fast auth time with EAP_TLS?

Andrea G Forte Wed, 08 Feb 2006 08:44:30 -0800

Dear all,

I have setup a RADIUS server (freeradius of course) with anauthenticator (hostapd 0.4.7) and a supplicant (wpa_supplicant 0.4.7).Both the last two use hostap-driver 0.4.7.I am using EAP-TLS (client and server certificates generated by theCA.all script included in freeradius) with RSN (CCMP). I am not sure ifsomething is wrong in the authentication process. The problem is that itis taking too little time for the authentication process to complete. Inthe attached file you can see one authentication process captured usingkismet and then parsed with Ethereal. As you cane see the time fromAssoc. resp to the first encrypted data packet is only 222 msec. About ayear ago it was of the order of one second (and all the literature saysso). Has WPA2 improved the authentication time so much? Am I doingsomething wrong in setting up EAP-TLS?

Your help is very much appreciated.


Thank you,
Andrea

No.     Time        Source                Destination           Protocol Info
   3037 10.711982   LinksysG_18:f4:9d     LinksysG_15:ab:62     IEEE 802.11 
Probe Response, SSID: "test"

Frame 3037 (73 bytes on wire, 73 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame

No.     Time        Source                Destination           Protocol Info
   3060 10.774339   LinksysG_18:f4:9d     LinksysG_15:ab:62     IEEE 802.11 
Probe Response, SSID: "test"

Frame 3060 (73 bytes on wire, 73 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame

No.     Time        Source                Destination           Protocol Info
   3061 10.777773   LinksysG_18:f4:9d     LinksysG_15:ab:62     IEEE 802.11 
Probe Response, SSID: "test"

Frame 3061 (73 bytes on wire, 73 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame

No.     Time        Source                Destination           Protocol Info
   3062 10.782807   LinksysG_18:f4:9d     LinksysG_15:ab:62     IEEE 802.11 
Probe Response, SSID: "test"

Frame 3062 (73 bytes on wire, 73 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame

No.     Time        Source                Destination           Protocol Info
   3091 10.927769   LinksysG_15:ab:62     LinksysG_18:f4:9d     IEEE 802.11 
Authentication

Frame 3091 (30 bytes on wire, 30 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame

No.     Time        Source                Destination           Protocol Info
   3093 10.929806   LinksysG_18:f4:9d     LinksysG_15:ab:62     IEEE 802.11 
Authentication

Frame 3093 (30 bytes on wire, 30 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame

No.     Time        Source                Destination           Protocol Info
   3095 10.930709   LinksysG_15:ab:62     LinksysG_18:f4:9d     IEEE 802.11 
Association Request, SSID: "test"

Frame 3095 (62 bytes on wire, 62 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame

No.     Time        Source                Destination           Protocol Info
   3098 10.932869   LinksysG_18:f4:9d     LinksysG_15:ab:62     IEEE 802.11 
Association Response

Frame 3098 (36 bytes on wire, 36 bytes captured)
IEEE 802.11
IEEE 802.11 wireless LAN management frame

No.     Time        Source                Destination           Protocol Info
   3107 10.970317   LinksysG_18:f4:9d     LinksysG_15:ab:62     EAP      
Request, Identity [RFC3748]

Frame 3107 (46 bytes on wire, 46 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3111 10.983395   LinksysG_18:f4:9d     LinksysG_15:ab:62     EAP      
Request, EAP-TLS [RFC2716] [Aboba]

Frame 3111 (42 bytes on wire, 42 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3118 11.017082   LinksysG_15:ab:62     LinksysG_18:f4:9d     TLS      Client 
Hello

Frame 3118 (142 bytes on wire, 142 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3122 11.027284   LinksysG_18:f4:9d     LinksysG_15:ab:62     TLS      Server 
Hello, Certificate, Certificate Request, Server Hello Done

Frame 3122 (1070 bytes on wire, 1070 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3124 11.032757   LinksysG_15:ab:62     LinksysG_18:f4:9d     EAP      
Response, EAP-TLS [RFC2716] [Aboba]

Frame 3124 (42 bytes on wire, 42 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3127 11.038553   LinksysG_18:f4:9d     LinksysG_15:ab:62     TLS      Server 
Hello, Certificate, Certificate Request, Server Hello Done

Frame 3127 (483 bytes on wire, 483 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3131 11.059361   LinksysG_15:ab:62     LinksysG_18:f4:9d     TLS      
Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, 
Encrypted Handshake Message

Frame 3131 (1444 bytes on wire, 1444 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3138 11.081295   LinksysG_18:f4:9d     LinksysG_15:ab:62     EAP      
Request, EAP-TLS [RFC2716] [Aboba]

Frame 3138 (42 bytes on wire, 42 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3140 11.083268   LinksysG_15:ab:62     LinksysG_18:f4:9d     TLS      
Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, 
Encrypted Handshake Message

