Wireless LAN Security Fundamentals #AirheadsConf Italy

Wireless LAN Security Fundamentals

Jon GreenJune 2014

2CONFIDENTIAL

© Copyright 2014. Aruba Networks, Inc.

All rights reserved#AirheadsConf

Today’s Agenda

• Goal: Authentication with 802.1X

• But first: We need to understand PKI

• And before that, we need a

cryptography primer!

3CONFIDENTIAL



Cryptography Primer

4CONFIDENTIAL



Why study cryptography?

• Absolutely critical to wireless security

• Heavily used during authentication

process

• Protects data in transit

• Makes you more interesting at parties

5CONFIDENTIAL



Symmetric Key Cryptography

6CONFIDENTIAL



Symmetric Key Cryptography

• Strength:– Simple and very fast (order of 1000 to 10000 faster than

asymmetric mechanisms)

• Challenges:– Must agree on the key beforehand

– How to securely pass the key to the other party?

• Examples: AES, 3DES, DES, RC4

• AES is the current “gold standard” for security

7CONFIDENTIAL



Public Key Cryptography (Asymmetric)

8CONFIDENTIAL



Public Key Cryptography

• Strength

– Solves problem of passing the key

– Allows establishment of trust context between parties

• Challenges:

– Slow (MUCH slower than symmetric)

– Problem of trusting public key (what if I’ve never met you?)

• Examples: RSA, DSA, ECDSA, ElGamal

9CONFIDENTIAL



Hybrid Cryptography

• Randomly generate “session” key• Encrypt data with “session” key

(symmetric key cryptography)• Encrypt “session” key with recipient’s public key

(public key cryptography)

10CONFIDENTIAL



Hash Function

• Properties

– it is easy to compute the hash value for any given message

– it is infeasible to find a message that has a given hash

– it is infeasible to find two different messages with the same hash

– it is infeasible to modify a message without changing its hash

• Ensures message integrity

• Also called message digests or fingerprints

• Examples: MD5, SHA1, SHA2 (256/384/512)

11CONFIDENTIAL



Digital Signature

• Combines a hash with an asymmetric crypto algorithm

• The sender’s private key is used in the digital signature

operation

• Digital signature calculation:

12CONFIDENTIAL



Entropy(Information-theoretic, not thermodynamic!)

• When we create a random key, it must be unique

and unpredictable

• We need good random numbers for this

• What happens if it’s not unique or unpredictable?

13CONFIDENTIAL



Summary: Security Building Blocks

• Encryption provides

– confidentiality, can provide authentication and integrity protection

• Checksums/hash algorithms provide

– integrity protection, can provide authentication

• Digital signatures provide

– authentication, integrity protection, and non-repudiation

• For more info:

Buy this Book!

14CONFIDENTIAL



Certificates, Trust & PKI

15CONFIDENTIAL



What is a Certificate?

• Binds a public key to some identifying

information

– The signer of the certificate is called its

issuer

– The entity talked about in the certificate is

the subject of the certificate

• Certificates in the real world

– Any type of license, government-issued

ID’s, membership cards, ...

– Binds an identity to certain rights, privileges,

or other identifiers

16CONFIDENTIAL



Public Key Infrastructure

• A Certificate Authority (CA) guarantees the binding between a public key and another CA or an “End Entity” (EE)

• CA Hierarchies

17CONFIDENTIAL



Who do you trust?

Windows: Start->Run->certmgr.msc

18CONFIDENTIAL



Public CA versus Private CA

• Windows Server includes a domain-aware CA –

why not just use it?

• Disadvantages:

– PKI is complex. Might be easier to let Verisign/Thawte/etc.

do it for you.

– Nobody outside your Windows domain will trust your

certificates

• Advantages:

– Less costly (but very cheap public CAs are available!)

– Better security possible. Low chances of someone outside

organization getting a certificate from your internal PKI

19CONFIDENTIAL



What is a Certificate?

Identity

Trusted

3rd-party

Identity bound

to public key

20CONFIDENTIAL



Public Key Infrastructure

• We trust a certificate if there is a valid chain of trust to a root CA that we explicitly trust• Web browsers also check DNS hostname ==

certificate Common Name (CN)• Chain Building & Validation

21CONFIDENTIAL



Certificate Validity

1. Date/Time

2. Revocation

• CRL

• OCSP

22CONFIDENTIAL



Certificate File Formats

• PEM / PKCS#7– Contains a certificate in base64 encoding (open in

a text editor)

• DER– Contains a certificate in binary encoding

• PFX / PKCS#12– Contains a certificate AND private key, protected

by a password

PEM-PKCS#7:-----BEGIN CERTIFICATE-----

MIID5TCCA2qgAwIBAgIKErZ83wAAAAAAEDAKBggqhkjOPQQDAzBLMRUwEwYKCZIm

iZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRqb24xMRwwGgYDVQQDExNq

b24xLUpPTi1TRVJWRVIyLUNBMB4XDTEzMDIwNjIyNDAzN1oXDTE0MDIwNjIyNDAz

N1owHDEaMBgGA1UEAxMRMDA6MEI6ODY6ODA6MEU6REQwWTATBgcqhkjOPQIBBggq

hkjOPQMBBwNCAATrgMEy+gw3PpVmKmOZPykpKMQmcPBB9B676cnyxPlzGkmAQRR0

EzyD2X5KLBECq8hzmRTaVOlY3OQk/XfI6fVvo4ICYzCCAl8wPQYJKwYBBAGCNxUH

BDAwLgYmKwYBBAGCNxUIhe7KRYPsiXqElZMYhqH9BYTl+0SBA4Sn/SPJgGMCAWQC

AQkwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOIMBsGCSsGAQQB

gjcVCgQOMAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFAvM3qRuBFR80o4raVwf5uYe

