Embed Size (px)
Citation preview
#ATM16
Wireless LAN Security FundamentalsJon Green
March 2016
2#ATM16
Learning Goals
–Authentication with 802.1X–But first: We need to understand PKI–And before that, we need a cryptography primer…
3
Cryptography Primer
4#ATM16
Why study cryptography?
• Absolutely critical to wireless security• Heavily used during authentication process• Protects data in transit• Makes you more interesting at parties
5#ATM16
Meet Bob and Alice
– Bob and Alice are traditionally used in examples of cryptography
6#ATM16
Symmetric Key Cryptography
7#ATM16
Symmetric Key Cryptography
• Strength:– Simple and very fast (order of 1000 to 10000 faster than asymmetric mechanisms)
• Challenges:– Must agree on the key beforehand– How to securely pass the key to the other party?
• Examples: AES, 3DES, DES, RC4• AES is the current “gold standard” for security
8#ATM16
Symmetric Cipher “Modes”
9#ATM16
Public Key Cryptography (Asymmetric)
10#ATM16
Public Key Cryptography
•Strength– Solves problem of passing the key– Allows establishment of trust context between parties
•Challenges:– Slow (MUCH slower than symmetric)– Problem of trusting public key (what if I’ve never met you?)
•Examples: RSA, DSA, ECDSA
11#ATM16
Hybrid Cryptography
•Randomly generate “session” key•Encrypt data with “session” key (symmetric key cryptography)
•Encrypt “session” key with recipient’s public key(public key cryptography)
12#ATM16
Hash Function
• Properties– it is easy to compute the hash value for any given message– it is infeasible to find a message that has a given hash– it is infeasible to find two different messages with the same hash– it is infeasible to modify a message without changing its hash
• Ensures message integrity• Also called message digests or fingerprints• Examples: MD5, SHA1, SHA2 (256/384/512)
13#ATM16
Digital Signature
• Combines a hash with an asymmetric crypto algorithm
• The sender’s private key is used in the digital signature operation
• Digital signature calculation:
14#ATM16
Message Authentication
15#ATM16
HMAC
16#ATM16
Message Integrity with CBC-MAC
• Set IV=0
• Run message through AES-CBC (or some other symmetric cipher)
• Discard everything except final block – this output is the MAC
17#ATM16
CCMP (Counter with CBC-MAC)
CBC-MAC
AES in CounterMode
18#ATM16
Entropy(Information-theoretic, not thermodynamic!)
• When we create a random key, it must be unique and unpredictable
• We need good random numbers for this
• What happens if it’s not unique or unpredictable?
19#ATM16
Summary: Security Building Blocks
–Encryption provides– confidentiality, can provide authentication and integrity protection
–Checksums/hash algorithms provide– integrity protection, can provide authentication
–Digital signatures provide– authentication, integrity protection, and non-repudiation
–For more info:
Buy this Book!
20
Certificates, Trust & PKI
21#ATM16
What is a Certificate?
• Binds a public key to some identifying information–The signer of the certificate is called its issuer–The entity talked about in the certificate is the subject
of the certificate• Certificates in the real world
–Any type of license, government-issued ID’s, membership cards, ...
–Binds an identity to certain rights, privileges, or other identifiers
22#ATM16
Public Key Infrastructure
• A Certificate Authority (CA) guarantees the binding between a public key and another CA or an “End Entity” (EE)
• CA Hierarchies
23#ATM16
Who do you trust?
Windows: Start->Run->certmgr.msc
24#ATM16
What is a Certificate?
Identity
Trusted3rd-party
Identity boundto public key
25#ATM16
Public Key Infrastructure
• We trust a certificate if there is a valid chain of trust to a root CA that we explicitly trust
• Web browsers also check DNS hostname == certificate Common Name (CN)
• Chain Building & Validation
26#ATM16
Certificate Validity
1. Date/Time
2. Revocation• CRL• OCSP
27#ATM16
Certificate Formats
–PEM / PKCS#7–Contains a certificate in base64 encoding (open in a text editor)
–DER–Contains a certificate in binary encoding
–PFX / PKCS#12–Contains a certificate AND private key, protected by a password
PEM-PKCS#7:-----BEGIN CERTIFICATE-----MIID5TCCA2qgAwIBAgIKErZ83wAAAAAAEDAKBggqhkjOPQQDAzBLMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRqb24xMRwwGgYDVQQDExNqb24xLUpPTi1TRVJWRVIyLUNBMB4XDTEzMDIwNjIyNDAzN1oXDTE0MDIwNjIyNDAzN1owHDEaMBgGA1UEAxMRMDA6MEI6ODY6ODA6MEU6REQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATrgMEy+gw3PpVmKmOZPykpKMQmcPBB9B676cnyxPlzGkmAQRR0EzyD2X5KLBECq8hzmRTaVOlY3OQk/XfI6fVvo4ICYzCCAl8wPQYJKwYBBAGCNxUHBDAwLgYmKwYBBAGCNxUIhe7KRYPsiXqElZMYhqH9BYTl+0SBA4Sn/SPJgGMCAWQCAQkwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOIMBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFAvM3qRuBFR80o4raVwf5uYeYUi5MB8GA1UdIwQYMBaAFOHxRRuokak66iwzfWV/CMvZ129sMIHUBgNVHR8EgcwwgckwgcaggcOggcCGgb1sZGFwOi8vL0NOPWpvbjEtSk9OLVNFUlZFUjItQ0EsQ049Sk9OLVNFUlZFUjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9am9uMSxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0MIGxBggrBgEFBQcwAoaBpGxkYXA6Ly8vQ049am9uMS1KT04tU0VSVkVSMi1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1qb24xLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MAoGCCqGSM49BAMDA2kAMGYCMQDi+o5P1Tsdb24bwH6JjHSJT1RPNyM1WUYQtPgInUBW0E7LsZtSoS50Jvp0MQ93ge0CMQC1qb/0gUEyPSIw7GwjFz6MGI5dH42WsxKl9+dW2CptGdI/V9+LSCsgRaMjJt9Teh8=-----END CERTIFICATE-----
28#ATM16
Creating Certificates A-Z
1. Generate entropy2. Use entropy to create random public/private keypair (asymmetric
crypto)3. Attach identifying information to public key – send to CA (Certificate
Signing Request)4. CA issues certificate in X.509 format
– Contains public key as supplied in CSR– Contains hash of certificate contents– Contains digital signature signed with CA’s private key (hash + asymmetric crypto)
