Evaluation of EAP-methods / Utvärdering av EAP-metode

Lorentzen, Peter, Lindh, Johan

January 2010

Network administrators typically employ di erent methods for authenticating and authorizing the access to their networks. A exible and scalable network access method is needed to combat the ever increasing network ubiquity brought on by technological advancements. The IEEE 802.1x Port-Based Network Access is a technology that allows transparent authentication to a network. It uses EAP-methods in order to authenticate against a server. There are a lot of di erent EAP-methods to choose from, and they vary in complexity and security. This report will bring up the di erences between the most commonly used authentication methods regarding the authentication time depending on di erent delay and network load. Results showed that EAP-methods that are less complex take less time to perform authentication than their counterparts. When there is no delay, or a very small delay, this might not matter, but when the delay is higher complex EAP-methods take signi cantly longer time to perform the authentication process. This is very negative considering the nature of transparent authentication, and could lead to users becoming annoyed. A general formula for determining how long time an EAP-authentication process will take is presented.

802.1x

authentication

EAP-methods

RADIUS

network

Computer Sciences

Datavetenskap (datalogi)

Telecommunications

Telekommunikation

Evaluation of EAP Authentication Methods in Wired and Wireless Networks / Utvärdering av EAP-autentisering Metoder i Fasta och Trådlösa Nätverk

Kothaluru, Tirumala Rao, Mecca, Mohamed Youshah Shameel

January 2012

In any networking environment, security, connection time and scalability of the network are the major concerns to keep network safe, faster and stable. Administrators working within the networking environment need to have complete account of manageability, scalability and security of the network, so that the organizational data can be kept confidential and maintain integrity. There are different authentication methods used by network administrators for accessing network in wired and wireless environments. As network usage and attacks on network increases, a secure, scalable and standard network protocol is needed for accessing and to keep data safe in both wired and wireless networks. IEEE 802.1x is an IEEE standard used to provide authentication and authorization to the devices over LAN/WLAN. The framework IEEE 802.1x uses EAP for authentication and authorization with a RADIUS server. In this report, an experimental analysis for different EAP authentication methods in both wired and wireless networks in terms of authentication time and the total processing time is presented. Wireshark is used to capture the network traffic on server and client ends. After analyzing each packet timestamps that are captured using Wireshark, it is seen that EAP-MD5 takes less time in both wired and wireless networks, if the number of users increases, there is not much difference in the network connection time. Concerning with security of the network, EAP-MD5 is vulnerable to many attacks so it is not used by many companies. The alternative methods with their strengths and weaknesses are discussed.

Authentication

EAP Methods

IEEE 802.1x

RADIUS

Computer Sciences

Datavetenskap (datalogi)

Telecommunications

Telekommunikation