Upload
aruba-networks-an-hp-company
View
1.198
Download
4
Tags:
Embed Size (px)
Citation preview
Wireless LAN Security Fundamentals
Jon GreenJune 2014
2CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Today’s Agenda
• Goal: Authentication with 802.1X
• But first: We need to understand PKI
• And before that, we need a
cryptography primer!
3CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Cryptography Primer
4CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Why study cryptography?
• Absolutely critical to wireless security
• Heavily used during authentication
process
• Protects data in transit
• Makes you more interesting at parties
5CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Symmetric Key Cryptography
6CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Symmetric Key Cryptography
• Strength:– Simple and very fast (order of 1000 to 10000 faster than
asymmetric mechanisms)
• Challenges:– Must agree on the key beforehand
– How to securely pass the key to the other party?
• Examples: AES, 3DES, DES, RC4
• AES is the current “gold standard” for security
7CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Cryptography (Asymmetric)
8CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Cryptography
• Strength
– Solves problem of passing the key
– Allows establishment of trust context between parties
• Challenges:
– Slow (MUCH slower than symmetric)
– Problem of trusting public key (what if I’ve never met you?)
• Examples: RSA, DSA, ECDSA, ElGamal
9CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Hybrid Cryptography
• Randomly generate “session” key• Encrypt data with “session” key
(symmetric key cryptography)• Encrypt “session” key with recipient’s public key
(public key cryptography)
10CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Hash Function
• Properties
– it is easy to compute the hash value for any given message
– it is infeasible to find a message that has a given hash
– it is infeasible to find two different messages with the same hash
– it is infeasible to modify a message without changing its hash
• Ensures message integrity
• Also called message digests or fingerprints
• Examples: MD5, SHA1, SHA2 (256/384/512)
11CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Digital Signature
• Combines a hash with an asymmetric crypto algorithm
• The sender’s private key is used in the digital signature
operation
• Digital signature calculation:
12CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Entropy(Information-theoretic, not thermodynamic!)
• When we create a random key, it must be unique
and unpredictable
• We need good random numbers for this
• What happens if it’s not unique or unpredictable?
13CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Summary: Security Building Blocks
• Encryption provides
– confidentiality, can provide authentication and integrity protection
• Checksums/hash algorithms provide
– integrity protection, can provide authentication
• Digital signatures provide
– authentication, integrity protection, and non-repudiation
• For more info:
Buy this Book!
14CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificates, Trust & PKI
15CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
What is a Certificate?
• Binds a public key to some identifying
information
– The signer of the certificate is called its
issuer
– The entity talked about in the certificate is
the subject of the certificate
• Certificates in the real world
– Any type of license, government-issued
ID’s, membership cards, ...
– Binds an identity to certain rights, privileges,
or other identifiers
16CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Infrastructure
• A Certificate Authority (CA) guarantees the binding between a public key and another CA or an “End Entity” (EE)
• CA Hierarchies
17CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Who do you trust?
Windows: Start->Run->certmgr.msc
18CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public CA versus Private CA
• Windows Server includes a domain-aware CA –
why not just use it?
• Disadvantages:
– PKI is complex. Might be easier to let Verisign/Thawte/etc.
do it for you.
– Nobody outside your Windows domain will trust your
certificates
• Advantages:
– Less costly (but very cheap public CAs are available!)
– Better security possible. Low chances of someone outside
organization getting a certificate from your internal PKI
19CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
What is a Certificate?
