802.11 WPA Enterprise Test Suite Data Sheet
Test Suite:
802.11 WPA Enterprise Test Suite
Direction:
Server

802.11 WPA Enterprise Test Suite can be used to test the robustness, security and reliability of WPA/WPA2 Enterprise Authenticator. It discovers faults in a target software by feeding it with invalid, incorrect and malformed data and data structures. Currently 802.11 WPA Enterprise Test Suite supports only EAP TLS authentication method for WPA Enterprise. The Codenomicon 802.11 Test Suites are a Linux-only solution. Due to library dependencies which are not readily available in older Linux distributions, the most recent Stable releases are recommended (currently Fedora 20 or Ubuntu 14.04). Windows environments are not supported. The solution also requires an external Wi-Fi Transceiver dongle which will be supplied by Codenomicon with the suites. This dongle uses an Atheros 9170 chipset and operates on both the 2.4GHz and 5GHz bands, also offering a possibility for a cabled connection using two RP-SMA external antenna connectors.

Used specifications

Specification
Title
802-1x-2004

802.1X Local and metropolitan area networks Port-Based Network Access Control

RFC 3748

Extensible Authentication Protocol (EAP)

RFC 5216

The EAP-TLS Authentication Protocol

RFC 5246

The Transport Layer Security (TLS) Protocol Version 1.2

RFC 6066

Transport Layer Security (TLS) Extensions: Extension Definitions

RFC 6520

Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension

IEEE 802.11-2012

IEEE Standards for Information Technology - Telecommunications and Information Exchange between Systems - Local and Metropolitan Area Networks - Specific Requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY)

Wi-Fi Protected Access (WPA) Version 3.1

Wi-Fi Alliance: Enhanced Security Implementation Based on IEEE 802.11i standard

IEEE 802.11i-2004

Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specification Amendment 6: Security Enhancements

Tool-specific information

Tested messages
Notes
Specifications
EAP Identity Response
RFC3748
EAP TLS ACK
RFC5216
Client Hello
RFC5246
Client Certificate
RFC5246
Client Key Exchange Message
RFC5246
Certificate Request
RFC5246
Client Hello Done
RFC5246
Finished
RFC5246
Change Cipher Spec
RFC5246
Alert
RFC5246
Heartbeat Request
RFC6520
Heartbeat Response
RFC6520
4-Way-Handshake Message 2
IEEE 802.11-2012
4-Way-Handshake Message 4
IEEE 802.11-2012

Supported TLS/SSL cipher suites
Specifications
Notes
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

Supported SafeGuard Checks

Authentication Bypass

Certificate Validation

Heartbleed

Insufficient Randomness

Unexpected Data

Weak Cryptography

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis