Does Cisco have an EAP we can trust?

Cisco Systems has developed a new wireless LAN security protocol designed to defeat brute force dictionary attacks that capture a user's passwords, and it submitted a draft of the protocol to the Internet Engineering Task Force (IETF) last week. Cisco developed the new wireless LAN Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) to defeat dictionary attacks against unencrypted passwords in its earlier, proprietary Lightweight Extensible Authentication Protocol (LEAP). Cisco posted a security bulletin last August warning users that LEAP is vulnerable to such attacks. The company has also suffered much-publicised security holes in its Aironet wireless access points. Ron Seide, wireless LAN product line manager at Cisco, said EAP-FAST protects against dictionary attacks by sending password authentication between a wireless LAN client and wireless LAN access points through a secure, encrypted tunnel. Seide added that EAP-FAST also eliminates the need for enterprises to install separate servers to handle the digital certificates used in another wireless LAN security system, the Protected Extensible Authentication Protocol (PEAP). PEAP has its own problems, as Microsoft and Cisco have both implemented it differently. Seide said that Cisco believes that EAP-FAST complements PEAP as well as LEAP, "bringing together some of the key advantages of LEAP's convenience and flexibility with the password protection tunneling of PEAP". According to Seide, Cisco submitted EAP-FAST to the IETF for inclusion in the 802.1x wireless LAN security protocol that is under development and expects to have it available for download for free from its Web site by the end of March. Seide said Cisco does not intend EAP-FAST as a replacement for LEAP but as an addition to its wireless LAN security suite of products, which includes PEAP. Cisco also intends to make EAP-FAST available to partners in its Cisco Compatible Extensions (CCX) program, Seide said. Cisco's CCX wireless LAN chip partners include Intel Corp. and Atheros Communications Inc. Hardware manufacturers who are part of the CCX program include Dell Inc., Hewlett-Packard Co. and Toshiba Corp. EAP-FAST will be available to CCX partners later this year, Seide said, but he did not specify an exact date. Enterprise users of Cisco WLAN products contacted by IDG, said they have had little time to evaluate EAP-FAST since Cisco only posted the draft this week. Mark Wiesenberg, director of network services at Sharp HealthCare, in San Diego, said his company "continues to study the area of wireless LAN security and is fully committed to using standards-based solutions. We will track how this proposal is received by the IETF and evaluate a position based on industry acceptance." Joshua Wright, the systems engineer who created the ASLEAP dictionary attack tool which exposed the hole in LEAP while working at Johnson & Wales University, is satisfied that EAP-FAST is a step forward. He called EAP-FAST an "excellent alternative" to PEAP, or the EAP Transport Security Layer (EAP-TS -- yet another authentication protocol supported by Cisco) without requiring the use of digital certificates. "As is the case with many draft standards, the quality of the protocol is often determined in implementation, which I haven't seen yet," said Wright, who is now deputy director of training at the SANS Institute in Bethesda. Wright is a "little concerned" about accommodations in the protocol to allow anonymous Diffie-Hellman exchanges that may make EAP-FAST vulnerable to the same dictionary attack flaws that plague LEAP. Diffie-Hellman is an encryption scheme based on a public-key infrastructure where information transmitted between users is encrypted with a public key and decrypted with a private key. Wright acknowledged that the draft EAP-FAST specification does not recommend the use of Diffie-Hellman in the protocol, but he said if it is used, it could negate much of the security of EAP-FAST. Cisco spokeswoman Linda Horiuchi said in a statement: "Anonymous Diffie-Helman is an option for provisioning the credential to the client machine, not for authenticating the user. If anonymous DH is used for credential provisioning, it is likely to be used once, during initial provisioning, not with every authentication. Further, a dictionary attack on anonymous DH would have to be an active attack, not an offline attack. "An organisation that is concerned about a vulnerability during initial credential provisioning should use a mechanism other than unauthenticated DH for initial credential provisioning. However, many organisations may consider the exposure window so small that unauthenticated DH is a prudent choice." Wright, who last year said he planned to publicly release his LEAP dictionary attack tool this month, said Cisco asked him to delay that release "a bit longer." Wright agreed to do so "as long as Cisco continues to work toward providing a secure alternative to LEAP users." Chris Kozup, an analyst at Meta Group, said EAP-FAST is a better protocol than LEAP and Cisco is opening it up to the IETF. Kozup said he expects other vendors to adopt the protocol quickly.