A Minor-Project Report

On

Implementing PEAP Over RADIUS Server

2010-11

Submitted By: Ranjita Singh IISemM.Tech.(CSE)

Submitted To:

Department of Computer Science and Engineering

Central University of Rajasthan, Kishangarh

Abstract
In networks having multiple users and resources shared through network the need for centralized user authentication and authorization is high. Centralization reduces need for administrative support and increases the network security. In networks that also have dial-in users through modem pools or other remote user, in other words users that use the network and the networks resources from another network, the security issues are even more important [2]. To solve these problems Remote Authentication Dial In User Service protocol, the RADIUS, was developed. Radius Protocol is a client server based security protocol. Network Access Server (NAS) operates as a client of RADIUS. The client is responsible for passing user information to designated RADIUS servers, and then acting on the response which is returned. RADIUS servers are responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user.

Keywords:-RADIUS protocol, Extensible Authentication Protocol, Network Access Point, X.802.11 protocol

Introduction of Project:RADIUS allows several clients to use one centralized authentication and authorization server for user authentication. User passwords transmitted to the server are encrypted and client can authenticate the server from reply. Replies are also protected from alteration. First comes the overview of RADIUS protocol where basic operation of RADIUS protocol is studied [3]. Different parties of RADIUS authentication and authorization procedure are introduced and the roles of these parties are denied. RADIUS packet is studied and all the fields of the packet are introduced. Authentication and authorization, accounting and proxy RADIUS functionality are also all reviewed. Main purpose of this synopsis is to revise how to implement RADIUS protocol for security of a wi-fi network. Focus of the analysis is in the security, because the security need of network is the problem that RADIUS was designed to solve [1]. PEAP over RADIUS is used in environments where RADIUS is used as the authentication provider. An advantage of using PEAP over RADIUS is that PEAP types do not need to be installed at each access server, only at the RADIUS server. However, the access server must support the negotiation of EAP as an authentication protocol and the passing of EAP messages to a RADIUS server.

Project Goal
Main goal of this project is to implement radius server in a wi-fi network to provide secure communication over it. As RADIUS protocol is used by corporate wi-fi networks for security, this will provide us with exposure to security of corporate wi-fi networks. The authentication protocol used by this radius server will be PEAP (Protected Extensible Authentication Protocol).

Technology involved in this project

Platform: Linux Software: freeRadius Hardware: Access Point, a server machine, a client machine

Methodology
RADIUS protocol is used for user authentication and authorization and to pass configuration data between two servers. These servers are RADIUS server and Network Access Server (NAS) that acts as client for RADIUS server. NAS sends requests to RADIUS server which replies whether it denies or accepts the request and to pass configuration information concerning the request [1]. Figure 1 describes about PEAP work flow in RADIUS protocol environment :

Figure 1: PEAP over RADIUS protocol y Installing RADIUS: To implement RADIUS server we chose freeRadius0.8.1 software downloaded from http://
4

www.freeradius.orgon a unix server with redhatlinux 9.0 operating system[4]. Type the commands: $ ./configure $ make $ make install With this server is installed. y Start Radius server: Ports are defined in usr/local/etc/raddb/radius.conf. o To start Radius Server o Open a shell like bash$ o Change into directory /usr/local/sbin o Login as root and type ./radiusd y Adding a radius client: to add RADIUS client : o Modify clients file to add the access point and shared secret: client file stores information about RADIUS clients located in usr/local/etc/raddb/clients. To add a client enters clients name or IP address and shared secret. o Configure the access point with roamabout software and save your changes: Configure following roamaboutsSecurity enabled on all ports IP address of primary RADIUS authentication servers Save changes and reset access point o Configuring user profiles: The user file stores authentication and authorization information for all users authenticated with RADIUS. Use any text editor to edit the usr/local/etc/raddb/users file. o For PEAP authentication: Obtain a certificate for the server. Add the wireless access point as RADIUS client y Configure XP clients for PEAP authentication

Achievable target
y Study RADIUS protocol and different authentication protocols. y Install radius server. y Implement the server over a wireless LAN

Expected Outcomes
The expected outcome is tosuccessfully install the radius server and perform secure transmission over a wireless network. This server is to be implemented over a wireless LAN using an access point.

Conclusion
For the secure communication between a wireless client and wired syste m RADIUS protocol can be used. It is supported by many authentication protocols out of which we used PEAP thus enabling a secure wireless environment.

Future Scope
This project can be extended to study and compare all the different available authentication protocols like EAP-CHAP,EAP-TLS,EAP-TTLS etc. After that, their performances can be compared by simulating these on a network simulator.

References

[1] Jon Edney, William A. Arbaugh, Real 802.11 Security: Wi-Fi Protected Access and 802.11i,Publisher: Addison-Wesley 2003,ISBN: 0321136209 [2] Matthew Gast,802.11 Wireless Networks: The Definitive Guide,Publisher:O'ReillyMedia,April 2005 [3] Remote Authentication Dial In User Service (RADIUS),rfc 2865, Network Working Group,C. Rigney [4] Build RADIUS Server on linux, http://www.ibm.com/developerworks/library/l-radius/#N100A3 [5] RADIUS:Securing Public Access to Private Resources,By Jonathan Hassell http://www.oreilly.de/catalog/radius/chapter/ch05.html