WIRELESS LAN SECURITY FUNDAMENTALScommunity.arubanetworks.com/aruba/attachments/aruba/Airheads... · WIRELESS LAN SECURITY FUNDAMENTALS Jon Green ... • Disadvantages: – PKI is

#ATM15 |

WIRELESS LAN SECURITY FUNDAMENTALS Jon Green March 2015

2 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved

#ATM15 |

Learning Goals

Authentication with 802.1X But first: We need to understand PKI And before that, we need a cryptography primer…

3 #ATM15 |

Cryptography Primer


#ATM15 |

Why study cryptography?

•  Absolutely critical to wireless security •  Heavily used during authentication process •  Protects data in transit •  Makes you more interesting at parties


#ATM15 |

Meet Bob and Alice

Bob and Alice are traditionally used in examples of cryptography


#ATM15 |

Symmetric Key Cryptography

CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved

7 #ATM15 |

Symmetric Key Cryptography

•  Strength: –  Simple and very fast (order of 1000 to 10000 faster than asymmetric mechanisms)

•  Challenges: – Must agree on the key beforehand –  How to securely pass the key to the other party?

•  Examples: AES, 3DES, DES, RC4 •  AES is the current “gold standard” for security


#ATM15 |

Symmetric Cipher “Modes”


#ATM15 |

Public Key Cryptography (Asymmetric)


10 #ATM15 |

Public Key Cryptography

•  Strength –  Solves problem of passing the key –  Allows establishment of trust context between parBes

•  Challenges: –  Slow (MUCH slower than symmetric) –  Problem of trusBng public key (what if I’ve never met you?)

•  Examples: RSA, DSA, ECDSA


11 #ATM15 |

Hybrid Cryptography

•  Randomly generate “session” key •  Encrypt data with “session” key

(symmetric key cryptography) •  Encrypt “session” key with recipient’s public key

(public key cryptography)


#ATM15 |

Hash Function

•  Properties –  it is easy to compute the hash value for any given message –  it is infeasible to find a message that has a given hash –  it is infeasible to find two different messages with the same hash –  it is infeasible to modify a message without changing its hash

•  Ensures message integrity •  Also called message digests or fingerprints •  Examples: MD5, SHA1, SHA2 (256/384/512)


#ATM15 |

Digital Signature

•  Combines a hash with an asymmetric crypto algorithm

•  The sender’s private key is used in the digital signature operation

•  Digital signature calculation:


#ATM15 |

Message Authentication


#ATM15 |

HMAC


#ATM15 |

Message Integrity with CBC-MAC

•  Set IV=0 •  Run message through AES-CBC (or some other symmetric

cipher) •  Discard everything except final block – this output is the MAC


#ATM15 |

CCMP (Counter with CBC-MAC)

CBC-MAC

AES in Counter Mode


#ATM15 |

Entropy (Information-theoretic, not thermodynamic!)

•  When we create a random key, it must be unique and unpredictable

•  We need good random numbers for this •  What happens if it’s not unique or unpredictable?


#ATM15 |

Summary: Security Building Blocks

Encryption provides

–  confidentiality, can provide authentication and integrity protection

Checksums/hash algorithms provide

–  integrity protection, can provide authentication

Digital signatures provide

–  authentication, integrity protection, and non-repudiation

For more info:

Buy this Book!

20 #ATM15 |

CerGficates, Trust & PKI


21 #ATM15 |

What is a Certificate?

•  Binds a public key to some identifying information

– The signer of the certificate is called its issuer – The entity talked about in the certificate is the

subject of the certificate •  Certificates in the real world

– Any type of license, government-issued ID’s, membership cards, ...

– Binds an identity to certain rights, privileges, or other identifiers


#ATM15 |

Public Key Infrastructure

•  A CerBficate Authority (CA) guarantees the binding between a public key and another CA or an “End EnBty” (EE)

•  CA Hierarchies


#ATM15 |

Who do you trust?

