WIRELESS LAN SECURITY FUNDAMENTALS · WIRELESS LAN SECURITY FUNDAMENTALS Jone Ostebo November 2015. ... • Disadvantages: –PKI is complex. Might be easier to let Verisign/Thawte/etc.

#ATM15ANZ | @ArubaANZ

WIRELESS LAN SECURITY FUNDAMENTALSJone OsteboNovember 2015

2#ATM15ANZ | @ ArubaANZ CONFIDENTIAL © Copyright 2015. Aruba, a Hewlett Packard Enterprise company. All rights reserved.

Learning Goals

Authentication with 802.1X

But first: We need to understand some PKI

And before that, we need a cryptography primer…

And before that … What is security


Security basics

What is security ?


Biggest security challenge at BH

CRYPTOGRAPHY PRIMER


Why study cryptography?

• Absolutely critical to wireless security

• Heavily used during authentication process

• Protects data in transit

• Makes you more interesting at parties


Meet Bob and Alice

Bob and Alice are traditionally used in examples of cryptography


Symmetric Key Cryptography


Symmetric Key Cryptography

• Strength:– Simple and very fast (order of 1000 to 10000 faster than asymmetric mechanisms)

• Challenges:– Must agree on the key beforehand

– How to securely pass the key to the other party?

• Examples: AES, 3DES, DES, RC4

• AES is the current “gold standard” for security


Public Key Cryptography (Asymmetric)


Public Key Cryptography

• Strength– Solves problem of passing the key

– Allows establishment of trust context between parties

• Challenges:– Slow (MUCH slower than symmetric)

– Problem of trusting public key (what if I’ve never met you?)

• Examples: RSA, DSA, ECDSA


Hybrid Cryptography

• Randomly generate “session” key• Encrypt data with “session” key

(symmetric key cryptography)• Encrypt “session” key with recipient’s public key

(public key cryptography)


Hash Function

• Properties

– it is easy to compute the hash value for any given message

– it is infeasible to find a message that has a given hash

– it is infeasible to find two different messages with the same hash

– it is infeasible to modify a message without changing its hash

• Ensures message integrity

• Also called message digests or fingerprints

• Examples: MD5, SHA1, SHA2 (256/384/512)


Message Integrity with CBC-MAC

• Set IV=0

• Run message through AES-CBC (or some other symmetric cipher)

• Discard everything except final block – this output is the MAC


AES-CCM (Counter with CBC-MAC)

CBC-MAC

AES in Counter

Mode


Entropy(Information-theoretic, not thermodynamic!)

• When we create a random key, it must be unique and unpredictable

• We need good random numbers for this

• What happens if it’s not unique or unpredictable?


Summary: Security Building Blocks

• Encryption provides

– confidentiality, can provide authentication and integrity protection

• Checksums/hash algorithms provide

– integrity protection, can provide authentication

• Digital signatures provide

– authentication, integrity protection

– For more info:

Buy this Book!

CERTIFICATES, TRUST & PKI


What is a Certificate?

• Binds a public key to some identifying information

– The signer of the certificate is called its issuer

– The entity talked about in the certificate is the subject of the certificate

• Certificates in the real world

– Any type of license, government-issued ID’s, membership cards, ...

– Binds an identity to certain rights, privileges, or other identifiers


Public Key Infrastructure

• A Certificate Authority (CA) guarantees the

binding between a public key and another

CA or an “End Entity” (EE)

• CA Hierarchies


Who do you trust?

Windows: Start->Run->certmgr.msc


Public Key Infrastructure

• We trust a certificate if there is a valid chain of trust to a root CA that we explicitly trust• Web browsers also check DNS hostname == certificate

Common Name (CN)• Chain Building & Validation


Creating Certificates A-Z

1. Generate entropy

2. Use entropy to create random public/private keypair(asymmetric crypto)

3. Attach identifying information to public key – send to CA (Certificate Signing Request)

4. CA issues certificate in X.509 format– Contains public key as supplied in CSR

– Contains hash of certificate contents

– Contains digital signature signed with CA’s private key (hash + asymmetric crypto)

5. Retrieve certificate from CA – match up with private key. Ready for use.


Generating Certificate Signing Request


Public CA versus Private CA

• Windows Server includes a domain-aware CA – why not just use it?

• Disadvantages:– PKI is complex. Might be easier to let Verisign/Thawte/etc. do it for you.

– Nobody outside your Windows domain will trust your certificates

• Advantages:– Less costly

– Better security possible. Low chances of someone outside organization getting a certificate from your internal PKI


For More Info

Buy this Book!

https://kvazar.files.wordpress.com/2008/12/unencrypted.pdf

PUTTING IT ALL TOGETHER: 802.1X


Authentication with 802.1X

• Authenticates users before granting access to L2 media

• Makes use of EAP (Extensible Authentication Protocol)

• 802.1X authentication happens at L2 –users will be authenticated before an IP address is assigned


Sample EAP Transaction

2-stage process– Outer tunnel establishment

– Credential exchange happens inside encrypted tunnel

Clie

nt

Auth

entic

atio

n S

erv

er

Request Identity

Response Identity (anonymous) Response Identity

TLS Start

CertificateClient Key exchange

Cert. verification

Request credentials

Response credentials

Success

EAPOL RADIUSA

uth

entic

ato

r

EAPOL Start


802.1X Acronym Soup

PEAP (Protected EAP)– Uses a digital certificate on the network side

– Password or certificate on the client side

EAP-TLS (EAP with Transport Level Security)– Uses a certificate on network side

– Uses a certificate on client side

TTLS (Tunneled Transport Layer Security)– Uses a certificate on the network side

– Password, token, or certificate on the client side

EAP-FAST– Cisco proprietary

– Do not use – known security weaknesses

31 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |


Configure Supplicant Properly

• Configure the Common Name of your RADIUS server (matches CN in server certificate)

• Configure trusted CAs (an in-house CA is better than a public CA)

• ALWAYS validate the server certificate

• Do not allow users to add new CAs or trust new servers

• Enforce with group policy


Isn’t MSCHAPv2 broken?

• Short answer: Yes – because of things like rainbow tables, distributed cracking, fast GPUs, etc.

• This is why we use MSCHAPv2 inside a PEAP (TLS) tunnel for Wi-Fi

– What happens if you don’t properly validate the server certificate?

– Look up FreeRADIUS-WPE

• Test at Aruba HQ Sunnyvale


WPA2 Key Management Summary

Step 1: Use RADIUS to push PMK from AS to AP

Step 2: Use PMK and 4-Way Handshake to

derive, bind, and verify PTK

Step 3: Use Group Key Handshake to send GTK

from AP to STA

Auth Server

AP/Controller

THANK YOU

#ATM15ANZ | @ArubaANZ

THANK YOU

WIRELESS LAN SECURITY FUNDAMENTALS · WIRELESS LAN SECURITY FUNDAMENTALS Jone Ostebo November 2015. ... • Disadvantages: –PKI is complex. Might be easier to let Verisign/Thawte/etc.

Documents