EAP-GPSK ========== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is Expansion of EAP-GPSK?** EAP-GPSK stands for **Extensible Authentication Protocol - Group Pre-Shared Key**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is EAP-GPSK?** EAP-GPSK is an authentication protocol that provides secure access to wireless networks using a **Group Pre-Shared Key (GPSK)**. It eliminates the need for individual certificates and instead uses a shared key for authentication, offering a simpler and more efficient alternative to traditional certificate-based EAP methods. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is EAP-GPSK useful?** * **Simplified Authentication**: EAP-GPSK eliminates the need for complex certificates, making it easier to manage and implement. * **Faster Connection**: It allows faster authentication compared to certificate-based methods. * **Scalable**: Ideal for environments with multiple devices, like enterprise wireless networks, where setting up certificates for each device might be inefficient. * **Secure**: Uses a shared key and encryption to ensure secure communication between the client and server. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** * **Client and Server**: The client and server both have a **Group Pre-Shared Key (GPSK)** for authentication. * **Authentication**: The client initiates authentication by proving its knowledge of the GPSK without sending the actual key. The server validates the key and grants access if successful. * **Secure Tunnel**: A secure tunnel is established to protect the data exchange between the client and server during the authentication process. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is EAP-GPSK used?** * **Enterprise Wi-Fi**: EAP-GPSK is commonly used in wireless networks where simplicity, speed, and security are necessary. * **Public Wi-Fi**: It can be used in environments such as cafes or public hotspots where ease of setup is a priority. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** * EAP-GPSK operates at the **Application Layer (Layer 7)** of the OSI model, interacting with lower layers for data transport through protocols like **RADIUS**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-GPSK Windows specific?** * No, EAP-GPSK is not Windows-specific. * It is supported across various platforms, including **Windows**, **Linux**, **macOS**, and mobile operating systems. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-GPSK Linux Specific?** * No, EAP-GPSK is not Linux-specific. * It is available on multiple platforms and can be used in both **Linux** and **Windows** environments. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by EAP-GPSK?** * EAP-GPSK uses **RADIUS** as its transport protocol, which typically relies on **UDP** for communication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by EAP-GPSK?** * EAP-GPSK typically uses **UDP port 1812** for authentication and **UDP port 1813** for accounting, as it relies on **RADIUS**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-GPSK using Client server model?** * Yes, EAP-GPSK follows a **client-server model**. * The **client** initiates the authentication process, while the **server** (usually a RADIUS server) authenticates the client and grants access. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-GPSK protocol uses certificates?** * No, EAP-GPSK does not use certificates. * It uses a **Group Pre-Shared Key (GPSK)** instead of certificates for authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How many frame exchanges are seen during connection for EAP-GPSK protocol?** * EAP-GPSK typically involves **two or three frame exchanges** for authentication: * One for establishing the secure tunnel. * Another for key exchange and successful authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-GPSK Protocol uses client certificates?** * No, EAP-GPSK does not use client certificates. * Authentication is based on a shared **Group Pre-Shared Key (GPSK)**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-GPSK Protocol uses Server Certificates?** * No, EAP-GPSK does not use server certificates. * Instead, it uses the **Group Pre-Shared Key (GPSK)** for authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-GPSK Protocol depends on TCP?** * No, EAP-GPSK relies on **UDP** for transport, not TCP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-GPSK Protocol depends on UDP?** * Yes, EAP-GPSK depends on **UDP** as the transport protocol, typically using **RADIUS** over UDP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What are the roles involved when testing EAP-GPSK Protocol?** * **Client**: Initiates the authentication request and provides the GPSK. * **RADIUS Server**: Processes the request, verifies the GPSK, and authenticates the client. * **Administrator**: Configures the RADIUS server, ensures GPSK management, and tests the network setup. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-GPSK Protocol work with free radius server on Linux?** * Yes, EAP-GPSK works with **FreeRADIUS** on Linux. * It can be configured to use the GPSK for authentication with FreeRADIUS servers. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-GPSK Protocol work with Internal radius server of hostapd?** * Yes, EAP-GPSK can be used with the **internal RADIUS server** of **hostapd** for wireless network authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the RFC version used for EAP-GPSK Protocol?** * The RFC version for EAP-GPSK is **RFC 5931**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **During Connection Procedure which EPoL Packets are encrypted?** * During the authentication process, **EAP-GPSK** packets are encrypted to ensure the confidentiality of the shared key and other sensitive information. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can you Explain different stages of Connection Procedure for EAP-GPSK Protocol?** * **Stage 1**: The client sends an authentication request. * **Stage 2**: The server responds, and a secure channel is established. * **Stage 3**: Key exchange and client verification take place. * **Stage 4**: The client is authenticated, and network access is granted. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the final output of Connection Procedure?** * The final output is a successful authentication, where the client is granted access to the network based on the shared **Group Pre-Shared Key (GPSK)**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the format of the key generate after the connection procedure?** * After the connection procedure, a **Pairwise Master Key (PMK)** is generated, which is used for securing the data channel between the client and the server. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where the use of PMK generated by the Connection Procedure?** * The **PMK** is used for securing the wireless connection between the client and the server. * It is used in the generation of encryption keys for the data exchange during the established connection. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`EAP_GPSK Version&IEEE Details ` * :ref:`EAP_GPSK FreeRadius Basic Setup on Ubuntu (2 Machines) ` * :ref:`EAP_GPSK FreeRadius Basic Setup on Ubuntu (3 Machines) ` * :ref:`EAP_GPSK Internal Radius Server Basic Setup on Ubuntu (2 Machines) ` * :ref:`STEP 1: Bring up AP ` * :ref:`STEP 2: Bring up STA ` * :ref:`EAP_GPSK Protocol Packet Details ` * :ref:`EAP_GPSK Usecases ` * :ref:`EAP_GPSK Basic Features ` * :ref:`Reference links ` .. _EAP_GPSK_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _EAP_GPSK_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _EAP_GPSK_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _EAP_GPSK_step5: .. tab-set:: .. tab-item:: EAP_GPSK Version&RFC Details * rfc details .. _EAP_GPSK_step20: .. tab-set:: .. tab-item:: Internal Radius Server Basic Setup on Ubuntu (2 Machines) .. _EAP_GPSK_step21: .. tab-set:: .. tab-item:: STEP 1: Bring up AP using hostapd .. csv-table:: :file: ./EAP_GPSK/eap_gpsk_ap_hostapd.csv :class: tight-table .. _EAP_GPSK_step22: .. tab-set:: .. tab-item:: STEP 2: Bring up STA .. csv-table:: :file: ./EAP_GPSK/eap_gpsk_sta_wpa_supplicant.csv :class: tight-table .. tab-set:: .. tab-item:: Wireshark Output * Download file to check wireshark output :download:`Packet capture in EAP_GPSK ` .. _EAP_GPSK_step19: .. tab-set:: .. tab-item:: EAP_GPSK FreeRadius Basic Setup on Ubuntu (3 Machines) * setup .. _EAP_GPSK_step18: .. tab-set:: .. tab-item:: EAP_GPSK FreeRadius Basic Setup on Ubuntu (2 Machines) * setup .. _EAP_GPSK_step6: .. tab-set:: .. tab-item:: EAP_GPSK Protocol Packet Details * packet details .. _EAP_GPSK_step7: .. tab-set:: .. tab-item:: EAP_GPSK Usecases * usecases .. _EAP_GPSK_step8: .. tab-set:: .. tab-item:: EAP_GPSK Basic Features * features .. _EAP_GPSK_step17: .. tab-set:: .. tab-item:: Reference links * Reference links