Internet DRAFT - draft-park-radext-ssk-update

draft-park-radext-ssk-update



                                                                 
                                                                 Park
                                                                 Jung
RADIUS EXTENSION                                                 Jung
Internet Draft                                    Soongsil University
Intended status: Informational                           July 3, 2014
Expires: January 2015



              Shared Secret Key update for RADIUS Accounting
                    draft-park-radext-ssk-update-02.txt


Abstract

   There is a shared secret key in the existing method to authenticate
   RADIUS accounting messages between the RADIUS server and the access
   point. If this key is exposed, the attacker can utilize this key to
   operate the Rogue AP as a normal AP. In this case, a problem arises
   regarding to the creation of forged user accounting information and
   transmission to the RADIUS Server. Furthermore, there is some
   inconvenience for the administrators because each server and AP have
   to be accessed directly to configure the SSK. This draft proposes
   the technique for periodic updates of the shared secret key by the
   RADIUS server to resolve this problem.




Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html




PARK                  Expires January 3, 2015                [Page 1]

Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014


   This Internet-Draft will expire on August 3, 2014.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Table of Contents


   1. Introduction ................................................ 2
   2. Terminology ................................................. 2
   3. The existing RADIUS Accounting Protocol and the problem of SSK 3
      3.1. RADIUS accounting Protocol.............................. 3
      3.2. Problem of the SSK...................................... 4
   4. SSK update protocol ......................................... 4
      4.1. Overview ............................................... 4
      4.2. Key update request procedure............................ 5
      4.3. Key update response procedure........................... 5
      4.4. Key store .............................................. 6
   5. Security Considerations...................................... 6
   6. IANA Considerations ......................................... 7
   7. References .................................................. 7
   8. Acknowledgement ............................................. 7


1. Introduction

   The existing RADIUS Accounting RFC claims that there is no issue of
   security because the shared secret key is configured on the AP and
   it is not transmitted to the network. However the AP is easily
   exposed to anyone and is vulnerable to various attacks. These
   environments have a risk of exposing the shared secret key and the
   attacker can create a Rogue AP by using the IP, MAC, and shared
   secret key of the existing AP. Then the attacker can create forged
   accounting information and transmit it to the RADIUS server to cause
   billing problems.


PARK                  Expires January 3, 2015                [Page 2]

Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014


     Conclusively, the existing shared secret key not only has a high
   risk of exposure but also creates an inconvenience for the
   administrator because it requires manual configuration. To resolve
   this issue, we used the method of updating the shared secret key in
   the RADIUS periodically through the server.



2. Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC-2119 [RFC2119].

   Remote Authentication Dial In User Service (RADIUS)

   Hash Message Authentication Code (HMAC)

   The following terms are defined and used in this document:

   Shared Secret Key  (SSK)



3. The existing RADIUS Accounting Protocol and the problem of SSK

   3. 1 RADIUS Accounting Protocol

   The existing RADIUS accounting protocol is defined in RFC 2866. In
   addition to in addition to verification and authorization, the
   RADIUS provides the technique of collecting the billing information
   of the user's information and storing it on the server. When the
   RADIUS accounting function is active and the authentication process
   of the user is complete, a billing for the accounting process is
   executed. When the user accesses the AP, the AP sends an accounting-
   request message to the RADIUS accounting server to alert that the
   specific user has initiated an access and when the user ends the log
   out, the accounting-request message is sent to notify the
   termination of the connection which conclusively records on the
   accounting server how long the user was connected. An authorization
   value called by the authenticator is used for the authentication of
   these request and response messages. This value is an output hash
   value of a MD5 calculated function on received access request values
   (Code, ID, Length, Request Authenticator, Attributes). The AP and
   the RADIUS Server must have the shared secret key to send and
   examine these hash values.



PARK                  Expires January 3, 2015                [Page 3]

Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014


   3.2 Problem of the SSK

   The existing SSK is stored in the RADIUS server and AP by the
   administrator and is encrypted when it is a RADIUS. However, the SSK
   can be seen on the configuration in freeRADIUS which is the open
   source RADIUS used by most system administrators to build a RADIUS
   server. Furthermore, while there are APs that store shared key? with
   encryption, there are APs that can easily expose the key on the
   administration webpage, so that there are additional problems of
   exposure that were not acknowledged before. In addition to these
   problems, there is the inconvenience of modifying the values
   manually on the AP and RADIUS servers by the administrator. There
   are numerous of APs in various locations so it is difficult for the
   administrator to look for all of these APs.



