RADIUS EXTENSION Park Internet Draft Soongsil University Intended status: Informational July 3, 2014 Expires: January 2015 Shared Secret Key update for RADIUS Accounting draft-park-radext-ssk-update-01.txt Abstract There is a shared secret key in the existing method to authenticate RADIUS accounting messages between the RADIUS server and the access point. If this key is exposed, the attacker can utilize this key to operate the Rogue AP as a normal AP. In this case, a problem arises regarding to the creation of forged user accounting information and transmission to the RADIUS Server. Furthermore, there is some inconvenience for the administrators because each server and AP have to be accessed directly to configure the SSK. This draft proposes the technique for periodic updates of the shared secret key by the RADIUS server to resolve this problem. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html PARK Expires January 3, 2015 [Page 1] Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014 This Internet-Draft will expire on August 3, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction ................................................ 2 2. Terminology ................................................. 2 3. The existing RADIUS Accounting Protocol and the problem of SSK 3 3.1. RADIUS accounting Protocol.............................. 3 3.2. Problem of the SSK...................................... 4 4. SSK update protocol ......................................... 4 4.1. Overview ............................................... 4 4.2. Key update request procedure............................ 5 4.3. Key update response procedure........................... 5 4.4. Key store .............................................. 6 5. Security Considerations...................................... 6 6. IANA Considerations ......................................... 7 7. References .................................................. 7 8. Acknowledgement ............................................. 7 1. Introduction The existing RADIUS Accounting RFC claims that there is no issue of security because the shared secret key is configured on the AP and it is not transmitted to the network. However the AP is easily exposed to anyone and is vulnerable to various attacks. These environments have a risk of exposing the shared secret key and the attacker can create a Rogue AP by using the IP, MAC, and shared secret key of the existing AP. Then the attacker can create forged accounting information and transmit it to the RADIUS server to cause billing problems. PARK Expires January 3, 2015 [Page 2] Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014 Conclusively, the existing shared secret key not only has a high risk of exposure but also creates an inconvenience for the administrator because it requires manual configuration. To resolve this issue, we used the method of updating the shared secret key in the RADIUS periodically through the server. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [RFC2119]. Remote Authentication Dial In User Service (RADIUS) Hash Message Authentication Code (HMAC) The following terms are defined and used in this document: Shared Secret Key (SSK) 3. The existing RADIUS Accounting Protocol and the problem of SSK 3. 1 RADIUS Accounting Protocol The existing RADIUS accounting protocol is defined in RFC 2866. In addition to in addition to verification and authorization, the RADIUS provides the technique of collecting the billing information of the user's information and storing it on the server. When the RADIUS accounting function is active and the authentication process of the user is complete, a billing for the accounting process is executed. When the user accesses the AP, the AP sends an accounting- request message to the RADIUS accounting server to alert that the specific user has initiated an access and when the user ends the log out, the accounting-request message is sent to notify the termination of the connection which conclusively records on the accounting server how long the user was connected. An authorization value called by the authenticator is used for the authentication of these request and response messages. This value is an output hash value of a MD5 calculated function on received access request values (Code, ID, Length, Request Authenticator, Attributes). The AP and the RADIUS Server must have the shared secret key to send and examine these hash values. PARK Expires January 3, 2015 [Page 3] Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014 3.2 Problem of the SSK The existing SSK is stored in the RADIUS server and AP by the administrator and is encrypted when it is a RADIUS. However, the SSK can be seen on the configuration in freeRADIUS which is the open source RADIUS used by most system administrators to build a RADIUS server. Furthermore, while there are APs that store shared key? with encryption, there