802.1X | Wi-Fi Radio Types

802.1X, also known as EAPOL, for EAP over LAN, is a basic protocol supported by enterprise-grade Wi-Fi networks, as well as modern wired Ethernet switches and other network technologies. The idea behind 802.1X is to allow the user's device to connect to the network as if the RADIUS server and advanced authentication systems did not exist, but to then block the network link for the device for all other protocols except 802. IX, until authentication is complete. The network's only requirements are twofold: prevent all data traffic from or to the client except for EAPOL (using Ethernet protocol 0×888E) from passing; and taking the EAPOL frames, removing the EAP messages embedded within, and tunneling those over the RADIUS protocol to the AAA server.

The job of the network, then, is rather simple. However, the sheer number of protocols can make the process seem complex. We'll go through the details slowly. The important thing to keep in mind is that 802.1X is purely a way of opening what acts like a direct link between the AAA server and the client device, to allow the user to be authenticated by whatever means the AAA server and client deem necessary. The protocols are all layered, allowing the highest-level security protocols to ride on increasingly more specific frames that each act as blank envelopes for its contents.

Once the AAA server and the client have successfully authenticated, the AAA server will use its RADIUS link to inform the network that the client can pass. The network will tear down its EAPOL-only firewall, allowing generic data traffic to pass. In the same message that the AAA server tells the network to allow the client (an EAP Success), it also passes the PMK—the master key that the client also has and will be used for encryption—to the network, which can then drop into the four-way handshake to derive the PTK and start the encrypted channel. This PMK exchange goes in an encrypted portion of the EAP response from the RADIUS server, and is removed when the EAP Success is forwarded over the air. The encryption is rather simple, and is based on the shared password that the RADIUS server and controller or access point have. Along with the PMK comes a session lifetime. The RADIUS server tells the controller or access point how long the authentication, and subsequent use of the keys derived from it, is valid. Once that time expires, both the access point and the client are required to erase any knowledge of the key, and the client must reauthenticate using EAP to get a new one and continue using the network.

For network administrators, it is important to keep in mind that the EAP traffic in EAPOL is not encrypted. Because the AAA server and the client have not agreed on the keys yet, all of the traffic between the client and the RADIUS server can be seen by passive observers. This necessarily limits the EAP methods—the specific types of authentication—that can be used. For example, in the early days of 802.1X, an EAP method known as EAP-MD5 was used, where the user typed a password (or the client used the user's computer account password), which was then hashed with the MD5 one-way cryptographic hash algorithm, and then sent across the network. Now, MD5 is flawed, but is still secure enough that an attacker would have a very hard time reverse-engineering the password from the hash of it. However, the attacker wouldn't need to do this, as he could just replay the same MD5 hashed version himself, as if he were the original user, and gain access to the network. For this reason, no modern wireless device supports EAP-MD5 for wireless authentication.

Wireless Networks - Radios

Wireless networks are composed of radios, radio towers or base stations, interconnection systems, and network management and information systems.

Radios
Radios may be fixed in location (such as a television) or may be mobile (such as a cellular telephone). Some radios may only communicate in one direction (typically a receiver) or may have two-way capability. When a single radio has both a transmitter and receiver contained in the same unit, it is called a transceiver.

Figure 1 shows a block diagram of a mobile radio transceiver. In this diagram, sound is converted to an electrical signal by a microphone. The audio signal is processed (filtered and adjusted) and is sent to a modulator. The modulator creates a modulated RF signal using the audio signal. The modulated signal is supplied to an RF amplifier that increases the level of the RF signal and supplies it to the antenna for radio transmission. This mobile radio simultaneously receives another RF signal on a different frequency to allow the listening of the other person while talking. The received RF signal is then boosted by the receiver to a level acceptable for the demodulator assembly. The demodulator extracts the audio signal and the audio signal is amplified so it can create sound from the speaker.


Figure 1: Mobile Radio Block Diagram
Radio Towers and Transmitter Equipment
Radio towers are poles, guided towers, or free standing constructed grids that raise one or more antennas to a height that increases the range of a transmitted signal. Radio towers can vary in height from about 20 feet to more than 300 feet. A single radio tower may host several antenna systems that include paging, microwave, or cellular systems. Radio towers are located strategically around the city to provide radio signal coverage to specific areas. At the base of the towers are electronic control rooms that contain the components to operate the radio portion of the communications system.