Windows: Start->Run->certmgr.msc


#ATM15 |

What is a Certificate?

Identity

Trusted 3rd-party

Identity bound to public key


#ATM15 |

Public Key Infrastructure

•  We trust a cerGficate if there is a valid chain of trust to a root CA that we explicitly trust •  Web browsers also check DNS hostname == cerBficate

Common Name (CN) •  Chain Building & ValidaGon


#ATM15 |

Certificate Validity

1. Date/Time

2. Revocation •  CRL •  OCSP


#ATM15 |

Certificate Formats

PEM / PKCS#7 – Contains a certificate in base64 encoding (open in a text editor)

DER – Contains a certificate in binary encoding

PFX / PKCS#12 – Contains a certificate AND private key, protected by a password

PEM-PKCS#7: -----BEGIN CERTIFICATE----- MIID5TCCA2qgAwIBAgIKErZ83wAAAAAAEDAKBggqhkjOPQQDAzBLMRUwEwYKCZIm iZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRqb24xMRwwGgYDVQQDExNq b24xLUpPTi1TRVJWRVIyLUNBMB4XDTEzMDIwNjIyNDAzN1oXDTE0MDIwNjIyNDAz N1owHDEaMBgGA1UEAxMRMDA6MEI6ODY6ODA6MEU6REQwWTATBgcqhkjOPQIBBggq hkjOPQMBBwNCAATrgMEy+gw3PpVmKmOZPykpKMQmcPBB9B676cnyxPlzGkmAQRR0 EzyD2X5KLBECq8hzmRTaVOlY3OQk/XfI6fVvo4ICYzCCAl8wPQYJKwYBBAGCNxUH BDAwLgYmKwYBBAGCNxUIhe7KRYPsiXqElZMYhqH9BYTl+0SBA4Sn/SPJgGMCAWQC AQkwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOIMBsGCSsGAQQB gjcVCgQOMAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFAvM3qRuBFR80o4raVwf5uYe YUi5MB8GA1UdIwQYMBaAFOHxRRuokak66iwzfWV/CMvZ129sMIHUBgNVHR8Egcww gckwgcaggcOggcCGgb1sZGFwOi8vL0NOPWpvbjEtSk9OLVNFUlZFUjItQ0EsQ049 Sk9OLVNFUlZFUjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9am9uMSxEQz1sb2NhbD9jZXJ0 aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJp YnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0MIGxBggrBgEFBQcwAoaBpGxk YXA6Ly8vQ049am9uMS1KT04tU0VSVkVSMi1DQSxDTj1BSUEsQ049UHVibGljJTIw S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1q b24xLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0 aWZpY2F0aW9uQXV0aG9yaXR5MAoGCCqGSM49BAMDA2kAMGYCMQDi+o5P1Tsdb24b wH6JjHSJT1RPNyM1WUYQtPgInUBW0E7LsZtSoS50Jvp0MQ93ge0CMQC1qb/0gUEy PSIw7GwjFz6MGI5dH42WsxKl9+dW2CptGdI/V9+LSCsgRaMjJt9Teh8= -----END CERTIFICATE-----


#ATM15 |

Creating Certificates A-Z

1.  Generate entropy 2.  Use entropy to create random public/private keypair (asymmetric

crypto) 3.  Attach identifying information to public key – send to CA

(Certificate Signing Request) 4.  CA issues certificate in X.509 format –  Contains public key as supplied in CSR –  Contains hash of certificate contents –  Contains digital signature signed with CA’s private key (hash + asymmetric

crypto)

5.  Retrieve certificate from CA – match up with private key. Ready for use.


#ATM15 |

Generating Certificate Signing Request


#ATM15 |

Send CSR to your CA of choice


#ATM15 |

Certificate Authority Best Practices

Symantec/VeriSign Data Center


#ATM15 |

Public CA versus Private CA

•  Windows Server includes a domain-aware CA – why not just use it?