Frame 3140 (308 bytes on wire, 308 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3149 11.094655   LinksysG_18:f4:9d     LinksysG_15:ab:62     TLS      Change 
Cipher Spec, Encrypted Handshake Message

Frame 3149 (105 bytes on wire, 105 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3151 11.103162   LinksysG_15:ab:62     LinksysG_18:f4:9d     EAP      
Response, EAP-TLS [RFC2716] [Aboba]

Frame 3151 (42 bytes on wire, 42 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3154 11.106911   LinksysG_18:f4:9d     LinksysG_15:ab:62     EAP      Success

Frame 3154 (40 bytes on wire, 40 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3156 11.107979   LinksysG_18:f4:9d     LinksysG_15:ab:62     EAPOL    Key

Frame 3156 (131 bytes on wire, 131 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3160 11.116155   LinksysG_15:ab:62     LinksysG_18:f4:9d     EAPOL    Key

Frame 3160 (153 bytes on wire, 153 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3162 11.123636   LinksysG_18:f4:9d     LinksysG_15:ab:62     EAPOL    Key

Frame 3162 (187 bytes on wire, 187 bytes captured)
IEEE 802.11
Logical-Link Control
802.1x Authentication

No.     Time        Source                Destination           Protocol Info
   3195 11.154024   LinksysG_15:ab:62     LinksysG_18:f4:9d     IEEE 802.11 Data

Frame 3195 (79 bytes on wire, 79 bytes captured)
IEEE 802.11
Data (47 bytes)

0000  ac 81 63 5f 1f 6b 2b ca c9 f2 db 37 5d 74 fc 18   ..c_.k+....7]t..
0010  94 44 ac 48 4a f5 1b 57 97 63 4c ef 07 57 22 02   .D.HJ..W.cL..W".
0020  7c 65 5a cd 66 6b ca 5c c3 83 da c5 9d 40 ca      |[EMAIL PROTECTED]

No.     Time        Source                Destination           Protocol Info
   3196 11.154749   LinksysG_15:ab:62     LinksysG_18:f4:9d     IEEE 802.11 Data

Frame 3196 (79 bytes on wire, 79 bytes captured)
IEEE 802.11
Data (47 bytes)

0000  ac 81 63 5f 1f 6b 2b ca c9 f2 db 37 5d 74 fc 18   ..c_.k+....7]t..
0010  94 44 ac 48 4a f5 1b 57 97 63 4c ef 07 57 22 02   .D.HJ..W.cL..W".
0020  7c 65 5a cd 66 6b ca 5c c3 83 da c5 9d 40 ca      |[EMAIL PROTECTED]

No.     Time        Source                Destination           Protocol Info
   3197 11.157232   LinksysG_15:ab:62     LinksysG_18:f4:9d     IEEE 802.11 Data

Frame 3197 (79 bytes on wire, 79 bytes captured)
IEEE 802.11
Data (47 bytes)

0000  ac 81 63 5f 1f 6b 2b ca c9 f2 db 37 5d 74 fc 18   ..c_.k+....7]t..
0010  94 44 ac 48 4a f5 1b 57 97 63 4c ef 07 57 22 02   .D.HJ..W.cL..W".
0020  7c 65 5a cd 66 6b ca 5c c3 83 da c5 9d 40 ca      |[EMAIL PROTECTED]

No.     Time        Source                Destination           Protocol Info
   3198 11.172835   LinksysG_15:ab:62     LinksysG_18:f4:9d     IEEE 802.11 Data

Frame 3198 (79 bytes on wire, 79 bytes captured)
IEEE 802.11
Data (47 bytes)

0000  1d 51 9a 06 06 80 33 80 dc d1 aa 9b 3b c7 c5 b6   .Q....3.....;...
0010  3c c8 5b ec 78 af a8 0d f1 ba 0f f8 a5 a7 b2 50   <.[.x..........P
0020  03 e6 1f e8 0f e5 66 f5 5b 9d 11 de 99 b8 b3      ......f.[......

No.     Time        Source                Destination           Protocol Info
   3212 11.192806   LinksysG_15:ab:62     LinksysG_18:f4:9d     IEEE 802.11 Data

Frame 3212 (79 bytes on wire, 79 bytes captured)
IEEE 802.11
Data (47 bytes)

0000  b3 bb a4 d0 7a eb 53 51 55 39 93 18 fa 83 2d 21   ....z.SQU9....-!
0010  85 9d 55 a3 eb 9f 93 7d b7 9e 72 04 ee 49 ef 0b   ..U....}..r..I..
0020  8d 62 f9 54 d0 b9 85 02 87 f2 e8 36 6e 76 ee      .b.T.......6nv.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

fast auth time with EAP_TLS?

Reply via email to