are APs that can easily expose the key on the administration webpage, so that there are additional problems of exposure that were not acknowledged before. In addition to these problems, there is the inconvenience of modifying the values manually on the AP and RADIUS servers by the administrator. There are numerous of APs in various locations so it is difficult for the administrator to look for all of these APs. 4. SSK update protocol 4.1 Overview The existing configuration method of the SSK on the AP and RADIUS server had the risk of exposure and is inconvenient for administration but has been continually utilized. To resolve this problem, we propose the method of updating the SSK periodically between the AP and RADIUS server. In this method, the RADIUS server uses the SSK to encrypt the existing SSK on the key update message and then is transmitted by utilizing HMAC. Then the AP that received the key update message from the server applies the new SSK and sends a confirmation message to the RADIUS server. The updated SSK is encrypted and stored in both sides. Through this operation process of manual administration is resolved and the exposure of the SSK is also prevented. +------+ +---------+ | AP | | RADIUS | +------+ +---------+ |<---------------------------------------------------| (KUReq||L||MAC_R||MAC_AP||Essk0(SSK1)||T_R)||Hssk0(KUReq||L||MAC_R||MAC_AP||Essk0(SSK1)||T_R) |--------------------------------------------------->| Hssk1(KURes||L||MAC_AP||MAC_R||T_R+1)||KURes||L||MAC_AP||MAC_R||T_R+1 PARK Expires January 3, 2015 [Page 4] Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014 Figure 1. SSK update protocol 4.1 Key update request procedure The server sends an update message request to update the key in the AP. The time stamp is used to prevent replay attacks and the AP and RADIUS MAC and existing SSK is used to send an encrypted SSK. Furthermore to confirm the integrity of the message, HMAC is utilized in the of use hash values. KUReq Request message to inform the starting of Key update procedure. L Length of Mean. MAC_R RADIUS server's MAC address field. MAC_AP AP's MAC address filed. Essk0(SSK1) The newly updated value of SSK which is encrypted with SSK0. T_R Refers to the value of the time stamp transmitted from RADIUS server. Hssk0 HMAC encryption using SSK0 4.2 Key update response procedure The AP updates the key from the server and notifies the result of the key update process to the server. The server that received the update confirmation message modifies the SSK and stores it. Hssk1 PARK Expires January 3, 2015 [Page 5] Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014 HMAC encryption using SSK1 KURes Response message to inform the result of Key update procedure L Mean length. MAC_AP AP's MAC address filed. MAC_R RADIUS server's MAC address field. T_R+1 Adding 1 to the value on the time stamp received from the RADIUS server to prevent replay attacks. 4.3 Key store The problem of the existing SSK is that it is easily exposed on the administration page of the AP and RADIUS server. The SSK transmitted with the update protocol is stored in the server and the AP with encryption. 5. Security Considerations The security aspect was not considered with the existing SSK because it was not shared within the network. This brought up the issue of easy SSK exposure on administration modes of the AP and the RADIUS and the SSK was easily found on the configuration of the widely used open source RADIUS server of freeRADIUS. However, there is no risk of exposure with the SSK update protocol because the SSK is updated periodically and the key is saved with encryption after the configuration of the initial key. However the SSK is shared for the update so network security must be guaranteed. HMAC is utilized for hashing when transmitting the key to ensure the security matters of the network. PARK Expires January 3, 2015 [Page 6] Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014 6. IANA Considerations This document makes no request of IANA. 7. References [1] [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. [2] [RFC2865] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. 8. Acknowledgements This research was supported by the MSIP(Ministry of Science, ICT&Future Planning), Korea, under the ITRC(Information Technology Research Center)) support program (NIPA-2014-H0301-14-1010) supervised by the NIPA(National IT Industry Promotion Agency) PARK Expires January 3, 2015 [Page 7] Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014 Authors' Addresses Jungsoo Park Soongsil University 369, Sangdo-ro, Dongjak-gu, Seoul 156-743, Korea Email : ddukki86@ssu.ac.kr Seungwook Jung Sonngsil University 369, Sangdo-ro, Dongjak-gu, Seoul 156-743, Korea Email : seungwookj@ssu.ac.kr Souhwan Jung Soongsil University 369, Sangdo-ro, Dongjak-gu, Seoul 156-743, Korea Email: souhwanj@ssu.ac.kr PARK Expires January 3, 2015 [Page 8]