<%BANNER%>

PLC-WIFI Hybrid Broadband Internet: Deployment and Security


PAGE 1

PLCWIFI HYBRID BROADBAND INTERN ET: DEPLOYMENT AND SECURITY By ANUJ V. MUNDI A THESIS PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLOR IDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE UNIVERSITY OF FLORIDA 2004

PAGE 2

Copyright 2004 by Anuj V. Mundi

PAGE 3

This Thesis is dedicated to my late grandfather, Dr. B. N. Mundi (1914).

PAGE 4

ACKNOWLEDGMENTS I would like to thank my advisor Dr. Haniph A. Latchman for his faith in me, and for constantly inspiring me. His constant encouragement, timely critical evaluation and enthusiasm for my work resulted in the successful completion of my thesis. I would also like to thank Dr. Janise McNair and Dr. Richard Newman for serving on my supervisory committee. I would like to thank my brother, Pranav Mundi, for his tremendous moral support and encouragement; and my best friend and fiance Aditi Joshi for her kindness and interest in my work. I would also like to thank my friends throughout the world. Special thanks go to Suman Shrinivasan and everybody at the LIST, for their help throughout my graduate studies. Finally, I thank my parents and God, for always being there for me, come what may. iv

PAGE 5

TABLE OF CONTENTS Page ACKNOWLEDGMENTS .................................................................................................iv LIST OF FIGURES .........................................................................................................viii ABSTRACT .........................................................................................................................x CHAPTER 1 INTRODUCTION........................................................................................................1 2 BACKGROUND..........................................................................................................5 Wireless LAN Technology Overview..........................................................................5 Wireless Clients (Station)......................................................................................6 Wireless Access Point...........................................................................................6 Ports (Wireless Logical connection).....................................................................7 Standard IEEE 802.11..................................................................................................7 Standard IEEE 802.11 PHY Layer........................................................................9 Standard IEEE 802.11 MAC Sublayer..................................................................9 Standard 802.11b.............................................................................................10 Standard 802.11a.........................................................................................10 Standard 802.11g.........................................................................................11 Standard IEEE 802.11 Topologies......................................................................11 Independent basic service set (IBSS)...........................................................11 Infrastructure basic service set (BSS)..........................................................12 Distribution system (DS)......................................................................12 Extended service set (ESS)..........................................................................13 Standard IEEE 802.11 Distribution Services......................................................14 Association.......................................................................15 Disassociation...........................................................................15 Re-association..........................................................................16 Distribution...........................................................................17 Integration............................................................................17 Overview of PLC Technology....................................................................................18 Regulatory Constraints for PLC..........................................................................20 Power Line Channel Characteristics...................................................................22 Attenuation in the PLC channel...................................................................22 Noise in the PLC channel.............................................................................23 v

PAGE 6

Electromagnetic Compatibility of PLC...............................................................25 The HomePlug 1.0 Protocol Specifications.........................................................27 The HomePlug 1.0 Operating Modes..................................................................32 Introduction to HomePlug AV............................................................................33 3 SECURITY STANDARDS OVERVIEW.................................................................34 Introduction to Information security...........................................................................34 Authentication.............................................................................................................35 Authenticators..........................................................................................36 Message encryption..........................................................................36 Message authentication codes......................................................................37 Hash functions..........................................................................38 Authentication Protocols.....................................................................................38 Introduction to Authentication, Authorization and Accounting.................................39 Wireless Security........................................................................................................40 Standard 802.11 Authentication..........................................................................40 Open system authentication.........................................................................41 Shared key authentication............................................................................41 Standard 802.11 Encryption with Wired Equivalent Privacy (WEP).................42 Encryption and decryption using WEP........................................................43 Concerns associated with WEP................................................44 Network Security in PLC............................................................................................46 Standard IEEE 802.1x Port Based Access Control Protocol......................................49 Introduction.............................................................................................49 Overview of 802.1X Operation...........................................................................49 Authentication Framework..................................................................................52 Key Management.....................................................................................53 4 RADIUS PROTOCOL BASED AUTHENTICATION.............................................54 Overview of RADIUS Protocol..................................................................................54 Extensible Authentication Protocol........................................................57 Types of EAP .........................................................................................58 Type EAP MD5.....................................58 Type EAP TLS..............................................................59 Use of EAP over RADIUS.........................................................................................59 Authentication Scheme using EAPRADIUSIEEE 802.1x.....................................59 System Benefits of EAPRADIUSIEEE 802.1x......................................................66 Security Overview of EAPTLS................................................................................66 5 AUTHENTICATION IN PLC-WIFI.........................................................................68 Last Mile Broadband Internet System Using PLC-WiFi............................................68 Authentication in PLC................................................................................................70 System Setup and Demonstration of AAA.................................................................73 Supplicant Setup..........................................................................................74 vi

PAGE 7

Authenticator Setup.............................................................................................79 Authentication Server Setup................................................................................79 6 CONCLUSION...........................................................................................................81 APPENDIX A HOW UF WIRELESS WORKS.................................................................................83 B SOURCE CODE FOR ASSOCIATED SCRIPTS.....................................................85 LIST OF REFERENCES...................................................................................................93 BIOGRAPHICAL SKETCH.............................................................................................95 vii

PAGE 8

LIST OF FIGURES Figure page 2-1 WLAN components....................................................................................................6 2-2 IEEE 802.11 mapped to OSI standards......................................................................8 2-3 Independent Basic Service Set (IBSS).....................................................................12 2-4 Infrastructure Basic Service Set (BSS)....................................................................13 2-5 Extended Service Set (ESS).....................................................................................14 2-6 Power Line Distribution Grid...................................................................................19 2-7 Attenuation in PLC channel.....................................................................................22 2-8 Sample of continuous impulsive noise created by electric drill...............................24 2-9 Sample of Periodic Impulsive noise Produced by a dimmer...................................25 2-10 Tone map and masked sub-carriers in HomePlug 1.0..............................................29 2-11 HomePlug 1.0 MAC frame structure.......................................................................31 2-12 Logical Networks (LN) in HomePlug 1.0................................................................32 3-1 Types of attacks. A) Normal Flow, B) Interruption, C) Interception D) Modification, E) Modification.................................................................................35 3-2 AAA Framework in a WiFi networking scenario....................................................39 3-3 WEP Illustrated........................................................................................................44 3-4 IEEE 802.1x framework...........................................................................................51 4 EAP Architecture.....................................................................................................58 4-2 EAP-TLS over RADIUS..........................................................................................65 5-1 Broadband power line Internet access......................................................................69 viii

PAGE 9

5 PLC authenticator transformer mount...................................................................72 5-3 EAP RADIUS for PLC.........................................................................................73 5-4 Wireless Network Connection Properties................................................................74 5-5 Authentication Setup................................................................................................75 5-6 Certificate Setup.......................................................................................................76 5 User Certificate........................................................................................................77 5 AAA system setup....................................................................................................80 ix

PAGE 10

Abstract of Thesis Presented to the Graduate School of the University of Florida in Partial Fulfillment of the Requirements for the Degree of Master of Science PLCWIFI HYBRID BROADBAND INTERNET: DEPLOYMENT AND SECURITY By Anuj V. Mundi August 2004 Chair: Haniph A. Latchman Major Department: Electrical and Computer Engineering The last mile broadband internet access is dominated by technologies like public switched telephone lines (PSTN), digital subscriber lines (DSL) and cable for residential and small office home office (SOHO) establishments. With the arrival of 802.11 wireless networking, also called as wireless fidelity (WiFi) and Power Line Communication (PLC) a whole new generation of last mile broadband Internet access solutions has surfaced. These technologies enable data and voice communication over the all-pervasive power grid and the unlicensed radio spectrum enabling last mile broadband Internet services. The advent of PLC and WiFi enables fast computer and peripheral device internetworking. These are emerging networking technologies that also have significant implications for smart environments. PLC features a new paradigm of no new wires for internetworking, using the existing electrical wiring already delivering requisite electrical power to the premises while WiFi provides an alternative no-wires networking paradigm. My study determined the key attributes of PLC and WiFi technologies that can be instrumental in x

PAGE 11

an implementation of a robust and secure broadband Internet infrastructure with Authentication Authorization and Accounting (AAA) mechanism. My study also tested a secure WiFi broadband Internet deployment based on the 802.1x port based authentication protocol and RADIUS server that can be used to provide secure mobile Internet services at WiFi hot spots. My study also explained EAP over RADIUS and EAP/TLS protocols and tested a complete AAA system incorporating certificate-based authentication scheme. I outlined a PLC based Secure Broadband Internet deployment scheme and presented a proof of concept along with a feasibility study. xi

PAGE 12

CHAPTER 1 INTRODUCTION Power Line Communication (PLC) technology has the potential to convert the most pervasive infrastructure (power line grids) into a backbone to offer broadband internet service to every household and office. With over 18 million miles of power lines laid out in the US alone, the electrical grid encompasses almost the entire world. Offering broadband internet access through the power line not only opens a new business opportunity but also unveils a whole new view of the connected world. Developing and third-world countries that lack the infrastructure to support current broadband internet (DSL, Cable, etc.) can benefit from their existing power grid, and can offer broadband internet service even in the most remote places. Coupled with IP telephony, PLC networks can bring the world closer than before. Such is the socio-economic potential of PLC technology. PLC is an emerging networking technology with significant implications for smart environments. PLC features a new paradigm of no new wires for internetworking, using the existing electrical wiring that already delivers requisite electrical power. PLC technology, though nascent currently, is maturing rapidly and proving to be the most promising last-mile alternative for broadband internet access. As with all public deployment of shared-medium internet services, Broadband PLC lacks a robust mechanism for providing security. WiFi is another candidate for broadband Internet services because of its ease of operation and deployment. WiFi offers an Ethernet class wireless local area network 1

PAGE 13

2 (LAN) with data rates up to 11 mbps (802.11b) and 54 mbps (802.11a and g) using the 802.11 wireless networking standard. New protocols for metropolitan area networking (MAN) are being developed by the IEEE 802.15 group targeted towards scalable wireless networking services in a larger metropolitan area. Together with cellular wireless networking technologies like universal mobile telecommunication systems (UMTS) and wideband code division multiplexing (WCDMA), that offer the popular 3 rd generation voice and data services or 3G services to their subscribers on a licensed spectrum, wireless Internet market is poised to take off. Cellular technology provides seamless roaming and excellent outdoor wireless data services, but does not provide good indoor data service because of the wireless channel characteristics. The unlicensed 802.11 Wireless LAN (WLAN) technology provides excellent indoor wireless data services but has an inherent restriction of limited coverage area. These technologies definitely complement each other, and hence a cross-layer integration of these technologies will provide an excellent wireless experience to the subscriber. Even though this cross layer integration sounds promising, it has hurdles. The regulatory bodies and the industrial conglomerates that support these technologies differ and currently do not support seamless co-existence of the two technologies. The wireless channel is an open channel, where transmission of data from any wireless terminal can be readily interpreted. This poses a threat to the security and integrity of transmitted data. The PLC channel is similar to the wireless channel in the sense that data is transmitted on a shared medium (namely the electrical lines that deliver power to every household). This channel can be tapped from any electrical outlet that is enabled for Internet use. Checking rogue access to the network resources requires 2

PAGE 14

3 adequate and secure authentication, authorization and accounting (AAA) mechanisms. In PLC and WiFi based networks this potential security breach poses a major hurdle in deploying these technologies to offer public internet access, often because of a nonexistent or weak AAA mechanism. The most common WiFi networking equipment comes with a mechanism for data security using a global key to encrypt the transmitted data; this feature is called wired equivalent privacy (WEP). It is a symmetric key that must be shared with all the stations for data encryption. With WEP activated, absence of a data encryption key disallows association between two communicating peers. In a public deployment, WEP often fails because of a paradox the WEP key becomes a secret that is known to all. Such deficiencies in security mechanisms pose new challenges in developing a secure and robust mechanism for data integrity that is also scalable. PLC has a similar deficiency the HomePlug 1.0 protocol has a DES key that encrypts the payload of the HomePlug protocol data unit (PDU), and this encryption logically separates the entire PLC network into logical sub-networks that share the same key. Sharing again poses a paradox, since for public deployment this shared key has to be known so as to limit logical fragmentation of the network. Using a new key for every user renders the HomePlug peers incommunicable. The work in this thesis is directed towards investigating a new mechanism to provide AAA mechanism in a hybrid PLC WiFi last mile broadband internet deployment. My study tested a novel mechanism to provide AAA for PLCWiFi is presented to enable the monitoring and prevention of rogue network access by a means of validating authentic users. Chapter 2 introduces concepts and terminology in wireless networks 3

PAGE 15

4 (especially the IEEE 802.11 networks and the HomePlug 1.0 protocol which is used for interconnecting the various devices in a PLC LAN). Chapter 3 discusses various security aspects in PLC and WiFi networks and introduces the IEEE 802.1x port based access control protocol. An in-depth discussion of the Remote Authentication Dial In User Services (RADIUS) protocol and its associated security architecture viz. Extensible Authentication Protocol (EAP) over RADIUS using 802.1x is given in Chapter 4. Chapter 5 introduces the PLCWiFi authentication scheme and also introduces a robust secure socket layer (SSL) certificate based implementation of a RADIUS server for AAA of a PLCWiFi network. Chapter 6 gives a summary and suggests future work in this area 4

PAGE 16

CHAPTER 2 BACKGROUND Wireless LAN Technology Overview High-speed wireless LANs can provide the benefits of network connectivity without the restrictions of numerous wires. Wireless connections can extend or replace a wired infrastructure in situations where it is costly or prohibitive to lay cables. Temporary installations represent one example of when a wireless network might make sense or is even required. Some types of buildings like historic heritage buildings may prohibit the laying of new wiring, making wireless networking an important alternative. And of course the "no new wires" phenomenon involving wireless, along with PLC networking has become a major catalyst for home networking and alternative broadband internet. The increasingly mobile user becomes a clear candidate for a wireless LAN. From the end users perspective, access to wireless networks can be achieved using laptop computers and wireless network interface cards. This enables the user to connect to a network even when he is mobile. Access to the Internet could be made available through public deployment of wireless "hot spots". Airports, restaurants, rail stations, and popular areas in cities can be provisioned to provide this service. Public deployment of last mile Internet access services can also be extended through the WLAN by using the requisite security before deployment. Limited access could be provided to the user through the local wireless network, provided that the network is intelligent enough to recognize the user and create a connection that is restricted. 5

PAGE 17

6 In all these scenarios, it is worth highlighting that today's standards-based wireless LANs operate at high speeds the same speeds that were considered state-of-the-art for wired networks just a few years ago. The access speed that the user has access to is typically more than 11 mbps or about 30 to 100 times faster than standard dial up technologies, one of the most dominant last mile Internet access technologies. next is a brief description of the terminologies used in WLAN(Figure 2-1). Figure 2-1 WLAN components Wireless Clients (Station) A station (STA) is a computing device that is equipped with a wireless LAN network adapter. A personal computer equipped with a wireless LAN network adapter is known as a wireless client. Wireless clients can communicate directly with each other or through a wireless access point. Wireless Access Point A wireless access point (AP) is a networking device equipped with a wireless LAN network adapter that acts as a bridge between STAs and a traditional wired network. An access point contains at least one interface that connects the AP to an existing wired network (such as an Ethernet backbone), a radio equipment with which it creates wireless connections with wireless clients, and IEEE 802.1D bridging software, so that it can act

PAGE 18

7 as a transparent bridge between wireless and wired Data Link layers. The wireless AP is similar to a cellular phone networks base station: wireless clients communicate with the wired network and other wireless clients through the wireless AP. Wireless APs are not mobile and act as peripheral bridge devices to extend a wired network. Ports (Wireless Logical Connection) A port is a channel of a device that can support a single point-to-point connection. For IEEE 802.11b, a port is an association, a logical entity over which a single wireless connection is made. A typical wireless client with a single wireless LAN network adapter has a single port and can support only a single wireless connection. A typical wireless AP has multiple ports and can support multiple simultaneous wireless connections. The logical connection between a port on the wireless client and the port on a wireless AP is a point-to-point bridged LAN segment, similar to an Ethernet-based network client connected to an Ethernet switch. All frames sent from a wireless client, whether unicast, multicast, or broadcast, are sent on the point-to-point LAN segment between the wireless client and the wireless AP. For frames sent by the wireless AP to wireless clients, unicast frames are sent on the point-to-point LAN segment and multicast and broadcast frames are sent to all connected wireless clients at the same time. IEEE 802.11 In 1997, the IEEE adopted IEEE Std. 802.11-1997, the first wireless LAN (WLAN) standard. This standard defines the media access control (MAC) and physical (PHY) layers for a LAN with wireless connectivity. It addresses local area networking where the connected devices communicate over the air to other devices that are within close proximity to each other. This standard provides an overview of the 802.11

PAGE 19

8 architecture and the different topologies incorporated to accommodate the unique characteristics of the IEEE 802.11 wireless LAN standard. The standard is similar in most respects to the IEEE 802.3 Ethernet standard. Specifically, the 802.11 standard addresses: Functions required for an 802.11 compliant device to operate either in a peer-to-peer fashion or integrated with an existing wired LAN Operation of the 802.11 device within possibly overlapping 802.11 wireless LANs and the mobility of this device between multiple wireless LANs MAC level access control and data delivery services to support upper layers of the 802.11 network Several physical layer signaling techniques and interfaces Privacy and security of user data being transferred over the wireless media Figure 2-2 IEEE 802.11 mapped to OSI standards There are a number of characteristics that are unique to the wireless environment (as compared to a wired LAN) that the 802.11 standard must take into consideration. The physical characteristics of a wireless LAN introduce range limitations and unreliable media, dynamic topologies where stations move about, interference from outside sources, and lack of ability for every device to hear every other device within the LAN. These limitations force the WLAN standard to create fundamental definitions for short-range LANs made up of components that are within close proximity to each other. Larger

PAGE 20

9 geographic coverage is handled by building larger LANs from the smaller fundamental building blocks or by integrating the smaller WLANs with an existing wired network. IEEE 802.11 PHY Layer At the physical layer, IEEE 802.11 defines both direct sequence spread spectrum (DSSS) and frequency hopping spread spectrum (FHSS) transmissions. The original bit rates for IEEE 802.11 was 2 and 1 megabits per second (Mbps) using the 2.45 gigahertz (GHz) Industrial, Scientific, and Medical (ISM) frequency band. The maximum bit rate for IEEE 802.11b is 11 Mbps (using DSSS). The maximum bit rate for IEEE 802.11a is 54 Mbps using orthogonal frequency-division multiplexing (OFDM) (explained later) and the 5.8 gigahertz (GHz) frequency band. IEEE 802.11 MAC Sublayer At the MAC sublayer, IEEE 802.11 uses the carrier sense multiple access with collision avoidance (CSMA/CA) media access control (MAC) protocol, which works in the following way: A wireless station with a frame to transmit first listens on the wireless channel to determine if another station is currently transmitting (carrier sense). If the medium is being used, the wireless station calculates a random backoff delay. Only after the random backoff delay can the wireless station again listen for a transmitting station. By instituting a random backoff delay, multiple stations that are waiting to transmit do not end up trying to transmit at the same time (collision avoidance). The CSMA/CA scheme does not ensure that a collision never takes place and it is difficult for a transmitting node to detect that a collision is occurring. Additionally, depending on the placement of the wireless AP and the wireless clients, a radio frequency

PAGE 21

10 (RF) barrier can prevent a wireless client from sensing that another wireless node is transmitting. This is known as the hidden station problem. To provide better detection of collisions and a solution to the hidden station problem, IEEE 802.11 also defines the use of an acknowledgment (ACK) frame to indicate that a wireless frame was successfully received and the use of Request to Send (RTS) and Clear to Send (CTS) messages. When a station wants to transmit a frame, it sends an RTS message indicating the amount of time it needs to send the frame. The wireless AP sends a CTS message to all stations, granting permission to the requesting station and informing all other stations that they are not allowed transmitting for the time reserved by the RTS message. The exchange of RTS and CTS messages eliminates collisions due to hidden stations. Standard 802.11b The major enhancement to IEEE 802.11 by IEEE 802.11b is the standardization of the physical layer to support higher bit rates. IEEE 802.11b supports two additional speeds, 5.5 Mbps and 11 Mbps, using the same 2.45 GHz frequency. DSSS modulation scheme is used in order to provide the higher data rates. The bit rate of 11 Mbps is achievable in ideal conditions. In less-than-ideal conditions, the slower speeds of 5.5 Mbps, 2 Mbps, and 1 Mbps are used. Standard 802.11a The latest standard, IEEE 802.11a, operates at a data transmission rate as high as 54 Mbps and uses a radio frequency of 5.8 GHz. Instead of DSSS, 802.11a uses OFDM. OFDM allows data to be transmitted by sub frequencies in parallel. This provides greater resistance to interference and greater throughput. This higher speed technology allows wireless LAN networking to perform better for video and conferencing applications.

PAGE 22

11 Because they are not on the same frequencies as Bluetooth or microwave ovens, OFDM and IEEE 802.11a provide both a higher data rate and a cleaner signal. The bit rate of 54 Mbps is achievable in ideal conditions. In less-than-ideal conditions, the slower speeds of 48 Mbps, 36 Mbps, 24 Mbps, 18 Mbps, 12 Mbps, and 6 Mbps are used. Standard 802.11g IEEE 802.11g, a relatively new standard, operates at a bit rate as high as 54 Mbps, but uses the S-Band ISM and OFDM. 802.11g is also backward-compatible with 802.11b and can operate at the 802.11b bit rates and use DSSS. 802.11g wireless network adapters can connect to an 802.11b wireless AP, and 802.11b wireless network adapters can connect to an 802.11g wireless AP. Thus, 802.11g provides a migration path for 802.11b networks to a frequency-compatible standard technology with a higher bit rate. Existing 802.11b wireless network adapters cannot be upgraded to 802.11g by updating the firmware of the adapterthey must be replaced. Unlike migrating from 802.11b to 802.11a (in which all the network adapters in both the wireless clients and the wireless APs must be replaced at the same time), migrating from 802.11b to 802.11g can be done incrementally. Like 802.11a, 802.11g uses 54 Mbps in ideal conditions and the slower speeds of 48 Mbps, 36 Mbps, 24 Mbps, 18 Mbps, 12 Mbps, and 6 Mbps in less-than-ideal conditions IEEE 802.11 Topologies Independent basic service set (IBSS) The most basic wireless LAN topology is a set of stations which have recognized each other and are connected via the wireless media in a peer-to-peer fashion. This form of network topology is referred to as an Independent Basic Service Set (IBSS) or an Ad

PAGE 23

12 hoc network. In an IBSS, the mobile stations communicate directly with each other. Every mobile station may not be able to communicate with every other station due to the range limitations. There are no relay functions in an IBSS therefore all stations need to be within range of each other and communicate directly Figure 2-3 Independent Basic Service Set (IBSS) Infrastructure Basic Service Set (BSS) Figure 2-4 shows that an Infrastructure Basic Service Set is a BSS with a component called an Access Point (AP). The access point provides a local relay function for the BSS. All stations in the BSS communicate with the access point and no longer communicate directly. All frames are relayed between stations by the access point. This local relay function effectively doubles the range of the IBSS. The access point may also provide connection to a distribution system. Distribution System (DS) DS is the means by which an access point communicates with another access point to exchange frames for stations in their respective BSSs, forward frames to follow mobile stations as they move from one BSS to another, and exchange frames with a wired network. As IEEE 802.11 describes it, the distribution system is not necessarily a network nor does the standard place any restrictions on how the distribution system is

PAGE 24

13 implemented, only on the services it must provide. Thus the distribution system may be a wired network like 803.2 or a special purpose box that interconnects the access points and provides the required distribution services. Figure 2-4 Infrastructure Basic Service Set (BSS) Extended Service Set (ESS) IEEE 802.11 extends the range of mobility to an arbitrary range through the ESS. An extended service set is a set of infrastructure BSSs, where the access points communicate amongst themselves to forward traffic from one BSS to another to facilitate movement of stations between BSSs. The access point performs this communication through the distribution system. The distribution system is the backbone of the wireless LAN and may be constructed of either a wired LAN or wireless network. Typically the distribution system is a thin layer in each access point that determines the destination for traffic received from a BSS. The distribution system determines if traffic should be relayed back to a destination in the same BSS, forwarded on the distribution system to another access point, or sent into the wired network to a destination not in the extended service set. Communications received by an access point from the distribution system are transmitted to the BSS to be received

PAGE 25

14 by the destination mobile station. Network equipment outside of the extended service set views the ESS and all of its mobile stations as a single MAC-layer network where all stations are physically stationary. Thus, the ESS hides the mobility of the mobile stations from everything outside the ESS. This level of indirection provided by the 802.11 architecture allows existing network protocols that have no concept of mobility to operate correctly with a wireless LAN where there is mobility. Figure 2-5 Extended Service Set (ESS) IEEE 802.11 Distribution Services Distribution services provide functionality across a distribution system. Typically, access points provide distribution services. The five distribution services and functions detailed below include: association, disassociation, re-association, distribution, and integration.

PAGE 26

15 Association The association service is used to make a logical connection between a mobile station and an access point. Each station must become associated with an access point before it is allowed to send data through the access point onto the distribution system. The connection is necessary in order for the distribution system to know where and how to deliver data to the mobile station. The mobile station invokes the association service once and only once, typically when the station enters the BSS. Each station can associate with one access point, though an access point can associate with multiple stations. Disassociation The disassociation service is used either to force a mobile station to eliminate an association with an access point or for a mobile station to inform an access point that it no longer requires the services of the distribution system. When a station becomes disassociated, it must begin a new association to communicate with an access point again. An access point may force a station or stations to disassociate because of resource restraints, the access point is shutting down or being removed from the network for a variety of reasons. When a mobile station is aware that it will no longer require the services of an access point, it may invoke the disassociation service to notify the access point that the logical connection to the services of the access point from this mobile station is no longer required. Stations should disassociate when they leave a network, though there is nothing in the architecture to assure this happens. Disassociation is a notification and can be invoked by either associated party. Neither party can refuse termination of the association.

PAGE 27

16 Re-association Re-Association enables a station to change its current association with an access point. The re-association service is similar to the association service, with the exception that it includes information about the access point with which a mobile station has been previously associated. A mobile station will use the re-association service repeatedly as it moves through out the ESS, loses contact with the access point with which it is associated, and needs to become associated with a new access point. By using the re-association service, a mobile station provides information to the access point to which it will be associated and information pertaining to the access point from which it will be disassociated. This allows the newly associated access point to contact the previously associated access point to obtain frames that may be waiting there for delivery to the mobile station as well as other information that may be relevant to the new association. The mobile station always initiates re-association. Re-association with a different wireless AP can occur for many different reasons. The signal can weaken because the wireless client moves away from the wireless AP or the wireless AP becomes congested with too much other traffic or interference. The wireless client, by switching to another wireless AP, can distribute the load over other wireless APs, increasing the performance for other wireless clients. By placing wireless APs so that their coverage areas overlap slightly but their channels do not, wireless connectivity for large areas can be achieved. As a wireless client moves its physical location, it can associate and re-associate from one wireless AP to another, maintaining a continuous connection during physical relocation. If the coverage areas of the wireless APs within an ESS overlap, then a wireless client can roam, or move from one location (with a wireless AP) to another (with a different wireless AP), while maintaining network layer connectivity. For example, for

PAGE 28

17 TCP/IP, a wireless client is assigned an IP address when it connects to the first wireless AP. When the wireless client roams within the ESS, it creates wireless connections with other wireless APs but keeps the same IP address because all the wireless APs are on the same logical subnet. Distribution Distribution is the primary service used by an 802.11 station. A station uses the distribution service every time it sends MAC frames across the distribution system. The distribution service provides the distribution with only enough information to determine the proper destination BSS for the MAC frame. The three association services (association, re-association, and disassociation) provide the necessary information for the distribution service to operate. Distribution within the distribution system does not necessarily involve any additional features outside of the association services, though a station must be associated with an access point for the distribution service to forward frames properly. Integration The integration service connects the 802.11 WLAN to other LANs, including one or more wired LANs or 802.11 WLANs. A portal performs the integration service. The portal is an abstract architectural concept that typically resides in an access point though it could entirely be part of a separate network component. The integration service translates 802.11 frames to frames that may traverse another network, and vice versa as well as translates frames from other networks to frames that may be delivered by an 802.11 WLAN.