Identity
Trusted
3rd-party
Identity bound
to public key
20CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Infrastructure
• We trust a certificate if there is a valid chain of trust to a root CA that we explicitly trust• Web browsers also check DNS hostname ==
certificate Common Name (CN)• Chain Building & Validation
21CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificate Validity
1. Date/Time
2. Revocation
• CRL
• OCSP
22CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificate File Formats
• PEM / PKCS#7– Contains a certificate in base64 encoding (open in
a text editor)
• DER– Contains a certificate in binary encoding
• PFX / PKCS#12– Contains a certificate AND private key, protected
by a password
PEM-PKCS#7:-----BEGIN CERTIFICATE-----
MIID5TCCA2qgAwIBAgIKErZ83wAAAAAAEDAKBggqhkjOPQQDAzBLMRUwEwYKCZIm
iZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRqb24xMRwwGgYDVQQDExNq
b24xLUpPTi1TRVJWRVIyLUNBMB4XDTEzMDIwNjIyNDAzN1oXDTE0MDIwNjIyNDAz
N1owHDEaMBgGA1UEAxMRMDA6MEI6ODY6ODA6MEU6REQwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAATrgMEy+gw3PpVmKmOZPykpKMQmcPBB9B676cnyxPlzGkmAQRR0
EzyD2X5KLBECq8hzmRTaVOlY3OQk/XfI6fVvo4ICYzCCAl8wPQYJKwYBBAGCNxUH
BDAwLgYmKwYBBAGCNxUIhe7KRYPsiXqElZMYhqH9BYTl+0SBA4Sn/SPJgGMCAWQC
AQkwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOIMBsGCSsGAQQB
gjcVCgQOMAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFAvM3qRuBFR80o4raVwf5uYe
YUi5MB8GA1UdIwQYMBaAFOHxRRuokak66iwzfWV/CMvZ129sMIHUBgNVHR8Egcww
gckwgcaggcOggcCGgb1sZGFwOi8vL0NOPWpvbjEtSk9OLVNFUlZFUjItQ0EsQ049
Sk9OLVNFUlZFUjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO
PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9am9uMSxEQz1sb2NhbD9jZXJ0
aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJp
YnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0MIGxBggrBgEFBQcwAoaBpGxk
YXA6Ly8vQ049am9uMS1KT04tU0VSVkVSMi1DQSxDTj1BSUEsQ049UHVibGljJTIw
S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1q
b24xLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0
aWZpY2F0aW9uQXV0aG9yaXR5MAoGCCqGSM49BAMDA2kAMGYCMQDi+o5P1Tsdb24b
wH6JjHSJT1RPNyM1WUYQtPgInUBW0E7LsZtSoS50Jvp0MQ93ge0CMQC1qb/0gUEy
PSIw7GwjFz6MGI5dH42WsxKl9+dW2CptGdI/V9+LSCsgRaMjJt9Teh8=
-----END CERTIFICATE-----
23CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Creating Certificates A-Z
1. Generate entropy
2. Use entropy to create random public/private
keypair (asymmetric crypto)
3. Attach identifying information to public key –
send to CA (Certificate Signing Request)
4. CA issues certificate in X.509 format
– Contains public key as supplied in CSR
– Contains hash of certificate contents
– Contains digital signature signed with CA’s private key
(hash + asymmetric crypto)
5. Retrieve certificate from CA – match up with
private key. Ready for use.
24CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
For More Info
Buy this Book!
25CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Putting it all together: 802.1X
26CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Authentication with 802.1X
• Authenticates users before
granting access to L2 media
• Makes use of EAP
(Extensible Authentication
Protocol)
• 802.1X authentication
happens at L2 – users will
be authenticated before an
IP address is assigned
27CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Sample EAP Transaction
• 2-stage process
– Outer tunnel establishment
– Credential exchange happens inside encrypted tunnel
Clie
nt
Auth
entic
atio
n S
erv
er
Request Identity
Response Identity (anonymous) Response Identity
TLS Start
CertificateClient Key exchange
Cert. verification
Request credentials
Response credentials
Success
EAPOL RADIUS
Auth
entic
ato
r
EAPOL Start
28CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
802.1X Packet Capture
29CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
802.1X Acronym Soup
• PEAP (Protected EAP)
– Uses a digital certificate on the network side
– Password or certificate on the client side
• EAP-TLS (EAP with Transport Level Security)
– Uses a certificate on network side
– Uses a certificate on client side
• TTLS (Tunneled Transport Layer Security)
– Uses a certificate on the network side
– Password, token, or certificate on the client side
• EAP-FAST
– Cisco proprietary
– Do not use – known security weaknesses
30CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
31CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Configure Supplicant Properly
• Configure the Common
Name of your RADIUS
server (matches CN in
server certificate)
• Configure trusted CAs (an
in-house CA is better than
a public CA)
• ALWAYS validate the
server certificate
• Do not allow users to add
new CAs or trust new
servers
• Enforce with group policy
32CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
WPA2 Key Management Summary
Step 1: Use RADIUS to push PMK from AS to AP
Step 2: Use PMK and 4-Way Handshake to
derive, bind, and verify PTK
Step 3: Use Group Key Handshake to send GTK
from AP to STA
Auth Server
AP/Controller
33CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
4-Way Handshake
EAPoL-Key(Reply Required, Unicast, ANonce)
Pick Random ANonce
EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)
EAPoL-Key(Reply Required, Install PTK,
Unicast, ANonce, MIC, AP SSN IE)
Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce |
SNonce | AP MAC Addr | STA MAC Addr)
Derive PTK
EAPoL-Key(Unicast, ANonce, MIC)
Install PTK Install PTK
PMK PMK
34CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Summary
• Security/crypto is complex
• Once you understand it, people will envy you
• Make Facebook posts to confuse your parents
• More importantly: Do it right so you don’t get
hacked
35CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Credits
• Some graphics stolen from: http://cevi-
users.cevi.be/Portals/ceviusers/images/default/U
serdag-20101125-Certs.pptx
• Some others stolen from:
http://acs.lbl.gov/~mrt/talks/secPrimer.ppt
36CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
37CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved
Thank You
#AirheadsConf