5. Retrieve certificate from CA – match up with private key. Ready for use.
29#ATM16
Generating Certificate Signing Request
30#ATM16
Send CSR to your CA of choice
31#ATM16
Certificate Authority Best Practices
Symantec/VeriSign Data Center
32#ATM16
Public CA versus Private CA
• Windows Server includes a domain-aware CA – why not just use it?
• Disadvantages:–PKI is complex. Might be easier to let Verisign/Thawte/etc. do it for
you.–Nobody outside your Windows domain will trust your certificates
• Advantages:–Less costly–Better security possible. Low chances of someone outside
organization getting a certificate from your internal PKI
33#ATM16
OCSP
• Can be used by the client (e.g. web browser) to verify server’s certificate validity– OCSP URL is read from server certificate’s AIA field
• Can be used by the server (e.g. mobility controller) to verify client’s certificate validity– OCSP URL is most often configured on the server to point to specific OCSP responders
• OCSP transactions use HTTP for transport protocol
• Important: Nonce Extension required for replay prevention– Some public CAs don’t like this…
34#ATM16
For More Info
Buy this Book!
35
Putting it all together: 802.1X
36#ATM16
Authentication with 802.1X
•Authenticates users before granting access to L2 media
•Makes use of EAP (Extensible Authentication Protocol)
•802.1X authentication happens at L2 – users will be authenticated before an IP address is assigned
37#ATM16
Sample EAP Transaction
–2-stage process–Outer tunnel establishment–Credential exchange happens inside encrypted tunnel
Client
Authentication S
erverRequest Identity
Response Identity (anonymous) Response Identity
TLS StartCertificate
Client Key exchangeCert. verification
Request credentials
Response credentials
Success
EAPOL RADIUSA
uthenticator
EAPOL Start
38#ATM16
802.1X Packet Capture
39#ATM16
802.1X Acronym Soup
–PEAP (Protected EAP)– Uses a digital certificate on the network side– Password or certificate on the client side
–EAP-TLS (EAP with Transport Level Security)– Uses a certificate on network side– Uses a certificate on client side
–TTLS (Tunneled Transport Layer Security)– Uses a certificate on the network side– Password, token, or certificate on the client side
–EAP-FAST– Cisco proprietary– Do not use – known security weaknesses
40#ATM16
41#ATM16
Configure Supplicant Properly
•Configure the Common Name of your RADIUS server (matches CN in server certificate)
•Configure trusted CAs (an in-house CA is better than a public CA)
•ALWAYS validate the server certificate
•Do not allow users to add new CAs or trust new servers
•Enforce with group policy
42#ATM16
Isn’t MSCHAPv2 broken?
•Short answer: Yes – because of things like rainbow tables, distributed cracking, fast GPUs, etc.
•This is why we use MSCHAPv2 inside a PEAP (TLS) tunnel for Wi-Fi–What happens if you don’t properly validate the server certificate?
–Look up FreeRADIUS-WPE•Still using PPTP for VPN? Watch out…
43#ATM16
WPA2 Key Management Summary
Step 1: Use RADIUS to push PMK from AS to AP
Step 2: Use PMK and 4-Way Handshake to derive, bind, and verify PTK
Step 3: Use Group Key Handshake to send GTK from AP to STA
Auth Server
AP/Controller
44#ATM16
4-Way Handshake
EAPoL-Key(Reply Required, Unicast, ANonce)
Pick Random ANonce
EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)
EAPoL-Key(Reply Required, Install PTK, Unicast, ANonce, MIC, AP SSN IE)
Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce | SNonce | AP MAC Addr | STA MAC Addr)
Derive PTK
EAPoL-Key(Unicast, ANonce, MIC)
Install PTK Install PTK
PMK PMK
45#ATM16
Summary
• Security is complex• Once you understand it, people will envy you• You can make Facebook posts to confuse your parents
• More importantly: Do it right so you don’t get hacked
46#ATM16
Join Aruba’s Titans of Tomorrow force in the fight against network mayhem. Find out what your IT superpower is.
Share your results with friends and receive a free superpower t-shirt.
www.arubatitans.com
