EAP-GTC ========= .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is Expansion of EAP-GTC?** EAP-GTC stands for **Extensible Authentication Protocol - Generic Token Card**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is EAP-GTC?** EAP-GTC is a type of EAP (Extensible Authentication Protocol) used for token-based authentication, typically involving **one-time password (OTP)** systems. The protocol allows a user to authenticate using a smart card or token device that generates a unique code for each login attempt. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is EAP-GTC useful?** * **Strong Authentication**: EAP-GTC supports two-factor authentication using a combination of something the user knows (PIN) and something they have (token). * **Token-Based Security**: It provides security through time-based tokens that change with each authentication request. * **Flexible**: It can work with various token-based systems, including smart cards and hardware tokens. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** * **Client-side**: The client enters a PIN or password and uses a token device to generate a time-sensitive one-time password (OTP). * **Server-side**: The server verifies the OTP and grants access if the credentials match the expected token and PIN. * **Authentication**: The protocol uses the OTP and PIN as a form of authentication, transmitting the credentials securely to the authentication server. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is EAP-GTC used?** * **Enterprise Networks**: EAP-GTC is used in environments requiring high security, especially where token-based authentication is needed. * **VPNs**: It can be used for VPN authentication, where two-factor authentication is required to access secure networks. * **Wireless Networks**: It is used for secure wireless access in organizations that employ strong user authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** * EAP-GTC operates at the **Application Layer (Layer 7)** of the OSI model, using lower layers for transport through protocols such as RADIUS. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-GTC Windows specific?** * No, EAP-GTC is not Windows-specific. * It is a cross-platform authentication method supported on various operating systems, including **Windows**, **Linux**, and **macOS**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-GTC Linux Specific?** * No, EAP-GTC is not Linux-specific. * It can be implemented on **Linux**, **Windows**, and other platforms with the necessary token-based authentication setup. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by EAP-GTC?** * EAP-GTC uses **RADIUS** as the transport protocol, which generally operates over **UDP**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by EAP-GTC?** * EAP-GTC typically uses **UDP port 1812** for authentication and **UDP port 1813** for accounting in conjunction with **RADIUS**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-GTC using Client server model?** * Yes, EAP-GTC follows a **client-server model**. * The **client** initiates the authentication request, while the **server** (RADIUS server) verifies the credentials and grants access. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-GTC protocol uses certificates?** * No, EAP-GTC does not use certificates for authentication. * It relies on token-based authentication methods, such as PINs and one-time passwords. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How many frame exchanges are seen during connection for EAP-GTC protocol?** * EAP-GTC typically requires **two or three frame exchanges**: * One for sending the authentication request. * Another for sending the OTP and PIN. * Optionally, another to confirm the authentication result. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-GTC Protocol uses client certificates?** * No, EAP-GTC does not use **client certificates**. * It relies on tokens and PINs for authentication instead. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-GTC Protocol uses Server Certificates?** * No, EAP-GTC does not use **server certificates**. * Authentication relies on token-based mechanisms. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-GTC Protocol depends on TCP?** * No, EAP-GTC does not depend on **TCP**. * It relies on **UDP**, typically used in **RADIUS** for transport. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-GTC Protocol depends on UDP?** * Yes, EAP-GTC depends on **UDP** for transport, specifically using the **RADIUS protocol**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What are the roles involved when testing EAP-GTC Protocol?** * **Client**: Sends the authentication request along with the PIN and OTP. * **RADIUS Server**: Verifies the credentials and either grants or denies access based on the response. * **Administrator**: Configures and manages the token-based system, sets up the RADIUS server, and tests the authentication process. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-GTC Protocol work with FreeRADIUS server on Linux?** * Yes, EAP-GTC works with **FreeRADIUS** on Linux. * It can be configured to support token-based authentication, such as one-time passwords. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-GTC Protocol work with Internal RADIUS server of hostapd?** * Yes, EAP-GTC can be used with the internal RADIUS server of **hostapd** for authentication purposes. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the RFC version used for EAP-GTC Protocol?** * The **RFC** for EAP-GTC is **RFC 2284**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **During Connection Procedure which EPoL Packets are encrypted?** * During the connection procedure, **EAP-GTC** packets that contain sensitive information (e.g., PIN, OTP) are encrypted to ensure confidentiality. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can you Explain different stages of Connection Procedure for EAP-GTC Protocol?** * **Stage 1**: The client sends the authentication request with the token and PIN. * **Stage 2**: The server checks the OTP provided by the client, validates it against the stored token. * **Stage 3**: If the validation is successful, the server grants access to the client. * **Stage 4**: If the validation fails, access is denied. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the final output of Connection Procedure?** * The final output is a successful authentication or failure, depending on the accuracy of the token and PIN provided by the client. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the format of the key generated after the connection procedure?** * The connection generates a **Pairwise Master Key (PMK)**, which is used to secure the communication between the client and the server. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is the use of PMK generated by the Connection Procedure?** * The **PMK** is used to derive encryption keys for securing the communication between the client and the server during the session. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`EAP_GTC Version&IEEE Details ` * :ref:`EAP_GTC FreeRadius Basic Setup on Ubuntu (2 Machines) ` * :ref:`STEP 1: Bring up FreeRADIUS ` * :ref:`STEP 2: Bring up AP ` * :ref:`STEP 3: Bring up STA ` * :ref:`EAP_GTC FreeRadius Basic Setup on Ubuntu (3 Machines) ` * :ref:`EAP_GTC Internal Radius Server Basic Setup on Ubuntu (2 Machines) ` * :ref:`EAP_GTC Protocol Packet Details ` * :ref:`EAP_GTC Usecases ` * :ref:`EAP_GTC Basic Features ` * :ref:`Reference links ` .. _EAP_GTC_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _EAP_GTC_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _EAP_GTC_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _EAP_GTC_step5: .. tab-set:: .. tab-item:: EAP_GTC Version&RFC Details * rfc details .. _EAP_GTC_step18: .. tab-set:: .. tab-item:: EAP_GTC FreeRadius Basic Setup on Ubuntu (2 Machines) .. _EAP_GTC_step23: .. tab-set:: .. tab-item:: STEP 1: Bring up FreeRADIUS .. csv-table:: :file: ./EAP_GTC/eap_gtc_freeradius_server.csv :class: tight-table .. _EAP_GTC_step21: .. tab-set:: .. tab-item:: STEP 2: Bring up AP using hostapd .. csv-table:: :file: ./EAP_GTC/eap_gtc_ap_hostapd.csv :class: tight-table .. _EAP_GTC_step22: .. tab-set:: .. tab-item:: STEP 3: Bring up STA .. csv-table:: :file: ./EAP_GTC/eap_gtc_sta_wpa_supplicant.csv :class: tight-table .. tab-set:: .. tab-item:: Wireshark Output * Download file to check wireshark output :download:`Packet capture in EAP_GTC` .. _EAP_GTC_step19: .. tab-set:: .. tab-item:: EAP_GTC FreeRadius Basic Setup on Ubuntu (3 Machines) * setup .. _EAP_GTC_step20: .. tab-set:: .. tab-item:: Internal Radius Server Basic Setup on Ubuntu (2 Machines) * setup .. _EAP_GTC_step6: .. tab-set:: .. tab-item:: EAP_GTC Protocol Packet Details * packet details .. _EAP_GTC_step7: .. tab-set:: .. tab-item:: EAP_GTC Usecases * usecases .. _EAP_GTC_step8: .. tab-set:: .. tab-item:: EAP_GTC Basic Features * features .. _EAP_GTC_step17: .. tab-set:: .. tab-item:: Reference links * Reference links