PAGE 29

18 Overview of PLC Technology Power line communications involves the use of a power supply grid for communication purposes. The power line network has a very extensive infrastructure providing connection pathways to and within nearly every building or other environment used by modern man. Because of this fact, the use of this network for the transmission of information signals in addition to its traditional role as a power supply grid has tremendous applications. However, the power line wiring was designed for transmission of electrical power, nominally in the 50-60 Hz range and at most at about 400 Hz, and thus the use of this medium for data transmission at high frequencies presents some technically challenging problems. Furthermore, the power line is one of the most electrically contaminated environments, which makes reliable data communication over this medium extremely difficult. Moreover, the legal restrictions imposed on the use of various frequency bands in the power line spectrum limit the achievable data rates. Power lines connect the power generation station to a variety of customers dispersed over a wide region. Power transmission is done using varying voltage levels and widely differing power line cables. Power line cable characteristics and the number of crossovers and interconnections play an important role in determining the kind of communication technology that needs to be used to effect a viable communication system. From a purely electrical power distribution perspective, the electrical current in the power line network is kept as low as possible, because the losses are directly proportional to the square of current. As the losses in the grid are also proportional to distance, high voltages are used for long distance transmission, medium voltages are used for intermediate distances, and low voltages are used for transmissions over short distances

PAGE 30

19 and within the target building or environment. This creates a set of hierarchical voltage levels in the distribution grids. Based on the voltage levels at which they transfer power, power lines can be categorized as follows. Distribution transformer Installation MV Distribution transformer Installation Customer Premise Electrical Wiring Generato r Substation LV lines MV lines HV lines Figure 2-6 Power Line Distribution Grid. 1. High-voltage (HV) lines: These connect electricity generation stations to distribution stations. The voltage levels on these lines are typically in the order of 69 kV and above and they run over distances of the order of tens of miles. 2. Medium-voltage (MV) lines: These connect the distribution stations to pole mounted transformers. The voltage levels are in between 2.4 kV to 35kV and they run over distances of the order of a few miles. 3. Low-voltage (LV) lines: These connect pole-mounted transformers to individual households. The voltage levels on these lines are up to 600 V and these run over distances of the order of a few hundred meters.

PAGE 31

20 4. Customer premise electrical wires: These electrical wires are connected to the Low-Voltage distribution transformer and run throughout the house to every electric outlet present. The voltage level on these wires is 110 or 220 V, and the customer premise may have single or multiple phases. HV lines represent excellent carriers for radio frequency (RF) communications signals as they feature open wires with very few crossovers over quite long distances. An RF transmission power of about 10 watts is often sufficient to cover distances of more than 500 kilometers. Around the year 1922, the first carrier frequency system (CFS) communication system began to operate on high-tension lines in the frequency range of 15-1500 KHz. As in the past, the main purpose of such CFS communication systems is to maintain the operability of the power supply, providing monitoring and control functions. MV and LV lines are characterized by a large number of cross connections and different conductor types (e.g, open wire and cable). Long distance RF signal propagation is extremely poor in such an environment primarily due to the high attenuation and impedance mismatch. Around the year 1930, ripple carrier signaling (RCS) began to be used to provide communication signals over MV and LV lines. RCS used the frequency range below 3 KHz down to 125 Hz with the amplitude shift keying (ASK) modulation technique to achieve a data rate of the order of a few bits per second. Load management and automatic reconfiguration of power distribution networks were among the most important tasks performed by RCS. Regulatory Constraints for PLC In the past, utility companies used power line communications to maintain the power grid. The utility companies regarded the power distribution wiring as a "natural"

PAGE 32

21 medium for their relatively low data rate communication needs but, high data rate communications over low-tension lines is now a reality. This development has been fueled by the explosive growth of the Internet, advances in digital signal processing, powerful error correction coding techniques and Very Large Scale Integration (VLSI) of electronic hardware. Frequencies used by these PLC devices are restricted by the limitations imposed by the regulatory agencies. The Federal Communications Commission (FCC) and the European Committee for Electro technical Standardization (CENELEC) govern regulatory rules in North America and Europe respectively. In North America the frequency band from 0 to 500 KHz and a part of 2 to 30 MHz unlicensed spectrum is used for power line communications. However the regulatory rules in Europe are more stringent. The spectrum is divided into five bands based on the regulations. They are: 1. Frequency Band from 3 to 9 KHz: The use of this frequency band is limited to energy providers; however, with approval it may also be used by other parties inside their customers premises. 2. Frequency Band from 9 to 95 KHz: The us e of this frequency band is limited to the energy providers and their concession-holders. This frequency band is often referred as the "A-Band". 3. Frequency Band from 95 to 125 KHz: The use of this frequency band is limited to the energy providers customers; no access protocol is defined for this frequency band. This frequency band is often referred as the "B-Band". 4. Frequency Band from 125 to 140 KHz: The use of this frequency band is limited to the energy providers customers; in order to make simultaneous operation of several systems within this frequency band possible, a carrier sense multiple access protocol using a center frequency of 132.5 KHz was defined. This frequency band is often referred to as the "C-Band". 5. Frequency Band from 140 to 148.5 KHz: The use of this frequency band is limited to the energy providers customers; no access-protocol is defined for this frequency band. This frequency band is often referred to as the "D-Band".

PAGE 33

22 6. Frequency Band from 2 to 30 MHz: Efforts are going on in Europe, through CELNEC, to develop a new standard for electro magnetic compatibility for PLC systems in this frequency band. This is the unlicensed spectrum in FCC regulations. HomePlug 1.0 protocol operates in this frequency band. Apart from band allocation, regulatory bodies also impose limits on the radiation emitted by these devices. These reflect as restrictions on the transmitted power in each of these frequency bands. Further reading on regulatory constraints for PLC can be obtained [1]. Power Line Channel Characteristics Power lines were originally devised for transmission of power at 50-60 Hz and at most 400 Hz. At high frequencies the power line is very hostile to signal propagation. Figure 2-7 gives a brief overview of PLC channel characteristics [2]. Attenuation in the PLC channel Figure 2-7 Attenuation in PLC channel High frequency signals can be injected on to the power line by using an appropriately designed high pass filter. Maximum signal power is received only when the impedance of the transmitter, power line and the receiver match. Dedicated communication channels like Ethernet have known impedance, and thus impedance matching is not a problem. However, power line networks are usually made of a variety

PAGE 34

23 of conductor types and cross sections joined randomly, and therefore a wide variety of characteristic impedances are encountered in the network. Further, the network terminal impedance tends to vary both with communication signal frequencies and with time depending upon the consumer premises load pattern. This impedance mismatch results in a multi-path effect resulting in deep notches caused by destructive interferences at certain frequencies. In a typical home environment the attenuation on the power line is between 20dB to 60dB and depends heavily on load. Figure 2-7 [2] shows the attenuation characteristics of a sample PLC channel. Note the deep notches at 11, 13.5, 15 MHz that are created by the multipath effect. Noise in the PLC channel The major sources of noise on the PLC channel are electrical appliances, which utilize the 60Hz (North America) or 50 Hz (Europe) electric supply and generate noise components which extend well into the high frequency spectrum as harmonics of the line frequency. Apart from these, induced radio frequency signals from broadcast, commercial, military, citizen band and amateur stations severely impair certain frequency bands on PLC channel. Electric appliances can be divided into three categories based on the nature of noise they produce in the high frequency bands. Single impulsive noise is a kind of noise produced when electric switches are turned on or off. Periodic impulsive noise, the most common impulse noise, is generated by such sources as triac-controlled light dimmers. These devices introduce noise as they connect the lamp to the AC line part-way through each AC cycle. These impulses occur at twice the AC line frequency as this process is repeated every AC cycle. Figure 2-8 [2] shows the periodic impulsive noise caused by a dimmer on a PLC channel. Continuous impulsive noise is produced by a variety of series-wound AC motors. Such motors are found in electrical appliances like

PAGE 35

24 vacuum cleaners, drilling machines, electric shavers and most of the common kitchen appliances. Commutator arching from these motors produces impulses at repetition rates in the range of several kHz. Continuous impulsive noise is the most severe of all the noise sources. Figure 2-9 shows the continuous impulsive noise created by a drill machine. High bandwidth digital devices communicating on power line devices need to use powerful error correction coding along with appropriate modulation techniques to cope with these impairments. Figure 2-8 Sample of continuous impulsive noise created by electric drill

PAGE 36

25 Figure 2-9 Sample of Periodic Impulsive noise Produced by a dimmer PLC Electromagnetic Compatibility The entire power line grid is developed for transmission of electrical power at the 50 60 Hz range. The use of these power lines for communications involves their use to transmit information modulated on carrier frequencies in the 9 KHz and 30 MHz range. The skin depth effect at these frequencies causes the power lines to radiate high frequency electromagnetic signals which make them leaky. The placement of any wireless service near PLC systems is bound to be subjected to interference. The interference is directly proportional to the transmission power and distance between the installation and the power line. This calls for cautious designing of filters to prevent the leakage of high frequency signals. The solution that integrates the 802.11b wireless networking protocol (WiFi) with PLC is a typical case where mitigating the interference

PAGE 37

26 plays an important role before deploying the equipment. In the following section we take a look at the Orthogonal Frequency Division Modulation (OFDM) scheme and its application on the PLC channel. OFDM Modulation The choice of modulation scheme depends on the nature of physical medium on which it has to operate. A modulation scheme [3] for use on power line should have the following desirable properties: Ability to overcome non-linear channel characteristics: The PLC channel has a very non-linear channel characteristic which requires very expensive and complex equalization schemes to attain data rates above 10 Mbps using single carrier modulation. The modulation technique for use on the PLC channel should have the ability to overcome such non-linearity without the need of highly involved channel equalization. Ability to cope with multi-path spread: Impedance mismatch on power lines results in an echo signal, causing a delay spread of the order of 1ms. The modulation technique for use on the PLC channel should have the inherent ability to handle such delay spreads. Ability to adjust dynamically: Power line channel characteristics change dynamically as the load on the power supply varies. The modulation technique for use on power line should have the ability to track such changes without involving a large overhead or complexity. Ability to mask certain frequencies: Power line communications equipment uses the unlicensed frequency band. However, present and future regulatory rules limit radiation in some sub-bands or adjacent bands. This makes it highly desirable to have a modulation technique that could selectively mask certain frequency bands. This property would help in the global compatibility and marketability of the PLC product. A modulation scheme that has all these desirable properties is OFDM. OFDM is generally viewed as a collection of transmission techniques. OFDM is currently used in European Digital Audio Broadcast (DAB) standards. Several DAB systems proposed for North America are based on OFDM. OFDM is also used in some variants of the 802.11x wireless networking protocol. Following are some of the advantages of OFDM [4]

PAGE 38

27 Very good at mitigating the effects of time-dispersion Very good at mitigating the effect of in-band narrowband interference High bandwidth efficiency Scalable to high data rates Flexible and can be made adaptive; different modulation schemes for sub-carriers, bit loading, adaptable bandwidth/data rates possible Excellent ICI performance Channel equalization not required Phase lock of the local oscillators not required For these reasons, successful PLC protocols such as the HomePlug 1.0 protocol use OFDM. One of the main aspects in the design of OFDM transmission schemes is the selection of the number of carriers and the cyclic prefix length, whose values play an essential role in the bit error rate achieved by the system. Their optimum values depend on the channel characteristics [2]. The HomePlug 1.0 Protocol Specifications Power line communication can be effectively used to achieve Ethernet class networking at the customers premise over the existing electrical wiring. The electrical wiring is a very versatile networking backbone that has an outlet in every room. Use of this existing wiring to establish an in-building network environment led to the introduction of the HomePlug 1.0 protocol in the American market. HomePlug 1.0 PHY and MAC In HomePlug 1.0, the reliability of data transmission over the all pervasive electrical wiring at the customer premise requires the mitigation of extremely unpredictable-natured noise. To achieve an acceptable bit error rate, powerful forward

PAGE 39

28 error correction (FEC) coding and decoding techniques, and automatic repeat request (ARQ) techniques along with OFDM with Cyclic Prefix (CP) were adopted in the PHY of the Media Access Control (MAC) of the HomePlug 1.0 protocol. The OFDM with CP used in HomePlug 1.0, essentially splits the available bandwidth into many small sub-carriers. Unusable sub-carriers are masked out intelligently as mandated by the FCC (Part 15 Rules) and by channel conditions and the best possible modulation and coding methods are applied on the rest of the participating sub-carriers. OFDM in HomePlug 1.0 operates in a frequency band of 4.49 20.7 MHz. This band is divided into 128 evenly spaced sub-carriers. Out of these 128 carriers, 44 sub-carriers are extremely noisy and hence they are permanently masked. Besides these 44 sub-carriers, 8 sub-carriers that fall within the usable band are permanently masked to avoid the interference caused to 40, 30, 20, and 17 meter ham radio bands. This leaves a total of 76 tones to be used in the United States market. The applied tone masks are reconfigurable so as to mask any frequency sub carrier. This adaptive mapping feature ensures the compatibility in foreign markets like the European market. Different tone maps can be framed for European market. A more advanced technique called bit loading in OFDM with CP allows the use of a different modulation and coding scheme to each independent sub-carrier, and this can further improve the bit error rate. At any given time the HomePlug 1.0 MAC PHY supports up to 139 distinct data rates, according to the number of usable carriers, modulation methods, and coding rate. HomePlug 1.0 data rate can vary from 1Mbps to 14 Mbps dynamically [5]. This is possible as every HomePlug 1.0 node performs channel estimation every 5 seconds to adapt to the optimum data rate.

PAGE 40

29 Power DBM/Hz Figure 2-10 Tone map and masked sub-carriers in HomePlug 1.0 The HomePlug 1.0 MAC is a Carrier Sense Multiple Access / Collision Avoidance (CSMA/CA) protocol. Ethernet (802.3) has a Carrier Sense Multiple Access / Collision Detect (CSMA/CD) protocol. In CSMA/CD, all the nodes share the channel on a contention basis. Whenever a collision occurs due to simultaneous transmission of data by two or more nodes, it is detected by the individual node transceivers. Physical carrier sense (PCS) incorporated in the 802.3 PHY detects energy on the channel. A collision is detected upon sensing more energy on the channel than that transmitted by the individual nodes. Upon collision detection, each node exercises a binary exponential back-off algorithm by waiting a random amount of time before subsequent transmission. CSMA/CD relies heavily on PCS for detecting collisions and resolving contention issues. This is possible because of the clean Ethernet channel. PCS alone is not reliable in the case of the HomePlug 1.0 MAC. The noisy PLC channel limits the transceivers ability of differentiating the energy changes in the channel medium occurring due to actual collisions as opposed to channel fluctuations and noise events. Hence, HomePlug 1.0

PAGE 41

30 MAC incorporates the CSMA/CA protocol in which, rather than detecting collisions after they have occurred, collisions are deliberately avoided. The HomePlug 1.0 PHY layer detects the preambles of the frame, and the MAC layer maintains a virtual carrier sense (VCS) timer. Each frame is preceded by a contention period of short time slots. If a station, using VCS, detects that no other node has started transmitting before, it will start transmitting, hence the name collision avoidance. HomePlug 1.0 [5] MAC involves the use of a frame control and a preamble as a delimiter. A tone map is included in the start of frame and this is used by the receiver to decode the following frame. Priority information used for contention resolution is included in the end of the frame delimiter. The response inter frame spacing (RIFS) delimiter facilitates the verification of the response to the currently transmitted frame. As compared to 802.11 there is no short interframe spacing included in the HomePlug 1.0 MAC. A frame control bit serves the propose of indicating the nodes desire to continue transmitting frames. In order to support QoS, four priority classes are provided by HomePlug 1.0 MAC, they are CA3, CA2, CA1 and CA0, listed in the descending order of priority. Appropriate assertion of bits in the PR0 and PR1 slots resolve priority based contention. If a higher priority assertion is made by a frame, all the nodes with priorities less than that priority class defer transmission. At times when there is an assertion of the same priority class by two contending frames, the resolution is continued in the contention window. CSMA/CA has a priority dependent backoff window size. The lower priority classes viz. CA0 and CA1 have a backoff schedule of 8-16-32-64 slots.

PAGE 42

31 CIFS PriorityResolution 0 PriorityResoultion 1 Contention Data RIFS ACK 35.84 us 35.84 us 35.84 us 35.84 us x n 313.5 ~ 1489.5 us 26us 72us Preamble FrameControl FrameHeader Frame Body PAD FCS Preamble FrameControl 25bits 17bytes Variable Length 2Bytes 25bits RIFS 1.5 us End OfFrameGap Preamble FrameControl Figure 2-11 HomePlug 1.0 MAC frame structure. CA2 and CA3, the higher priority classes have an 8-16-16-32 backoff schedule. Collision results in the incrementing of the range of contention slots over which a transmission is started. CIFS stands for Contention-window Inter-Frame spacing. In this window the nodes with the same priority assertion contend for the channel by decrementing a counter in the contention window time slots. Every node keeps track of the value of a counter. Upon exhausting the counter, a node transmits a frame and resets its counter. Other contending nodes whose counter has not yet exhausted continue decrementing the counter in the subsequent contention window. This process is continued till each node gets its slot to transmit. Higher priority assertion suspends this process and the frames with higher priorities are transmitted. The theoretical maximum MAC throughput supported by HomePlug 1.0 with a payload of 1500 bytes is 8.08 Mb/s. The standard boasts a PHY data rate of 14 Mb/s. A maximum practical MAC throughput of around 6 Mb/s was recorded during the extensive testing carried out in a home networking scenario by Yu-Ju Lin et al. [5].

PAGE 43

32 HomePlug 1.0 Operating Modes. The HomePlug 1.0 protocol supports a Protocol adaptation layer through which it interacts with different networking protocols viz. USB, 802.3 etc, HomePlug 1.0 supports Ethernet class local area network on a channel contention basis. HomePlug 1.0 supports all the topologies that IEEE 802.3 supports. Unlike IEEE 802.11 which has an infrastructure mode, the HomePlug 1.0 protocol does not have a centralized authority, the access point that provides the function of a local relay; this makes the interconnection of HomePlug 1.0 based devices extremely simple at the cost of providing security. Power lines are shared from the transformer to all of the residences served by the transformer, so it is possible for a residence to hear the PLC transmissions of a nearby residence. It is therefore necessary to protect the privacy of users cryptographically, since installing low-pass filters would to some extent negate the cost advantages of the technology. To this end, nodes form logical networks (LNs) based on cryptographic isolation. Figure 2-12 Logical Networks (LN) in HomePlug 1.0

PAGE 44

33 HomePlug 1.0 supports the feature of LNs on the basis of passwords that protect the data in a particular logical network. Only the stations that use a common shared password can communicate with each other. Chapter 3 throws more light on the security aspect of the HomePlug 1.0 Protocol. Introduction to HomePlug AV A new protocol is being researched by the HomePlug alliance and the aim is to achieve data rates of about 100 Mb/s data rate for in-home power line networking. Such a high data rate is desired to facilitate the distribution of data and multimedia including high-definition (HDTV) and stereophonic audio over the PLC network. Rigorous measurements and analysis of the PLC channel demonstrates its ability to support such high data rates. The HomePlug alliance has named this high speed standard HomePlug AV keeping in mind the Audio Video applications associated with it. This new technology is at a stage where it poses a challenge to the conventional wired networking protocols such as 100 Mbps Ethernet and creates space for new hybrid power line/wireless networks for the future smart homes. In-home entertainment networking will be revolutionized altogether by this nascent technology as well as by emerging solutions using wireless networks, tuned for AV applications. HomePlug AV finds its strength in being simple, reliable, cost effective, and plug and play in a literal sense.

PAGE 45

CHAPTER 3 SECURITY STANDARDS OVERVIEW Introduction to Information security Information security involves the use of advanced security techniques to support the exchange of user identity, data and account information in a confidential manner. The requirements of information security have undergone major changes since the inception of information technology. The main task of secure information exchange is protecting an entity from being compromised and thwart attacks by intruders. The emergence of various networking technologies for data communication among computers led to a significant research initiatives in network security, particularly with respect to use of the public Internet. This chapter describes first the various security techniques available in WiFi and PLC networks and also highlights the associated cryptography and key exchange techniques and then defines the problem of authentication. Any action that compromises data is a security attack. Security attacks may be passive or active. A passive attack results in loss of privacy of data while an active attack results in the loss, modification or even fabrication of data. Figure 3-1 [6] describes the general attack categories. Figure 3-1a shows the normal flow of data from source to destination without any attacks passive or active. Figure 3-1b shows an attack on availability as an asset of the system being destroyed. This is similar to destroying a communication link or file management system. Figure 3-1c describes an attack on confidentiality, wherein a third party gains access to an asset. This is similar to eavesdropping on a conversation or viewing data packets over a network. Figure 2.1d 34

PAGE 46

35 shows an attack on integrity, wherein an unauthorized party accesses and tampers with an asset. Figure 3-1 Types of attacks. A) Normal Flow, B) Interruption, C) Interception D) Modification, E) Modification Authentication Before the topic of AAA (Authentication, Authorization and Accounting) is discussed, it would be good to have a basic understanding of authentication using keys, digital certificates and hashes, because these are used extensively in network security [6].

PAGE 47

36 In order to authenticate a message that is sent over the network, two levels of authentication are used. At the lower level, an authenticator is produced, and at the upper level, an authentication protocol is executed using the authenticator. Together, they authenticate a message. In other words, an authenticator employs a method to secure the message, and the authentication protocol serves to transfer this secured information over the network. Authenticators Authenticators can be grouped into three classes [6]: Message Encryption Message Authentication Code Hash Function Message encryption Message encryption refers to techniques such as conventional symmetric key encryption and public key encryption [6]. In conventional symmetric key encryption, only the sender and receiver share a secret key. If no other party has any knowledge about the key, then confidentiality is provided. This kind of authentication is used in the Kerberos Authentication system which was developed at MIT. Public-key encryption provides for message confidentiality. It does not allow the message source to be authenticated, since anyone can be in possession of the receivers public key. In order to provide authentication, the sender must encrypt the message with his or her own private key. This kind of authentication is the principle for creation of digital signatures. The digital signature is analogous to a handwritten signature. It verifies the author and also the contents at the time of the signature. In a digital signature construct, only the

PAGE 48

37 communicating parties are involved. The receiver should know the public key of the sender. The digital signature is sometimes created by encrypting the entire message with the private key of the sender. A faster method that is more commonly used is creating a hash code of the message, and this hash code is then encrypted using the private key. Confidentiality is provided by encrypting the entire message along with the digital signature with either the receivers public key or with a common secret key. Message encryption and digital signatures address content and masquerade attacks, but they do not address the problem of repudiation. The sender could deny that it sent a particular message and claim that its private key was compromised. An arbitrated digital signature attempts to resolve this problem. In this, an arbiter is present between the sender and receiver. Every signed message between the sender and the receiver is routed via the arbiter. The arbiter subjects the message and its source to several checks to validate both the source and content, after which the arbiter timestamps the messages and sends it to the receiver. Message Authentication Codes The second type of authenticator is the message authentication code (MAC), not to be confused with Media access Control Protocol .The MAC process uses a shared secret key to generate a small fixed-size block of data, called cryptographic checksum or a MAC. The MAC is a function of the message and the secret key, and it is appended to a message before it is transmitted. The recipient computes the MAC by using the message and the secret key. If the recomputed MAC and the original MAC are the same, then the message has not been modified. This technique assumes that the parties involved in communication are in possession of a shared secret key. Hence if the message is unaltered, then the recipient is

PAGE 49

38 assured that the actual source has sent the message. Furthermore, an attacker cannot modify both the message and the MAC since the attacker is not in possession of the secret key. The MAC function is similar to encryption. However, the MAC algorithm need not be reversible. This makes the authentication functions for the generation of the MAC less vulnerable to being broken. Hash Functions The final type of authenticator is the hash function. The hash function is also a one-way function. It takes in a variable sized message and produces a fixed size hash code, also called message digest, as output. The hash value is appended to the message and transmitted to the receiver. The receiver verifies the message by computing the hash value again. A match authenticates the message. The hash function is a variation of the MAC, but it is not secret and must be protected in some manner. After the authenticator, the second level of authentication involves the authentication protocol. Authentication Protocols Two types of authentication protocols are mutual authentication and one-way authentication. Mutual authentication requires that each of the communicating parties be satisfied about the others identity. This process generally requires that both entities are online and active in communication at the same time. One-way authentication does not require the recipient to be authenticated. One-way authentication is gaining popularity with the encryption of emails. Two

PAGE 50

39 authentication protocols are extensible authentication protocol (EAP) and transport layer security (TLS). Introduction to Authentication, Authorization and Accounting All networks need an authentication, authorization, and accounting (AAA) framework to provide controlled access to computer resources by implementing policies and auditing usage [7]. First of all, authentication provides a way to identify a user. This is usually done by having the user present a unique, valid credential, which may be a valid login-password, certificates etc. in order to grant access. The AAA server compares a user's authentication credentials against the user information stored in a database, and upon finding a match, the user is granted access. If there is no match, authentication fails and network access is denied. Figure 3-2 AAA Framework in a WiFi networking scenario Following authentication, authorization is given to the user, i.e. the user can be allowed to perform tasks on network resources. Authorization basically determines whether the user has the authority to perform protected tasks. An example of authorization might be providing an IP address and enforcing policies for the user who has that IP address.

PAGE 51

40 After authentication, accounting is performed. Accounting measures the resources a user accesses. This can include the amount of system time or the amount of data a user has sent or received during a session. Accounting can be performed by logging session statistics and is used for authorization control, billing, trend analysis, resource utilization, and capacity planning activities. Figure 3.2 illustrates the components of an AAA framework. The RADIUS server, a commonly used AAA server, is attached to a network. The device acting as a point of entry to the network may be a NAS, router, terminal server or even another host that contains AAA client functionality. Wireless Security For authentication, the 802.11 standard defines open system and shared key authentication types. For data confidentiality, the 802.11 standard defines Wired Equivalent Privacy (WEP). The 802.11 standard does not define or provide a WEP key management protocol that provides automatic encryption key determination and renewal. This is a limitation to IEEE 802.11 security services especially for wireless infrastructure mode with a large number of wireless clients. The authentication and key management issues of the 802.11 standard are solved by using the combination of IEEE 802.1X port-based network access control and WiFi Protected Access (WPA). Standard 802.11 Authentication IEEE 802.11 defines the following types of authentication: Open System Authentication Shared Key Authentication

PAGE 52

41 Open System Authentication Open system authentication does not provide authentication, only identification using the wireless adapters MAC address. Open system authentication is used when no authentication is required. Open system authentication is the default authentication algorithm that uses the following process [8]: The authentication-initiating wireless client sends an IEEE 802.11 authentication management frame that contains its identity. The receiving wireless node checks the initiating stations identity and sends back an authentication verification frame. With some wireless APs, you can configure the MAC addresses of allowed wireless clients. However, this is not secure because the MAC address of a wireless client can be spoofed. Shared Key Authentication Shared key authentication verifies that an authentication-initiating station has knowledge of a shared secret. This is similar to preshared key authentication for Internet Protocol security (IPSec). The 802.11 standard currently assumes that the shared secret is delivered to the participating wireless clients by means of a secure channel that is independent of IEEE 802.11. In practice, this secret is manually typed at the wireless AP and the wireless client. Shared key authentication uses the following process: The authentication-initiating wireless client sends a frame consisting of an identity assertion and a request for authentication. The authenticating wireless node responds to the authentication-initiating wireless node with challenge text.

PAGE 53

42 The authentication-initiating wireless node replies to the authenticating wireless node with the challenge text that is encrypted using WEP and an encryption key that is derived from the shared key authentication secret. The authentication result is positive if the authenticating wireless node determines that the decrypted challenge text matches the challenge text originally sent in the second frame. The authenticating wireless node sends the authentication result. Because the shared key authentication secret must be manually distributed and typed, this method of authentication does not scale appropriately in large infrastructure network mode (for example, corporate campuses and public places). Additionally, shared key authentication is not secure and is not recommended for use. Standard IEEE 802.11 Encryption with Wired Equivalent Privacy (WEP) Due to the nature of wireless LAN networks, securing physical access to the network is difficult. Unlike a wired network where a physical connection is required, anyone within range of a wireless AP can conceivably send and receive frames as well as listen for other frames being sent, making eavesdropping and remote sniffing of wireless LAN frames very easy. Wired Equivalent Privacy (WEP) is defined by the IEEE 802.11 standard and is intended to provide a level of data confidentiality that is equivalent to a wired network. WEP provides data confidentiality services by encrypting the data sent between wireless nodes. Setting a WEP flag in the MAC header of the 802.11 frame indicates WEP encryption for an 802.11 frame. WEP provides data integrity for random errors by including integrity check value (ICV) in the encrypted portion of the wireless frame. WEP defines two shared keys : A multicast/global key: The multicast/global key is an encryption key that protects multicast and broadcast traffic from a wireless AP to all of its connected wireless clients.

PAGE 54

43 A unicast session key: The unicast session key is an encryption key that protects unicast traffic between a wireless client and a wireless AP and multicast and broadcast traffic sent by the wireless client to the wireless AP. WEP encryption uses the RC4 symmetric stream cipher with 40-bit and 104-bit encryption keys. 104-bit encryption keys are not standard, however, many wireless AP vendors support them. Note: Some implementations advertising the use of 128-bit keys are just adding a 104-bit encryption key to the 24-bit initialization vector and calling it a 128-bit key. Encryption and Decryption Using WEP To produce the encrypted frame, the following process is used [8]: A 32-bit integrity check value (ICV) is calculated that provides data integrity for the MAC frame. The ICV is appended to the end of the frame data. A 24-bit initialization vector (IV) is appended to the WEP encryption key. The combination of [IV+WEP encryption key] is used as the input of a pseudo-random number generator (PRNG) to generate a bit sequence that is the same size as the combination of [data+ICV]. The PRNG bit sequence, also known as the key stream, is bit-wise exclusive ORed (XORed) with [data+ICV] to produce the encrypted portion of the payload that is sent between the wireless AP and the wireless client. The IV is added to the front of the encrypted [data+ICV] to create the payload for the wireless MAC frame. The result is IV+encrypted [data+ICV]. To decrypt the wireless MAC payload, the following process is used: The IV is obtained from the front of the MAC payload. The WEP encryption key is concatenated with the IV. The concatenated WEP encryption key and IV is used as the input of the same PRNG to generate a bit sequence of the same size as the combination of the data and the ICV (the same bit sequence as that of the sending wireless node).

