Upload
aruba-networks-an-hp-company
View
403
Download
0
Embed Size (px)
Citation preview
Wireless LAN Security Fundamentals
Peter LaneDecember 2014
2CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Today’s Agenda
• Goal: Authentication with 802.1X and
encryption with WPA2
• But first: We need to understand PKI
• And before that, we need a
cryptography primer!
3CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Cryptography Primer
4CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Why study cryptography?
• Absolutely critical to wireless security
• Heavily used during authentication
process
• Protects data in transit
• Makes you more interesting at parties
5CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Symmetric Key Cryptography
6CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Symmetric Key Cryptography
• Strength:– Simple and very fast (order of 1000 to 10000 faster than
asymmetric mechanisms)
• Challenges:– Must agree on the key beforehand
– How to securely pass the key to the other party?
• Examples: AES, 3DES, DES, RC4
• AES is the current “gold standard” for security
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
Symmetric Cipher “Modes”
8CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Cryptography (Asymmetric)
9CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Cryptography
• Strength
– Solves problem of passing the key
– Allows establishment of trust context between parties
• Challenges:
– Slow (MUCH slower than symmetric)
– Problem of trusting public key (what if I’ve never met you?)
• Examples: RSA, DSA, ECDSA, ElGamal
10CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Hybrid Cryptography
• Randomly generate “session” key• Encrypt data with “session” key
(symmetric key cryptography)• Encrypt “session” key with recipient’s public key
(public key cryptography)
11CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Hash Function
• Properties
– it is easy to compute the hash value for any given message
– it is infeasible to find a message that has a given hash
– it is infeasible to find two different messages with the same hash
– it is infeasible to modify a message without changing its hash
• Ensures message integrity
• Also called message digests or fingerprints
• Examples: MD5, SHA1, SHA2 (256/384/512)
12CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Digital Signature
• Combines a hash with an asymmetric crypto algorithm
• The sender’s private key is used in the digital signature
operation
• Digital signature calculation:
13CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Message Authentication
14CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
HMAC
15CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Message Integrity with CBC-MAC
• Set IV=0
• Run message through AES-CBC (or some other
symmetric cipher)
• Discard everything except final block – this
output is the MAC
16CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Entropy(Information-theoretic, not thermodynamic!)
• When we create a random key, it must be unique
and unpredictable
• We need good random numbers for this
• What happens if it’s not unique or unpredictable?
17CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
AES-CCM (Counter with CBC-MAC)
CBC-MAC
AES in
Counter
Mode
18CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Summary: Security Building Blocks
• Encryption provides
– confidentiality, can provide authentication and integrity protection
• Checksums/hash algorithms provide
– integrity protection, can provide authentication
• Digital signatures provide
– authentication, integrity protection, and non-repudiation
• For more info:
Buy this Book!
19CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificates, Trust & PKI
20CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
What is a Certificate?
• Binds a public key to some identifying
information
– The signer of the certificate is called its
issuer
– The entity talked about in the certificate is
the subject of the certificate
• Certificates in the real world
– Any type of license, government-issued
ID’s, membership cards, ...
– Binds an identity to certain rights, privileges,
or other identifiers
21CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Infrastructure
• A Certificate Authority (CA) guarantees the binding between a public key and another CA or an “End Entity” (EE)
• CA Hierarchies
22CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Who do you trust?
Windows: Start->Run->certmgr.msc
23CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public CA versus Private CA
• Windows Server includes a domain-aware CA –
why not just use it?
• Disadvantages:
– PKI is complex. Might be easier to let Verisign/Thawte/etc.
do it for you.
– Nobody outside your Windows domain will trust your
certificates
• Advantages:
– Less costly (but very cheap public CAs are available!)
– Better security possible. Low chances of someone outside
organization getting a certificate from your internal PKI
24CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
What is a Certificate?
