer authentication.

Original language	English
Title of host publication	PUBLIC-KEY CRYPTOGRAPHY (PKC 2017), PT II
Editors	S Fehr
Publisher	Springer
Pages	335-365
Number of pages	31
ISBN (Print)	978-3-662-54387-0
DOIs	https://doi.org/10.1007/978-3-662-54388-7_12
Publication status	Published - 2017
MoE publication type	A4 Conference publication
Event	IACR International Conference on Practice and Theory of Public-Key Cryptography - Amsterdam, Netherlands Duration: 28 Mar 2017 → 31 Mar 2017 Conference number: 20

Publication series

Name	Lecture Notes in Computer Science
Publisher	SPRINGER INTERNATIONAL PUBLISHING AG
Volume	10175
ISSN (Print)	0302-9743

Conference

Conference	IACR International Conference on Practice and Theory of Public-Key Cryptography
Abbreviated title	PKC
Country/Territory	Netherlands
City	Amsterdam
Period	28/03/2017 → 31/03/2017

Funding

Hakon Jacobsen was supported by a STSM Grant from COST Action IC1306.

Keywords

AUTHENTICATED KEY EXCHANGE

Access to Document

10.1007/978-3-662-54388-7_12

https://eprint.iacr.org/2017/253Licence: Unspecified

Cite this

@inproceedings{a640059603e64053b60a76b361eaccea,

title = "A Modular Security Analysis of EAP and IEEE 802.11",

abstract = "We conduct a reduction-based security analysis of the Extensible Authentication Protocol ( EAP), a widely used three-party authentication framework. We show that the main EAP construction, considered as a 3P-AKE protocol, achieves a security notion which we call AKE(w) under the assumption that the EAP method employs channel binding. The AKE(w) notion resembles two-pass variant of the eCK model. Our analysis is modular and reflects the compositional nature of EAP. Furthermore, we show that the security of EAP can easily be upgraded by adding an additional key-confirmation step. This key-confirmation step is often carried out in practice in the form of a link-layer specific AKE protocol that uses EAP for bootstrapping its authentication. A concrete example of this is the extremely common IEEE 802.11 4-Way-Handshake protocol used in WLANs. Building on our modular results for EAP, we get as our second major result the first provable security result for IEEE 802.11 with upper-layer authentication.",

keywords = "AUTHENTICATED KEY EXCHANGE",

author = "Chris Brzuska and Hakon Jacobsen",

year = "2017",

doi = "10.1007/978-3-662-54388-7\_12",

language = "English",

isbn = "978-3-662-54387-0",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "335--365",

editor = "S Fehr",

booktitle = "PUBLIC-KEY CRYPTOGRAPHY (PKC 2017), PT II",

address = "Germany",

note = "IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC ; Conference date: 28-03-2017 Through 31-03-2017",

}

Brzuska, C & Jacobsen, H 2017, A Modular Security Analysis of EAP and IEEE 802.11. in S Fehr (ed.), PUBLIC-KEY CRYPTOGRAPHY (PKC 2017), PT II. Lecture Notes in Computer Science, vol. 10175, Springer, pp. 335-365, IACR International Conference on Practice and Theory of Public-Key Cryptography, Amsterdam, Netherlands, 28/03/2017. https://doi.org/10.1007/978-3-662-54388-7_12

TY - GEN

T1 - A Modular Security Analysis of EAP and IEEE 802.11

AU - Brzuska, Chris

AU - Jacobsen, Hakon

N1 - Conference code: 20

PY - 2017

Y1 - 2017

N2 - We conduct a reduction-based security analysis of the Extensible Authentication Protocol ( EAP), a widely used three-party authentication framework. We show that the main EAP construction, considered as a 3P-AKE protocol, achieves a security notion which we call AKE(w) under the assumption that the EAP method employs channel binding. The AKE(w) notion resembles two-pass variant of the eCK model. Our analysis is modular and reflects the compositional nature of EAP. Furthermore, we show that the security of EAP can easily be upgraded by adding an additional key-confirmation step. This key-confirmation step is often carried out in practice in the form of a link-layer specific AKE protocol that uses EAP for bootstrapping its authentication. A concrete example of this is the extremely common IEEE 802.11 4-Way-Handshake protocol used in WLANs. Building on our modular results for EAP, we get as our second major result the first provable security result for IEEE 802.11 with upper-layer authentication.

AB - We conduct a reduction-based security analysis of the Extensible Authentication Protocol ( EAP), a widely used three-party authentication framework. We show that the main EAP construction, considered as a 3P-AKE protocol, achieves a security notion which we call AKE(w) under the assumption that the EAP method employs channel binding. The AKE(w) notion resembles two-pass variant of the eCK model. Our analysis is modular and reflects the compositional nature of EAP. Furthermore, we show that the security of EAP can easily be upgraded by adding an additional key-confirmation step. This key-confirmation step is often carried out in practice in the form of a link-layer specific AKE protocol that uses EAP for bootstrapping its authentication. A concrete example of this is the extremely common IEEE 802.11 4-Way-Handshake protocol used in WLANs. Building on our modular results for EAP, we get as our second major result the first provable security result for IEEE 802.11 with upper-layer authentication.

KW - AUTHENTICATED KEY EXCHANGE

U2 - 10.1007/978-3-662-54388-7_12

DO - 10.1007/978-3-662-54388-7_12

M3 - Conference article in proceedings

SN - 978-3-662-54387-0

T3 - Lecture Notes in Computer Science

SP - 335

EP - 365

BT - PUBLIC-KEY CRYPTOGRAPHY (PKC 2017), PT II

A2 - Fehr, S

PB - Springer

T2 - IACR International Conference on Practice and Theory of Public-Key Cryptography

Y2 - 28 March 2017 through 31 March 2017

ER -

A Modular Security Analysis of EAP and IEEE 802.11

Abstract

Publication series

Conference

Funding

Keywords

Access to Document

Fingerprint

Cite this