PAGE 55

44 The PRNG bit sequence is XORed with the encrypted [data+ICV] to decrypt the [data+ICV] portion of the payload. The ICV for the data portion of the payload is calculated and compared with the value included in the incoming frame. If the values match, the data is considered to be valid (sent from the wireless client and unmodified in transit). Figure 3-3 WEP Illustrated While the secret key remains constant over a long duration, the IV is changed periodically and as frequently as every frame). The periodicity at which IV values are changed depends on the degree of privacy required of the WEP algorithm. Changing the IV after each frame is the ideal method of maintaining the effectiveness of WEP. WEP Concerns The main problem with WEP is that the determination and distribution of WEP keys are not defined [8]. WEP keys must be distributed using a secure channel outside of the 802.11 protocol. In the real world, this is a text string that must be manually configured using a keyboard for both the wireless AP and wireless clients. Obviously,

PAGE 56

45 this key distribution system does not scale well to an enterprise organization and is not secure. Additionally, there is no defined mechanism to change the WEP key either per authentication or periodically for an authenticated connection. All wireless APs and clients use the same manually configured WEP key for multiple sessions. With multiple wireless clients sending a large amount of data, an attacker can remotely capture large amounts of WEP cipher text and use cryptanalysis methods to determine the WEP key. The lack of a WEP key management protocol is a principal limitation to providing 802.11 security, especially in infrastructure mode with a large number of stations. Some examples of this type of network include corporate campuses and public places such as airports and malls. The lack of automated authentication and key determination services also effects operation in ad hoc mode where users may wish to engage in peer-to-peer collaborative communication; for example, in areas such as conference rooms. Summary of 802.11 Security Issues The current solutions for the security issues that exist with 802.11 are the following: 1. No per-frame authentication mechanism to identify the frame source. There is a current proposal to replace WEP RC4 encryption with Advanced Encryption Standard (AES). AES provides per-frame data origin authentication. 2. Vulnerability to disassociation attacks (the forcing of wireless clients off the wireless LAN network).Although there are no easy solutions to the disassociation attack, the best solution for rogue wireless APs is to support a mutual authentication protocol such as EAP-TLS. With EAP-TLS, the wireless client ensures that the wireless AP is a trusted member of the secure wireless authentication infrastructure. 3. No per-user identification and authentication. The adaptation of IEEE 802.1X Port-Based Network Access Control specification for wireless connections and its use of EAP enforces user-level authentication before allowing wireless frames to be forwarded.

PAGE 57

46 4. No mechanism for central authentication, authorization, and accounting (AAA).By using RADIUS in conjunction with IEEE 802.1X, RADIUS servers provide AAA services for wireless connections. 5. The RC4 stream cipher is vulnerable to known plaintext attacks. The proposed replacement of RC4 with AES solves this problem. In the interim, IPSec, supported by Windows XP can be used to protect the TCP/IP traffic. 6. Some EAP implementations derive WEP keys from passwords, resulting in weak WEP keys. EAP-TLS and PEAP derive WEP keys from public key certificates, not passwords. 7. No support for extended authentication methods; for example: token cards; certificates/smart cards; one-time passwords; biometrics; and so on. IEEE 802.1X uses EAP as its authentication protocol. EAP was designed to be extensible for virtually any type of authentication method. 8. No support for key management; for example, re-keying global keys and dynamic, per-station or per-session key management. By using IEEE 802.1X and EAP-TLS or PEAP as the authentication method, high-entropy unicast session keys are derived for each authentication. Current vendor technologies, such as rapid rekeying, change the multicast global key periodically. Future technologies will provide a standards-based method to change the unicast session key periodically. The best solution at present (as of the time of publication of this thesis) for secure wireless consists of using the combination of IEEE 802.1X and EAP-TLS. EAP-TLS requires deployment of user and computer certificates to each wireless client. PLC Network Security Like WiFi, the PLC channel is also a shared channel and this calls for the implementation of a robust security mechanism to safeguard all the data transmitted over the PLC channel. Numerous encryption techniques can be applied to encrypt the data before putting it on the line. The encryption technique should have a good trade-off between security and complexity. Complex techniques require more computation capacity. RSA is a candidate encryption algorithm which includes a 128 bit encryption key. The key exchange can be achieved by using the Diffie-Hellmans algorithms [9].

PAGE 58

47 There is no mechanism for user level authentication in PLC based networks; moreover, the architecture of the power line distribution grid provides access to every energy customer on the internet enabled power grid. The HomePlug 1.0 products are not evolved enough and there are a limited number of devices like modems and routers that interface HomePlug 1.0 to the Cable or DSL technology via the Ethernet 802.3 adaptation layer. Another major security issue pertaining to in-home PLC networks is the possibility of intrusion and interference from adjacent sub-networks. This type of intrusion can be observed at a typical apartment complex where adjacent apartments have their own small home network. As the PLC is a shared medium and HomePlug 1.0 has a contention based MAC algorithm, every node contends for the channel and collisions are mitigated using a MAC based on CSMA/CA. On collisions, the packets are retransmitted by the contending nodes. Intrusion increases the number of nodes contending in the sub-network thereby reducing the overall throughput of the system. In addition, such adjacent networks increase the probability of multiple levels of hidden nodes, leading to further network performance degradation. A home network implementation that can prevent such an intrusion involves the use of PLC decoupling filters. These filters may be used to isolate each electrical circuit at the meter panel for each household or apartment, thus reducing signal propagation across PLC sub-networks and avoiding unwanted signal interference. HomePlug 1.0 DES encryption Power lines are shared from the transformer to all of the residences served by the transformer, so it is possible for a residence to hear the PLC transmissions of a nearby residence. It is therefore necessary to protect the privacy of users cryptographically,

PAGE 59

48 since installing low-pass filters would to some extent negate the cost advantages of the technology. To this end, nodes form logical networks (LNs) based on cryptographic isolation. HomePlug 1.0 uses DES in Cipher block chaining (CBC) mode. Keys are generated from passwords using the PBKDF1 function from PKCS#5v2.0, a Password-based Cryptography standard with MD5 as the underlying hash algorithm. Stations store and retain both their default key (for re-key operations only) and any network encryption keys (NEK) received (for any other transmissions) in non-volatile memory. All transmissions within a logical network are encrypted with the NEK that defines that logical network (as indicated by the Encryption Key Select (EKS) of encryption control field). To participate in a LN, a station must have the NEK for it. Stations may obtain a NEK by password entry by the user and generation as described above, or by network entry through receipt of a Set NEK MAC Management entry from another station encrypted using any key known to both stations. [3] A station may be a member of more than one LN, and may be required to store more than one (EKS, NEK) pair. Stations are not required to support participation in more than one LN at a time, however. A station without any NEK can use network entry to obtain a NEK and enter the LN by means of a default key generated from a manufacturer-determined password that is unique to the particular station. This default password must be entered at another station participating in the LN and using password entry, that station must generate the default NEK for the new station and use that NEK with EKS set to 0x00 to encrypt and send the LNs NEK and EKS identifier to the new station in a Set NEK MAC Management entry. The new station returns a Confirm NEK MAC Management entry to the station that sent it the Set NEK MAC Management entry. Set NEK MAC Management entry is never sent

PAGE 60

49 in cleartext, and if it is received in cleartext, it must be rejected. The 9 bytes of the Set NEK MAC Management entry data field contain the 1-byte EKS and the corresponding 8-byte NEK. The Confirm NEK MAC Management entry has an empty data field. The EKS value associated with an LNs NEK must be the same for all stations in the LN. Standard IEEE 802.1x Port Based Access Control Protocol Introduction The original intent of IEEE in introducing the 802.1X [10] port-based Network Access Control standard, based on the IETF Extensible Authentication Protocol (EAP) [3], was to enable LAN infrastructure as a means of authenticating and authorizing devices attached to them over point-to-point connections. However, as a result of the vulnerabilities reported in early deployments of 802.11 Wireless LANs (WLANs), several vendors have released their own solutions (LEAP, PEAP etc.) based on the 802.1X standard. Since WLANs use shared-media connectivity (see scenario 2 in Figure 1), as opposed to point-to-point connections used over Ethernet switches, several improvements in using 802.1X for WLANs have been suggested. The IEEE and Wireless Ethernet Compatibility Alliance (WECA) have also specified the use of IEEE 802.1X for Enhanced Security in WLANs. In view of 802.1X becoming a key piece in the LAN security framework, testing for 802.1X support in Ethernet switches and WLAN Access Points (WLAN-APs) has become an important activity, considering the various combinations that must be supported to ensure compatibility. Overview of 802.1X operation 802.1X describes the architectural framework within which the authentication and consequent actions take place. It supports various authentication methods such as one-time passwords (EAP-MD5) certificate based authentic ation (EAP-TLS) and

PAGE 61

50 can be extended for other types of authentication such as SIM-based authentication (EAP-SIM). 802.1X describes that systems on the LAN adopt one of the following distinct roles within an access control interaction: Authenticator: The port that wishes to enforce authentication before allowing access to the services accessible via the port adopts the Authenticator role. Supplicant: The port that wishes to access the services used by the Authenticators system adopts the Supplicant role. Another system role is described as follows Authentication Server (AS): The AS performs the authentication functions necessary to check the credentials of the Supplicant and indicates to the Authenticator whether the Supplicant is authorized to access the Authenticators services. (Remote Authentication Dial-In User Service (RADIUS) [11] has become the most commonly implemented protocol between the Authenticator and the Authentication Server, although 802.1X does not mandate the use of RADIUS.) Though all the three roles are necessary to complete the authentication process, there can be several variations. In a simplified system, for example, an Authenticator and an Authentication Server may be co-located within the same system without the need for an external server. Also, a Port may adopt the Supplicant role in some exchanges and an Authenticator role in others. The latter scenario is useful when a WLAN Access Point that has been newly added to the LAN has to be authenticated by a port of the Ethernet switch before it can authenticate other WLAN hosts that will connect using its services.

PAGE 62

51 The operation of 802.1X has the effect of creating two distinct points of access to the Authenticator (any frame received on the physical port is made available to both points of access): Uncontrolled Port: This point of access allows for uncontrolled exchange of PDUs regardless of the authorization state [10]. Controlled Port: This point of access allows for exchange of PDUs only if the current state of the Port is authorized.[10]. Figure 3-4 IEEE 802.1x framework The AuthControlledPortStatus indicates the status of the Controlled Port as being either authorized or unauthorized. In addition, an AuthControlledPortControl parameter allows administrator control to set the port as ForceUnauthorized, Auto or ForceAuthorized. The values of the AuthControlledPortControl parameter for every port in a system can be overridden by means of the SystemAuthControl parameter. Thus, for example, setting the SystemAuthControl parameter to disabled causes authentication to be disabled on all ports and forces all ports to be authorized, while setting it to enabled causes each ports authentication status to be controlled in accordance with the value of the ports AuthControlledPortControl parameter. Finally, any access to the network is subject to the current administrative and operational state of the MAC. If the MAC is

PAGE 63

52 rendered inoperable, then no protocol exchange of any kind can take place. Though in secure configurations SystemAuthControl will be set to Enabled and AuthControlledPortControl will be set to Auto or ForceUnauthorized, the Ethernet switch should be tested for all the combinations for the resulting value of AuthControlledPortStatus. Authentication framework When using 802.1X authentication in a LAN, the Station (Supplicant) needs to be authenticated by the LAN infrastructure (Ethernet switch). However, this simple scheme causes a potentially dangerous situation, also called the man-in-the-middle attack, where an intruder masquerades himself as the Authenticator and gets access to the Authentication information from the Station. Mitigation of this type of attack requires a two step authentication first, the workgroup switch is authenticated by the main Ethernet switch and then the station is authenticated by the workgroup switch. In WLAN situations, it is necessary to test that mutual authentication (between the host station and the Authentication Server via the Access Point) is performed correctly. This is necessary in order to mitigate the rogue-AP scenario, where the AP is introduced by the intruder to gain access to the host station and then to other stations in the network. Cisco's LEAP implementation testing is one scenario that uses 802.1X mutual authentication, though this also includes Ciscos proprietary LEAP algorithm on the Supplicant and the Authentication Server for computing the password challenge. Interoperability with the Authentication Server has to be tested to verify that the authentication procedures are properly implemented.

PAGE 64

53 Key Management Enhanced privacy, data authentication, and replay protection mechanisms require fresh cryptographic keys. Hence, IEEE 802.1X's support of automatic key distribution is used in WLANs. This is another critical component of 802.1X that needs to be tested. Among other considerations, it was mentioned in an earlier section that 802.1X's widespread application results in many more test scenarios. Two other examples of this are Link Aggregation and VLAN. Since 802.1X acts on physical ports, for testing it with 802.3 and Link Aggregation in Ethernet switches, most implementations require configuration of ports as unaggregated ports. After authentication, the port can join an aggregate link; similarly unauthorized ports should be forced to leave the aggregate. Testing with 802.1Q VLANs also works with a similar policy of allowing assignment of VLANs based on the outcome of the 802.1X authentication. An Ethernet switch port has to be in the forwarding state during authentication, permitting access to the non-authenticated LAN. Once authentication has succeeded, a new VLAN-ID is assigned to the port, while the port remains in the forwarding state.

PAGE 65

CHAPTER 4 RADIUS PROTOCOL BASED AUTHENTICATION In this section, we aim to provide a brief overview of the RADIUS protocol, how it functions and how the various aspects of its functionality relate to the development of our authenticating mechanism. Overview of RADIUS Protocol Authentication is necessary in order to verify the credentials of the user who is connecting to the network. RADIUS (Remote Authentication Dial-In User Service) is a protocol that authenticates remote users against back-end databases, allowing the administration of all remote users to be done on one system. RADIUS is an industry standard protocol described in RFCs 2865 [11] and 2866. RADIUS is used to provide authentication, authorization, and accounting services. A RADIUS client sends user credentials and connection parameter information in the form of a RADIUS message to a RADIUS server. The RADIUS server authenticates and authorizes the RADIUS client request and sends back a RADIUS message response. RADIUS clients also send RADIUS accounting messages to RADIUS servers. Additionally, the RADIUS standards support the use of RADIUS proxies. A RADIUS proxy is a computer that transfers RADIUS messages between RADIUS-enabled computers. RADIUS messages are sent as User Datagram Protocol (UDP) messages. UDP port 1812 is used for RADIUS authentication messages and UDP port 1813 is used for RADIUS accounting messages. Some network access servers might use UDP port 1645 for RADIUS authentication messages and UDP port 1646 for RADIUS accounting 54

PAGE 66

55 messages. By default, IAS supports receiving RADIUS messages destined to both sets of UDP ports. RADIUS is a desirable element in a complete security strategy because it serves as a trusted third party, providing access control, authentication and authorization across the information highway. RFCs 2865 and 2866 define the following RADIUS message types: Access-Request: Sent by a RADIUS client to request authentication and authorization for a network access connection attempt. Access-Accept: Sent by a RADIUS server in response to an Access-Request message. This message informs the RADIUS client that the connection attempt is authenticated and authorized. Access-Reject: Sent by a RADIUS server in response to an Access-Request message. This message informs the RADIUS client that the connection attempt is rejected. A RADIUS server sends this message if either the credentials are not authentic or the connection attempt is not authorized. Access-Challenge: Sent by a RADIUS server in response to an Access-Request message. This message is a challenge to the RADIUS client that requires a response. Accounting-Request: Sent by a RADIUS client to specify accounting information for a connection that was accepted. Accounting-Response: Sent by the RADIUS server in response to the Accounting-Request message. This message acknowledges the successful receipt and processing of the Accounting-Request message. The RADIUS server authenticates a client by acknowledging the clients demographics typically maintained in a database in the RADIUS server. RADIUS server

PAGE 67

56 can also act as a client to another RADIUS server provided the concerned RADIUS server lacks the user demographics database. The RADIUS standard supports this functionality in both homogeneous and heterogeneous environments. RADIUS is a client-server protocol that enables remote access equipment acting as RADIUS clients to submit authentication and accounting requests to a RADIUS server In RADIUS, the Network Access Server which interacts with the end user requesting a connection obtains authentication information from the user. Once this is done, the Access Server creates an Access-Request with information containing the users login name, password, client ID, port ID, etc. The Access-Request is submitted to the RADIUS server. Once the RADIUS server receives the request, it validates the sending client by matching the user information against a database of users. If there is no match, the RADIUS server sends an Access-Reject response to notify the Access Server that the user request is invalid. If there is a match, the RADIUS server sends an Access-Challenge response. When the Access Server receives the Access-Challenge response, it may, if necessary, request more information from the user. Once this is provided and sent back to the RADIUS server, and once all the conditions are met, the configuration values for the user are placed in an Access-Accept response, and these include the type of service and all other necessary values. A RADIUS message consists of a RADIUS header and RADIUS attributes. Each RADIUS attribute specifies a piece of information about the connection attempt. For example, there are RADIUS attributes for the user name, the user password, the type of service requested by the user, and the IP address of the access server. RADIUS attributes

PAGE 68

57 are used to convey information between RADIUS clients, RADIUS proxies, and RADIUS servers. For example, the list of attributes in the Access-Request message includes information about the user credentials and the parameters of the connection attempt. In contrast, the list of attributes in the Access-Accept message includes information about the type of connection that can be made, connection constraints, and any vendor-specific attributes (VSAs). To provide security for RADIUS messages, the RADIUS client and the RADIUS server are configured with a common shared secret. The shared secret is used to secure RADIUS traffic and is commonly configured as a text string on both the RADIUS client and server. EAP EAP (Extensible Authentication Protocol) is a protocol that defines the authentication mechanism on PPP (Point-to-Point Protocol) links [12]. By default, PPP does not include an authentication mechanism, and EAP fills the gap. EAP is a general protocol for PPP authentication that supports multiple authentication mechanisms, and it works over dedicated links, switched circuits, wired as well as wireless links. EAP allows multiple authentication protocols to be used by selecting an authentication mechanism at the Authentication phase, and not the Link Control phase, of the PPP initiation [12]. In EAP, after the link establishment phase is complete, the authenticator typically sends initial Identity Requests followed by one or more Requests to authenticate the client. The client sends a Response packet to each request. Both the Request and Response packets contain a type field that corresponds to the type of the Request. The authenticator ends the authentication phase by sending a Success or Failure packet.

PAGE 69

58 FUTURE USE Figure 4 EAP Architecture Types of EAP There are six types of Request/Response exchanges documented in the RFC for EAP [12]. The first three types, considered special case types, are Identity, Notification and Nak (response-only). The remaining authentication exchanges are MD5-Challenge, One-Time Password (OTP) and Generic Token Card. EAP MD5 Using EAP MD5, a RADIUS server authenticates clients by verifying an MD5 hash of the password. This is reasonable for trusted Ethernets where there is low risk of an outside attack, but it is not suitable for public or wireless LANs because hackers will be able to easily sniff identities and password hashes.

PAGE 70

59 EAP TLS EAP-TLS [13] is the only standard secure option for wireless LANs at this time. In this protocol, both the station and RADIUS server have to prove their identities via public key cryptography, using digital certificates or smart cards. EAP over RADIUS In our project, we aim to use EAP authentication using RADIUS. EAP support is provided in RADIUS, and it is done through two new RADIUS attributes called EAP-Message and Message-Authenticator. In RADIUS/EAP, RADIUS is used to transfer EAP messages that are encapsulated by RADIUS to the authenticator. The authentication begins with the peer (the remote computer requesting the authentication) and the NAS (Network Access Server) negotiating the use of EAP. Once EAP has been negotiated, the NAS sends an initial EAP-Request message to the peer. The peer replies with an EAP-Response. The NAS may determine if the peer is local and proceed with local authentication, or it could act as a pass-through, encapsulating the EAP-Response within EAP-Message attributes sent to the RADIUS server. The NAS serves to decapsulate EAP-Message attributes and encapsulate EAP-Response messages. On receiving a correct Access-Request packet, the RADIUS server responds with a Access-Challenge packet (if it supports EAP). This conversation continues until the RADIUS server issues an Access-Accept or an Access-Reject. Authentication Scheme Using EAP RADIUS IEEE 802.1x In this section, we attempt to detail how the IEEE 802.1x authentication works with EAP and RADIUS to authenticate and control user traffic. The IEEE 802.1x architecture consists of three key components [10]: 1. Supplicant: The client that has to be authenticated

PAGE 71

60 2. Authentication server: Usually a RADIUS server 3. Authenticator: Usually a wireless access point The key authentication protocol used is called EAP over LAN (EAPOL). It was defined particularly for the 802.11 wireless protocol. The EAPOL protocol provides effective authentication regardless of whether WEP keys are enabled or not. EAPOL is a delivery mechanism and needs to be used with EAP-TLS (EAP Transport Layer Security) or EAP-TTLS (EAP Tunneled Transport Layer Security), which define how authentication takes place. The IEEE 802.1x protocol operates as follows: the Supplicant sends an EAP-Response/Identity packet to the Authenticator, which is sent to the authentication server. The authentication server sends back a challenge to the authenticator, which then unpacks it from IP, repackages it into EAPOL and sends it to the supplicant. The supplicant responds to the challenge via the authenticator and passes the response onto the authentication server. The clients identity can be verified via digital certificates or other EAP authentication types. If the supplicant has successfully identified itself, the authentication server responds with a success message, which is sent to the supplicant. The authenticator then opens the port for the supplicant to access the LAN based on the attributes that come back from the authentication server. The following is the EAP-TLS authentication process for a wireless client authenticating to a wireless AP configured to use a RADIUS server as its authentication server [8, 13]. Step 1: Association and request for identity: If the wireless AP observes a new wireless client associating with it, the wireless AP transmits an EAP-Request/Identity

PAGE 72

61 message to the wireless client. Alternately, when a wireless client associates with a new wireless AP, it transmits an EAP-Start message. If the IEEE 802.1X process on the wireless AP receives an EAP-Start message fr om a wireless client, it transmits an EAPRequest/Identity message to the wireless client. Step 2: EAP-Response/Identity response. If there is no user logged on to the wireless client, it transmits an EAP-Respons e/Identity containing the computer name. For Windows wireless clients, the FQDN of the computer account is sent. If there is a user logged on to the wireless client, it tran smits an EAP-Response/Identity containing the user name. For Windows wireless client s, the UPN of the user account is sent. The wireless AP forwards the EAP-Response/Identity message to the RADIUS server in the form of a R ADIUS Access-Request message. Step 3: EAP-Request from RADIUS server (Start TLS). The RADIUS server sends a RADIUS Access-Challenge message containing an EAP-Request message with the EAP-Type set to EAP-TLS, requesting a start to the TLS authentication process. The wireless AP forwards the EAP message to the wireless client. Step 4: EAP-Response from the wireless client (TLS Client Hello). The wireless client sends an EAP-Response message with the EAP-Type set to EAP-TLS, indicating the TLS client hello. The wireless AP forw ards the EAP message to the RADIUS server in the form of a RADIUS Access-Request message. Step 5: EAP Request from RADIUS s erver (RADIUS Servers Certificate). The RADIUS server sends a RADIUS Access-Challenge message containing an EAPRequest message with the EAP-Type set to EAP-TLS, and includes the RADIUS servers certificate chain. The wireless AP forwards the EAP message to the wireless client.

PAGE 73

62 Step 6: EAP-Response from the wireless client (Wireless Clients Certificate). The wireless client sends an EAP-Response message with the EAP-Type set to EAP-TLS, and includes the wireless clients certificate chain. The wireless AP forwards the EAP message to the RADIUS server in the form of a RADIUS Access-Request message. Step 7: EAP-Request from RADIUS server (Cipher suite, TLS complete). The RADIUS server sends an EAP-Request message with the EAP-Type set to EAP-TLS, and includes the cipher suite and an indication that TLS authentication message exchanges are complete. The wireless AP forwards the EAP message to the wireless client. Step 8: EAP-Response from the wireless client. The wireless client sends an EAP-Response message with the EAP-Type set to EAP-TLS. The wireless AP forwards the EAP message to the RADIUS server in the form of a RADIUS Access-Request message. Step 9: EAP-Success from RADIUS server. The RADIUS server derives the per-client unicast session key and the signing key from the keying material that is a result of the EAP-TLS authentication process. Next, the RADIUS server sends a RADIUS Access-Accept message containing an EAP-Success message and the MPPE-Send-Key and MPPE-Recv-Key attributes to the wireless AP. The wireless AP uses the key encrypted in the MS-MPPE-Send-Key attribute as the per-client unicast session key for data transmissions to the wireless client (truncated to the appropriate WEP key length). The wireless AP uses the key encrypted in the MS-MPPE-Recv-Key attribute as a signing key for data transmissions to the wireless client that require signing (truncated to the appropriate WEP key length).

PAGE 74

63 The wireless client derives the per-client unicast session key (the same value as the decrypted MS-MPPE-Send-Key attribute in the RADIUS message sent to the wireless AP) and the signing key (the same value as the decrypted MS-MPPE-Recv-Key attribute in the RADIUS message sent to the wireless AP) from the keying material that is obtained as a result of the EAP-TLS authentication process. Therefore, both the wireless AP and the wireless client are using the same keys for both the encryption and signing of unicast data. The wireless AP, on receiving the RADIUS server message, forwards the EAP-Success message to the wireless client. The EAP message does not contain the per-station unicast session or signing keys. Step 10: Multicast/global encryption key exchanged to the wireless client The wireless AP derives the multicast/global encryption key by generating a random number or by selecting it from a previously set value. Next, the wireless AP sends an EAP over LAN (EAPOL)-Key message to the wireless client containing the multicast/global key that is encrypted using the per-client unicast session key. The Key field of the IEEE 802.1X EAPOL-Key message is RC4-encrypted using the per-client unicast session key. Porti ons of the message are signed with HMAC-MD5 using the per-client unicast signing key. Upon receiving the EAPOL-Key message, the wireless client uses the per-client unicast session key to verify the signed portions of the EAPOL-Key message and decrypt the multicast/global key. Next, the wireless LAN network adapter driver indicates the per-client unicast session key, the per-client unicast signing key, and the multicast/global key to the wireless LAN network adapter. After the keys have been designated, the

PAGE 75

64 wireless client begins protocol configuration using the wireless adapter (such as using DHCP to obtain an IP address configuration). When the wireless AP changes the multicast/global key, it generates and sends EAPOL-Key messages to its connected wireless clients. Each EAPOL-Key message contains the new multicast/global key encrypted with the particular wireless clients per-client unicast session key.

PAGE 76

65 Figure 4-2 EAP-TLS over RADIUS

PAGE 77

66 System Benefits of EAP RADIUS IEEE 802.1x EAP, RADIUS and IEEE 802.1x authentication and security mechanisms are important for our research, because these are the most prevalent and easily used products to provide authentication and security features to our wireless and power line networks. EAP and RADIUS provide features to authenticate users by enabling the users to identify and be authenticated by the authenticating servers. While EAP serves as the protocol to authenticate the user, RADIUS functions as the authenticating server to verify that the user/client belongs to the list that is allowed access. In addition, IEEE 802.1x uses these two features to provide authentication to wireless networks. In our paper, we also show how IEEE 802.1x can be used to extend this authentication mechanism to power line networks. IEEE 802.1x, EAP and RADIUS also serve the function of providing security mechanisms by encrypting all packets that are sent over the network if TLS is used alongside the authentication. Security Overview of EAP TLS EAP-TLS provides two levels of security for the WLAN network: mutual authentication and Dynamic WEP support. EAP-TLS [13] uses Public Key Infrastructure (PKI) components, such as a WLAN client with a valid certificate and the Authentication, Authorization and Accounting (AAA) server with a server certificate. Trust is ensured by the fact that data is encrypted using the public/private keys, and also a certification authority (if necessary in most cases, trust can be established by using internal self-generated keys and certificates). Trust can be established by configuring one root certification authority (which can be an internally generated certificate). This enables the client to trust the server. For the

PAGE 78

67 server to trust the client, the client has to have a certificate generated by the root certification authority, given that the name in the certificate corresponds to the username, and the username is found in one of the databases that corresponds to EAP.