4. SSK update protocol

   4.1 Overview

   The existing configuration method of the SSK on the AP and RADIUS
   server had the risk of exposure and is inconvenient for
   administration but has been continually utilized. To resolve this
   problem, we propose the method of updating the SSK periodically
   between the AP and RADIUS server. In this method, the RADIUS server
   uses the SSK to encrypt the existing SSK on the key update message
   and then is transmitted by utilizing HMAC. Then the AP that received
   the key update message from the server applies the new SSK and sends
   a confirmation message to the RADIUS server. The updated SSK is
   encrypted and stored in both sides. Through this operation process
   of manual administration is resolved and the exposure of the SSK is
   also prevented.

   +------+                                                 +---------+

   |  AP  |                                                 |  RADIUS |

   +------+                                                 +---------+

       |<---------------------------------------------------|

(KUReq||L||MAC_R||MAC_AP||Essk0(SSK1)||T_R)||Hssk0(KUReq||L||MAC_R||MAC_AP||Essk0(SSK1)||T_R) 

       |--------------------------------------------------->|

   Hssk1(KURes||L||MAC_AP||MAC_R||T_R+1)||KURes||L||MAC_AP||MAC_R||T_R+1


PARK                  Expires January 3, 2015                [Page 4]

Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014


                       Figure 1. SSK update protocol

   4.1 Key update request procedure

   The server sends an update message request to update the key in the
   AP. The time stamp is used to prevent replay attacks and the AP and
   RADIUS MAC and existing SSK is used to send an encrypted SSK.
   Furthermore to confirm the integrity of the message, HMAC is
   utilized in the of use hash values.

   KUReq

   Request message to inform the starting of Key update procedure.

   L

   Length of Mean.

   MAC_R

   RADIUS server's MAC address field.

   MAC_AP

   AP's MAC address filed.

   Essk0(SSK1)

   The newly updated value of SSK which is encrypted with SSK0.

   T_R

   Refers to the value of the time stamp transmitted from RADIUS server.

   Hssk0

   HMAC encryption using SSK0



   4.2 Key update response procedure

   The AP updates the key from the server and notifies the result of
   the key update process to the server. The server that received the
   update confirmation message modifies the SSK and stores it.

   Hssk1


PARK                  Expires January 3, 2015                [Page 5]

Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014


   HMAC encryption using SSK1

   KURes

   Response message to inform the result of Key update procedure

   L

   Mean length.

   MAC_AP

   AP's MAC address filed.

   MAC_R

   RADIUS server's MAC address field.

   T_R+1

   Adding 1 to the value on the time stamp received from the RADIUS
   server to prevent replay attacks.



   4.3 Key store

   The problem of the existing SSK is that it is easily exposed on the
   administration page of the AP and RADIUS server. The SSK transmitted
   with the update protocol is stored in the server and the AP with
   encryption.


5. Security Considerations

   The security aspect was not considered with the existing SSK because
   it was not shared within the network. This brought up the issue of
   easy SSK exposure on administration modes of the AP and the RADIUS
   and the SSK was easily found on the configuration of the widely used
   open source RADIUS server of freeRADIUS. However, there is no risk
   of exposure with the SSK update protocol because the SSK is updated
   periodically and the key is saved with encryption after the
   configuration of the initial key. However the SSK is shared for the
   update so network security must be guaranteed. HMAC is utilized for
   hashing when transmitting the key to ensure the security matters of
   the network.



PARK                  Expires January 3, 2015                [Page 6]

Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014


6. IANA Considerations

     This document makes no request of IANA.



7. References

   [1]      [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June
           2000.

   [2]      [RFC2865] Rigney, C., Willens, S., Rubens, A. and W. Simpson,
           "Remote Authentication Dial In User Service (RADIUS)", RFC
           2865, June 2000.



8. Acknowledgements

   This research was supported by the MSIP(Ministry of Science,
   ICT&Future Planning), Korea, under the ITRC(Information Technology
   Research Center)) support program (NIPA-2014-H0301-14-1010)
   supervised by the NIPA(National IT Industry Promotion Agency)

























PARK                  Expires January 3, 2015                [Page 7]

Internet-Draft Shared Secret Key update for RADIUS Accounting July 2014


Authors' Addresses

   Jungsoo Park
   Soongsil University
   369, Sangdo-ro, Dongjak-gu,
   Seoul 156-743, Korea

   Email : ddukki86@ssu.ac.kr

   Seungwook Jung
   Sonngsil University
   369, Sangdo-ro, Dongjak-gu,
   Seoul 156-743, Korea

   Email : seungwookj@ssu.ac.kr

   Souhwan Jung
   Soongsil University
   369, Sangdo-ro, Dongjak-gu,
   Seoul 156-743, Korea

   Email: souhwanj@ssu.ac.kr


























PARK                  Expires January 3, 2015                [Page 8]