Wireless Access

Hi there,

 

Talking in the context of security and certificates, I have read that "Using the server's certificate public key, the client encrypts data and sends this over to the server. The server decrypts this using its private key."

I have a question regarding to this, does the client use the public key to encrypt only the username and password for authentication or for encrypting all the user data during a session?

 

Regards,

Julián

In what context are you talking about?

Hi Tim,

 

I am talking when a user is authenticating with 802.1X to a RADIUS server and using EAP-TLS. For this, both server and user must have a certificate and verify each other with these certificates. In addition, I have read that the client uses the certificate for encryption. That's the context.

 

Regards,

Julián 

That’s a loaded question. Short answer is that they’re related but authentication encryption is not used for 802.11 encryption. Take a look at the 802.11i standard. CWSP books would be a good read as well.

Hi Tim,

 

Then would that be applicable for 802.3 Ethernet? I have read this in the ACCP Certification Student Guide.

 

Regards,

Julián

Sorry, I’m not following you.

You said that authentication encryption is not used for 802.11 encryption. For example, if I have my laptop connected by wire to the network (then 802.3 and not 802.11) and I am authenticating to a RADIUS server (and I have the server certificate), will the supplicant/laptop encrypt data using the certificate public key?

 

Regards,

Julián

There is no native data encryption with 802.3 ethernet.

Hi Tim,

 

You are right, I put a bad example with 802.3. This is the complete slide take from ACCP Certification Student Guide:

Thanks anyway,

Julián

 

Hi Tim,

 

I have just read the following from the CWSP book:

 

Creates an Encrypted TLS Tunnel EAP protocols that require a server - side certifi cate for the authentication server are used to create Transport Layer Security (TLS) encryption tunnels. TLS is a cryptographic protocol normally used to provide secure communications at the Transport layer of the OSI model. However, in the case of 802.1X/EAP TLS technology is leveraged at Layer 2. Similar to a browser-based SSL session, the TLS protocol uses end-to-end encryption. Once the supplicant is sure of the identity of the authentication server, the supplicant then uses the certificate to establish an encrypted TLS tunnel. The supplicant identity credentials are then exchanged within the encrypted TLS tunnel. The supplicant identity, we have already learned, can come in many forms. Whatever form of identity that is passed by supplicant, it will be passed within the encrypted TLS tunnel. The TLS tunnel protects the supplicant credentials from offl ine dictionary attacks and from eavesdropping.

 

It seems the certificate public key is used to only encrypt the supplicant username and password, but not the subsequent data.

Thanks for recommending the CWSP book.

 

Regards,

Julián

Correct