PAGE 79

CHAPTER 5 AUTHENTICATION IN PLC WIFI PLC WiFi Last Mile Broadband Internet System The basic HomePlug 1.0 Protocol provides a solution for in-home networking, with Internet access still provided via DSL or cable modems. PLC Internet access seeks to extend the PLC channel all the way from the individual sockets within the home to Internet gateways located on the power line grid. For example, medium voltage power lines can be extended to carry PLC signals. This is possible by introducing a substation bridging device (SBD) in between the Internet IP backbone network and the power grid which will make the power grid live in terms of the Internet. SBD, as the name suggests, will bridge the MV substation with multiple MV lines to the IP Internet backbone. MV lines can be further connected to repeater devices. MV bridging devices (MVBD) are then used to provide a data link between the LV and MV lines. Gateway Devices (GD) at the customers premises has the authenticator interface. It places the data on the LV lines, which then connects to all the electrical outlets in the house. In addition to supporting the HomePlug protocols, the GD can also support WiFi to enable in-house wireless networking. In this latter case, the PLC is used as the long-haul data link and the connection to the home is via WiFi. All the PLC networking devices can support simple network management protocol (SNMP) and services to enable network monitoring and management. Routers, gateways, high speed network switches and other networking devices should be customized to suit the power line distribution grid architecture. Figure 5-1 shows 68

PAGE 80

69 the medium voltage lines are stepped down to low voltage lines at the distribution transformer. The low voltage lines emanating from this distribution transformer lead to the individual homes and finally to the electrical outlets. The issue to be addressed at the distribution transformer is whether to either bypass the step down transformer completely or let the signal pass through the transformer to the LV line and then to the house where it is connected to the GD. The advantages of bypassing the transformers are its low costs, ease of installation and maintenance. Figure 5-1 Broadband power line Internet access. Another option is to completely bypass the substation and eliminate the SBD. The PLC network would then be bridged to the IP network backbone at the MV lines through the MVBD. WiFi transceivers can be installed at the LV transformer pole. At the home site, WiFi can be again bridged with a WiFi-HomePlug access point and thus Internet access can be provided to every electrical outlet as well as to WiFi devices. This enables

PAGE 81

70 the distribution of broadband Internet effectively through WiFi, thus creating a WiFi hotspot near the transformer site. This mechanism is adapted by Amperion Corporation. In the above solution involving WiFi, the transformer site will host the administration gateway and employ an SNMP agent to manage the network. These administrative gateways support 802.1x and EAP over RADIUS for authenticating the end user. The gateway will act as an Authenticator in 802.1x terminology. To provide home networking using hybrid PLC and WiFi in every corner of the home and through every electrical plug, a PLC-WiFi access point or router is installed at the customer premises. PLC Setup and Authentication In order to set up an authentication mechanism for the PLC network, we need to consider the design of the network. As discussed in the previous section, it is possible to integrate the authentication switch with the transformer. However, such a setup is complicated and beyond our current means to implement. This also becomes more expensive because of the need to install decouplers in order to separate the power line data signals from the regular power voltages. If such decouplers are not installed, the power line data signals would be lost when the high-voltage power is transformed to low-voltage power at the transformer. Another means of implementing the authentication setup, albeit in a simpler fashion, would be to separate the authentication switch from the transformer. In this case, the homes would be connected to the transformer through regular low voltage lines, while the low voltage lines pass through an authentication switch while bypassing the transformer. To achieve this, the low voltage lines are terminated in PLC modems and the PLC modems connect to the Ethernet ports of the switch.

PAGE 82

71 The other end of the authenticating switch is connected over the power line and eventually through PLC networks to the router that is connected to the RADIUS server, and thus the outside world can authenticate the client. Hence, the entire authentication system is proposed to be setup as follows: 1. The clients connect via the PLC modem and the power line to the authenticating switch. 2 The authentication switch is connected to the home clients via multiple PLC modems. 3. The authentication switch is connected on the other end to another PLC modem, which is connected to the power line, to another PLC modem, and from there on to the router. 4. The router is connected to the outside ne twork, as well as to the RADIUS server that can authenticate the clients. We propose to set up the authentication system for the power line networks in a manner similar to how an 802.11 wireless network is set up. We would thus use IEEE 802.1x authentication protocols, EAPOL and RADIUS, over the power line network, using the same mechanism as the wireless network. Hence, the authentication mechanism works as follows: the client sends EAP-Response packets to the authenticating switch, which is forwarded over the power line network to the router, which then forwards it over the Ethernet network to the RADIUS server. The router sends back a challenge to the router, which repackages the challenge into EAPOL packets and sends the challenge packets over the power line networks to the switch, which then forwards it to the client. The client responds to the challenge via the switch, which passes the response to the router via the power line. The router then forwards the EAP response to the RADIUS

PAGE 83

72 server using the regular Ethernet network. If identification is successful, the RADIUS server responds with a Success message, which is passed on to the router and then to the switch via the power line network. The switch then opens the port for the client to access the Internet through the power line. Figure 5 PLC authenticator transformer mount It can be seen from this setup that the authentication of power line networks can be done in exactly the same way as the wireless 802.1x authentication mechanism. The only difference between the wireless and power line networks is that the wireless network accesses the authenticating switch via a wireless medium and the rest of the connection is a wired link. However, in the case of our setup for authenticating power line networks, we are connecting the clients to the switch via a power line and the switch is further connected to the router and the Internet again via the power line. In terms of the operation and mechanism for authentication, authorization and accounting, the 802.1x protocol for power line networks works in pretty much the same way as the 802.1x protocol for wireless networks. The authentication is performed using EAPOL over power lines rather than wireless, as well as the RADIUS server. The switch uses information from the RADIUS server to authorize clients to use the power line

PAGE 84

73 network, and accounting is performed using the RADIUS server (Figure 5-3). Figure 5-3 EAP RADIUS for PLC. PC to PLC Modem: The EAP packets are on 802.3 LLC PLC Modem to Authenticating Switch: The 802.3 packet is adapted to PLC packet by the PLC modem Authentication is performed by the IEEE 802.1x enabled Authentication Switch. EAP RADIUS is used. AAA System Setup and Demonstration The crucial components in the AAA system based on the IEEE 802.1x are described in the following section. This describes the system that we set up in our lab for the purpose of demonstrating the AAA system based on IEEE 802.1x. The system configuration is Windows XP based Supplicant with Linksys Wireless PCI Card, WMP11, driver version 1.7.29.1032. LinksysWRT540G wireless access point with the latest firmware updates as the Authenticator.

PAGE 85

74 FreeRADIUS server, CVS version 04/15/2002 on an Intel Pentium 3 based PC running Red Hat Linux 9.as the Authentication Server. Supplicant Setup The supplicant initiates the request for authentication. Typically the supplicant can be a computer, a smart phone or a personal digital assistant with an IEEE 802.1x client software. This setup uses Microsofts implementation of the IEEE 802.1x client for the Windows XP operating system. This client is configured for use of EAP TLS based authentication scheme. The process of setting up the client is illustrated in the following figures Figure 5-4 Wireless Network Connection Properties

PAGE 86

75 Figure 5-5 Authentication Setup Figure 5-5 shows that IEEE 802.1x authen tication is selected. The next figure lists the properties tag of the authentication type.

PAGE 87

76 Figure 5-6 Certificate Setup Figure 5-6 shows how to add the LI ST root certificate as the trusted root certificate for validation of the certificates.

PAGE 88

77 Figure 5 User Certificate

PAGE 89

78 Figure 5 Certificate properties (EKU) The extended key usage is used with X.509 certificates in order to give a purpose for the key. In our case, the purpose is client authentication. This is indicated by setting the EKU to 1.3.6.1.5.5.7.3.2 (for the client certificate). The root certificate must have an EKU of 1.3.6.1.5.5.7.3.1 to indicate that it is being used for client authentication as well.

PAGE 90

79 Authenticator Setup Figure 5 Linksys Access Point Setup The Linksys AP is configured for wireless security with RADIUS server. This option facilitates the interaction of the AP with the RADIUS server. Authentication Server Setup The Authentication server is installed on a Red Hat Linux 9 based PC. FreeRADIUS server is installed and the EAP/TLS module is optimized for operation. OpenSSL (www.openssl.com) is used for generating the certificates and its libraries are used for certificate validation /revocation issues. Following are the command line instructions for installing OpenSSL mkdir -p /usr/src/802/openssl cd /usr/src/802/openssl ncftpget ftp://ftp.openssl.org/snapshot/openssl-SNAP-20020227.tar.gz

PAGE 91

80 tar zxvf openssl-SNAP-20020227.tar.gz cd openssl-SNAP-20020227 ./config shared --prefix=/usr/local/openssl make make install The FreeRADIUS server is downloadable from the website www.freeRADIUS.org and it can be installed on the Linux machine by issuing the following commands mkdir -p /usr/src/802/RADIUS cd /usr/src/802/RADIUS cvs -d :pserver:anoncvs@cvs.freeRADIUS.org:/source login CVS password: anoncv cvs -d :pserver:anoncvs@cvs.freeRADIUS.org:/source checkout RADIUSd cd RADIUSd ./configure --prefix=/usr/local/freeRADIUS The scripts to be included in the SSL conf files and the certificate generating scripts are supplied in Appendix B. The certificates should be distributed out of band, which means that the certificate should be installed in the client before Internet access can be gained by the authenticating client. The Appendix B also has a list of the key configuration files needed for smooth operation of the FreeRADIUS server. The setup is summarized by the following diagram. Figure 5 AAA system setup

PAGE 92

CHAPTER 6 CONCLUSION PLC technologies have tremendous potential for growth in providing a networking infrastructure to support smart environments such as the smart home. Research is being conducted to improve the PLC channel utilization and make PLC networks faster, more robust and reliable. PLC networking can provide a robust and high speed backbone network to achieve seamless connectivity. However, the absence of user level authentication and its associated security in PLC networking is a major obstacle in the widespread deployment of this technology for the purpose of consumer broadband Internet. This is also the primary reason for the technologys low acceptance in the corporate sector. WiFi and PLC both have an open, shared channel. This calls for a robust AAA architecture that we have implemented, to increase the acceptance of these technologies for broadband Internet access and a corporate network backbone. WiFi, along with 802.1x, is showing tremendous promise and many corporations have accepted it as the standard security mechanism for deployment of wireless LANs at public hotspots and corporate premises. Many startup companies have based their businesses on the idea of 802.1x-enabled WiFi access points and its associated software for AAA and management of WiFi deployment. IEEE 802.11i is the next WiFi standard which mandates the use of IEEE 802.1x and eventually all vendors dealing with WiFi equipment have to incorporate these security features. To make the migration path from the current WiFi to IEEE 802.11i 81

PAGE 93

82 standards simple, an interim standard called WiFi protected access (WPA) is introduced. Current WiFi equipment can and should support WPA with just a firmware upgrade provided by equipment vendors. This has lead to a revived popularity of WiFi. In order to make PLC a strong contender in providing last mile broadband Internet access, measures such as introducing a ratified standard for AAA in future PLC protocols is called for. This thesis presents an AAA framework to deploy secure PLC Internet based on IEEE 802.1x over IEEE 802.3. This solution exploits the protocol adaptation of HomePlug 1.0 protocol. This enables the use of Ethernet based wide area networking and its associated security features to be incorporated while using the PLC physical layer. This thesis has demonstrated a feasible solution to include AAA mechanism in WiFi and has also provided a feasibility study of a similar solution for the PLC based networks. With refinement in the implementation to handle a busy traffic load, this system is ready for deployment. Thus, PLC WiFi based broadband Internet can become a reality in the future. While this thesis has presented a mechanism for AAA in PLC networks and a solution to deploy PLC-WiFi based broadband Internet, work is necessary for incorporating the features of IEEE 802.1x into PLC based products, such as authenticators, routers, etc. that enable the deployment of secure PLC based networks. The thesis demonstrates a proof-of-concept setup. Practical deployment may involve in-depth analysis of throughput considerations and link quality after deployment and setup of the requisite equipment for enabling long-haul data communications over the PLC with a robust security framework..

PAGE 94

APPENDIX A HOW UF WIRELESS WORKS The wireless LAN deployment on the University of Florida (UF) campus is one of the largest deployments of WiFi networking services. WiFi services are only available to registered students, staff and faculty of UF. The validity of users is asserted by verifying a valid Gatorlink account username and password. (Gatorlink is the official name given to the service that allows students, staff and faculty of UF to access UF computing services.) This Gatorlink username and password database is maintained on a RADIUS server by UF Network Services. This system of providing WiFi services to authenticated users is called Walk In Port Authentication (WIPA) system. There is an aggregation of all the APs connected to the DS into an authenticating router provided by BlueSocket Inc. This authenticating router performs multiple roles of a NAS router, a DHCP server and also as a gateway. The following steps occur when a client requests an association with an AP. 1. The client scans the available wireless networks and the user selects the wireless network with SSID as ufw. At this point, the client gets associated with the AP. UFW is insecure in the sense that there is no question of key exchange and its associated issues in data encryption. Open authentication is used by UFW and no WEP settings are enabled in the APs that relay the wireless signal. 2. The client is associated with the AP and it is leased a restricted IP address. This IP address only allows port 80 traffic. All port 80 traffic is directed to a secure website hosted by UF Network Services. This website engages an https session (SSL secured 83

PAGE 95

84 session) and performs certificate exchange. The certificates are exchanged for SSL transaction and this is not a means of authentication. 3. On the login screen, the user is prompted to provide his username and password. These credentials form the RADIUS Access request message and it is sent by the authenticating router to the AS i.e. a RADIUS server. If the credentials are valid, a RADIUS Accept message is relayed to the authenticating router and the router lifts all the sanctions on the IP address that was leased to the client. Now the client can avail of all the services of the network. The router essentially frees all the ports of the leased IP address and the client is now associated on the transport layer. The transport layer services are denied on failure of credentials verification and the restricted leased IP address is disassociated from the client. This is a convenient scheme for providing restricted WiFi access but there is a great risk of compromising data in this implementation.

PAGE 96

APPENDIX B SOURCE CODE FOR ASSOCIATED SCRIPTS This appendix provides the source code of the associated scripts that are used to configure the RADIUS server. The scripts to generate the certificates are also provided in this appendix. EAP Module Configuration Script Eap.conf eap { # Invoke the default supported EAP type when # EAP-Identity response is received. # The incoming EAP messages DO NOT specify which EAP # type they will be using, so it MUST be set here. # # For now, only one default EAP type may be used at a time. # # If the EAP-Type attribute is set by another module, # then that EAP type takes precedence over the # default type configured here. # default_eap_type = tls # A list is maintained to correlate EAP-Response # packets with EAP-Request packets. After a # configurable length of time, entries in the list # expire, and are deleted. # timer_expire = 60 # There are many EAP types, but the server has support # for only a limited subset. If the server receives # a request for an EAP type it does not support, then # it normally rejects the request. By setting this # configuration to "yes", you can tell the server to # instead keep processing the request. Another module # MUST then be configured to proxy the request to # another RADIUS server which supports that EAP type. # # If another module is NOT configured to handle the # request, then the request will still end up being # rejected. ignore_unknown_eap_types = no # Cisco AP1230B firmware 12.2(13) JA1 has a bug. When given # a User-Name attribute in an Access-Accept, it copies one 85

PAGE 97

86 # more byte than it should. # # We can work around it by configurably adding an extra # zero byte. cisco_accounting_username_bug = no # Supported EAP-types ## EAP-TLS # The documents on http://www.freeRADIUS.org/doc # are old, but may be helpful. # # See also: # # http://www.dslreports.com/forum/remark,9286052~mode=flat # tls { private_key_password = whatever private_key_file = /usr/src/802/certificate/cert-srv.pem # If Private key & Certificate are located in # the same file, then private_key_file & # certificate_file must contain the same file # name. #certificate_file = ${raddbdir}/certs/cert-srv. certificate_file = /usr/src/802/certificate/cert-srv.pem # Trusted Root CA list #CA_file = ${raddbdir}/certs/demoCA/cacert.pem CA_file = /usr/src/802/certificate/demoCA/cacert.pem #dh_file = ${raddbdir}/certs/dh #random_file = ${raddbdir}/certs/random dh_file = /usr/src/802/certificate/DH random_file = /usr/src/802/certificate/random # # This can never exceed the size of a RADIUS # packet (4096 bytes), and is preferably half # that, to accomodate other attributes in # RADIUS packet. On most APs the MAX packet # length is configured between 1500 1600 # In these cases, fragment size should be # 1024 or less. # fragment_size = 1024 # include_length is a flag which is # by default set to yes If set to # yes, Total Length of the message is # included in EVERY packet we send. # If set to no, Total Length of the

PAGE 98

87 # message is included ONLY in the # First packet of a fragment series. # include_length = yes # Check the Certificate Revocation List # # 1) Copy CA certificates and CRLs to same directory. # 2) Execute 'c_rehash '. # 'c_rehash' is OpenSSL's command. # 3) Add 'CA_path=' # to RADIUSd.conf's tls section. # 4) uncomment the line below. # 5) Restart RADIUSd #check_crl = yes # # If check_cert_cn is set, the value will # be xlat'ed and checked against the CN # in the client certificate. If the values # do not match, the certificate verification # will fail rejecting the user. # check_cert_cn = %{User-Name} } } clients.conf Client configuration directives The following script is used to manage the access clients, i.e. the authenticators. # ####################################################################### ####################################################################### # # Definition of a RADIUS client (usually a NAS). # # The information given here over rides anything given in the # 'clients' file, or in the 'naslist' file. The configuration here # contains all of the information from those two files, and allows # for more configuration items. # # The "shortname" is be used for logging. The "nastype", "login" and # "password" fields are mainly used for checkrad and are optional. # # # Defines a RADIUS client. The format is 'client [hostname|ip-address]' # # '127.0.0.1' is another name for 'localhost'. It is enabled by default, # to allow testing of the server after an initial installation. If you # are not going to be permitting RADIUS queries from localhost, we suggest # that you delete, or comment out, this entry. #

PAGE 99

88 client 127.0.0.1 { # # The shared secret use to "encrypt" and "sign" packets between # the NAS and FreeRADIUS. You MUST change this secret from the # default, otherwise it's not a secret any more! # # The secret can be any string, up to 32 characters in length. # secret = testing123 # # The short name is used as an alias for the fully qualified # domain name, or the IP address. # shortname = localhost # # the following three fields are optional, but may be used by # checkrad.pl for simultaneous use checks # # # The nastype tells 'checkrad.pl' which NAS-specific method to # use to query the NAS for simultaneous use. # # Permitted NAS types are: # # cisco # computone # livingston # max40xx # multitech # netserver # pathras # patton # portslave # tc # usrhiper # other # for all other types # nastype = other # localhost isn't usually a NAS... # # The following two configurations are for future use. # The 'naspasswd' file is currently used to store the NAS # login name and password, which is used by checkrad.pl # when querying the NAS for simultaneous use. # # login = !root # password = someadminpas } #client some.host.org { # secret = testing123 # shortname = localhost

PAGE 100

89 #} # # You can now specify one secret for a network of clients. # When a client request comes in, the BEST match is chosen. # i.e. The entry from the smallest possible network. client 128.227.120.41{ secret = whatever shortname = listrouter } Client certificate generator This is a BASH shell script to generate the client certificates. It uses the OpenSSL libraries and binaries, as well as the pre-generated root digital certificate to sign the client certificate. SSL=/usr/local/openssl export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH} export LD_LIBRARY_PATH=${SSL}/lib echo The 'client-certificate-gen' script is being executed... # Request a new PKCS#10 certificate. # First, newreq.pem will be overwritten with the new certificate request openssl req -new -keyout newreq.pem -out newreq.pem -days 1 -passin pass:$1 -passout pass:$1 -config fr_config.conf # Sign the certificate request. The policy is defined in the openssl.cnf file. # The request generated in the previous step is specified with the # -infiles option and the output is in newcert.pem # The -extensions option is necessary to add the OID for the extended # key for client authentication openssl ca -policy policy_anything -out newcert.pem -passin pass:$1 -key whatever -days 1 -batch -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem # Create a PKCS#12 file from the new certificate and its private key # found in newreq.pem and place in file cert-clt.p12 openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts -passin pass:$1 -passout pass:$1 # Parse the PKCS#12 file just created and produce a PEM format certificate # and key in cert-clt.pem # openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:$1 -passout pass:$1 # Convert certificate from PEM format to DER format # openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der #clean up rm newcert.pem newreq.pem

PAGE 101

90 Root Certificate Authority Generation script The following script is used to generate a self signed Root Certificate Authority. SSL=/usr/local/openssl export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH} export LD_LIBRARY_PATH=${SSL}/lib # needed if you need to start from scratch otherwise the CA.pl -newca command doesn't copy the # new private key into the CA directories rm -rf demoCA echo "*********************************************************************************" echo "Creating self-signed private key and certificate" echo "When prompted override the default value for the Common Name field" echo "*********************************************************************************" echo # Generate a new self-signed certificate. # After invocation, newreq.pem will contain a private key and certificate # newreq.pem will be used in the next step openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 \ -passin pass:whatever -passout pass:whatever echo "*********************************************************************************" echo "Creating a new CA hierarchy (used later by the "ca" command) with the certificate" echo "and private key created in the last step" echo "*********************************************************************************" echo echo "newreq.pem" | CA.pl -newca >/dev/null echo "*********************************************************************************" echo "Creating ROOT CA" echo "*********************************************************************************" echo # Create a PKCS#12 file, using the previously created CA certificate/key # The certificate in demoCA/cacert.pem is the same as in newreq.pem. Instead of # using "-in demoCA/cacert.pem" we could have used "-in newreq.pem" and then omitted # the "-inkey newreq.pem" because newreq.pem contains both the private key and certificate openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts \ -passin pass:whatever -passout pass:whatever # parse the PKCS#12 file just created and produce a PEM format certificate and key in root.pem openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass:whatever

PAGE 102

91 # Convert root certificate from PEM format to DER format openssl x509 -inform PEM -outform DER -in root.pem -out root.der echo "*********************************************************************************" echo "Creating client private key and certificate" echo "When prompted enter the client name in the Common Name field. This is the same" echo used as the Username in FreeRADIUS" echo "*********************************************************************************" echo # Request a new PKCS#10 certificate. # First, newreq.pem will be overwritten with the new certificate request openssl req -new -keyout newreq.pem -out newreq.pem -days 730 \ -passin pass:whatever -passout pass:whatever # Sign the certificate request. The policy is defined in the openssl.cnf file. # The request generated in the previous step is specified with the -infiles option and # the output is in newcert.pem # The -extensions option is necessary to add the OID for the extended key for client authentication openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever \ -key whatever -extensions xpclient_ext -extfile xpextensions \ -infiles newreq.pem # Create a PKCS#12 file from the new certificate and its private key found in newreq.pem # and place in file cert-clt.p12 openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts \ -passin pass:whatever -passout pass:whatever # Parse the PKCS#12 file just created and produce a PEM format certificate and key in cert-clt.pem openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passout pass:whatever # Convert certificate from PEM format to DER format openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der echo "*********************************************************************************" echo "Creating server private key and certificate" echo "When prompted enter the server name in the Common Name field." echo "*********************************************************************************" echo # Request a new PKCS#10 certificate. # First, newreq.pem will be overwritten with the new certificate request openssl req -new -keyout newreq.pem -out newreq.pem -days 730 \ -passin pass:whatever -passout pass:whatever # Sign the certificate request. The policy is defined in the openssl.cnf file. # The request generated in the previous step is specified with the -infiles option and # the output is in newcert.pem # The -extensions option is necessary to add the OID for the extended key for server authentication

PAGE 103

92 openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever \ -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem # Create a PKCS#12 file from the new certificate and its private key found in newreq.pem # and place in file cert-srv.p12 openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts \ -passin pass:whatever -passout pass:whatever # parse the PKCS#12 file just created and produce a PEM format certificate and key in cert-srv.pem openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passout pass:whatever # Convert certificate from PEM format to DER format openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der #clean up rm newcert.pem newreq.pem

PAGE 104

LIST OF REFERENCES 1. Martin Gebhardt, Frank Weinmann, Klaus Dostert, Physical and Regulatory Constraints for Communication over the Power Supply Grid, IEEE Communications Magazine, May 2003, Vol. 41, Issue 5, Pages 84-90. 2. Intellon Corporation Homepage, Jan 19th 2004, http://www.intellon.com July 15th 2004. 3. Minkyu Lee, Richard E. Newman, Haniph A Latchman, Srinivas Katar, Lawrence Yonge HomePlug 1.0 Power line Communication LANs Protocol Description and Performance Results, International Journal of Communication Systems, 2003 Vol. 16, Issue 5 Pages 447-473 4. Srinivas Katar, Analysis of Tone Allocated Multiple Access Protocol, Masters thesis, University of Florida, Gainesville, 2000. 5. Yu-Ju Lin, Haniph A. Latchman, Richard E. Newman, Srinivas Katar, A comparative performance study of wireless and power line networks, IEEE Communications Magazine, May, 2003, Vol. 41, Issue 5, pages 54-63. 6. William Stallings, 1998, "Cryptography and Netw ork Security," Second Edition, Prentice Hall, Upper Saddle River, NJ. 7. The Internet Engineering Task Force, Authentication, Authorization and Accounting Working Group, September 29th 2003, http://www.ietf.org/html.charters/aaa-charter.html, October 5th 2003. 8. IEEE Std. 802.11-1999, IEEE Standard For the first wireless LAN (WLAN) Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. 9. Andrew Tanenbaum, 1996 "Computer Networks," Third Edition., Prentice Hall, Upper Saddle River, NJ. 10. IEEE Std 802.1X-2001, IEEE Standard for Local and M etropolitan area Networks Port-based Network Access Control. 93

PAGE 105

94 11. C. Rigney, S. Willens, A. Livingston, W. Simpson,"Remote Authentication Dial In User Service (RADIUS)," RFC 2865, June 2000, http://www.ietf.org/rfc/rfc2865.txt July 10th 2004. 12. L. Blunk, J Vollbrecht "PPP Extensible Authentication Protocol (EAP)," RFC 2284, March 1998 http://www.ietf.org/rfc/rfc2284.txt July 10th 2004. 13. B. Aboba, D. Simon "PPP EAP TLS Authentication Protocol," RFC 2716, October 1999 http://www.ietf.org/rfc/rfc2716.txt. July 10th 2004. 14. S. Weatherspoon, Overview of IEEE 802.11b Security, http://www.intel.com/technology/itj/q22000/articles/art_5.htm, Network Communication, Intel Technology, October 5th 2003. 15. Joseph Davies, Enterprise Deployment of IEEE 802.11 Using Windows XP and Windows 2000 Internet Authentication Service, March 2002 http://www.microsoft.com/WindowsXP/pro/techinfo/deployment/wireless/80211corp.doc, 15th June 2004. 16. Francisco Javier Caete, Jos Antonio Corts, Luis Dez, Jos Toms Entrambasaguas, Modeling and Evaluation of the Indoor Power Line Transmission Medium, IEEE Communica tions Magazine April 2003, Vol. 41, Issue 4, Pages 41-47. 17. Huaiyu Dai, H.Vincent Poor, Advanced Signal Processing for Power Line Communications, IEEE Communications Magazine May 2003 Vol. 41, Issue 5, Pages 100-107. 18. Stefano Galli, Anna Scaglione, Klaus Dostert, Broadband Is Power: Internet Access Through the Power Line Network, IEEE Communications Magazine May 2003,Vol. 41, Issue 5, Pages 82-82. 19. George Jee, Ram Das Rao, Yehuda Cern, Demonstration of the Technical Viability of PLC Systems on Mediumand Low-Voltage Lines in the United States, IEEE Communications Magazine May 2003 Vol. 41, Issue 5, Pages 108-112. 20. Haniph A. Latchman, Lawrence W. Yonge, Power Line Local Area Networking, IEEE Communications Magazine April 2003 Vol. 41, Issue 4, Pages: 32-33. 21. Weilin Liu, Hanspeter Widmer, Philippe Raffin, Broadband PLC Access Systems and Field Deployment in European Power Line Networks, IEEE Communications Magazine May 2003 Vol. 41, Issue 5, Pages 114-118. 22. C. Metz, AAA Protocols: Authentication, Authorization, and Accounting for the Internet, Internet Computing, IEEE Vo l. 3, Issue 6 Nov.-Dec. 1999 Pages 75 -79.

PAGE 106

BIOGRAPHICAL SKETCH Anuj Mundi is a graduate student in the Electrical and Computer Engineering Department of the University of Florida, Gainesville He graduated in August 2004 with a Master of Science degree. Anuj has a bachelors degree in electronics and telecommunications from Pune Institute of Computer Technology, University of Pune, India During his graduate studies, Anuj worked as a graduate research assistant at the Laboratory for Information Systems and Telecommunications, where he conducted research on WiFi and PLC networks. 95


Permanent Link: http://ufdc.ufl.edu/UFE0006964/00001

Material Information

Title: PLC-WIFI Hybrid Broadband Internet: Deployment and Security
Physical Description: Mixed Material
Copyright Date: 2008

Record Information

Source Institution: University of Florida
Holding Location: University of Florida
Rights Management: All rights reserved by the source institution and holding location.
System ID: UFE0006964:00001

Permanent Link: http://ufdc.ufl.edu/UFE0006964/00001

Material Information

Title: PLC-WIFI Hybrid Broadband Internet: Deployment and Security
Physical Description: Mixed Material
Copyright Date: 2008

Record Information

Source Institution: University of Florida
Holding Location: University of Florida
Rights Management: All rights reserved by the source institution and holding location.
System ID: UFE0006964:00001


This item has the following downloads:


Full Text











PLC-WIFI HYBRID BROADBAND INTERNET: DEPLOYMENT AND SECURITY


By

ANUJ V. MUNDI
















A THESIS PRESENTED TO THE GRADUATE SCHOOL
OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT
OF THE REQUIREMENTS FOR THE DEGREE OF
MASTER OF SCIENCE

UNIVERSITY OF FLORIDA


2004
































Copyright 2004

by

Anuj V. Mundi


































This Thesis is dedicated to my late grandfather, Dr. B. N. Mundi (1914-2001).
















