The Extensible Authentication protocol (EAP), is the main component of the standard AAA (Authentication Authorization and Accounting) framework for network access control. AAA frameworks support cross-domain authentication that enables a certain access network to authenticate a roaming client that belongs to a remote network. The cross-domain authentication requires message exchange between the AAA server of the visited network and the AAA server of the client's home network. Because these inter-domain exchanges occur over the Internet, they are subject to degradations such as packet loss and network delays thus increasing the overall authentication time. When the client changes of access point, the same authentication procedure takes place again, disrupting the user traffic at each hand-off.

In this article, we examine the performance of inter-domain EAP authentication in terms of authentication delay using an emulated environment.

Network access control is the process through which network access providers authenticate and authorize users before granting them the service which generally consists of Internet connectivity. In wireless access networks this process takes place during the hand-off which involves three main steps. First, network selection, during which the client discovers access networks and selects the one it wants to use. Second, the authentication takes place using the EAP [RFC3748] protocol. Finally, security associations are established between the client and the edge routers of the access network using keying materials resulting from the authentication phase. The EAP authentication thus takes a central part and its performance directly impacts the performance of the overall hand-off process.

If the client has authentication credentials provided by the local access network network, then the authentication of the client can be performed by the network access control framework using local means in the form of a centralized authentication server. This is the case, for example, of a student connecting to the wireless network of her university. The other case consists of the roaming scenario. In this case, the client does not belong to the local access network and does not have authentication credentials verifiable using local means. In roaming scenarios, AAA protocols such as RADIUS [RFC2865] and Diameter [RFC3588] allow inter-domain collaboration for authenticating visiting users in foreign access networks. The authentication is ``proxied'' by the local access network and the visiting user is authenticated against an authentication server in the user's home network.

Since authentication of visiting users involve inter-domain exchanges, the performance of this operation tightly depend on the performance of the network linking the two domains. If the Internet is used to carry the inter-domain authentication of roaming users, the authentication process may suffer delays depending on the status of the Internet links between the two domains.

The authentication of users for network access is a process that is carried out each time the client attempts to connect to an access node. For a roaming user in a foreign access network, the authentication process that involves the inter-domain exchanges occurs during the hand-off, introducing delays that may augment the overall hand-off delay. This may have a negative effect on real time applications that requires near seamless hand-offs. For this reason, it is important for an operator to evaluate its inter-domain authentication delays in order to estimate the quality of services that it can provide to roaming clients from different remote domains.

In this paper, we examine the performance in terms of authentication delays measured as the time required to perform an authentication of a roaming user over the Internet. We consider one of the most popular EAP authentication methods called EAP-PEAPv0 [].

Network access control architectures allow an operator to control the access to its network resources by means of authentication and policy enforcement points. The IETF as well as the IEEE has contributed to the standard framework for network access control that we will briefly explain in the following section.

The IEEE 802.11i specification describes how access control is performed in 802.11 networks. A typical network access control infrastructure based on the 802.11i specification employs several other specifications such as the Extensible Authentication Protocol(EAP), 802.1X and RADIUS. Within this framework, a wireless station (STA) wishing to access a certain network, would first start by a scanning phase to determine candidate access points (AP). Once an access point is selected, the STA attempts to associate with it. The association process involves authentication of the STA to the AP using the EAP protocol.

As shown in the figure above, EAP messages between the STA and the AP are carried in 802.1X frames. In the first steps of the EAP conversation, the AP issues anEAP Identity Request message to which the STA replies with an EAP Identity Response message. The Response message from the STA is relayed to a back-end EAP server that is generally a part of a central AAA server. The EAP messages between the AP and the EAP server are carried over a AAA protocol such as RADIUS or Diameter. When the back-end EAP server receives the EAP Identity Response message, it decides how to authenticate the client. If the client is registered in the local domain, then the EAP server will attempt to authenticate the client using its own resources (LDAP database, Unix password file, etc..). If the client does not belong to the local domain (a roaming client), then the local EAP server will forward the EAP Identity Response message to the EAP server of the client's home domain. The EAP messages between the visited and the home EAP server are carried over AAA protocol such as RADIUS or Diameter. In the remaining of this paper, we only consider the roaming scenario involving inter-domain message exchange between the EAP servers of the visited and the home domain.

When the EAP server in the home domain receives the EAP Identity response message, it chooses which authentication method to use. Then issues an EAP message that encapsulates the first message of the selected authentication method. This EAP message from the home EAP server is relayed by the local EAP server and the AP to the STA. The EAP protocol is thus used to carry authentication methods between the STA (also referred to as EAP peer in this context) and the home EAP server. The STA and the EAP server will exchange several EAP Request and Response messages to execute a certain authentication protocol. All the EAP messages are relayed by the local access network using the 802.1X (EAP over LAN) protocol at link layer between the STA and the AP on one side, and using a AAA protocol on the other parts of the framework.