•  Disadvantages: –  PKI is complex. Might be easier to let Verisign/Thawte/etc. do it for you. –  Nobody outside your Windows domain will trust your certificates

•  Advantages: –  Less costly –  Better security possible. Low chances of someone outside organization getting a

certificate from your internal PKI


#ATM15 |

OCSP

•  Can be used by the client (e.g. web browser) to verify server’s certificate validity –  OCSP URL is read from server certificate’s AIA field

•  Can be used by the server (e.g. mobility controller) to verify client’s certificate validity –  OCSP URL is most often configured on the server to point to specific OCSP

responders

•  OCSP transactions use HTTP for transport protocol •  Important: Nonce Extension required for replay prevention –  Some public CAs don’t like this…


#ATM15 |

For More Info

Buy this Book!

35 #ATM15 |

Putting it all together: 802.1X


#ATM15 |

Authentication with 802.1X

•  Authenticates users before granting access to L2 media

•  Makes use of EAP (Extensible Authentication Protocol)

•  802.1X authentication happens at L2 – users will be authenticated before an IP address is assigned


#ATM15 |

Sample EAP Transaction

2-stage process – Outer tunnel establishment – Credential exchange happens inside encrypted tunnel

Client

Authentication S

erver Request Identity

Response Identity (anonymous) Response Identity

TLS Start Certificate

Client Key exchange Cert. verification

Request credentials

Response credentials

Success

EAPOL RADIUS A

uthenticator

EAPOL Start


#ATM15 |

802.1X Packet Capture


#ATM15 |

802.1X Acronym Soup

PEAP (Protected EAP) –  Uses a digital certificate on the network side –  Password or certificate on the client side

EAP-TLS (EAP with Transport Level Security) –  Uses a certificate on network side –  Uses a certificate on client side

TTLS (Tunneled Transport Layer Security) –  Uses a certificate on the network side –  Password, token, or certificate on the client side

EAP-FAST –  Cisco proprietary –  Do not use – known security weaknesses


#ATM15 |


#ATM15 |

Configure Supplicant Properly

•  Configure the Common Name of your RADIUS server (matches CN in server certificate)

•  Configure trusted CAs (an in-house CA is better than a public CA)

•  ALWAYS validate the server certificate

•  Do not allow users to add new CAs or trust new servers

•  Enforce with group policy


#ATM15 |

Isn’t MSCHAPv2 broken?

•  Short answer: Yes – because of things like rainbow tables, distributed cracking, fast GPUs, etc.

•  This is why we use MSCHAPv2 inside a PEAP (TLS) tunnel for Wi-Fi – What happens if you don’t properly validate the server certificate? – Look up FreeRADIUS-WPE

•  Still using PPTP for VPN? Watch out…


#ATM15 |

WPA2 Key Management Summary

Step 1: Use RADIUS to push PMK from AS to AP

Step 2: Use PMK and 4-Way Handshake to derive, bind, and verify PTK

Step 3: Use Group Key Handshake to send GTK from AP to STA

Auth Server

AP/Controller


#ATM15 |

4-Way Handshake

EAPoL-Key(Reply Required, Unicast, ANonce)

Pick Random ANonce

EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)

EAPoL-Key(Reply Required, Install PTK, Unicast, ANonce, MIC, AP SSN IE)

Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce | SNonce | AP MAC Addr | STA MAC Addr)

Derive PTK

EAPoL-Key(Unicast, ANonce, MIC)

Install PTK Install PTK

PMK PMK


#ATM15 |

Summary

•  Security is complex •  Once you understand it, people will envy you •  You can make Facebook posts to confuse your parents

•  More importantly: Do it right so you don’t get hacked


#ATM15 |

Sign up, save $200!

arubanetworks.com/atmosphere2016

Give feedback!

… Before You Go

atmosphere 2016

Documents

WIRELESS LAN SECURITY FUNDAMENTALScommunity.arubanetworks.com/aruba/attachments/aruba/Airheads... · WIRELESS LAN SECURITY FUNDAMENTALS Jon Green ... • Disadvantages: – PKI is