ACKNOWLEDGMENTS

I would like to thank my advisor Dr. Haniph A. Latchman for his faith in me, and

for constantly inspiring me. His constant encouragement, timely critical evaluation and

enthusiasm for my work resulted in the successful completion of my thesis. I would also

like to thank Dr. Janise McNair and Dr. Richard Newman for serving on my supervisory

committee.

I would like to thank my brother, Pranav Mundi, for his tremendous moral support

and encouragement; and my best friend and fiancee Aditi Joshi for her kindness and

interest in my work. I would also like to thank my friends throughout the world. Special

thanks go to Suman Shrinivasan and everybody at the LIST, for their help throughout my

graduate studies. Finally, I thank my parents and God, for always being there for me,

come what may.





















TABLE OF CONTENTS


Page


ACKNOWLEDGMENT S ............_...... ._ .............. iv....


LI ST OF FIGURE S ............_...... ._ .............. viii..


AB S TRAC T ......_ ................. ............_........x


CHAPTER


1 INTRODUCTION ................. ...............1.......... ......


2 BACKGROUND .............. ...............5.....


Wireless LAN Technology Overview ................. ......... ......... ...........5
Wireless Clients (Station) ................. ...............6............ ....
W wireless Access Point ............... ...............6...
Ports (Wireless Logical connection) .............. ...............7.....
Standard IEEE 802. 11 ............... ... ...............7...
Standard IEEE 802. 11 PHY Layer ................. ...............9............ ..
Standard IEEE 802. 11 MAC Sublayer .....__.....___ ........... ............
Standard 802.1lb ............ ..... ._ ...............10..
Standard 802.11la....... ...... ...............10........
Standard 802.11lg...... ....... ......................11
Standard IEEE 802. 11 Topologies ............_......__ ....__ ...........1
Independent basic service set (IBSS) ................ .............................11
Infrastructure basic service set (BSS) .............. ...............12....
Distribution system (DS) ................ ...............12........... ....
Extended service set (ESS) .............. ...............13....
Standard IEEE 802. 11 Distribution Services .............. ...............14....
Association... ......... .... ...............15...........
Disassociation... ...............1
Re-association... ... .... ... ............... 16...........
Di stributi on ... ... .... ... ...............17................

Integrati on ........... ... ......... .. ................ 17....
Overview of PLC Technology ................. ...............18................
Regulatory Constraints for PLC .............. ...............20....
Power Line Channel Characteristics .............. ...............22....
Attenuation in the PLC channel .............. ...............22....
Noise in the PLC channel ................. ...............23........... ...












Electromagnetic Compatibility of PLC ................. ...............................25
The HomePlug 1.0 Protocol Specifications............... .............2
The HomePlug 1.0 Operating Modes. .............. ...............32....
Introduction to HomePlug AV .............. ...............33....


3 SECURITY STANDARDS OVERVIEW .............. ...............34....


Introduction to Information security ................. ...............34................
Authentication............... .............3
Authenticators ................ ...............36.._.._._ .....
M message encryption......... ... ...............36..........
Message authentication codes .............. ...............37....
Hash functions. ............ ...............38............
Authentication Protocols ............... ...... .. ... ... .........3
Introduction to Authentication, Authorization and Accounting ................. ...............39
W wireless Security .............. .... ............ ...............40......
Standard 802. 11 Authentication ................ ...............40...............

Open system authentication .............. ...............41....
Shared key authentication ................. ..... ............. ...............4
Standard 802. 11 Encryption with Wired Equivalent Privacy (WEP) .................42
Encryption and decryption using WEP .............. ...............43....
Concerns associated with WEP ............... ...............................44
Network Security in PLC................... ... .. .. .......... .........4
Standard IEEE 802.1Ix Port Based Access Control Protocol .............. ...............49
Introducti on ........... ..... ........... ...............49.......
Overview of 802. 1X Operation ................ ...............49...............
Authentication Framework ................. ...............52.................

Key Management ............... ............... ......... ......... ........ ..53


4 RADIUS PROTOCOL BASED AUTHENTICATION ................. ............. .......54


Overview of RADIUS Protocol ................. ......... ...............54. ....
Extensible Authentication Protocol .............. ......... ......... ...............57

Types of EAP .........._... .........._.. .......58.__......
Type EAP MD5 ...._ ............... ............... 58. ....
Type EAP TLS ...........__ ...............59............
Use of EAP over RADIUS ................... .................... ...... ...............59.
Authentication Scheme using EAP-RADIUS-IEEE 802.1Ix ............_................59
System Benefits of EAP-RADIUS-IEEE 802.Ix ................. .......... ...............66
Security Overview of EAP-TLS ....__.. ..........._.... ........._.._ ........ 6


5 AUTHENTICATION IN PLC-WIFI .............. ...............68....


Last Mile Broadband Internet System Using PLC-WiFi..........._...._ ..........._. ......68
Authentication in PLC .............. .. ......... ............7

System Setup and Demonstration of AAA ....._.._............_.... .........._.._......7
Supplicant Setup... ... ....... ...............74........












Authenti cator S etup.. ............ ...............79.....
Authentication Server Setup ................. ...............79........... ....


6 CONCLUSION............... ...............8


APPENDIX


A HOW UF WIRELESS WORKS............... ...............83.


B SOURCE CODE FOR ASSOCIATED SCRIPTS .............. ...............85....


LIST OF REFERENCES ................. ...............93................


BIOGRAPHICAL SKETCH ................. ...............95.......... .....



















LIST OF FIGURES


Figure pg

2-1 WLAN components............... ...............

2-2 IEEE 802. 11 mapped to OSI standards ......____ ..... ... ._ ...............8

2-3 Independent Basic Service Set (IBSS) ............... ...............12........_...

2-4 Infrastructure Basic Service Set (BSS) .............. ...............13....

2-5 Extended Service Set (ESS) ................. ......... ...............14.....

2-6 Power Line Distribution Grid ................. ...............19........... ...

2-7 Attenuation in PLC channel .............. ...............22....


2-8 Sample of continuous impulsive noise created by electric drill .............. ..... ........._.24

2-9 Sample of Periodic Impulsive noise Produced by a dimmer ................ ................25

2-10 Tone map and masked sub-carriers in HomePlug 1.0.................. ...............29

2-11 HomePlug 1.0 MAC frame structure. ............. ...............31.....

2-12 Logical Networks (LN) in HomePlug 1.0............... ...............32..

3-1 Types of attacks. A) Normal Flow, B) Interruption, C) Interception D)
Modification, E) Modification .............. ...............35....

3-2 AAA Framework in a WiFi networking scenario .................. ................3

3-3 W EP Illustrated .............. ...............44....

3-4 IEEE 802.1x framework............... ...............5

4-1 EAP Architecture .............. ...............58....

4-2 EAP-TLS over RADIUS ................ ...............65........___....


5-1 Broadband power line Internet access ................. ...............69...............












5-2 PLC authenticator transformer mount ......___ ..... ...._. ...._..._._.........7


5-3 EAP RADIUS for PLC. ............. ...............73.....


5-4 Wireless Network Connection Properties .............. ...............74....


5-5 Authentication Setup .............. ...............75....


5-6 Certificate Setup ........._...... ...............76...__........


5-7 User Certificate .............. ...............77....


5-10 AAA system setup ........._... ...... ..... ...............80...
















Abstract of Thesis Presented to the Graduate School
of the University of Florida in Partial Fulfillment of the
Requirements for the Degree of Master of Science

PLC-WIFI HYBRID BROADBAND INTERNET: DEPLOYMENT AND SECURITY

By

Anuj V. Mundi

August 2004

Chair: Haniph A. Latchman
Major Department: Electrical and Computer Engineering

The last mile broadband internet access is dominated by technologies like public

switched telephone lines (PSTN), digital subscriber lines (DSL) and cable for residential

and small office home office (SOHO) establishments. With the arrival of 802. 11 wireless

networking, also called as wireless fidelity (WiFi) and Power Line Communication

(PLC) a whole new generation of last mile broadband Internet access solutions has

surfaced. These technologies enable data and voice communication over the all-

pervasive power grid and the unlicensed radio spectrum enabling last mile broadband

Internet services. The advent of PLC and WiFi enables fast computer and peripheral

device internetworking. These are emerging networking technologies that also have

significant implications for smart environments.

PLC features a new paradigm of "no new wires" for internetworking, using the

existing electrical wiring already delivering requisite electrical power to the premises

while WiFi provides an alternative 'no-wires' networking paradigm. My study

determined the key attributes of PLC and WiFi technologies that can be instrumental in









an implementation of a robust and secure broadband Internet infrastructure with

Authentication Authorization and Accounting (AAA) mechanism. My study also tested a

secure WiFi broadband Internet deployment based on the 802.1Ix port based

authentication protocol and RADIUS server that can be used to provide secure mobile

Internet services at WiFi hot spots. My study also explained EAP over RADIUS and

EAP/TLS protocols and tested a complete AAA system incorporating certificate-based

authentication scheme. I outlined a PLC based Secure Broadband Internet deployment

scheme and presented a proof of concept along with a feasibility study.















CHAPTER 1
INTTRODUCTION

Power Line Communication (PLC) technology has the potential to convert the most

pervasive infrastructure (power line grids) into a backbone to offer broadband intemet

service to every household and office. With over 18 million miles of power lines laid out

in the US alone, the electrical grid encompasses almost the entire world. Offering

broadband intemet access through the power line not only opens a new business

opportunity but also unveils a whole new view of the connected world. Developing and

third-world countries that lack the infrastructure to support current broadband internet

(DSL, Cable, etc.) can benefit from their existing power grid, and can offer broadband

internet service even in the most remote places. Coupled with IP telephony, PLC

networks can bring the world closer than before. Such is the socio-economic potential of

PLC technology.

PLC is an emerging networking technology with significant implications for smart

environments. PLC features a new paradigm of "no new wires" for internetworking,

using the existing electrical wiring that already delivers requisite electrical power. PLC

technology, though nascent currently, is maturing rapidly and proving to be the most

promising last-mile alternative for broadband intemet access. As with all public

deployment of shared-medium internet services, Broadband PLC lacks a robust

mechanism for providing security.

WiFi is another candidate for broadband Internet services because of its ease of

operation and deployment. WiFi offers an Ethernet class wireless local area network










(LAN) with data rates up to 11 mbps (802. 11b) and 54 mbps (802.11la and g) using the

802.11 wireless networking standard. New protocols for metropolitan area networking

(MAN) are being developed by the IEEE 802.15 group targeted towards scalable wireless

networking services in a larger metropolitan area. Together with cellular wireless

networking technologies like universal mobile telecommunication systems (UMTS) and

wideband code division multiplexing (WCDMA), that offer the popular 3rd generation

voice and data services or 3G services to their subscribers on a licensed spectrum,

wireless Internet market is poised to take off. Cellular technology provides seamless

roaming and excellent outdoor wireless data services, but does not provide good indoor

data service because of the wireless channel characteristics. The unlicensed 802.11

Wireless LAN (WLAN) technology provides excellent indoor wireless data services but

has an inherent restriction of limited coverage area. These technologies definitely

complement each other, and hence a cross-layer integration of these technologies will

provide an excellent wireless experience to the subscriber. Even though this cross layer

integration sounds promising, it has hurdles. The regulatory bodies and the industrial

conglomerates that support these technologies differ and currently do not support

seamless co-existence of the two technologies.

The wireless channel is an open channel, where transmission of data from any

wireless terminal can be readily interpreted. This poses a threat to the security and

integrity of transmitted data. The PLC channel is similar to the wireless channel in the

sense that data is transmitted on a shared medium (namely the electrical lines that deliver

power to every household). This channel can be tapped from any electrical outlet that is

enabled for Internet use. Checking rogue access to the network resources requires










adequate and secure authentication, authorization and accounting (AAA) mechanisms. In

PLC and WiFi based networks this potential security breach poses a maj or hurdle in

deploying these technologies to offer public internet access, often because of a

nonexistent or weak AAA mechanism.

The most common WiFi networking equipment comes with a mechanism for data

security using a global key to encrypt the transmitted data; this feature is called wired

equivalent privacy (WEP). It is a symmetric key that must be shared with all the stations

for data encryption. With WEP activated, absence of a data encryption key disallows

association between two communicating peers. In a public deployment, WEP often fails

because of a paradox the WEP key becomes a secret that is known to all. Such

deficiencies in security mechanisms pose new challenges in developing a secure and

robust mechanism for data integrity that is also scalable. PLC has a similar deficiency -

the HomePlug 1.0 protocol has a DES key that encrypts the payload of the HomePlug

protocol data unit (PDU), and this encryption logically separates the entire PLC network

into logical sub-networks that share the same key. Sharing again poses a paradox, since

for public deployment this shared key has to be known so as to limit logical

fragmentation of the network. Using a new key for every user renders the HomePlug

peers incommunicable. The work in this thesis is directed towards investigating a new

mechanism to provide AAA mechanism in a hybrid PLC WiFi last mile broadband

internet deployment.

My study tested a novel mechanism to provide AAA for PLC-WiFi is presented to

enable the monitoring and prevention of rogue network access by a means of validating

authentic users. Chapter 2 introduces concepts and terminology in wireless networks










(especially the IEEE 802. 11 networks and the HomePlug 1.0 protocol which is used for

interconnecting the various devices in a PLC LAN). Chapter 3 discusses various security

aspects in PLC and WiFi networks and introduces the IEEE 802.1Ix port based access

control protocol. An in-depth discussion of the Remote Authentication Dial In User

Services (RADIUS) protocol and its associated security architecture viz. Extensible

Authentication Protocol (EAP) over RADIUS using 802.1x is given in Chapter 4.

Chapter 5 introduces the PLC-WiFi authentication scheme and also introduces a robust

secure socket layer (SSL) certificate based implementation of a RADIUS server for AAA

of a PLC-WiFi network. Chapter 6 gives a summary and suggests future work in this

area















CHAPTER 2
BACKGROUND

Wireless LAN Technology Overview

High-speed wireless LANs can provide the benefits of network connectivity

without the restrictions of numerous wires. Wireless connections can extend or replace a

wired infrastructure in situations where it is costly or prohibitive to lay cables.

Temporary installations represent one example of when a wireless network might make

sense or is even required. Some types of buildings like historic heritage buildings may

prohibit the laying of new wiring, making wireless networking an important alternative.

And of course the "no new wires" phenomenon involving wireless, along with PLC

networking has become a maj or catalyst for home networking and alternative broadband

internet.

The increasingly mobile user becomes a clear candidate for a wireless LAN. From

the end user' s perspective, access to wireless networks can be achieved using laptop

computers and wireless network interface cards. This enables the user to connect to a

network even when he is mobile. Access to the Internet could be made available through

public deployment of wireless "hot spots". Airports, restaurants, rail stations, and

popular areas in cities can be provisioned to provide this service. Public deployment of

last mile Internet access services can also be extended through the WLAN by using the

requisite security before deployment. Limited access could be provided to the user

through the local wireless network, provided that the network is intelligent enough to

recognize the user and create a connection that is restricted.









In all these scenarios, it is worth highlighting that today's standards-based wireless

LANs operate at high speeds the same speeds that were considered state-of-the-art for

wired networks just a few years ago. The access speed that the user has access to is

typically more than 11 mbps or about 30 to 100 times faster than standard dial up

technologies, one of the most dominant last mile Internet access technologies. next is a

brief description of the terminologies used in WLAN(Figure 2-1).







j ~Wirel ess
O Access Point I^




Figure 2-1 WLAN components

Wireless Clients (Station)

A station (STA) is a computing device that is equipped with a wireless LAN

network adapter. A personal computer equipped with a wireless LAN network adapter is

known as a wireless client. Wireless clients can communicate directly with each other or

through a wireless access point.

Wireless Access Point

A wireless access point (AP) is a networking device equipped with a wireless LAN

network adapter that acts as a bridge between STAs and a traditional wired network. An

access point contains at least one interface that connects the AP to an existing wired

network (such as an Ethernet backbone), a radio equipment with which it creates wireless

connections with wireless clients, and IEEE 802. 1D bridging software, so that it can act










as a transparent bridge between wireless and wired Data Link layers. The wireless AP is

similar to a cellular phone network's base station: wireless clients communicate with the

wired network and other wireless clients through the wireless AP. Wireless APs are not

mobile and act as peripheral bridge devices to extend a wired network.

Ports (Wireless Logical Connection)

A port is a channel of a device that can support a single point-to-point connection.

For IEEE 802. 11b, a port is an association, a logical entity over which a single wireless

connection is made. A typical wireless client with a single wireless LAN network

adapter has a single port and can support only a single wireless connection. A typical

wireless AP has multiple ports and can support multiple simultaneous wireless

connections.

The logical connection between a port on the wireless client and the port on a

wireless AP is a point-to-point bridged LAN segment, similar to an Ethernet-based

network client connected to an Ethernet switch. All frames sent from a wireless client,

whether unicast, multicast, or broadcast, are sent on the point-to-point LAN segment

between the wireless client and the wireless AP. For frames sent by the wireless AP to

wireless clients, unicast frames are sent on the point-to-point LAN segment and multicast

and broadcast frames are sent to all connected wireless clients at the same time.

IEEE 802.11

In 1997, the IEEE adopted IEEE Std. 802. 11-1997, the first wireless LAN

(WLAN) standard. This standard defines the media access control (MAC) and physical

(PHY) layers for a LAN with wireless connectivity. It addresses local area networking

where the connected devices communicate over the air to other devices that are within

close proximity to each other. This standard provides an overview of the 802.11









architecture and the different topologies incorporated to accommodate the unique

characteristics of the IEEE 802. 11 wireless LAN standard. The standard is similar in

most respects to the IEEE 802.3 Ethernet standard. Specifically, the 802. 11 standard

addresses:

* Functions required for an 802. 11 compliant device to operate either in a peer-to-
peer fashion or integrated with an existing wired LAN

* Operation of the 802.11 device within possibly overlapping 802.11 wireless LANs
and the mobility of this device between multiple wireless LANs

* MAC level access control and data delivery services to support upper layers of the
802.11 network

* Several physical layer signaling techniques and interfaces

* Privacy and security of user data being transferred over the wireless media


OSI
IEEE BFll? 11 Medci-a Actes~.ont~~l r Fio l MA Ii ------ Layefr
I MAC 2
S Dlre<.t SeqLLence Orthogonall Freqcueni y1-------
Spread ispectrum iiio utilvn
(DSS53 (OFIf OSI
PHY
802.1 1 ~e80.1 la Layer 1


Figure 2-2 IEEE 802. 11 mapped to OSI standards

There are a number of characteristics that are unique to the wireless environment

(as compared to a wired LAN) that the 802.11 standard must take into consideration. The

physical characteristics of a wireless LAN introduce range limitations and unreliable

media, dynamic topologies where stations move about, interference from outside sources,

and lack of ability for every device to "hear" every other device within the LAN. These

limitations force the WLAN standard to create fundamental definitions for short-range

LANs made up of components that are within close proximity to each other. Larger









geographic coverage is handled by building larger LANs from the smaller fundamental

building blocks or by integrating the smaller WLANs with an existing wired network.

IEEE 802.11 PHY Layer

At the physical layer, IEEE 802. 11 defines both direct sequence spread spectrum

(DSSS) and frequency hopping spread spectrum (FHSS) transmissions. The original bit

rates for IEEE 802. 11 was 2 and 1 megabits per second (Mbps) using the 2.45 gigahertz

(GHz) Industrial, Scientific, and Medical (ISM) frequency band. The maximum bit rate

for IEEE 802.11lb is 11 Mbps (using DSSS). The maximum bit rate for IEEE 802.11la is

54 Mbps using orthogonal frequency-division multiplexing (OFDM) (explained later)

and the 5.8 gigahertz (GHz) frequency band.

IEEE 802.11 MAC Sublayer

At the MAC sublayer, IEEE 802.11 uses the carrier sense multiple access with

collision avoidance (CSMA/CA) media access control (MAC) protocol, which works in

the following way:

A wireless station with a frame to transmit first listens on the wireless channel to

determine if another station is currently transmitting (carrier sense). If the medium is

being used, the wireless station calculates a random backoff delay. Only after the random

backoff delay can the wireless station again listen for a transmitting station. By

instituting a random backoff delay, multiple stations that are waiting to transmit do not

end up trying to transmit at the same time (collision avoidance).

The CSMA/CA scheme does not ensure that a collision never takes place and it is

difficult for a transmitting node to detect that a collision is occurring. Additionally,

depending on the placement of the wireless AP and the wireless clients, a radio frequency










(RF) barrier can prevent a wireless client from sensing that another wireless node is

transmitting. This is known as the hidden station problem.

To provide better detection of collisions and a solution to the hidden station

problem, IEEE 802. 11 also defines the use of an acknowledgment (ACK) frame to

indicate that a wireless frame was successfully received and the use of Request to Send

(RTS) and Clear to Send (CTS) messages. When a station wants to transmit a frame, it

sends an RTS message indicating the amount of time it needs to send the frame. The

wireless AP sends a CTS message to all stations, granting permission to the requesting

station and informing all other stations that they are not allowed transmitting for the time

reserved by the RTS message. The exchange of RTS and CTS messages eliminates

collisions due to hidden stations.

Standard 802.11b

The maj or enhancement to IEEE 802. 11 by IEEE 802. 11b is the standardization of

the physical layer to support higher bit rates. IEEE 802.11lb supports two additional

speeds, 5.5 Mbps and 11 Mbps, using the same 2.45 GHz frequency. DSSS modulation

scheme is used in order to provide the higher data rates. The bit rate of 11 Mbps is

achievable in ideal conditions. In less-than-ideal conditions, the slower speeds of 5.5

Mbps, 2 Mbps, and 1 Mbps are used.

Standard 802.11a

The latest standard, IEEE 802.11la, operates at a data transmission rate as high as 54

Mbps and uses a radio frequency of 5.8 GHz. Instead of DSSS, 802. 11a uses OFDM.

OFDM allows data to be transmitted by sub frequencies in parallel. This provides greater

resistance to interference and greater throughput. This higher speed technology allows

wireless LAN networking to perform better for video and conferencing applications.









Because they are not on the same frequencies as Bluetooth or microwave ovens, OFDM

and IEEE 802.11la provide both a higher data rate and a cleaner signal. The bit rate of 54

Mbps is achievable in ideal conditions. In less-than-ideal conditions, the slower speeds

of 48 Mbps, 36 Mbps, 24 Mbps, 18 Mbps, 12 Mbps, and 6 Mbps are used.

Standard 802.11g

IEEE 802. 11g, a relatively new standard, operates at a bit rate as high as 54 Mbps,

but uses the S-Band ISM and OFDM. 802.11lg is also backward-compatible with

802.11lb and can operate at the 802.11lb bit rates and use DSSS. 802.11lg wireless

network adapters can connect to an 802.11lb wireless AP, and 802.11lb wireless network

adapters can connect to an 802.11lg wireless AP. Thus, 802.11lg provides a migration

path for 802.11lb networks to a frequency-compatible standard technology with a higher

bit rate. Existing 802.11lb wireless network adapters cannot be upgraded to 802.11lg by

updating the firmware of the adapter--they must be replaced. Unlike migrating from

802.11lb to 802.11la (in which all the network adapters in both the wireless clients and the

wireless APs must be replaced at the same time), migrating from 802.11lb to 802.11lg can

be done incrementally.

Like 802.11la, 802.11lg uses 54 Mbps in ideal conditions and the slower speeds of

48 Mbps, 36 Mbps, 24 Mbps, 18 Mbps, 12 Mbps, and 6 Mbps in less-than-ideal

conditions

IEEE 802.11 Topologies

Independent basic service set (IBSS)

The most basic wireless LAN topology is a set of stations which have recognized

each other and are connected via the wireless media in a peer-to-peer fashion. This form

of network topology is referred to as an Independent Basic Service Set (IBSS) or an Ad-









hoc network. In an IBSS, the mobile stations communicate directly with each other.

Every mobile station may not be able to communicate with every other station due to the

range limitations. There are no relay functions in an IBSS therefore all stations need to

be within range of each other and communicate directly














Figure 2-3 Independent Basic Service Set (IBSS)

Infrastructure Basic Service Set (BSS)

Figure 2-4 shows that an Infrastructure Basic Service Set is a BSS with a

component called an Access Point (AP). The access point provides a local relay function

for the BSS. All stations in the BSS communicate with the access point and no longer

communicate directly. All frames are relayed between stations by the access point. This

local relay function effectively doubles the range of the IBSS. The access point may

also provide connection to a distribution system.

Distribution System (DS)

DS is the means by which an access point communicates with another access point

to exchange frames for stations in their respective BSSs, forward frames to follow mobile

stations as they move from one BSS to another, and exchange frames with a wired

network. As IEEE 802. 11 describes it, the distribution system is not necessarily a

network nor does the standard place any restrictions on how the distribution system is










implemented, only on the services it must provide. Thus the distribution system may be a

wired network like 803.2 or a special purpose box that interconnects the access points

and provides the required distribution services.
















Figure 2-4 Infrastructure Basic Service Set (BSS)

Extended Service Set (ESS)

IEEE 802. 11 extends the range of mobility to an arbitrary range through the ESS.

An extended service set is a set of infrastructure BSS's, where the access points

communicate amongst themselves to forward traffic from one BSS to another to facilitate

movement of stations between BSS's.

The access point performs this communication through the distribution system.

The distribution system is the backbone of the wireless LAN and may be constructed of

either a wired LAN or wireless network. Typically the distribution system is a thin layer

in each access point that determines the destination for traffic received from a BSS. The

distribution system determines if traffic should be relayed back to a destination in the

same BSS, forwarded on the distribution system to another access point, or sent into the

wired network to a destination not in the extended service set. Communications received

by an access point from the distribution system are transmitted to the BSS to be received










by the destination mobile station. Network equipment outside of the extended service set

views the ESS and all of its mobile stations as a single MAC-layer network where all

stations are physically stationary. Thus, the ESS hides the mobility of the mobile stations

from everything outside the ESS. This level of indirection provided by the 802.1 1

architecture allows existing network protocols that have no concept of mobility to operate

correctly with a wireless LAN where there is mobility.


Figure 2-5 Extended Service Set (ESS)

IEEE 802.11 Distribution Services

Distribution services provide functionality across a distribution system. Typically,

access points provide distribution services. The five distribution services and functions

detailed below include: association, disassociation, re-association, distribution, and

integration.










Association

The association service is used to make a logical connection between a mobile

station and an access point. Each station must become associated with an access point

before it is allowed to send data through the access point onto the distribution system.

The connection is necessary in order for the distribution system to know where and how

to deliver data to the mobile station. The mobile station invokes the association service

once and only once, typically when the station enters the BSS. Each station can associate

with one access point, though an access point can associate with multiple stations.

Disassociation

The disassociation service is used either to force a mobile station to eliminate an

association with an access point or for a mobile station to inform an access point that it

no longer requires the services of the distribution system. When a station becomes

disassociated, it must begin a new association to communicate with an access point again.

An access point may force a station or stations to disassociate because of resource

restraints, the access point is shutting down or being removed from the network for a

variety of reasons. When a mobile station is aware that it will no longer require the

services of an access point, it may invoke the disassociation service to notify the access

point that the logical connection to the services of the access point from this mobile

station is no longer required. Stations should disassociate when they leave a network,

though there is nothing in the architecture to assure this happens. Disassociation is a

notification and can be invoked by either associated party. Neither party can refuse

termination of the association.









Re-association

Re-Association enables a station to change its current association with an access

point. The re-association service is similar to the association service, with the exception

that it includes information about the access point with which a mobile station has been

previously associated. A mobile station will use the re-association service repeatedly as

it moves through out the ESS, loses contact with the access point with which it is

associated, and needs to become associated with a new access point. By using the re-

association service, a mobile station provides information to the access point to which it

will be associated and information pertaining to the access point from which it will be

disassociated. This allows the newly associated access point to contact the previously

associated access point to obtain frames that may be waiting there for delivery to the

mobile station as well as other information that may be relevant to the new association.

The mobile station always initiates re-association. Re-association with a different

wireless AP can occur for many different reasons. The signal can weaken because the

wireless client moves away from the wireless AP or the wireless AP becomes congested

with too much other traffic or interference. The wireless client, by switching to another

wireless AP, can distribute the load over other wireless APs, increasing the performance

for other wireless clients. By placing wireless APs so that their coverage areas overlap

slightly but their channels do not, wireless connectivity for large areas can be achieved.

As a wireless client moves its physical location, it can associate and re-associate from

one wireless AP to another, maintaining a continuous connection during physical

relocation. If the coverage areas of the wireless APs within an ESS overlap, then a

wireless client can roam, or move from one location (with a wireless AP) to another (with

a different wireless AP), while maintaining network layer connectivity. For example, for










TCP/IP, a wireless client is assigned an IP address when it connects to the first wireless

AP. When the wireless client roams within the ESS, it creates wireless connections with

other wireless APs but keeps the same IP address because all the wireless APs are on the

same logical subnet.