After a certain number of EAP messages exchanged between the STA and the home EAP server(The number of round-trips between the STA and the home EAP server depends on the authentication method in use), the EAP server issues an EAP Success message. The EAP Success message indicates successful authentication of the roaming user. The EAP server derives a key called Master Session Key(MSK) and send it to the local EAP server. The MSK is secured using a shared key between the home EAP server and the local EAP server. The MSK is then delivered by the local EAP server to the AP over AAA, secured using a shared secret between the AP and the local EAP server. When the AP receives the EAP-Success message and the MSK, the last stage of the 802.11i protocol takes place. The four-way-hand shake phase, allows the STA and the AP to establish a security association based on the MSK. The resulting keying materials are then used to secure the communication at link layer between the two entities.

In the experiments that we carried out, we used the EAP-PEAPv0 method with tunneled EAP-MSCHAPv2 authentication. This method uses TLS to secure a password based authentication. In a first step, a TLS security association (SA) is established, the SA is maintained between the client and the EAP server of the visited access network. The client authenticates the EAP server using the EAP server's public key certificate. EAP-PEAPv0 uses a feature of TLS called session resumption, which allows the client to re-use an existing TLS security association with the same EAP server without re-authenticating the EAP server using the public key certificate.

At each hand-off, the client resumes the TLS session with the EAP server, then authenticates using an MSCHAPv2 login and password. Messages between the client and the visited EAP server are protected using the TLS security association while the EAP messages between the EAP server of the visited network and the EAP server of the home network are protected using a shared secret.

The EAP-PEAPv0 method with inner EAP-MSCHAPv2 takes 14 messages at each hand-over, these messages include the TLS session resumption and the EAP-MSCHAPv2 authentication with the home EAP server.

The goal of these experiments is to evaluate the authentication time that takes place between the STA and the home EAP server when the authentication takes place over Internet links. This is the case when the STA is in roaming situation requesting network access in a foreign network topologically distant from the home network. Or when the STA is requesting network access in the home domain but the EAP server is located in remote location that belongs to the home domain.

For this purpose, we used a software emulator to mimic different Internet conditions. We generate the traffic for authenticating a STA to an AP (This traffic corresponds to an EAP conversation carried over the RADIUS protocol) and we place the EAP server on the other side of the emulated Internet.

The traffic generated by the experiment corresponds thus to an EAP authentication where the network characteristics between the access point and the home EAP server are controllable. The experiment allows us to investigate the behavior of the EAP and RADIUS authentication protocols when communication over the Internet is involved for authenticating a client.

Since we are concerned with EAP authentication over the Internet and the communication latency within the local area network is generally negligible compared to the Internet latency, we did not implement a local AAA server or proxy and the access point communicates directly with the home AAA server. The scenario is thus simplified to a STA authenticating through an access point with the home AAA server in a remote location, which is equivalent to a roaming scenario.

The test-bed is composed of three machines, the first machine generates EAP traffic using an open source 802.1X supplicant software called wpa_supplicant. This machine emulates the station and the access point in the same time.

We modified the RADIUS library of wpa_supplicant to support granularity in terms of milliseconds rather than seconds for computing re-transmission timers. The first machine is connected to a second machine that emulates the Internet, for that we used netem to emulate packet loss and latency. The third machine acts as the home EAP server, it runs Internet Authentication Server (IAS) on a Microsoft Windows machine. This machine is connected to the emulation box from which it receives RADIUS messages encapsulating the EAP packets.

The emulator machine connects the two machines and acts as an IP router. Each machine is directly connected to one of the emulator's interfaces and the capture is taken at the first machine (the machine that generates the emulated traffic).

The packet loss and latency are applied in equal proportions at the up-link and down-link. In other words, if we setup the emulator for using 10 percent packet loss and 150 milliseconds latency. Practically, this will result in 5 percent packet loss and 75 milliseconds latency in the incoming traffic from each machine to the emulator.

We ran the experiment while using different configurations of packet loss rates and network latency. The packet loss is completely random meaning that the size of loss bursts (number of consecutively lost packets) and the time separating two consecutive bursts are random uniform distributions.

The network latency is fixed before each experiment and has negligible variance during the experiment. When packets are dropped by the emulator, the machine that generates the EAP traffic detects the packet loss and re-sends the packet after a timeout. The re-transmission algorithm is the exponential back-off algorithm. The initial wait time is set manually each time we use different network latency. It is calculated as 150% of the emulated network latency.

We have proceeded with a series of runs. At each run we modified the Internet conditions by changing packet loss rate and latency. In the following, we plot the data that we collected from these runs whilst highlighting some of the observations that we could gather.

Each Cumulative Distribution Functions (CDF) in Figure.1 is derived from a capture files where 2000 authentications are logged. The packet loss rate is fixed to 10\% while the network latency is changed for each experiment. Figure.1 shows that the authentication time can be considered as a discrete probability distribution. We can observe steps, at different levels (probability = 0.5, 0,83, 0,93, 0.96, 1). We can observe that each CDF is constant at intervals of the same length. The number of intervals is the same amongst all the CDFs. However, each CDF has different interval length.

The stability of network latency and the complete randomness of packet loss in our test-bed contributed to the shape of these CDFs. We could have used different network latency distributions with more variance, this would result in more linear curves. However, in this study we focus on the theoretical understanding of the EAP authentication time, and for simplicity reasons, we used a stable network latency and a random packet loss.

Labels: security, performance, wireless