1

Does the authentication mechanism of 802.1X assume that you have already initially connected to the trusted network? What's puzzling me is that if I set up a cloned access point to fool users into connecting through me, if they connected to me before they connected to the proper network, how would they ever realise I wasnt the proper network? My dodgey access point can use 802.1X and I can give them my authentication messages and they can use my public key to decrypt? It doesnt tell them they are on the wrong network?

I presume 802.1X is only good at preventing this type of attack if you already have the public key of the trusted network on your machine? But now im confused again: how does my computer know which public key to use when I connect to a network? It cannot store the public keys according to SSIDs, because SSIDs are not unique??

Brad
  • 11

1 Answers1

1

[H]ow does my computer know which public key to use when I connect to a network? It cannot store the public keys according to SSIDs, because SSIDs are not unique?

The client has a set of credentials that is uses on various networks. Each credential is associated with a public key, owned by that corresponding network. The authentication proceeds as follows:

1) Client connects to network.

2) Network authenticates to client using the private key that corresponds to its public key.

3) Client now knows the network owns a particular public key. The client checks to see if it has an identity that corresponds to that public key.

4) Client proves its identity to the server with the identity the client associated with the network's public key.

The client doesn't need to know ahead of time what network it's connecting to.

David Schwartz
  • 62,365