Identity
Trusted
3rd-party
Identity bound
to public key
25CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Infrastructure
• We trust a certificate if there is a valid chain of trust to a root CA that we explicitly trust• Web browsers also check DNS hostname ==
certificate Common Name (CN)• Chain Building & Validation
26CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificate Validity
1. Date/Time
2. Revocation
• CRL
• OCSP
27CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificate File Formats
• PEM / PKCS#7– Contains a certificate in
base64 encoding (open in a
text editor)
• DER– Contains a certificate in binary
encoding
• PFX / PKCS#12– Contains a certificate AND
private key, protected by a
password
PEM-PKCS#7:-----BEGIN CERTIFICATE-----
MIID5TCCA2qgAwIBAgIKErZ83wAAAAAAEDAKBggqhkjO
PQQDAzBLMRUwEwYKCZIm
iZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRq
b24xMRwwGgYDVQQDExNq
b24xLUpPTi1TRVJWRVIyLUNBMB4XDTEzMDIwNjIyNDAz
N1oXDTE0MDIwNjIyNDAz
N1owHDEaMBgGA1UEAxMRMDA6MEI6ODY6ODA6MEU6REQw
WTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAATrgMEy+gw3PpVmKmOZPykpKMQmcPBB
9B676cnyxPlzGkmAQRR0
EzyD2X5KLBECq8hzmRTaVOlY3OQk/XfI6fVvo4ICYzCC
Al8wPQYJKwYBBAGCNxUH
BDAwLgYmKwYBBAGCNxUIhe7KRYPsiXqElZMYhqH9BYTl
+0SBA4Sn/SPJgGMCAWQC
AQkwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/
BAQDAgOIMBsGCSsGAQQB
gjcVCgQOMAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFAvM
3qRuBFR80o4raVwf5uYe
YUi5MB8GA1UdIwQYMBaAFOHxRRuokak66iwzfWV/CMvZ
129sMIHUBgNVHR8Egcww
gckwgcaggcOggcCGgb1sZGFwOi8vL0NOPWpvbjEtSk9O
LVNFUlZFUjItQ0EsQ049
And so on ……….
-----END CERTIFICATE-----
28CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Creating Certificates A-Z
1. Generate entropy
2. Use entropy to create random public/private
keypair (asymmetric crypto)
3. Attach identifying information to public key –
send to CA (Certificate Signing Request)
4. CA issues certificate in X.509 format
– Contains public key as supplied in CSR
– Contains hash of certificate contents
– Contains digital signature signed with CA’s private key
(hash + asymmetric crypto)
5. Retrieve certificate from CA – match up with
private key. Ready for use.
29CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
For More Info
Buy this Book!
30CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Putting it all together: 802.1X
31CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Authentication with 802.1X
• Authenticates users before
granting access to L2 media
• Makes use of EAP
(Extensible Authentication
Protocol)
• 802.1X authentication
happens at L2 – users will
be authenticated before an
IP address is assigned
32CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Sample EAP Transaction
• 2-stage process
– Outer tunnel establishment
– Credential exchange happens inside encrypted tunnel
Clie
nt
Auth
entic
atio
n S
erv
er
Request Identity
Response Identity (anonymous) Response Identity
TLS Start
CertificateClient Key exchange
Cert. verification
Request credentials
Response credentials
Success
EAPOL RADIUS
Auth
entic
ato
r
EAPOL Start
33CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
802.1X Packet Capture
34CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
802.1X Acronym Soup
• PEAP (Protected EAP)
– Uses a digital certificate on the network side
– Password or certificate on the client side
• EAP-TLS (EAP with Transport Level Security)
– Uses a certificate on network side
– Uses a certificate on client side
• TTLS (Tunneled Transport Layer Security)
– Uses a certificate on the network side
– Password, token, or certificate on the client side
• EAP-FAST
– Cisco proprietary
– Do not use – known security weaknesses
35CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Isn’t MSCHAPv2 broken?
• Short answer: Yes – because of things like
rainbow tables, distributed cracking, fast GPUs,
etc.
• This is why we use MSCHAPv2 inside a PEAP
(TLS) tunnel for Wi-Fi
– What happens if you don’t properly validate the server
certificate?
– Look up FreeRADIUS-WPE
• Still using PPTP for VPN? Watch out…
36CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
37CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Configure Supplicant Properly
• Configure the Common
Name of your RADIUS
server (matches CN in
server certificate)
• Configure trusted CAs (an
in-house CA is better than
a public CA)
• ALWAYS validate the
server certificate
• Do not allow users to add
new CAs or trust new
servers
• Enforce with group policy
38CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
WPA2 Key Management Summary
Step 1: Use RADIUS to push PMK from AS to AP
Step 2: Use PMK and 4-Way Handshake to
derive, bind, and verify PTK
Step 3: Use Group Key Handshake to send GTK
from AP to STA
Auth Server
AP/Controller
39CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
4-Way Handshake
EAPoL-Key(Reply Required, Unicast, ANonce)
Pick Random ANonce
EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)
EAPoL-Key(Reply Required, Install PTK,
Unicast, ANonce, MIC, AP SSN IE)
Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce |
SNonce | AP MAC Addr | STA MAC Addr)
Derive PTK
EAPoL-Key(Unicast, ANonce, MIC)
Install PTK Install PTK
PMK PMK
40CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Summary
• Security/crypto is complex
• Once you understand it, people will envy you
• Make Facebook posts to confuse your parents
• More importantly: Do it right so you don’t get
hacked
41CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Credits
• Some graphics stolen from: http://cevi-
users.cevi.be/Portals/ceviusers/images/default/U
serdag-20101125-Certs.pptx
• Some others stolen from:
http://acs.lbl.gov/~mrt/talks/secPrimer.ppt
42CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
43CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
Thank You
#AirheadsConf