Distribution

Distribution is the primary service used by an 802.11 station. A station uses the

distribution service every time it sends MAC frames across the distribution system. The

distribution service provides the distribution with only enough information to determine

the proper destination BSS for the MAC frame. The three association services

(association, re-association, and disassociation) provide the necessary information for the

distribution service to operate. Distribution within the distribution system does not

necessarily involve any additional features outside of the association services, though a

station must be associated with an access point for the distribution service to forward

frames properly.

Integration

The integration service connects the 802.11 WLAN to other LANs, including one

or more wired LANs or 802. 11 WLANs. A portal performs the integration service. The

portal is an abstract architectural concept that typically resides in an access point though

it could entirely be part of a separate network component. The integration service

translates 802.11 frames to frames that may traverse another network, and vice versa as

well as translates frames from other networks to frames that may be delivered by an

802.11 WLAN.










Overview of PLC Technology

Power line communications involves the use of a power supply grid for

communication purposes. The power line network has a very extensive infrastructure

providing connection pathways to and within nearly every building or other environment

used by modern man. Because of this fact, the use of this network for the transmission of

information signals in addition to its traditional role as a power supply grid has

tremendous applications. However, the power line wiring was designed for transmission

of electrical power, nominally in the 50-60 Hz range and at most at about 400 Hz, and

thus the use of this medium for data transmission at high frequencies presents some

technically challenging problems. Furthermore, the power line is one of the most

electrically contaminated environments, which makes reliable data communication over

this medium extremely difficult. Moreover, the legal restrictions imposed on the use of

various frequency bands in the power line spectrum limit the achievable data rates.

Power lines connect the power generation station to a variety of customers

dispersed over a wide region. Power transmission is done using varying voltage levels

and widely differing power line cables. Power line cable characteristics and the number

of crossovers and interconnections play an important role in determining the kind of

communication technology that needs to be used to effect a viable communication

sy stem.

From a purely electrical power distribution perspective, the electrical current in the

power line network is kept as low as possible, because the losses are directly proportional

to the square of current. As the losses in the grid are also proportional to distance, 'high'

voltages are used for long distance transmission, 'medium' voltages are used for

intermediate distances, and 'low' voltages are used for transmissions over short distances










and within the target building or environment. This creates a set of hierarchical voltage

levels in the distribution grids. Based on the voltage levels at which they transfer power,

power lines can be categorized as follows.



Distribution
transformer -
Installation


A~ ~I Customer
-- Premise
Electrical
Wiring
0oooo 0 0 0~ 0 In MV Distribution
o 0 0 0 0 transformer Installation

Generator

Sub station



HV lines MV lines LV lines




Figure 2-6 Power Line Distribution Grid.

1. High-voltage (HV) lines: These connect electricity generation stations to

distribution stations. The voltage levels on these lines are typically in the order of 69 kV

and above and they run over distances of the order of tens of miles.

2. Medium-voltage (MV) lines: These connect the distribution stations to pole

mounted transformers. The voltage levels are in between 2.4 kV to 35kV and they run

over distances of the order of a few miles.

3. Low-voltage (LV) lines: These connect pole-mounted transformers to individual

households. The voltage levels on these lines are up to 600 V and these run over

distances of the order of a few hundred meters.









4. Customer premise electrical wires: These electrical wires are connected to the

Low-Voltage distribution transformer and run throughout the house to every electric

outlet present. The voltage level on these wires is 110 or 220 V, and the customer

premise may have single or multiple phases.

HV lines represent excellent carriers for radio frequency (RF) communications

signals as they feature open wires with very few crossovers over quite long distances. An

RF transmission power of about 10 watts is often sufficient to cover distances of more

than 500 kilometers. Around the year 1922, the first carrier frequency system (CFS)

communication system began to operate on high-tension lines in the frequency range of

15-1500 KHz. As in the past, the main purpose of such CFS communication systems is

to maintain the operability of the power supply, providing monitoring and control

functions.

MV and LV lines are characterized by a large number of cross connections and

different conductor types (e.g, open wire and cable). Long distance RF signal

propagation is extremely poor in such an environment primarily due to the high

attenuation and impedance mismatch. Around the year 1930, ripple carrier signaling

(RCS) began to be used to provide communication signals over MV and LV lines. RCS

used the frequency range below 3 KHz down to 125 Hz with the amplitude shift keying

(ASK) modulation technique to achieve a data rate of the order of a few bits per second.

Load management and automatic reconfiguration of power distribution networks were

among the most important tasks performed by RCS.

Regulatory Constraints for PLC

In the past, utility companies used power line communications to maintain the

power grid. The utility companies regarded the power distribution wiring as a "natural"










medium for their relatively low data rate communication needs but, high data rate

communications over low-tension lines is now a reality. This development has been

fueled by the explosive growth of the Internet, advances in digital signal processing,

powerful error correction coding techniques and Very Large Scale Integration (VLSI) of

electronic hardware.

Frequencies used by these PLC devices are restricted by the limitations imposed by

the regulatory agencies. The Federal Communications Commission (FCC) and the

European Committee for Electro technical Standardization (CENELEC) govern

regulatory rules in North America and Europe respectively.

In North America the frequency band from 0 to 500 KHz and a part of 2 to 30 1VHz

unlicensed spectrum is used for power line communications. However the regulatory

rules in Europe are more stringent. The spectrum is divided into five bands based on the

regulations. They are:

1. Frequency Band from 3 to 9 KHz: The use of this frequency band is limited to
energy providers; however, with approval it may also be used by other parties
inside their customers' premises.

2. Frequency Band from 9 to 95 KHz: The use of this frequency band is limited to
the energy providers and their concession-holders. This frequency band is often
referred as the "A-Band".

3. Frequency Band from 95 to 125 KHz: The use of this frequency band is limited
to the energy provider' s customers; no access protocol is defined for this frequency
band. This frequency band is often referred as the "B-Band".

4. Frequency Band from 125 to 140 KHz: The use of this frequency band is limited
to the energy provider's customers; in order to make simultaneous operation of
several systems within this frequency band possible, a carrier sense multiple access
protocol using a center frequency of 132.5 KHz was defined. This frequency band
is often referred to as the "C-Band".

5. Frequency Band from 140 to 148.5 KHz: The use of this frequency band is
limited to the energy provider' s customers; no access-protocol is defined for this
frequency band. This frequency band is often referred to as the "D-Band".










6. Frequency Band from 2 to 30 MHz: Efforts are going on in Europe, through
CELNEC, to develop a new standard for electro magnetic compatibility for PLC
systems in this frequency band. This is the unlicensed spectrum in FCC
regulations. HomePlug 1.0 protocol operates in this frequency band.

Apart from band allocation, regulatory bodies also impose limits on the radiation

emitted by these devices. These reflect as restrictions on the transmitted power in each of

these frequency bands. Further reading on regulatory constraints for PLC can be

obtained [1].

Power Line Channel Characteristics

Power lines were originally devised for transmission of power at 50-60 Hz and at

most 400 Hz. At high frequencies the power line is very hostile to signal propagation.

Figure 2-7 gives a brief overview of PLC channel characteristics [2].

Attenuation in the PLC channel

Att~L~ n Frequency Resp onse -Path 1


10





4 6 8 10 12 14 16




Figure 2-7 Attenuation in PLC channel

High frequency signals can be inj ected on to the power line by using an

appropriately designed high pass filter. Maximum signal power is received only when

the impedance of the transmitter, power line and the receiver match. Dedicated

communication channels like Ethernet have known impedance, and thus impedance

matching is not a problem. However, power line networks are usually made of a variety









of conductor types and cross sections joined randomly, and therefore a wide variety of

characteristic impedances are encountered in the network. Further, the network terminal

impedance tends to vary both with communication signal frequencies and with time

depending upon the consumer premises load pattern. This impedance mismatch results in

a multi-path effect resulting in deep notches caused by destructive interference at certain

frequencies. In a typical home environment the attenuation on the power line is between

20dB to 60dB and depends heavily on load. Figure 2-7 [2] shows the attenuation

characteristics of a sample PLC channel. Note the deep notches at 11, 13.5, 15 IVHz that

are created by the multipath effect.

Noise in the PLC channel

The maj or sources of noise on the PLC channel are electrical appliances, which

utilize the 60Hz (North America) or 50 Hz (Europe) electric supply and generate noise

components which extend well into the high frequency spectrum as harmonics of the line

frequency. Apart from these, induced radio frequency signals from broadcast,

commercial, military, citizen band and amateur stations severely impair certain frequency

bands on PLC channel. Electric appliances can be divided into three categories based on

the nature of noise they produce in the high frequency bands. Single impulsive noise is a

kind of noise produced when electric switches are turned on or off. Periodic impulsive

noise, the most common impulse noise, is generated by such sources as triac-controlled

light dimmers. These devices introduce noise as they connect the lamp to the AC line

part-way through each AC cycle. These impulses occur at twice the AC line frequency as

this process is repeated every V/2 AC cycle. Figure 2-8 [2] shows the periodic impulsive

noise caused by a dimmer on a PLC channel. Continuous impulsive noise is produced by

a variety of series-wound AC motors. Such motors are found in electrical appliances like










vacuum cleaners, drilling machines, electric shavers and most of the common kitchen

appliances. Commutator arching from these motors produces impulses at repetition rates

in the range of several k
noise sources. Figure 2-9 shows the continuous impulsive noise created by a drill

machine. High bandwidth digital devices communicating on power line devices need to

use powerful error correction coding along with appropriate modulation techniques to

cope with these impairments.


0.15


0.1


0.05


0


-0.05


-0.1


-0.15


O 2 4 6 8 10
Time (milliseconds)


12 14 16 18


Figure 2-8 Sample of continuous impulsive noise created by electric drill





























-1.5-



O 2 4 6 810 12 14 16 18
Time (milliseconds)


Figure 2-9 Sample of Periodic Impulsive noise Produced by a dimmer

PLC Electromagnetic Compatibility

The entire power line grid is developed for transmission of electrical power at the

50 60 Hz range. The use of these power lines for communications involves their use to

transmit information modulated on carrier frequencies in the 9 KHz and 30 1VHz range.

The skin depth effect at these frequencies causes the power lines to radiate high

frequency electromagnetic signals which make them leaky. The placement of any

wireless service near PLC systems is bound to be subj ected to interference. The

interference is directly proportional to the transmission power and distance between the

installation and the power line. This calls for cautious designing of filters to prevent the

leakage of high frequency signals. The solution that integrates the 802. 11b wireless

networking protocol (WiFi) with PLC is a typical case where mitigating the interference










plays an important role before deploying the equipment. In the following section we take

a look at the Orthogonal Frequency Division Modulation (OFDM) scheme and its

application on the PLC channel.

OFDM Modulation

The choice of modulation scheme depends on the nature of physical medium on

which it has to operate. A modulation scheme [3] for use on power line should have the

following desirable properties:

* Ability to overcome non-linear channel characteristics: The PLC channel has a very
non-linear channel characteristic which requires very expensive and complex
equalization schemes to attain data rates above 10 Mbps using single carrier
modulation. The modulation technique for use on the PLC channel should have the
ability to overcome such non-linearity without the need of highly involved channel
equalization.

* Ability to cope with multi-path spread: Impedance mismatch on power lines results
in an echo signal, causing a delay spread of the order of 1ms. The modulation
technique for use on the PLC channel should have the inherent ability to handle
such delay spreads.

* Ability to adjust dynamically: Power line channel characteristics change
dynamically as the load on the power supply varies. The modulation technique for
use on power line should have the ability to track such changes without involving a
large overhead or complexity.

* Ability to mask certain frequencies: Power line communications equipment uses
the unlicensed frequency band. However, present and future regulatory rules limit
radiation in some sub-bands or adj acent bands. This makes it highly desirable to
have a modulation technique that could selectively mask certain frequency bands.
This property would help in the global compatibility and marketability of the PLC
product.

A modulation scheme that has all these desirable properties is OFDM. OFDM is

generally viewed as a collection of transmission techniques. OFDM is currently used in

European Digital Audio Broadcast (DAB) standards. Several DAB systems proposed for

North America are based on OFDM. OFDM is also used in some variants of the 802. 11x

wireless networking protocol. Following are some of the advantages of OFDM [4]









* Very good at mitigating the effects of time-dispersion

* Very good at mitigating the effect of in-band narrowband interference

* High bandwidth efficiency

* Scalable to high data rates

* Flexible and can be made adaptive; different modulation schemes for sub-carriers,
bit loading, adaptable bandwidth/data rates possible

* Excellent ICI performance

* Channel equalization not required

* Phase lock of the local oscillators not required

For these reasons, successful PLC protocols such as the HomePlug 1.0 protocol use

OFDM. One of the main aspects in the design of OFDM transmission schemes is the

selection of the number of carriers and the cyclic prefix length, whose values play an

essential role in the bit error rate achieved by the system. Their optimum values depend

on the channel characteristics [2].

The HomePlug 1.0 Protocol Specifications

Power line communication can be effectively used to achieve Ethernet class

networking at the customers' premise over the existing electrical wiring. The electrical

wiring is a very versatile networking backbone that has an outlet in every room. Use of

this existing wiring to establish an in-building network environment led to the

introduction of the HomePlug 1.0 protocol in the American market.

HomePlug 1.0 PHY and MAC

In HomePlug 1.0, the reliability of data transmission over the all pervasive

electrical wiring at the customer premise requires the mitigation of extremely

unpredictable-natured noise. To achieve an acceptable bit error rate, powerful forward









error correction (FEC) coding and decoding techniques, and automatic repeat request

(ARQ) techniques along with OFDM with Cyclic Prefix (CP) were adopted in the PHY

of the Media Access Control (MAC) of the HomePlug 1.0 protocol.

The OFDM with CP used in HomePlug 1.0, essentially splits the available

bandwidth into many small sub-carriers. Unusable sub-carriers are masked out

intelligently as mandated by the FCC (Part 15 Rules) and by channel conditions and the

best possible modulation and coding methods are applied on the rest of the participating

sub-carriers. OFDM in HomePlug 1.0 operates in a frequency band of 4.49 20.7 MHz.

This band is divided into 128 evenly spaced sub-carriers. Out of these 128 carriers, 44

sub-carriers are extremely noisy and hence they are permanently masked. Besides these

44 sub-carriers, 8 sub-carriers that fall within the usable band are permanently masked to

avoid the interference caused to 40, 30, 20, and 17 meter ham radio bands. This leaves a

total of 76 tones to be used in the United States market. The applied tone masks are

reconfigurable so as to mask any frequency sub carrier. This adaptive mapping feature

ensures the compatibility in foreign markets like the European market. Different tone

maps can be framed for European market. A more advanced technique called bit loading

in OFDM with CP allows the use of a different modulation and coding scheme to each

independent sub-carrier, and this can further improve the bit error rate. At any given time

the HomePlug 1.0 MAC PHY supports up to 139 distinct data rates, according to the

number of usable carriers, modulation methods, and coding rate. HomePlug 1.0 data rate

can vary from 1Mbps to 14 Mbps dynamically [5]. This is possible as every HomePlug

1.0 node performs channel estimation every 5 seconds to adapt to the optimum data rate.












-40
-45








N *sD





0) 2 4 6 8 10 12 14 IB IS 20 22 24 26 23 3



Figure 2-10 Tone map and masked sub-carriers in HomePlug 1.0

The HomePlug 1.0 MAC is a Carrier Sense Multiple Access / Collision Avoidance

(CSMA/CA) protocol. Ethernet (802.3) has a Carrier Sense Multiple Access / Collision

Detect (CSMA/CD) protocol. In CSMA/CD, all the nodes share the channel on a

contention basis. Whenever a collision occurs due to simultaneous transmission of data


by two or more nodes, it is detected by the individual node transceivers. Physical carrier

sense (PCS) incorporated in the 802.3 PHY detects energy on the channel. A collision is

detected upon sensing more energy on the channel than that transmitted by the individual

nodes. Upon collision detection, each node exercises a binary exponential back-off

algorithm by waiting a random amount of time before subsequent transmission.

CSMA/CD relies heavily on PCS for detecting collisions and resolving contention issues.

This is possible because of the clean Ethernet channel. PCS alone is not reliable in the

case of the HomePlug 1.0 MAC. The noisy PLC channel limits the transceiver's ability

of differentiating the energy changes in the channel medium occurring due to actual

collisions as opposed to channel fluctuations and noise events. Hence, HomePlug 1.0









MAC incorporates the CSMA/CA protocol in which, rather than detecting collisions after

they have occurred, collisions are deliberately avoided. The HomePlug 1.0 PHY layer

detects the preambles of the frame, and the MAC layer maintains a virtual carrier sense

(VCS) timer. Each frame is preceded by a contention period of short time slots. If a

station, using VCS, detects that no other node has started transmitting before, it will start

transmitting, hence the name collision avoidance.

HomePlug 1.0 [5] MAC involves the use of a frame control and a preamble as a

delimiter. A tone map is included in the start of frame and this is used by the receiver to

decode the following frame. Priority information used for contention resolution is

included in the end of the frame delimiter.

The response inter frame spacing (RIFS) delimiter facilitates the verification of the

response to the currently transmitted frame. As compared to 802.11 there is no short

interframe spacing included in the HomePlug 1.0 MAC. A frame control bit serves the

propose of indicating the node's desire to continue transmitting frames.

In order to support QoS, four priority classes are provided by HomePlug 1.0 MAC,

they are CA3, CA2, CAl and CAO, listed in the descending order of priority.

Appropriate assertion of bits in the PRO and PR1 slots resolve priority based contention.

If a higher priority assertion is made by a frame, all the nodes with priorities less than that

priority class defer transmission. At times when there is an assertion of the same priority

class by two contending frames, the resolution is continued in the contention window.

CSMA/CA has a priority dependent backoff window size. The lower priority classes viz.

CA0 and CAl have a backoff schedule of 8-16-32-64 slots.










35.84 us 35.84 us 35.84 us 35.84 us x n 313.5 1489.5 us 26us 72us

Priority Priority
CIFS Rslto0 Reolin1 Contention Data RIFS ACK








Prabe1Frame Body PAD FCS Fa Preamble 1raml


25bits 17bvtes Variable Length Bvtes 1.5 us 25bits RIFS


Figure 2-11 HomePlug 1.0 MAC frame structure.

CA2 and CA3, the higher priority classes have an 8-16-16-32 backoff schedule.

Collision results in the incrementing of the range of contention slots over which a

transmission is started. CIFS stands for Contention-window Inter-Frame spacing. In this

window the nodes with the same priority assertion contend for the channel by

decrementing a counter in the contention window time slots. Every node keeps track of

the value of a counter. Upon exhausting the counter, a node transmits a frame and resets

its counter. Other contending nodes whose counter has not yet exhausted continue

decrementing the counter in the subsequent contention window. This process is

continued till each node gets its slot to transmit. Higher priority assertion suspends this

process and the frames with higher priorities are transmitted. The theoretical maximum

MAC throughput supported by HomePlug 1.0 with a payload of 1500 bytes is 8.08 Mb/s.

The standard boasts a PHY data rate of 14 Mb/s. A maximum practical MAC throughput

of around 6 Mb/s was recorded during the extensive testing carried out in a home

networking scenario by Yu-Ju Lin et al. [5].









HomePlug 1.0 Operating Modes.

The HomePlug 1.0 protocol supports a Protocol adaptation layer through which it

interacts with different networking protocols viz. USB, 802.3 etc, HomePlug 1.0

supports Ethernet class local area network on a channel contention basis. HomePlug 1.0

supports all the topologies that IEEE 802.3 supports. Unlike IEEE 802. 11 which has an

infrastructure mode, the HomePlug 1.0 protocol does not have a centralized authority, the

access point that provides the function of a local relay; this makes the interconnection of

HomePlug 1.0 based devices extremely simple at the cost of providing security. Power

lines are shared from the transformer to all of the residences served by the transformer, so

it is possible for a residence to hear the PLC transmissions of a nearby residence. It is

therefore necessary to protect the privacy of users cryptographically, since installing low-

pass filters would to some extent negate the cost advantages of the technology. To this

end, nodes form logical networks (LNs) based on cryptographic isolation.


Figure 2-12 Logical Networks (LN) in HomePlug 1.0









HomePlug 1.0 supports the feature of LNs on the basis of passwords that protect

the data in a particular logical network. Only the stations that use a common shared

password can communicate with each other. Chapter 3 throws more light on the security

aspect of the HomePlug 1.0 Protocol.

Introduction to HomePlug AV

A new protocol is being researched by the HomePlug alliance and the aim is to

achieve data rates of about 100 Mb/s data rate for in-home power line networking.

Such a high data rate is desired to facilitate the distribution of data and multimedia

including high-definition (HDTV) and stereophonic audio over the PLC network.

Rigorous measurements and analysis of the PLC channel demonstrates its ability to

support such high data rates. The HomePlug alliance has named this high speed standard

'HomePlug AV' keeping in mind the Audio Video applications associated with it. This

new technology is at a stage where it poses a challenge to the conventional wired

networking protocols such as 100 Mbps Ethernet and creates space for new hybrid power

line/wireless networks for the future smart homes. In-home entertainment networking

will be revolutionized altogether by this nascent technology as well as by emerging

solutions using wireless networks, tuned for AV applications. HomePlug AV finds its

strength in being simple, reliable, cost effective, and 'plug and play' in a literal sense.















CHAPTER 3
SECURITY STANDARDS OVERVIEW

Introduction to Information security

Information security involves the use of advanced security techniques to support

the exchange of user identity, data and account information in a confidential manner. The

requirements of information security have undergone maj or changes since the inception

of information technology. The main task of secure information exchange is protecting

an entity from being compromised and thwart attacks by intruders. The emergence of

various networking technologies for data communication among computers led to a

significant research initiatives in network security, particularly with respect to use of the

public Internet. This chapter describes first the various security techniques available in

WiFi and PLC networks and also highlights the associated cryptography and key

exchange techniques and then defines the problem of authentication.

Any action that compromises data is a security attack. Security attacks may be

passive or active. A passive attack results in loss of privacy of data while an active attack

results in the loss, modification or even fabrication of data. Figure 3-1 [6]

describes the general attack categories. Figure 3-la shows the normal flow of data from

source to destination without any attacks passive or active. Figure 3-1b shows an attack

on availability as an asset of the system being destroyed. This is similar to destroying a

communication link or fie management system. Figure 3-10 describes an attack on

confidentiality, wherein a third party gains access to an asset. This is similar to

eavesdropping on a conversation or viewing data packets over a network. Figure 2.1d







shows an attack on integrity, wherein an unauthorized party accesses and tampers with an
asset.


InfonnaRtio~n Solre


~O
Infolnntion D~estination


0


o)


o


I _o
C)


Figure 3-1 Types of attacks. A) Normal Flow, B) Interruption, C) Interception D)
Modiaication, E) Modiaication
Authentication
Before the topic of AAA (Authentication, Authorization and Accounting) is
discussed, it would be good to have a basic understanding of authentication using keys,
digital certificates and hashes, because these are used extensively in network security [6].










In order to authenticate a message that is sent over the network, two levels of

authentication are used. At the lower level, an authenticator is produced, and at the upper

level, an authentication protocol is executed using the authenticator. Together, they

authenticate a message. In other words, an authenticator employs a method to secure the

message, and the authentication protocol serves to transfer this secured information over

the network.

Authenticators

Authenticators can be grouped into three classes [6]:

* Message Encryption

* Message Authentication Code

* Hash Function

Message encryption

Message encryption refers to techniques such as conventional symmetric key

encryption and public key encryption [6]. In conventional symmetric key encryption,

only the sender and receiver share a secret key. If no other party has any knowledge

about the key, then confidentiality is provided. This kind of authentication is used in the

Kerberos Authentication system which was developed at MIT.

Public-key encryption provides for message confidentiality. It does not allow the

message source to be authenticated, since anyone can be in possession of the receiver' s

public key. In order to provide authentication, the sender must encrypt the message with

his or her own private key. This kind of authentication is the principle for creation of

digital signatures.

The digital signature is analogous to a handwritten signature. It verifies the author

and also the contents at the time of the signature. In a digital signature construct, only the









communicating parties are involved. The receiver should know the public key of the

sender. The digital signature is sometimes created by encrypting the entire message with

the private key of the sender. A faster method that is more commonly used is creating a

hash code of the message, and this hash code is then encrypted using the private key.

Confidentiality is provided by encrypting the entire message along with the digital

signature with either the receiver' s public key or with a common secret key.

Message encryption and digital signatures address content and masquerade attacks,

but they do not address the problem of repudiation. The sender could deny that it sent a

particular message and claim that its private key was compromised. An arbitrated digital

signature attempts to resolve this problem. In this, an arbiter is present between the

sender and receiver. Every signed message between the sender and the receiver is routed

via the arbiter. The arbiter subjects the message and its source to several checks to

validate both the source and content, after which the arbiter timestamps the messages and

sends it to the receiver.

Message Authentication Codes

The second type of authenticator is the message authentication code (MAC), not to

be confused with Media access Control Protocol .The MAC process uses a shared secret

key to generate a small Eixed-size block of data, called cryptographic checksum or a

MAC. The MAC is a function of the message and the secret key, and it is appended to a

message before it is transmitted. The recipient computes the MAC by using the message

and the secret key. If the recomputed MAC and the original MAC are the same, then the

message has not been modified.

This technique assumes that the parties involved in communication are in

possession of a shared secret key. Hence if the message is unaltered, then the recipient is










assured that the actual source has sent the message. Furthermore, an attacker cannot

modify both the message and the MAC since the attacker is not in possession of the

secret key.

The MAC function is similar to encryption. However, the MAC algorithm need

not be reversible. This makes the authentication functions for the generation of the MAC

less vulnerable to being broken.

Hash Functions

The Einal type of authenticator is the hash function. The hash function is also a

one-way function. It takes in a variable sized message and produces a Eixed size hash

code, also called message digest, as output. The hash value is appended to the message

and transmitted to the receiver. The receiver verifies the message by computing the hash

value again. A match authenticates the message. The hash function is a variation of the

MAC, but it is not secret and must be protected in some manner.

After the authenticator, the second level of authentication involves the

authentication protocol.

Authentication Protocols

Two types of authentication protocols are mutual authentication and one-way

authentication.

Mutual authentication requires that each of the communicating parties be satisfied

about the other' s identity. This process generally requires that both entities are online

and active in communication at the same time.

One-way authentication does not require the recipient to be authenticated. One-

way authentication is gaining popularity with the encryption of emails. Two










authentication protocols are extensible authentication protocol (EAP) and transport layer

security (TLS).

Introduction to Authentication, Authorization and Accounting

All networks need an authentication, authorization, and accounting (AAA)

framework to provide controlled access to computer resources by implementing policies

and auditing usage [7].

First of all, authentication provides a way to identify a user. This is usually done

by having the user present a unique, valid credential, which may be a valid login-

password, certificates etc. in order to grant access. The AAA server compares a user's

authentication credentials against the user information stored in a database, and upon

finding a match, the user is granted access. If there is no match, authentication fails and

network access is denied.

Access Clients
F 1 Ac~cess Server
f ""1 RADIUS Protocol





8 ~p~i~ AP RADIUS Prorxy
STARADIUS (AAA) Serv~er


Figure 3-2 AAA Framework in a WiFi networking scenario

Following authentication, authorization is given to the user, i.e. the user can be

allowed to perform tasks on network resources. Authorization basically determines

whether the user has the authority to perform protected tasks. An example of

authorization might be providing an IP address and enforcing policies for the user who

has that IP address.









After authentication, accounting is performed. Accounting measures the resources

a user accesses. This can include the amount of system time or the amount of data a user

has sent or received during a session. Accounting can be performed by logging session

statistics and is used for authorization control, billing, trend analysis, resource utilization,

and capacity planning activities.

Figure 3.2 illustrates the components of an AAA framework. The RADIUS server,

a commonly used AAA server, is attached to a network. The device acting as a point of

entry to the network may be a NAS, router, terminal server or even another host that

contains AAA client functionality.

Wireless Security

For authentication, the 802. 11 standard defines open system and shared key

authentication types. For data confidentiality, the 802.11 standard defines Wired

Equivalent Privacy (WEP). The 802. 11 standard does not define or provide a WEP key

management protocol that provides automatic encryption key determination and renewal.

This is a limitation to IEEE 802. 11 security services especially for wireless

infrastructure mode with a large number of wireless clients. The authentication and key

management issues of the 802. 11 standard are solved by using the combination of IEEE

802. 1X port-based network access control and WiFi Protected Access (WPA).

Standard 802.11 Authentication

IEEE 802. 11 defines the following types of authentication:

* Open System Authentication

* Shared Key Authentication










Open System Authentication

Open system authentication does not provide authentication, only identification

using the wireless adapter's MAC address. Open system authentication is used when no

authentication is required. Open system authentication is the default authentication

algorithm that uses the following process [8]:

The authentication-initiating wireless client sends an IEEE 802. 11 authentication

management frame that contains its identity.

The receiving wireless node checks the initiating station's identity and sends back an

authentication verification frame.

With some wireless APs, you can configure the MAC addresses of allowed

wireless clients. However, this is not secure because the MAC address of a wireless

client can be spoofed.

