WIRELESS LAN SECURITY FUNDAMENTALS

(1)

#ATM15ANZ | @ArubaANZ

WIRELESS LAN SECURITY FUNDAMENTALS

Jone Ostebo

(2)

2 #ATM15ANZ | @ ArubaANZ

Learning Goals

Authentication with 802.1X

But first: We need to understand some PKI

And before that, we need a cryptography primer…

And before that … What is security

(3)

3 #ATM15ANZ | @ ArubaANZ

Security basics

(4)

4 #ATM15ANZ | @ ArubaANZ

(5)

(6)

6 #ATM15ANZ | @ ArubaANZ

Why study cryptography?

• Absolutely critical to wireless security

• Heavily used during authentication process

• Protects data in transit

(7)

7 #ATM15ANZ | @ ArubaANZ

Meet Bob and Alice

(8)

8 #ATM15ANZ | @ ArubaANZ

(9)

9 #ATM15ANZ | @ ArubaANZ

Symmetric Key Cryptography

• Strength:

–

Simple and very fast (order of 1000 to 10000 faster than asymmetric mechanisms)

• Challenges:

–

Must agree on the key beforehand

–

How to securely pass the key to the other party?

• Examples: AES, 3DES, DES, RC4

(10)

10 #ATM15ANZ | @ ArubaANZ

(11)

11 #ATM15ANZ | @ ArubaANZ

Public Key Cryptography

• Strength

–

Solves problem of passing the key

–

Allows establishment of trust context between parties

• Challenges:

–

Slow (MUCH slower than symmetric)

–

Problem of trusting public key (what if I’ve never met you?)

(12)

12 #ATM15ANZ | @ ArubaANZ

Hybrid Cryptography

• Randomly generate “session” key

• Encrypt data with “session” key

(symmetric key cryptography)

• Encrypt “session” key with recipient’s public key

(public key cryptography)

(13)

13 #ATM15ANZ | @ ArubaANZ

Hash Function

• Properties

–

it is easy to compute the hash value for any given message

–

it is infeasible to find a message that has a given hash

–

it is infeasible to find two different messages with the same hash

–

it is infeasible to modify a message without changing its hash

• Ensures message integrity

• Also called message digests or fingerprints

(14)

14 #ATM15ANZ | @ ArubaANZ

Message Integrity with CBC-MAC

• Set IV=0

• Run message through AES-CBC (or some other symmetric

cipher)

(15)

15 #ATM15ANZ | @ ArubaANZ

AES-CCM (

C

ounter with

C

BC-

M

AC)

CBC-MAC

AES in Counter

Mode

(16)

16 #ATM15ANZ | @ ArubaANZ

Entropy

(Information-theoretic, not thermodynamic!)

• When we create a random key, it must be unique and

unpredictable

• We need good random numbers for this

(17)

17 #ATM15ANZ | @ ArubaANZ

Summary: Security Building Blocks

• Encryption provides

–

confidentiality, can provide authentication and integrity protection

• Checksums/hash algorithms provide

–

integrity protection, can provide authentication

• Digital signatures provide

–

authentication, integrity protection

–

For more info:

(18)

(19)

19 #ATM15ANZ | @ ArubaANZ

What is a Certificate?

• Binds a public key to some identifying

information

–

The signer of the certificate is called its issuer

–

The entity talked about in the certificate is the subject of

the certificate

• Certificates in the real world

–

Any type of license, government-issued ID’s,

membership cards, ...

–

Binds an identity to certain rights, privileges, or other

identifiers

(20)

20 #ATM15ANZ | @ ArubaANZ

Public Key Infrastructure

• A Certificate Authority (CA) guarantees the

binding between a public key and another

CA or an “End Entity” (EE)

(21)

21 #ATM15ANZ | @ ArubaANZ

Who do you trust?

(22)

22 #ATM15ANZ | @ ArubaANZ

Public Key Infrastructure

• We trust a certificate if there is a valid chain of trust to a root

CA that we explicitly trust

• Web browsers also check DNS hostname == certificate

Common Name (CN)

(23)

23 #ATM15ANZ | @ ArubaANZ

Creating Certificates A-Z

1. Generate entropy

2. Use entropy to create random public/private keypair

(asymmetric crypto)

3. Attach identifying information to public key – send to CA

(Certificate Signing Request)

4. CA issues certificate in X.509 format

–

Contains public key as supplied in CSR

–

Contains hash of certificate contents

–

Contains digital signature signed with CA’s private key (hash + asymmetric

crypto)

5. Retrieve certificate from CA – match up with private key. Ready

(24)

24 #ATM15ANZ | @ ArubaANZ

(25)

25 #ATM15ANZ | @ ArubaANZ

Public CA versus Private CA

• Windows Server includes a domain-aware CA

– why not just use

it?

• Disadvantages:

–

PKI is complex. Might be easier to let Verisign/Thawte/etc. do it for you.

–

Nobody outside your Windows domain will trust your certificates

• Advantages:

–

Less costly

–

Better security possible. Low chances of someone outside organization getting a

certificate from your internal PKI

(26)

26 #ATM15ANZ | @ ArubaANZ

For More Info

Buy this Book!

(27)

(28)

28 #ATM15ANZ | @ ArubaANZ

Authentication with 802.1X

• Authenticates users before granting

access to L2 media

• Makes use of EAP (Extensible

Authentication Protocol)

• 802.1X authentication happens at L2 –

users will be authenticated before an IP

address is assigned

(29)

29 #ATM15ANZ | @ ArubaANZ

Sample EAP Transaction

2-stage process

–

Outer tunnel establishment

–

Credential exchange happens inside encrypted tunnel

Client

Authentication Server

Request Identity

Response Identity (anonymous)

Response Identity

TLS Start

Certificate

Client Key exchange

Cert. verification

Request credentials

Response credentials

Success

EAPOL

RADIUS

Authenticator

EAPOL Start

(30)

30 #ATM15ANZ | @ ArubaANZ

802.1X Acronym Soup

PEAP (Protected EAP)

–

Uses a digital certificate on the network side

–

Password or certificate on the client side

EAP-TLS (EAP with Transport Level Security)

–

Uses a certificate on network side

–

Uses a certificate on client side

TTLS (Tunneled Transport Layer Security)

–

Uses a certificate on the network side

–

Password, token, or certificate on the client side

EAP-FAST

–

Cisco proprietary

(31)

(32)

32 #ATM15ANZ | @ ArubaANZ

Configure Supplicant Properly

• Configure the Common Name of

your RADIUS server (matches CN in

server certificate)

• Configure trusted CAs (an in-house

CA is better than a public CA)

• ALWAYS validate the server

certificate

• Do not allow users to add new CAs

or trust new servers

(33)

33 #ATM15ANZ | @ ArubaANZ

Isn’t MSCHAPv2 broken?

• Short answer: Yes – because of things like rainbow tables,

distributed cracking, fast GPUs, etc.

• This is why we use MSCHAPv2 inside a PEAP (TLS) tunnel for

Wi-Fi

–

What happens if you don’t properly validate the server certificate?

–

Look up FreeRADIUS-WPE

(34)

34 #ATM15ANZ | @ ArubaANZ

WPA2 Key Management Summary

Step 1: Use RADIUS to push PMK from AS to AP

Step 2: Use PMK and 4-Way Handshake to

derive, bind, and verify PTK

Step 3: Use Group Key Handshake to send GTK

from AP to STA

Auth Server

(35)

THANK YOU

#ATM15ANZ | @ArubaANZ