YUi5MB8GA1UdIwQYMBaAFOHxRRuokak66iwzfWV/CMvZ129sMIHUBgNVHR8Egcww

gckwgcaggcOggcCGgb1sZGFwOi8vL0NOPWpvbjEtSk9OLVNFUlZFUjItQ0EsQ049

Sk9OLVNFUlZFUjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO

PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9am9uMSxEQz1sb2NhbD9jZXJ0

aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJp

YnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0MIGxBggrBgEFBQcwAoaBpGxk

YXA6Ly8vQ049am9uMS1KT04tU0VSVkVSMi1DQSxDTj1BSUEsQ049UHVibGljJTIw

S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1q

b24xLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0

aWZpY2F0aW9uQXV0aG9yaXR5MAoGCCqGSM49BAMDA2kAMGYCMQDi+o5P1Tsdb24b

wH6JjHSJT1RPNyM1WUYQtPgInUBW0E7LsZtSoS50Jvp0MQ93ge0CMQC1qb/0gUEy

PSIw7GwjFz6MGI5dH42WsxKl9+dW2CptGdI/V9+LSCsgRaMjJt9Teh8=

-----END CERTIFICATE-----

23CONFIDENTIAL



Creating Certificates A-Z

1. Generate entropy

2. Use entropy to create random public/private

keypair (asymmetric crypto)

3. Attach identifying information to public key –

send to CA (Certificate Signing Request)

4. CA issues certificate in X.509 format

– Contains public key as supplied in CSR

– Contains hash of certificate contents

– Contains digital signature signed with CA’s private key

(hash + asymmetric crypto)

5. Retrieve certificate from CA – match up with

private key. Ready for use.

24CONFIDENTIAL



For More Info

Buy this Book!

25CONFIDENTIAL



Putting it all together: 802.1X

26CONFIDENTIAL



Authentication with 802.1X

• Authenticates users before

granting access to L2 media

• Makes use of EAP

(Extensible Authentication

Protocol)

• 802.1X authentication

happens at L2 – users will

be authenticated before an

IP address is assigned

27CONFIDENTIAL



Sample EAP Transaction

• 2-stage process

– Outer tunnel establishment

– Credential exchange happens inside encrypted tunnel

Clie

nt

Auth

entic

atio

n S

erv

er

Request Identity

Response Identity (anonymous) Response Identity

TLS Start

CertificateClient Key exchange

Cert. verification

Request credentials

Response credentials

Success

EAPOL RADIUS

Auth

entic

ato

r

EAPOL Start

28CONFIDENTIAL



802.1X Packet Capture

29CONFIDENTIAL



802.1X Acronym Soup

• PEAP (Protected EAP)

– Uses a digital certificate on the network side

– Password or certificate on the client side

• EAP-TLS (EAP with Transport Level Security)

– Uses a certificate on network side

– Uses a certificate on client side

• TTLS (Tunneled Transport Layer Security)

– Uses a certificate on the network side

– Password, token, or certificate on the client side

• EAP-FAST

– Cisco proprietary

– Do not use – known security weaknesses

30CONFIDENTIAL



31CONFIDENTIAL



Configure Supplicant Properly

• Configure the Common

Name of your RADIUS

server (matches CN in

server certificate)

• Configure trusted CAs (an

in-house CA is better than

a public CA)

• ALWAYS validate the

server certificate

• Do not allow users to add

new CAs or trust new

servers

• Enforce with group policy

32CONFIDENTIAL



WPA2 Key Management Summary

Step 1: Use RADIUS to push PMK from AS to AP

Step 2: Use PMK and 4-Way Handshake to

derive, bind, and verify PTK

Step 3: Use Group Key Handshake to send GTK

from AP to STA

Auth Server

AP/Controller

33CONFIDENTIAL



4-Way Handshake

EAPoL-Key(Reply Required, Unicast, ANonce)

Pick Random ANonce

EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)

EAPoL-Key(Reply Required, Install PTK,

Unicast, ANonce, MIC, AP SSN IE)

Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce |

SNonce | AP MAC Addr | STA MAC Addr)

Derive PTK

EAPoL-Key(Unicast, ANonce, MIC)

Install PTK Install PTK

PMK PMK

34CONFIDENTIAL



Summary

• Security/crypto is complex

• Once you understand it, people will envy you

• Make Facebook posts to confuse your parents

• More importantly: Do it right so you don’t get

hacked

35CONFIDENTIAL



Credits

• Some graphics stolen from: http://cevi-

users.cevi.be/Portals/ceviusers/images/default/U

serdag-20101125-Certs.pptx

• Some others stolen from:

http://acs.lbl.gov/~mrt/talks/secPrimer.ppt

http://cevi-users.cevi.be/Portals/ceviusers/images/default/Userdag-20101125-Certs.pptx

http://acs.lbl.gov/~mrt/talks/secPrimer.ppt

36CONFIDENTIAL



37CONFIDENTIAL


All rights reserved

Thank You

#AirheadsConf

Technology

Wireless LAN Security Fundamentals #AirheadsConf Italy