Radio towers and their associated radio equipment (e.g., base station) may include one or more antennas, transmitters, receivers (for two-way systems), system controllers, communication links, and power supplies. Transmitters provide the high level RF power that is supplied to the antenna. For broadcast systems, the amount of transmitter power can exceed 50,000 Watts. Receivers boost and demodulate incoming RF signals from mobile radios. If a base station contains receivers, it is typical to use one or more different antennas for the receivers. Controllers coordinate the overall operation of the base station and coordinate the alarm monitoring of electronic assemblies. Communication links allow a command location (such as a television studio or a telephone switching center) to control and exchange information with the base station. Base station radio equipment requires power supplies. Most base stations contain primary and backup power supplies. A battery typically maintains operation when primary power is interrupted. A generator may also be included to allow operation during extended power outages.

Figure 2 shows a typical radio base station block diagram that is used in a mobile telephone system. This diagram shows that the base station holds the radio transceiver (transmitter and receiver assemblies) that is part of the radio tower (cell site). This diagram also shows that one antenna is used for transmitting and two antennas are used for receiving (for improved reception). This base station also contains a backup battery that is maintained at full charge so radio communications will not be interrupted in the event AC power is lost.



Figure 2: Radio Tower and Base Station Equipment
Switching Facilities
Switching facilities are typically used in two-way mobile communication systems to allow the connection of mobile radios to other radios in the system or to the public telephone network. When used in a cellular system, the switching system is typically called a mobile switching center (MSC). The MSC, just like a local telephone company, processes requests for service from mobile radios (subscribers) and routes the calls to other destinations.

Figure 3 illustrates a wireless switching system basic functional components. These include: communication line interfaces, a switch, a customer database, system and communication controllers, primary and backup (batteries) power, and the software to interface and control the radio tower’s and base station (BS) it is connected to.


Figure 3: Wireless Switching System Block Diagram
Interconnection to Other Networks
Wireless systems may be connected to other networks. Broadcast wireless systems are connected to media sources (such as audio or video programs) via satellite links while cellular networks may be interconnected to the public telephone network. Interconnection involves the physical and software connection of network equipment or communications systems to the facilities of another network such as the public telephone network. Government agencies such as the Federal Communications Commission (FCC) or Department of Communications (DOC) regulate interconnection of wireless systems to the public telephone networks to ensure reliable operation.

Customer Databases
Customer databases are computer storage devices (typically a computer hard disk) that hold service authorization and feature preferences of customers. For wireless systems that allow the customer to operate in other territories, a home (local) database is used. Each wireless subscriber has a real-time user profile in the database that is typically called the home location register (HLR). The HLR identifies the current location of the mobile radio, the most likely place for the mobile to be, or the last location the subscriber was active. The MSC system controller uses this information to route calls to the appropriate radio tower for call completion. If the wireless user is not in a predetermined “home” range of the MSC, the mobile will register back through to the home signaling system to its home location register (HLR) for profile information.

When customers use the wireless services of systems outside of their home area, their information is transferred to a database in that system called the visitor location register (VLR). The VLR is part of a wireless network (typically cellular or PCS) that holds the subscription and other information about visiting subscribers that are authorized to use the wireless network.

System Security
In some wireless networks, access to system services requires validation of the customer’s identity. These systems may use an authentication center (AUC) to store and process secret data to stop fraudulent calls or prohibit access to other paid for subscription services.

Wireless phones transmit some of their identification information over the public airwaves when they attempt to access the system. Thieves may try and intercept this information and copy (clone) the identification information that would allow them to make phone calls that would be billed to the other telephone. To prevent this unauthorized duplication of identification information, an authentication process can be used that uses secret keys to validate access information.

During the authentication process, code keys are created from secret codes that are stored in both the mobile radio and in the system. Along with basic identification information, these keys are exchanged during each system access attempt. The secret codes are not transmitted. Because the system and the mobile radio have the secret keys, both the mobile phone and the system can validate that the code information is correct. If the codes do not match, the system should not allow the call to be processed. New codes are created during each access attempt to prevent copying of the codes and immediately attempting access.