Skip to content

Nimble out-of-band authentication for EAP (EAP-NOOB)

Notifications You must be signed in to change notification settings

Shiva19908/eap-noob

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

80 Commits
 
 
 
 
 
 
 
 

Repository files navigation

EAP-NOOB, Nimble out-of-band authentication for EAP

=====================================================

About

This repository is an implementation of new EAP method named EAP_NOOB. The new method is for secure bootstrapping of IOT appliances. The specification for EAP_NOOB can be found in this IETF draft.

The implimentation consists of three separate applications.

Hostapd : Contains EAP_NOOB server side implementation and acts as an authenticator for the requesting IOT appliances.

WPA_Supplicant: Contains EAP_NOOB peer side implementation and contacts an EAP server through an AP to get authenticated.

Webserver: It Is for maintaining the account information of all the users under a realm. The out of band message is sent from or gets delivered to this web server. This server is vital for associating the authenticating device with a user account.

Licensing

Copyright (c) 2016, Aalto University All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Neither the name of the Aalto University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL AALTO UNIVERSITY BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

See CONTRIBUTORS for more information.

Setup

---------                              ---------------				                   ---------
| WPA_S | ---------------------------- | Access Point | ----------------------------- | Hostapd |
---------                              ---------------                                 ---------
   |                                                                                      |		           
   |                                                                                      | 
   |                                                                                      |		        	
   |			                          ------------                               --------------
   |---	–---------------------------------|OOB device| ------------------------------| Web server |
	                                      ------------                               --------------


Access point is a wifi access point configured in WAP2-enterprise mode and OOB device is a device used by the user for delivering out of band message. An example OOB device is user's mobile phone.

Dependencies

Following packages have to be installed before compiling any applications from eapnoobimplimentation.

Openssl-dev (OpenSSL dev library). libsqlite3-dev (Sqlite3 dev library). Jansson. nodejs-legacy (NodeJS package). npm (node package manager)

Compiling

hostapd:

  1. Move to directory hostapd-2.5/hostapd.
  2. Open build configuration file .config and set CONFIG_DRIVER_WIRED=y and CONFIG_EAP_OOB=y.
  3. Now execute $ make

wpa_supplicant:

  1. Move to directory wpa_supplicant-2.5/wpa_supplicant.
  2. Open build configuration file .config and set CONFIG_DRIVER_NL80211=y and CONFIG_EAP_OOB=Y.
  3. Now execute $ make

Webserver:

  1. Move to folder nodejs
  2. execute $ npm install

Execution

Hostapd:

At location hostapd-2.5/hostapd execute $ ./hostapd hostapd.conf

Webserver:

At location nodejs execute $ node server.js

WPA_Supplicant:

At location wpa_supplicant-2.5/wpa_supplicant execute $ ./wpa_auto_run.py

Note: Before executing wpa_supplicant, the network manager of the host machine must be stopped. To stop network-manger execute, $ sudo stop network-manger.

Alternatively a local AAA server can also be used between the Access point and the authenticator (hostapd). The local AAA server will relay the relevant radius message to the authenticator.

About

Nimble out-of-band authentication for EAP (EAP-NOOB)

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 97.2%
  • Makefile 0.9%
  • C++ 0.9%
  • Python 0.6%
  • JavaScript 0.3%
  • HTML 0.1%