Shared Key Authentication

Shared key authentication verifies that an authentication-initiating station has

knowledge of a shared secret. This is similar to preshared key authentication for Internet

Protocol security (IPSec). The 802.11 standard currently assumes that the shared secret

is delivered to the participating wireless clients by means of a secure channel that is

independent of IEEE 802. 11. In practice, this secret is manually typed at the wireless AP

and the wireless client.

Shared key authentication uses the following process:

* The authentication-initiating wireless client sends a frame consisting of an identity
assertion and a request for authentication.

* The authenticating wireless node responds to the authentication-initiating wireless
node with challenge text.










* The authentication-initiating wireless node replies to the authenticating wireless
node with the challenge text that is encrypted using WEP and an encryption key
that is derived from the shared key authentication secret.

* The authentication result is positive if the authenticating wireless node determines
that the decrypted challenge text matches the challenge text originally sent in the
second frame. The authenticating wireless node sends the authentication result.

* Because the shared key authentication secret must be manually distributed and
typed, this method of authentication does not scale appropriately in large
infrastructure network mode (for example, corporate campuses and public places).
Additionally, shared key authentication is not secure and is not recommended for
use.

Standard IEEE 802.11 Encryption with Wired Equivalent Privacy (WEP)

Due to the nature of wireless LAN networks, securing physical access to the

network is difficult. Unlike a wired network where a physical connection is required,

anyone within range of a wireless AP can conceivably send and receive frames as well as

listen for other frames being sent, making eavesdropping and remote sniffing of wireless

LAN frames very easy. Wired Equivalent Privacy (WEP) is defined by the IEEE 802. 11

standard and is intended to provide a level of data confidentiality that is equivalent to a

wired network.

WEP provides data confidentiality services by encrypting the data sent between

wireless nodes. Setting a WEP flag in the MAC header of the 802.11 frame indicates

WEP encryption for an 802. 11 frame. WEP provides data integrity for random errors by

including integrity check value (ICV) in the encrypted portion of the wireless frame.

WEP defines two shared keys :

A multicast/global key: The multicast/global key is an encryption key that

protects multicast and broadcast traffic from a wireless AP to all of its connected wireless

clients .









A unicast session key: The unicast session key is an encryption key that protects

unicast traffic between a wireless client and a wireless AP and multicast and broadcast

traffic sent by the wireless client to the wireless AP.

WEP encryption uses the RC4 symmetric stream cipher with 40-bit and 104-bit

encryption keys. 104-bit encryption keys are not standard, however, many wireless AP

vendors support them.

* Note: Some implementations advertising the use of 128-bit keys are just adding a
104-bit encryption key to the 24-bit initialization vector and calling it a 128-bit key.

Encryption and Decryption Using WEP

To produce the encrypted frame, the following process is used [8]:

* A 32-bit integrity check value (ICV) is calculated that provides data integrity for
the MAC frame.

* The ICV is appended to the end of the frame data.

* A 24-bit initialization vector (IV) is appended to the WEP encryption key.

* The combination of [IV+WEP encryption key] is used as the input of a pseudo-
random number generator (PRNG) to generate a bit sequence that is the same size
as the combination of [data+ICV].

* The PRNG bit sequence, also known as the key stream, is bit-wise exclusive ORed
(XORed) with [data+ICV] to produce the encrypted portion of the payload that is
sent between the wireless AP and the wireless client.

* The IV is added to the front of the encrypted [data+ICV] to create the payload for
the wireless MAC frame. The result is IV+encrypted [data+ICV].

To decrypt the wireless MAC payload, the following process is used:

* The IV is obtained from the front of the MAC payload.

* The WEP encryption key is concatenated with the IV.

* The concatenated WEP encryption key and IV is used as the input of the same
PRNG to generate a bit sequence of the same size as the combination of the data
and the ICV (the same bit sequence as that of the sending wireless node).









* The PRNG bit sequence is XORed with the encrypted [data+ICV] to decrypt the
[data+ICV] portion of the payload.

* The ICV for the data portion of the payload is calculated and compared with the
value included in the incoming frame. If the values match, the data is considered to
be valid (sent from the wireless client and unmodified in transit).


40-1104-bit Key+

Sinput


Output

64-1128b-bit Stream Sequence







Ci phertext

Transmitted Data

Figure 3-3 WEP Illustrated

While the secret key remains constant over a long duration, the IV is changed

periodically and as frequently as every frame). The periodicity at which IV values are

changed depends on the degree of privacy required of the WEP algorithm. Changing the

IV after each frame is the ideal method of maintaining the effectiveness of WEP.

WEP Concerns

The main problem with WEP is that the determination and distribution of WEP

keys are not defined [8]. WEP keys must be distributed using a secure channel outside of

the 802.11 protocol. In the real world, this is a text string that must be manually

configured using a keyboard for both the wireless AP and wireless clients. Obviously,










this key distribution system does not scale well to an enterprise organization and is not

secure.

Additionally, there is no defined mechanism to change the WEP key either per

authentication or periodically for an authenticated connection. All wireless APs and

clients use the same manually configured WEP key for multiple sessions. With multiple

wireless clients sending a large amount of data, an attacker can remotely capture large

amounts of WEP cipher text and use cryptanalysis methods to determine the WEP key.

The lack of a WEP key management protocol is a principal limitation to providing

802. 11 security, especially in infrastructure mode with a large number of stations. Some

examples of this type of network include corporate campuses and public places such as

airports and malls. The lack of automated authentication and key determination services

also effects operation in ad hoc mode where users may wish to engage in peer-to-peer

collaborative communication; for example, in areas such as conference rooms.

Summary of 802.11 Security Issues

The current solutions for the security issues that exist with 802.11 are the

following:

1. No per-frame authentication mechanism to identify the frame source. There is a
current proposal to replace WEP RC4 encryption with Advanced Encryption
Standard (AES). AES provides per-frame data origin authentication.

2. Vulnerability to disassociation attacks (the forcing of wireless clients off the
wireless LAN network).Although there are no easy solutions to the disassociation
attack, the best solution for rogue wireless APs is to support a mutual
authentication protocol such as EAP-TLS. With EAP-TLS, the wireless client
ensures that the wireless AP is a trusted member of the secure wireless
authentication infrastructure.

3. No per-user identification and authentication. The adaptation of IEEE 802.1X
Port-Based Network Access Control specification for wireless connections and its
use of EAP enforces user-level authentication before allowing wireless frames to be
forwarded.









4. No mechanism for central authentication, authorization, and accounting (AAA).By
using RADIUS in conjunction with IEEE 802.1X, RADIUS servers provide AAA
services for wireless connections.

5. The RC4 stream cipher is vulnerable to known plaintext attacks. The proposed
replacement of RC4 with AES solves this problem. In the interim, IPSec,
supported by Windows XP can be used to protect the TCP/IP traffic.

6. Some EAP implementations derive WEP keys from passwords, resulting in weak
WEP keys. EAP-TLS and PEAP derive WEP keys from public key certificates, not
passwords.

7. No support for extended authentication methods; for example: token cards;
certificates/smart cards; one-time passwords; biometrics; and so on. IEEE 802.1X
uses EAP as its authentication protocol. EAP was designed to be extensible for
virtually any type of authentication method.

8. No support for key management; for example, re-keying global keys and dynamic,
per-station or per-session key management. By using IEEE 802.1X and EAP-TLS
or PEAP as the authentication method, high-entropy unicast session keys are
derived for each authentication. Current vendor technologies, such as rapid
rekeying, change the multicast global key periodically. Future technologies will
provide a standards-based method to change the unicast session key periodically.

The best solution at present (as of the time of publication of this thesis) for secure

wireless consists of using the combination of IEEE 802. 1X and EAP-TLS. EAP-TLS

requires deployment of user and computer certificates to each wireless client.

PLC Network Security

Like WiFi, the PLC channel is also a shared channel and this calls for the

implementation of a robust security mechanism to safeguard all the data transmitted over

the PLC channel. Numerous encryption techniques can be applied to encrypt the data

before putting it on the line. The encryption technique should have a good trade-off

between security and complexity. Complex techniques require more computation

capacity. RSA is a candidate encryption algorithm which includes a 128 bit encryption

key. The key exchange can be achieved by using the Diffle-Hellman's algorithms [9].









There is no mechanism for user level authentication in PLC based networks;

moreover, the architecture of the power line distribution grid provides access to every

energy customer on the internet enabled power grid. The HomePlug 1.0 products are not

evolved enough and there are a limited number of devices like modems and routers that

interface HomePlug 1.0 to the Cable or DSL technology via the Ethernet 802.3

adaptation layer.

Another maj or security issue pertaining to in-home PLC networks is the possibility

of intrusion and interference from adj acent sub-networks. This type of intrusion can be

observed at a typical apartment complex where adj acent apartments have their own small

home network. As the PLC is a shared medium and HomePlug 1.0 has a contention

based MAC algorithm, every node contends for the channel and collisions are mitigated

using a MAC based on CSMA/CA. On collisions, the packets are retransmitted by the

contending nodes. Intrusion increases the number of nodes contending in the sub-

network thereby reducing the overall throughput of the system. In addition, such

adj acent networks increase the probability of multiple levels of hidden nodes, leading to

further network performance degradation. A home network implementation that can

prevent such an intrusion involves the use of PLC decoupling filters. These filters may

be used to isolate each electrical circuit at the meter panel for each household or

apartment, thus reducing signal propagation across PLC sub-networks and avoiding

unwanted signal interference.

HomePlug 1.0 DES encryption

Power lines are shared from the transformer to all of the residences served by the

transformer, so it is possible for a residence to hear the PLC transmissions of a nearby

residence. It is therefore necessary to protect the privacy of users cryptographically,









since installing low-pass filters would to some extent negate the cost advantages of the

technology. To this end, nodes form logical networks (LNs) based on cryptographic

isolation. HomePlug 1.0 uses DES in Cipher block chaining (CBC) mode. Keys are

generated from passwords using the PBKDF 1 function from PKCS#5v2.0, a Password-

based Cryptography standard with MD5 as the underlying hash algorithm. Stations store

and retain both their default key (for re-key operations only) and any network encryption

keys (NEK) received (for any other transmissions) in non-volatile memory. All

transmissions within a logical network are encrypted with the NEK that defines that

logical network (as indicated by the Encryption Key Select (EKS) of encryption control

field). To participate in a LN, a station must have the NEK for it. Stations may obtain a

NEK by password entry by the user and generation as described above, or by network

entry through receipt of a "Set NEK MAC Management entry" from another station

encrypted using any key known to both stations. [3] A station may be a member of more

than one LN, and may be required to store more than one (EKS, NEK) pair. Stations are

not required to support participation in more than one LN at a time, however. A station

without any NEK can use network entry to obtain a NEK and enter the LN by means of a

default key generated from a manufacturer-determined password that is unique to the

particular station. This default password must be entered at another station participating

in the LN and using password entry, that station must generate the default NEK for the

new station and use that NEK with EKS set to Ox00 to encrypt and send the LN' s NEK

and EKS identifier to the new station in a "Set NEK MAC Management entry". The new

station returns a "Confirm NEK MAC Management entry" to the station that sent it the

"Set NEK MAC Management entry". "Set NEK MAC Management entry" is never sent









in cleartext, and if it is received in cleartext, it must be rej ected. The 9 bytes of the "Set

NEK MAC Management entry" data field contain the 1-byte EKS and the corresponding

8-byte NEK. The "Confirm NEK MAC Management entry" has an empty data field.

The EKS value associated with an LN' s NEK must be the same for all stations in the LN.

Standard IEEE 802.1x Port Based Access Control Protocol

Introduction

The original intent of IEEE in introducing the 802. 1X [10] port-based Network

Access Control standard, based on the IETF Extensible Authentication Protocol (EAP)

[3], was to enable LAN infrastructure as a means of authenticating and authorizing

devices attached to them over point-to-point connections. However, as a result of the

vulnerabilities reported in early deployments of 802. 11 Wireless LANs (WLANs),

several vendors have released their own solutions (LEAP, PEAP etc.) based on the

802.1X standard. Since WLANs use shared-media connectivity (see scenario 2 in Figure

1), as opposed to point-to-point connections used over Ethernet switches, several

improvements in using 802.1X for WLANs have been suggested. The IEEE and

Wireless Ethernet Compatibility Alliance (WECA) have also specified the use of IEEE

802.1X for Enhanced Security in WLANs. In view of 802. 1X becoming a key piece in

the LAN security framework, testing for 802.1X support in Ethernet switches and WLAN

Access Points (WLAN-APs) has become an important activity, considering the various

combinations that must be supported to ensure compatibility.

Overview of 802.1X operation

802.1X describes the architectural framework within which the authentication and

consequent actions take place. It supports various authentication methods such as one-

time passwords (EAP-MD5), certificate based authentication (EAP-TLS) and









can be extended for other types of authentication such as SIM-based authentication

(EAP-SIM). 802. 1X describes that systems on the LAN adopt one of the following

distinct roles within an access control interaction:

Authenticator: The port that wishes to enforce authentication before allowing

access to the services accessible via the port adopts the Authenticator role.

Supplicant: The port that wishes to access the services used by the Authenticator' s

system adopts the Supplicant role.

Another system role is described as follows

Authentication Server (AS): The AS performs the authentication functions

necessary to check the credentials of the Supplicant and indicates to the Authenticator

whether the Supplicant is authorized to access the Authenticator' s services. (Remote

Authentication Dial-In User Service (RADIUS) [11] has become the most commonly

implemented protocol between the Authenticator and the Authentication Server, although

802. 1X does not mandate the use of RADIUS.) Though all the three roles are necessary

to complete the authentication process, there can be several variations. In a simplified

system, for example, an Authenticator and an Authentication Server may be co-located

within the same system without the need for an external server. Also, a Port may adopt

the Supplicant role in some exchanges and an Authenticator role in others. The latter

scenario is useful when a WLAN Access Point that has been newly added to the LAN has

to be authenticated by a port of the Ethernet switch before it can authenticate other

WLAN hosts that will connect using its services.









The operation of 802. 1X has the effect of creating two distinct points of access to

the Authenticator (any frame received on the physical port is made available to both

points of access):

Uncontrolled Port: This point of access allows for uncontrolled exchange of

PDUs regardless of the authorization state [10].

Controlled Port: This point of access allows for exchange of PDUs only if the

current state of the Port is authorized.[10].

Suppl icant

Cotole Po


Controlled Port




A4uth~niticator Authentication Server

Figure 3-4 IEEE 802.1x framework

The AuthControlledPortStatus indicates the status of the Controlled Port as being

either authorized or unauthorized. In addition, an AuthControlledPortControl parameter

allows administrator control to set the port as ForceUnauthorized, Auto or

ForceAuthorized. The values of the AuthControlledPortControl parameter for every port

in a system can be overridden by means of the SystemAuthControl parameter. Thus, for

example, setting the SystemAuthControl parameter to 'disabled' causes authentication to

be disabled on all ports and forces all ports to be authorized, while setting it to 'enabled'

causes each port' s authentication status to be controlled in accordance with the value of

the port's AuthControlledPortControl parameter. Finally, any access to the network is

subject to the current administrative and operational state of the MAC. If the MAC is









rendered inoperable, then no protocol exchange of any kind can take place. Though in

secure configurations SystemAuthControl will be set to Enabled and

AuthControlledPortControl will be set to Auto or ForceUnauthorized, the Ethemnet switch

should be tested for all the combinations for the resulting value of

AuthControlledPortStatus.

Authentication framework

When using 802.1X authentication in a LAN, the Station (Supplicant) needs to be

authenticated by the LAN infrastructure (Ethemnet switch). However, this simple scheme

causes a potentially dangerous situation, also called the man-in-the-middle attack, where

an intruder masquerades himself as the Authenticator and gets access to the

Authentication information from the Station. Mitigation of this type of attack requires a

two step authentication first, the workgroup switch is authenticated by the main

Ethernet switch and then the station is authenticated by the workgroup switch.

In WLAN situations, it is necessary to test that mutual authentication (between the

host station and the Authentication Server via the Access Point) is performed correctly.

This is necessary in order to mitigate the rogue-AP scenario, where the AP is introduced

by the intruder to gain access to the host station and then to other stations in the network.

Cisco's LEAP implementation testing is one scenario that uses 802.1X mutual

authentication, though this also includes Cisco's proprietary LEAP algorithm on the

Supplicant and the Authentication Server for computing the password challenge.

Interoperability with the Authentication Server has to be tested to verify that the

authentication procedures are properly implemented.










Key Management

Enhanced privacy, data authentication, and replay protection mechanisms require

fresh cryptographic keys. Hence, IEEE 802.1X's support of automatic key distribution is

used in WLANs. This is another critical component of 802. 1X that needs to be tested.

Among other considerations, it was mentioned in an earlier section that 802.1X's

widespread application results in many more test scenarios. Two other examples of this

are Link Aggregation and VLAN. Since 802.1X acts on physical ports, for testing it with

802.3 and Link Aggregation in Ethernet switches, most implementations require

configuration of ports as unaggregated ports. After authentication, the port can j oin an

aggregate link; similarly unauthorized ports should be forced to leave the aggregate.

Testing with 802.1Q VLANs also works with a similar policy of allowing assignment of

VLANs based on the outcome of the 802.1X authentication. An Ethernet switch port has

to be in the forwarding state during authentication, permitting access to the non-

authenticated LAN. Once authentication has succeeded, a new VLAN-ID is assigned to

the port, while the port remains in the forwarding state.















CHAPTER 4
RADIUS PROTOCOL BASED AUTHENTICATION

In this section, we aim to provide a brief overview of the RADIUS protocol, how it

functions and how the various aspects of its functionality relate to the development of our

authenticating mechanism.

Overview of RADIUS Protocol

Authentication is necessary in order to verify the credentials of the user who is

connecting to the network. RADIUS (Remote Authentication Dial-In User Service) is a

protocol that authenticates remote users against back-end databases, allowing the

administration of all remote users to be done on one system. RADIUS is an industry

standard protocol described in RFCs 2865 [l l] and 2866. RADIUS is used to provide

authentication, authorization, and accounting services. A RADIUS client sends user

credentials and connection parameter information in the form of a RADIUS message to a

RADIUS server. The RADIUS server authenticates and authorizes the RADIUS client

request and sends back a RADIUS message response. RADIUS clients also send

RADIUS accounting messages to RADIUS servers. Additionally, the RADIUS standards

support the use of RADIUS proxies. A RADIUS proxy is a computer that transfers

RADIUS messages between RADIUS-enabled computers.

RADIUS messages are sent as User Datagram Protocol (UDP) messages. UDP

port 1812 is used for RADIUS authentication messages and UDP port 1813 is used for

RADIUS accounting messages. Some network access servers might use UDP port 1645

for RADIUS authentication messages and UDP port 1646 for RADIUS accounting









messages. By default, IAS supports receiving RADIUS messages destined to both sets of

UDP ports. RADIUS is a desirable element in a complete security strategy because it

serves as a trusted third party, providing access control, authentication and authorization

across the information highway.

RFCs 2865 and 2866 define the following RADIUS message types:

Access-Request: Sent by a RADIUS client to request authentication and

authorization for a network access connection attempt.

Access-Accept: Sent by a RADIUS server in response to an Access-Request

message. This message informs the RADIUS client that the connection attempt is

authenticated and authorized.

Access-Reject: Sent by a RADIUS server in response to an Access-Request

message. This message informs the RADIUS client that the connection attempt is

rej ected. A RADIUS server sends this message if either the credentials are not authentic

or the connection attempt is not authorized.

Access-Challenge: Sent by a RADIUS server in response to an Access-Request

message. This message is a challenge to the RADIUS client that requires a response.

Accounting-Request: Sent by a RADIUS client to specify accounting information

for a connection that was accepted.

Accounting-Response: Sent by the RADIUS server in response to the Accounting-

Request message. This message acknowledges the successful receipt and processing of

the Accounting-Request message.

The RADIUS server authenticates a client by acknowledging the clients

demographics typically maintained in a database in the RADIUS server. RADIUS server










can also act as a client to another RADIUS server provided the concerned RADIUS

server lacks the user demographics database. The RADIUS standard supports this

functionality in both homogeneous and heterogeneous environments. RADIUS is a

client-server protocol that enables remote access equipment acting as RADIUS clients to

submit authentication and accounting requests to a RADIUS server In RADIUS, the

Network Access Server which interacts with the end user requesting a connection obtains

authentication information from the user. Once this is done, the Access Server creates an

"Access-Request" with information containing the user' s login name, password, client

ID, port ID, etc. The Access-Request is submitted to the RADIUS server.

Once the RADIUS server receives the request, it validates the sending client by

matching the user information against a database of users. If there is no match, the

RADIUS server sends an "Access-Rej ect" response to notify the Access Server that the

user request is invalid. If there is a match, the RADIUS server sends an "Access-

Challenge" response.

When the Access Server receives the Access-Challenge response, it may, if

necessary, request more information from the user. Once this is provided and sent back

to the RADIUS server, and once all the conditions are met, the configuration values for

the user are placed in an "Access-Accept" response, and these include the type of service

and all other necessary values.

A RADIUS message consists of a RADIUS header and RADIUS attributes. Each

RADIUS attribute specifies a piece of information about the connection attempt. For

example, there are RADIUS attributes for the user name, the user password, the type of

service requested by the user, and the IP address of the access server. RADIUS attributes









are used to convey information between RADIUS clients, RADIUS proxies, and

RADIUS servers. For example, the list of attributes in the Access-Request message

includes information about the user credentials and the parameters of the connection

attempt. In contrast, the list of attributes in the Access-Accept message includes

information about the type of connection that can be made, connection constraints, and

any vendor-specific attributes (VSAs).

To provide security for RADIUS messages, the RADIUS client and the RADIUS

server are configured with a common shared secret. The shared secret is used to secure

RADIUS traffic and is commonly configured as a text string on both the RADIUS client

and server.

EAP

EAP (Extensible Authentication Protocol) is a protocol that defines the

authentication mechanism on PPP (Point-to-Point Protocol) links [12]. By default, PPP

does not include an authentication mechanism, and EAP fills the gap. EAP is a general

protocol for PPP authentication that supports multiple authentication mechanisms, and it

works over dedicated links, switched circuits, wired as well as wireless links.

EAP allows multiple authentication protocols to be used by selecting an

authentication mechanism at the Authentication phase, and not the Link Control phase, of

the PPP initiation [12].

In EAP, after the link establishment phase is complete, the authenticator typically

sends initial Identity Requests followed by one or more Requests to authenticate the

client. The client sends a Response packet to each request. Both the Request and

Response packets contain a type field that corresponds to the type of the Request. The

authenticator ends the authentication phase by sending a Success or Failure packet.










Ill






Figur 4-1EAP Achitctur



Types of EAP
There are six types of Request/Response exchanges documented in the RFC for
EAP [12]. The first three types, considered special case types, are Identity, Notification
and Nak (response-only). The remaining authentication exchanges are MD5-Challenge,
One-Time Password (OTP) and Generic Token Card.
EAP MD5
Using EAP MD5, a RADIUS server authenticates clients by verifying an MD5
hash of the password. This is reasonable for trusted Ethernets where there is low risk of
an outside attack, but it is not suitable for public or wireless LANs because hackers will
be able to easily sniff identities and password hashes.









EAP TLS

EAP-TLS [13] is the only standard secure option for wireless LANs at this time. In

this protocol, both the station and RADIUS server have to prove their identities via public

key cryptography, using digital certificates or smart cards.

EAP over RADIUS

In our proj ect, we aim to use EAP authentication using RADIUS. EAP support is

provided in RADIUS, and it is done through two new RADIUS attributes called EAP-

Message and Message-Authenticator. In RADIUS/EAP, RADIUS is used to transfer

EAP messages that are encapsulated by RADIUS to the authenticator.

The authentication begins with the peer (the remote computer requesting the

authentication) and the NAS (Network Access Server) negotiating the use of EAP. Once

EAP has been negotiated, the NAS sends an initial EAP-Request message to the peer.

The peer replies with an EAP-Response. The NAS may determine if the peer is local and

proceed with local authentication, or it could act as a pass-through, encapsulating the

EAP-Response within EAP-Message attributes sent to the RADIUS server. The NAS

serves to decapsulate EAP-Message attributes and encapsulate EAP-Response messages.

On receiving a correct Access-Request packet, the RADIUS server responds with a

Access-Challenge packet (if it supports EAP). This conversation continues until the

RADIUS server issues an Access-Accept or an Access-Rej ect.

Authentication Scheme Using EAP RADIUS IEEE 802.1x

In this section, we attempt to detail how the IEEE 802.1x authentication works with

EAP and RADIUS to authenticate and control user traffic.

The IEEE 802.1Ix architecture consists of three key components [10]:

1. Supplicant: The client that has to be authenticated









2. Authentication server: Usually a RADIUS server

3. Authenticator: Usually a wireless access point

The key authentication protocol used is called EAP over LAN (EAPOL). It was

defined particularly for the 802.11 wireless protocol. The EAPOL protocol provides

effective authentication regardless of whether WEP keys are enabled or not. EAPOL is a

delivery mechanism and needs to be used with EAP-TLS (EAP Transport Layer Security)

or EAP-TTLS (EAP Tunneled Transport Layer Security), which define how

authentication takes place.

The IEEE 802.1x protocol operates as follows: the Supplicant sends an "EAP-

Response/Identity" packet to the Authenticator, which is sent to the authentication server.

The authentication server sends back a challenge to the authenticator, which then unpacks

it from IP, repackages it into EAPOL and sends it to the supplicant.

The supplicant responds to the challenge via the authenticator and passes the

response onto the authentication server. The client' s identity can be verified via digital

certificates or other EAP authentication types.

If the supplicant has successfully identified itself, the authentication server

responds with a success message, which is sent to the supplicant. The authenticator then

opens the port for the supplicant to access the LAN based on the attributes that come

back from the authentication server.

The following is the EAP-TLS authentication process for a wireless client

authenticating to a wireless AP configured to use a RADIUS server as its authentication

server [8, 13].

Step 1: Association and request for identity: If the wireless AP observes a new

wireless client associating with it, the wireless AP transmits an EAP-Request/Identity









message to the wireless client. Alternately, when a wireless client associates with a new

wireless AP, it transmits an EAP-Start message. If the IEEE 802. 1X process on the

wireless AP receives an EAP-Start message from a wireless client, it transmits an EAP-

Request/Identity message to the wireless client.

Step 2: EAP-Response/Identity response. If there is no user logged on to the

wireless client, it transmits an EAP-Response/Identity containing the computer name.

For Windows wireless clients, the FQDN of the computer account is sent. If there is a

user logged on to the wireless client, it transmits an EAP-Response/Identity containing

the user name. For Windows wireless clients, the UPN of the user account is sent.

The wireless AP forwards the EAP-Response/Identity message to the RADIUS

server in the form of a RADIUS Access-Request message.

Step 3: EAP-Request from RADIUS server (Start TLS). The RADIUS server

sends a RADIUS Access-Challenge message containing an EAP-Request message with

the EAP-Type set to EAP-TLS, requesting a start to the TLS authentication process.

The wireless AP forwards the EAP message to the wireless client.

Step 4: EAP-Response from the wireless client (TLS Client Hello). The wireless

client sends an EAP-Response message with the EAP-Type set to EAP-TLS, indicating

the TLS client hello. The wireless AP forwards the EAP message to the RADIUS server

in the form of a RADIUS Access-Request message.

Step 5: EAP Request from RADIUS server (RADIUS Server's Certificate).

The RADIUS server sends a RADIUS Access-Challenge message containing an EAP-

Request message with the EAP-Type set to EAP-TLS, and includes the RADIUS server' s

certificate chain. The wireless AP forwards the EAP message to the wireless client.










Step 6: EAP-Response from the wireless client (Wireless Client's Certificate). The

wireless client sends an EAP-Response message with the EAP-Type set to EAP-TLS, and

includes the wireless client' s certificate chain. The wireless AP forwards the EAP

message to the RADIUS server in the form of a RADIUS Access-Request message.

Step 7: EAP-Request from RADIUS server (Cipher suite, TLS complete). The

RADIUS server sends an EAP-Request message with the EAP-Type set to EAP-TLS,

and includes the cipher suite and an indication that TLS authentication message

exchanges are complete. The wireless AP forwards the EAP message to the wireless

client.

Step 8: EAP-Response from the wireless client. The wireless client sends an EAP-

Response message with the EAP-Type set to EAP-TLS. The wireless AP forwards the

EAP message to the RADIUS server in the form of a RADIUS Access-Request message.

Step 9: EAP-Success from RADIUS server. The RADIUS server derives the per-client

unicast session key and the signing key from the keying material that is a result of the

EAP-TLS authentication process. Next, the RADIUS server sends a RADIUS Access-

Accept message containing an EAP-Success message and the MPPE-Send-Key and

MPPE-Recy-Key attributes to the wireless AP.

The wireless AP uses the key encrypted in the MS-MPPE-Send-Key attribute as the

per-client unicast session key for data transmissions to the wireless client (truncated to

the appropriate WEP key length). The wireless AP uses the key encrypted in the MS-

MPPE-Recy-Key attribute as a signing key for data transmissions to the wireless client

that require signing (truncated to the appropriate WEP key length).









