Lecture 3.1: Handling Remote Access: RADIUS Motivation
Lecture 3.1: Handling Remote Access: RADIUS Motivation
Lecture 3.1: Handling Remote Access: RADIUS Motivation
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>RADIUS</strong> Security Weaknesses<br />
Recommended reading: Joshua Hill, “An analysis of the <strong>RADIUS</strong> Authentication Protocol”<br />
Giuseppe Bianchi<br />
Vulnerable to message sniffing and<br />
modification<br />
Clear-text protocol privacy issues<br />
User-Name, Calling-Station-ID, NAS identification,<br />
location attributes sent in the clear<br />
<strong>Access</strong>-Request not authenticated<br />
Attacker may intercept (e.g. MITM) an <strong>Access</strong>-<br />
Request and change its contents effortless<br />
<strong>Access</strong> requests may be forged<br />
Solution proposed<br />
Message-Authenticator attribute<br />
To be mandatorily used with EAP only, though<br />
More later on EAP<br />
Giuseppe Bianchi<br />
15