The wireless client derives the per-client unicast session key (the same value as the

decrypted MS-MPPE-Send-Key attribute in the RADIUS message sent to the wireless

AP) and the signing key (the same value as the decrypted MS-MPPE-Recy-Key attribute

in the RADIUS message sent to the wireless AP) from the keying material that is

obtained as a result of the EAP-TLS authentication process. Therefore, both the wireless

AP and the wireless client are using the same keys for both the encryption and signing of

unicast data. The wireless AP, on receiving the RADIUS server message, forwards the

EAP-Success message to the wireless client. The EAP message does not contain the per-

station unicast session or signing keys.

Step 10: Multicast/global encryption key exchanged to the wireless client.

The wireless AP derives the multicast/global encryption key by generating a

random number or by selecting it from a previously set value. Next, the wireless AP

sends an EAP over LAN (EAPOL)-Key- message to the wireless client containing the

multicast/global key that is encrypted using the per-client unicast session key.

The Key field of the IEEE 802. 1X EAPOL-Key message is RC4-encrypted using

the per-client unicast session key. Portions of the message are signed with HMAC-

MD5 using the per-client unicast signing key.

Upon receiving the EAPOL-Key message, the wireless client uses the per-client

unicast session key to verify the signed portions of the EAPOL-Key message and decrypt

the multicast/global key. Next, the wireless LAN network adapter driver indicates the

per-client unicast session key, the per-client unicast signing key, and the multicast/global

key to the wireless LAN network adapter. After the keys have been designated, the









wireless client begins protocol configuration using the wireless adapter (such as using

DHCP to obtain an IP address configuration).

When the wireless AP changes the multicast/global key, it generates and sends

EAPOL-Key messages to its connected wireless clients. Each EAPOL-Key message

contains the new multicast/global key encrypted with the particular wireless client' s per-

client unicast session key.



















































6. EAP-Respronse


9. EAP-Suce~kss





10. Multicast/gloal Isey


iRADIUlSAccess-Requuest


MI


RADIU S Pccss-Re ques1


R~aDIUS Acrcess- t rollle n.


EAP PcL. Key


RAD IUS
E/P-Slall ggygyF
1. A~ssciation and request; fr .idr~entity
EA~P FPaQuest.dr.T1.t



EnPRelsponseidentary


E;P-Reques1 Slart TLS a, tiar Cliu~




EAP-Re upw cal : TLS C limri M ec0
RbaDIUSrrceassRequs1 d WP"R smM




R A D U S c c e s -C all n g e5 E A P5 R eq u e s t~
EAP- Request: TLS Certiicate



EA~rP-enspoe: TLSCelirlicate


EAF -R quest: Ciphesr suit, T LS complete 7. EAP-Request




RADIUS Accss-Requesl 8. EAIP-Reosponse




iRADIUS Accss~-Accept


Figure 4-2 EAP-TLS over RADIUS


2. ICiGnity FOSpQnSO









System Benefits of EAP RADIUS IEEE 802.1x

EAP, RADIUS and IEEE 802.1x authentication and security mechanisms are

important for our research, because these are the most prevalent and easily used products

to provide authentication and security features to our wireless and power line networks.

EAP and RADIUS provide features to authenticate users by enabling the users to

identify and be authenticated by the authenticating servers. While EAP serves as the

protocol to authenticate the user, RADIUS functions as the authenticating server to verify

that the user/client belongs to the list that is allowed access.

In addition, IEEE 802.1x uses these two features to provide authentication to

wireless networks. In our paper, we also show how IEEE 802.1x can be used to extend

this authentication mechanism to power line networks.

IEEE 802.1Ix, EAP and RADIUS also serve the function of providing security

mechanisms by encrypting all packets that are sent over the network if TLS is used

alongside the authentication.

Security Overview of EAP TLS

EAP-TLS provides two levels of security for the WLAN network: mutual

authentication and Dynamic WEP support. EAP-TLS [13] uses Public Key Infrastructure

(PKI) components, such as a WLAN client with a valid certificate and the

Authentication, Authorization and Accounting (AAA) server with a server certificate.

Trust is ensured by the fact that data is encrypted using the public/private keys, and also a

certification authority (if necessary in most cases, trust can be established by using

internal self-generated keys and certificates).

Trust can be established by configuring one root certification authority (which can

be an internally generated certificate). This enables the client to trust the server. For the










server to trust the client, the client has to have a certificate generated by the root

certification authority, given that the name in the certificate corresponds to the username,

and the username is found in one of the databases that corresponds to EAP.















CHAPTER 5
AUTHENTICATION INT PLC WIFI

PLC WiFi Last Mile Broadband Internet System

The basic HomePlug 1.0 Protocol provides a solution for in-home networking, with

Internet access still provided via DSL or cable modems. PLC Internet access seeks to

extend the PLC channel all the way from the individual sockets within the home to

Internet gateways located on the power line grid. For example, medium voltage power

lines can be extended to carry PLC signals. This is possible by introducing a substation

bridging device (SBD) in between the Internet IP backbone network and the power grid

which will make the power grid 'live' in terms of the Internet. SBD, as the name

suggests, will bridge the MV substation with multiple MV lines to the IP Internet

backbone. MV lines can be further connected to repeater devices. MV bridging devices

(MVBD) are then used to provide a data link between the LV and MV lines. Gateway

Devices (GD) at the customer's premises has the authenticator interface. It places the

data on the LV lines, which then connects to all the electrical outlets in the house. In

addition to supporting the HomePlug protocols, the GD can also support WiFi to enable

in-house wireless networking. In this latter case, the PLC is used as the long-haul data

link and the connection to the home is via WiFi.

All the PLC networking devices can support simple network management protocol

(SNMP) and services to enable network monitoring and management. Routers,

gateways, high speed network switches and other networking devices should be

customized to suit the power line distribution grid architecture. Figure 5-1 shows










the medium voltage lines are stepped down to low voltage lines at the distribution

transformer. The low voltage lines emanating from this distribution transformer lead to

the individual homes and finally to the electrical outlets. The issue to be addressed at the

distribution transformer is whether to either bypass the step down transformer completely

or let the signal pass through the transformer to the LV line and then to the house where it

is connected to the GD. The advantages of bypassing the transformers are its low costs,

ease of installation and maintenance.




PLC WTiFi interface WiFi
IP Backb~one Network tasevrIsalto



Customer- Premise
SBD ~Irm II MV Distr-ibution HomePlug Modem
tr-ansfonuer- Installatio
0030000000 MVBD Integration


Ge~~lerator Substation I m C[ [I 1





Figure 5-1 Broadband power line Internet access.

Another option is to completely bypass the substation and eliminate the SBD. The

PLC network would then be bridged to the IP network backbone at the MV lines through

the MVBD. WiFi transceivers can be installed at the LV transformer pole. At the home

site, WiFi can be again bridged with a WiFi-HomePlug access point and thus Internet

access can be provided to every electrical outlet as well as to WiFi devices. This enables










the distribution of broadband Internet effectively through WiFi, thus creating a WiFi

hotspot near the transformer site. This mechanism is adapted by Amperion Corporation.

In the above solution involving WiFi, the transformer site will host the

administration gateway and employ an SNMP agent to manage the network. These

administrative gateways support 802.1x and EAP over RADIUS for authenticating the

end user. The gateway will act as an Authenticator in 802.1x terminology. To provide

home networking using hybrid PLC and WiFi in every corner of the home and through

every electrical plug, a PLC-WiFi access point or router is installed at the customer

premises.

PLC Setup and Authentication

In order to set up an authentication mechanism for the PLC network, we need to

consider the design of the network.

As discussed in the previous section, it is possible to integrate the authentication

switch with the transformer. However, such a setup is complicated and beyond our

current means to implement. This also becomes more expensive because of the need to

install decouplers in order to separate the power line data signals from the regular power

voltages. If such decouplers are not installed, the power line data signals would be lost

when the high-voltage power is transformed to low-voltage power at the transformer.

Another means of implementing the authentication setup, albeit in a simpler

fashion, would be to separate the authentication switch from the transformer. In this

case, the homes would be connected to the transformer through regular low voltage lines,

while the low voltage lines pass through an authentication switch while bypassing the

transformer. To achieve this, the low voltage lines are terminated in PLC modems and

the PLC modems connect to the Ethernet ports of the switch.










The other end of the authenticating switch is connected over the power line and

eventually through PLC networks to the router that is connected to the RADIUS server,

and thus the outside world can authenticate the client.

Hence, the entire authentication system is proposed to be setup as follows:

1. The clients connect via the PLC modem and the power line to the authenticating
switch.

2 The authentication switch is connected to the home clients via multiple PLC
modems.

3. The authentication switch is connected on the other end to another PLC modem,
which is connected to the power line, to another PLC modem, and from there on to
the router.

4. The router is connected to the outside network, as well as to the RADIUS server
that can authenticate the clients.

We propose to set up the authentication system for the power line networks in a

manner similar to how an 802. 11 wireless network is set up. We would thus use IEEE

802.1x authentication protocols, EAPOL and RADIUS, over the power line network,

using the same mechanism as the wireless network.

Hence, the authentication mechanism works as follows: the client sends EAP-

Response packets to the authenticating switch, which is forwarded over the power line

network to the router, which then forwards it over the Ethernet network to the RADIUS

server.

The router sends back a challenge to the router, which repackages the challenge

into EAPOL packets and sends the challenge packets over the power line networks to the

switch, which then forwards it to the client.

The client responds to the challenge via the switch, which passes the response to

the router via the power line. The router then forwards the EAP response to the RADIUS










server using the regular Ethernet network. If identification is successful, the RADIUS

server responds with a Success message, which is passed on to the router and then to the

switch via the power line network. The switch then opens the port for the client to access

the Internet through the power line.

Low Vol~tage Line PLC

=, LIC Al~leiural \ nlila Line~


HonelP~lure Modem~
HomeCI-lug Al adeni PlL( rl 802.37
802.3 to PC Transformecr
802.3 802.3 Auth-enticating
Switch Bypasses
Transformer

803.2 Authenticalting Switch

Figure 5-2 PLC authenticator transformer mount

It can be seen from this setup that the authentication of power line networks can be

done in exactly the same way as the wireless 802.1Ix authentication mechanism.

The only difference between the wireless and power line networks is that the

wireless network accesses the authenticating switch via a wireless medium and the rest of

the connection is a wired link. However, in the case of our setup for authenticating

power line networks, we are connecting the clients to the switch via a power line and the

switch is further connected to the router and the Internet again via the power line.

In terms of the operation and mechanism for authentication, authorization and

accounting, the 802.1Ix protocol for power line networks works in pretty much the same

way as the 802.1x protocol for wireless networks. The authentication is performed using

EAPOL over power lines rather than wireless, as well as the RADIUS server. The switch

uses information from the RADIUS server to authorize clients to use the power line










network, and accounting is performed using the RADIUS server (Figure 5-3).











EAIP RADIUS

Authentication
802 3[UEAP] PLC[802 ?[EAP] 1 switch jPLC[802 S[RcrDIUJSI PLC[802.3[RADIUS]]
liAP RADI1US
i N !I AUCTION


Figure 5-3 EAP RADIUS for PLC.

* PC to PLC Modem: The EAP packets are on 802.3 LLC

* PLC Modem to Authenticating Switch: The 802.3 packet is adapted to PLC packet
by the PLC modem

* Authentication is performed by the IEEE 802.1x enabled Authentication Switch.
EAP RADIUS is used.

AAA System Setup and Demonstration

The crucial components in the AAA system based on the IEEE 802.1x are

described in the following section. This describes the system that we set up in our lab for

the purpose of demonstrating the AAA system based on IEEE 802.1Ix. The system

configuration is

Windows XP based Supplicant with Linksys Wireless PCI Card, WMPl l, driver

version 1.7.29.1032.

LinksysWRT540G wireless access point with the latest firmware updates as the

Authenticator.





i LI :


-o 9. 1 .l..}I I 111I l:1- 1,.-1 .1 I, 11, l y I I I J
tr -L


74


*FreeRADIUS server, CVS version 04/15/2002 on an Intel Pentium 3 based PC

running Red Hat Linux 9.as the Authentication Server.


Supplicant Setup

The supplicant initiates the request for authentication. Typically the supplicant can

be a computer, a smart phone or a personal digital assistant with an IEEE 802.1x client

software. This setup uses Microsoft' s implementation of the IEEE 802.1Ix client for the

Windows XP operating system. This client is configured for use ofEAP TLS based

authentication scheme. The process of setting up the client is illustrated in the following

figures .


.i' wimi~iesl` idtwori~ i cn neci ian''rope rties

I~~~II ...l~ "' :' j!3!
I I I.-j~- I ~-~ I I l~


Figure 5-4 Wireless Network Connection Properties





li*iJ


siQ Vriireles~ I(eeiv~rk Connection


I;


Figure 5-5 Authentication Setup


Figure 5-5 shows that IEEE 802.1x authentication is selected. The next figure


lists the properties tag of the authentication type.


15T properlies




.. I. E11..-....-1...I :.1

BE..stle1511 .1EE.':_~ 1j'i. l.s..: j'..:..I:,' al, .-' .1

EAP type: Smart Card brother Certificate v

SProperties

OAuthenticate as computer wyhen computer Information is available

[]Authenticate as guest wyhen user or computer information is
unavailable







SOK jl Cancel







76







5rnarl Crd or otherCarii~ErrlifiaePropete

/-hen connecting:
O use my smart card
O Use a certificate on this computer
O Use simple! certificate selection (Recommended)

-- Validate server certificate

O Connect to these servers:


Trusted Root Certification A~uthorities:
0 http://wwwru.valicert. com/
0 http://wwwru.valicert. com/
0 http://wwwru.valicert. com/
O IPS SERVIDORES
O MicosoT Ro uhr
O Microsoft RootCeiiae Authority
O NetLock Expressz (Class C) Tanusitvanykiado


Viewu Certificate

SUse a different user name for the connection

SOK 1Cancel]


Figure 5-6 Certifieate Setup

Figure 5-6 shows how to add the LIST root certificate as the trusted root


certificate for validation of the certificates.










Carlificale T?I


Issued to: anuj

Issued by: LIST

Valid from 6/16/2004 to 6/16/2005
'{ You have a private key that corresponds to this certificate.

1ssuer Statement

O K ~


O.I ..
I Certificate Information


This certificate is intended for the following purposess:
Proves your identity to a remote computer


Figure 5-7 User Certificate












Geneal Deail ICertification Path

Show:

Field Value r
did fromWednesday, June 16, 2004 4:...
a llid to Thursday, June 16, 2005 4:33...
S subject munli~ufl~eclu, anuj, PLC res... -
SPublic key R5A (1024 Bits)

Thumbprint algorithm shal
SThumbprint c3 le c7 2b 25 fa CO a8 a5 11 ...


CletAuthentication (1.3.6.1.5.5.7.3.2)








IEclit Propertiesl...I Copy toFile...

SOK


Figure 5-8 Certificate properties (EKU)

The extended key usage is used with X.509 certificates in order to give a purpose

for the key. In our case, the purpose is client authentication. This is indicated by setting

the EKU to 1.3.6.1.5.5.7.3.2 (for the client certificate). The root certificate must have an

EKU of 1.3.6. 1.5.5.7.3.1 to indicate that it is being used for client authentication as well.







79


Authenticator Setup













Security Mode IRADIUS
RACOS SrverU

RADIUS Port
Shared Key
Dfault Transmit 1O 2
WVEP Encryption 1218 b ts 26 hex dig ts
Pa sphrase ~G n rt
Keyl 2187A7 BF909E07
Key2 3580 99260A 5F6E
KeyS 4C004A7 F53 B14B








Figure 5-9 Linksys Access Point Setup

The Linksys AP is configured for wireless security with RADIUS server. This


option facilitates the interaction of the AP with the RADIUS server.

Authentication Server Setup

The Authentication server is installed on a Red Hat Linux 9 based PC.


FreeRADIUS server is installed and the EAP/TLS module is optimized for operation.


OpenSSL (www.openssl.com) is used for generating the certificates and its libraries are

used for certificate validation /revocation issues.


Following are the command line instructions for installing OpenSSL


mkdir -p /usr/sre/802/openss1
ed /usr/sre/802/openss1
neftpget ftp://ftp.openssl.org/snapshot/openssl-SNA-0227trg










tar zxvf openssl-SNAP-20020227.tar.gz
cd openssl-SNAP-20020227
./config shared --prefix=/usr/locallopenss1
make
make install


The FreeRADIUS server is downloadable from the website www.freeRADIUS.org

and it can be installed on the Linux machine by issuing the following commands

mkdir -p /usr/src/802/RADIUS
cd /usr/src/802/RADIUS
cvs -d :pserver:anoncvs@cvs.freeRADIUS.org:/sourc login
CVS password: anoncy
evs -d : server:anoncvs@cvs.freeRADIUS.or source c checkout RADIUSd
ed RADIUSd
./configure --prefix=/usr/local/freeRADIUS


The scripts to be included in the SSL conf files and the certificate generating scripts

are supplied in Appendix B. The certificates should be distributed "out of band", which

means that the certificate should be installed in the client before Internet access can be

gained by the authenticating client.

The Appendix B also has a list of the key configuration files needed for smooth

operation of the FreeRADIUS server.

The setup is summarized by the following diagram.








Linksys WRT54G; Acess Point.
LAN IP: 192.168.1.1 IBM Think Centre:
TIhinkpad T'42 WAN IP: 128.227. 120.41 FreeRADIEUS server on Red Hat Linux
IP address: 19)2.168.1.102 RADIUS server lP 9.
128.227.120.45 IP address 128.227.120.45


Figure 5-10 AAA system setup















CHAPTER 6
CONCLUSION

PLC technologies have tremendous potential for growth in providing a networking

infrastructure to support smart environments such as the smart home. Research is being

conducted to improve the PLC channel utilization and make PLC networks faster, more

robust and reliable. PLC networking can provide a robust and high speed backbone

network to achieve seamless connectivity. However, the absence of user level

authentication and its associated security in PLC networking is a maj or obstacle in the

widespread deployment of this technology for the purpose of consumer broadband

Internet. This is also the primary reason for the technology's low acceptance in the

corporate sector.

WiFi and PLC both have an open, shared channel. This calls for a robust AAA

architecture that we have implemented, to increase the acceptance of these technologies

for broadband Internet access and a corporate network backbone. WiFi, along with

802.1x, is showing tremendous promise and many corporations have accepted it as the

standard security mechanism for deployment of wireless LANs at public hotspots and

corporate premises.

Many startup companies have based their businesses on the idea of 802.1Ix-enabled

WiFi access points and its associated software for AAA and management of WiFi

deployment. IEEE 802.11ii is the next WiFi standard which mandates the use of IEEE

802.1x and eventually all vendors dealing with WiFi equipment have to incorporate these

security features. To make the migration path from the current WiFi to IEEE 802.11ii









standards simple, an interim standard called WiFi protected access (WPA) is introduced.

Current WiFi equipment can and should support WPA with just a firmware upgrade

provided by equipment vendors. This has lead to a revived popularity of WiFi.

In order to make PLC a strong contender in providing last mile broadband Internet

access, measures such as introducing a ratified standard for AAA in future PLC protocols

is called for. This thesis presents an AAA framework to deploy secure PLC Internet

based on IEEE 802.1x over IEEE 802.3. This solution exploits the protocol adaptation of

HomePlug 1.0 protocol. This enables the use of Ethernet based wide area networking

and its associated security features to be incorporated while using the PLC physical layer.

This thesis has demonstrated a feasible solution to include AAA mechanism in

WiFi and has also provided a feasibility study of a similar solution for the PLC based

networks. With refinement in the implementation to handle a busy traffic load, this

system is ready for deployment. Thus, PLC WiFi based broadband Internet can

become a reality in the future.

While this thesis has presented a mechanism for AAA in PLC networks and a

solution to deploy PLC-WiFi based broadband Internet, work is necessary for

incorporating the features of IEEE 802.1Ix into PLC based products, such as

authenticators, routers, etc. that enable the deployment of secure PLC based networks.

The thesis demonstrates a proof-of-concept setup. Practical deployment may

involve in-depth analysis of throughput considerations and link quality after deployment

and setup of the requisite equipment for enabling long-haul data communications over the

PLC with a robust security framework..















APPENDIX A
HOW UF WIRELESS WORKS

The wireless LAN deployment on the University of Florida (UF) campus is one of

the largest deployments of WiFi networking services. WiFi services are only available to

registered students, staff and faculty of UF. The validity of users is asserted by verifying

a valid Gatorlink account username and password. (Gatorlink is the official name given

to the service that allows students, staff and faculty of UF to access UF computing

services.) This Gatorlink username and password database is maintained on a RADIUS

server by UF Network Services.

This system of providing WiFi services to authenticated users is called Walk In

Port Authentication (WIPA) system. There is an aggregation of all the AP's connected to

the DS into an authenticating router provided by BlueSocket Inc. This authenticating

router performs multiple roles of a NAS router, a DHCP server and also as a gateway.

The following steps occur when a client requests an association with an AP.

1. The client scans the available wireless networks and the user selects the wireless

network with SSID as "ufw". At this point, the client gets associated with the AP. UFW

is insecure in the sense that there is no question of key exchange and its associated issues

in data encryption. Open authentication is used by UFW and no WEP settings are

enabled in the AP's that relay the wireless signal.

2. The client is associated with the AP and it is leased a restricted IP address. This

IP address only allows port 80 traffic. All port 80 traffic is directed to a secure website

hosted by UF Network Services. This website engages an https session (SSL secured










session) and performs certificate exchange. The certificates are exchanged for SSL

transaction and this is not a means of authentication.

3. On the login screen, the user is prompted to provide his username and password.

These credentials form the RADIUS Access request message and it is sent by the

authenticating router to the AS i.e. a RADIUS server. If the credentials are valid, a

RADIUS Accept message is relayed to the authenticating router and the router lifts all the

sanctions on the IP address that was leased to the client. Now the client can avail of all

the services of the network. The router essentially frees all the ports of the leased IP

address and the client is now associated on the transport layer.

The transport layer services are denied on failure of credentials verification and the

restricted leased IP address is disassociated from the client.

This is a convenient scheme for providing restricted WiFi access but there is a great

risk of compromising data in this implementation.
















APPENDIX B
SOURCE CODE FOR ASSOCIATED SCRIPTS

This appendix provides the source code of the associated scripts that are used to
configure the RADIUS server. The scripts to generate the certificates are also provided
in this appendix.

EAP Module Configuration Script

Eap. conf

eap {
# Invoke the default supported EAP type when
# EAP-Identity response is received.

# The incoming EAP messages DO NOT specify which EAP
# type they will be using, so it MUST be set here.

# For now, only one default EAP type may be used at a time.

# If the EAP-Type attribute is set by another module,
# then that EAP type takes precedence over the
# default type configured here.

default~eap_type = tls
# A list is maintained to correlate EAP-Response
# packets with EAP-Request packets. After a
# configurable length of time, entries in the list
# expire, and are deleted.

timer~expire = 60

# There are many EAP types, but the server has support
# for only a limited subset. If the server receives
# a request for an EAP type it does not support, then
# it normally rejects the request. By setting this
# configuration to "yes", you can tell the server to
# instead keep processing the request. Another module
# MUST then be configured to proxy the request to
# another RADIUS server which supports that EAP type.

# If another module is NOT configured to handle the
# request, then the request will still end up being
# rejected.
ignore~unknown~eap_types = no

# Cisco AP1230B firmware 12.2(13) JA1 has a bug. When given
# a User-Name attribute in an Access-Accept, it copies one











# more bvte than it should.

# We can work around it by configurably adding an extra
# zero bvte.
cisco_accounting~username~bug = no

# Supported EAP-types

## EAP-TLS

# The documents onl Ilulp w\ \\ \ .freeRADIUS.org/doc
# are old, but may be helpful.

# See also:

# http://www.dslreports.com/forum/remark,9262~oefa

tls [
private kevpassword = whatever
privatekey~file = /usr/src/802/certificate/cert-srv.pem

# If Private ker & Certificate are located in
# the same file, then private~key~fle &
# certificate file must contain the same file
# name.
#certificate~file = $ (raddbdirj /certs/cert-srv.

certificate~file = /usr/src/802/certificate/cert-srv.pem

# Trusted Root CA list
#CA~file = $ [ raddbdir) /certs/demo CA/cacert.pem

CA~file = /usr/src/802/certificate/demo CA/cacert.pem

#dh~file = $(raddbdir)/certs/dh
#random~file = $ (raddbdirj /certs/random

dh file = /usr/src/802/certificate/DH
random file = /usr/src/802/certificate/random


# This can never exceed the size of a RADIUS
# packet (4096 bytes), and is preferably half
# that, to accommodate other attributes in
# RADIUS packet. On most APs the MAX packet
# length is configured between 1500 1600
# In these cases, fragment size should be
# 1024 or less.

fragment~size = 1024

# include_1ength is a flag which is
# by default set to ves If set to
# yes, Total Length of the message is
# included in EVERY packet we send.
# If set to no, Total Length of the











# message is included ONLY in the
# First packet of a fragment series.

include_1ength = yes

# Check the Certificate Revocation List

# 1) Copy CA certificates and CRLs to same directory.
# 2) Execute 'c_rehash '
# 'c_rehash' is OpenSSL's command.
# 3) Add 'CA_path='
# to RADIUSd.confs tls section.
# 4) uncomment the line below.
# 5) Restart RADIUSd
#check~crl = yes


# If check cert cn is set, the value will
# be xlat'ed and checked against the CN
# in the client certificate. If the values
# do not match, the certificate verification
# will fail rejecting the user.

check certc n= %{User-Name}





clients.conf Client configuration directives

The following script is used to manage the access clients, i.e. the authenticators.






# Definition of a RADIUS client (usually a NAS).

# The information given here over rides anything given in the
# 'clients' file, or in the 'naslist' file. The configuration here
# contains all of the information from those two files, and allows
# for more configuration items.

# The "shortname" is be used for logging. The "nastype", loginn" and
# "password" fields are mainly used for checkrad and are optional.



# Defines a RADIUS client. The format is 'client [hostnamelip-address]'

# '127.0.0.1' is another name for 'localhost'. It is enabled by default,
# to allow testing of the server after an initial installation. If you
# are not going to be permitting RADIUS queries from localhost, we suggest
# that you delete, or comment out, this entry.











client 127.0.0.1 {

# The shared secret use to "encrypt" and "sign" packets between
# the NAS and FreeRADIUS. You MUST change this secret from the
# default, otherwise it's not a secret any more!

# The secret can be any string, up to 32 characters in length,


testingl23


secret


# The short name is used as an alias for the fully qualified
# domain name, or the IP address.


shortname


localhost


# the following three fields are optional, but may be used by
# checkrad.pl for simultaneous use checks



# The nastype tells 'checkrad.pl' which NAS-specific method to
# use to query the NAS for simultaneous use.

# Permitted NAS types are:

# cisco
# computone
# livingston
# max40xx
# multitech
# netserver
# pathras
# patton
# portslave


usrluper
other


# for all other types


nastype = other# localhost isn't usually a NAS...


# The following two configurations are for future use.
# The 'naspasswd' file is currently used to store the NAS
# login name and password, which is used by checkrad.pl
# when querying the NAS for simultaneous use.

# login = !root
# password = someadminpas


#client some.host.org {
# secret = testingl23
# shortname = localhost














# You can now specify one secret for a network of clients.
# When a client request comes in, the BEST match is chosen.
# i.e. The entry from the smallest possible network.

client 128.227.120.41{
secret = whatever
shortname = listrouter




Client certificate generator

This is a BASH shell script to generate the client certificates. It uses the OpenSSL

libraries and binaries, as well as the pre-generated root digital certificate to sign the client

certificate.

SSL=/usr/local/openss1
export PATH=${ SSL}/bin/:${ SSL}/ssl/misc:${ PATH}
export LDLIBRARYPATH=${ SSL}/lib
echo The 'client-certificate-gen' script is being executed...

# Request a new PKCS#10 certificate.
# First, newreq.pem will be overwritten with the new certificate request
openssl req -new -keyout newreq.pem -out newreq.pem -days 1 -passin pass:$1 -passout pass:$1 -
config fr~config.conf

# Sign the certificate request. The policy is defined in the openssl.cnf file.
# The request generated in the previous step is specified with the
# -infiles option and the output is in newcert.pem
# The -extensions option is necessary to add the OID for the extended
# key for client authentication
openss1 ca -policy policy anything -out newcert.pem -passin pass:$1 -key whatever -days 1 -batch
-extensions xpclient~ext -extfile xpextensions -infiles newreq.pem

# Create a PKCS#12 file from the new certificate and its private key
# found in newreq.pem and place in file cert-clt.pl2
openssl pkcsl2 -export -in newcert.pem -inkey newreq.pem -out cert-clt.pl2 -clcerts -passin
pass:$1 -passout pass:$1

# Parse the PKCS#12 file just created and produce a PEM format certificate
# and key in cert-clt.pem
# openssl pkcsl2 -in cert-clt.pl2 -out cert-clt.pem -passin pass:$1 -passout pass:$1
# Convert certificate from PEM format to DER format
# openss1 x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der
#clean up
rm newcert.pem newreq.pem