WIRELESS LAN SECURITY FUNDAMENTALS

Transcription

1 WIRELESS LAN SECURITY FUNDAMENTALS Jone Ostebo November 2015

2 Learning Goals Authentication with 802.1X But first: We need to understand some PKI And before that, we need a cryptography primer And before that What is security 2

3 Security basics What is security? 3

4 Biggest security challenge at BH 4

5 CRYPTOGRAPHY PRIMER

6 Why study cryptography? Absolutely critical to wireless security Heavily used during authentication process Protects data in transit Makes you more interesting at parties 6

7 Meet Bob and Alice Bob and Alice are traditionally used in examples of cryptography 7

8 Symmetric Key Cryptography 8

9 Symmetric Key Cryptography Strength: Simple and very fast (order of 1000 to faster than asymmetric mechanisms) Challenges: Must agree on the key beforehand How to securely pass the key to the other party? Examples: AES, 3DES, DES, RC4 AES is the current gold standard for security 9

10 Public Key Cryptography (Asymmetric) 10

11 Public Key Cryptography Strength Solves problem of passing the key Allows establishment of trust context between parties Challenges: Slow (MUCH slower than symmetric) Problem of trusting public key (what if I ve never met you?) Examples: RSA, DSA, ECDSA 11

12 Hybrid Cryptography Randomly generate session key Encrypt data with session key (symmetric key cryptography) Encrypt session key with recipient s public key (public key cryptography) 12

13 Hash Function Properties it is easy to compute the hash value for any given message it is infeasible to find a message that has a given hash it is infeasible to find two different messages with the same hash it is infeasible to modify a message without changing its hash Ensures message integrity Also called message digests or fingerprints Examples: MD5, SHA1, SHA2 (256/384/512) 13

14 Message Integrity with CBC-MAC Set IV=0 Run message through AES-CBC (or some other symmetric cipher) Discard everything except final block this output is the MAC 14

15 AES-CCM (Counter with CBC-MAC) CBC-MAC AES in Counter Mode 15

16 Entropy (Information-theoretic, not thermodynamic!) When we create a random key, it must be unique and unpredictable We need good random numbers for this What happens if it s not unique or unpredictable? 16

17 Summary: Security Building Blocks Encryption provides confidentiality, can provide authentication and integrity protection Checksums/hash algorithms provide integrity protection, can provide authentication Digital signatures provide Buy this Book! authentication, integrity protection For more info: 17

18 CERTIFICATES, TRUST & PKI

19 What is a Certificate? Binds a public key to some identifying information The signer of the certificate is called its issuer The entity talked about in the certificate is the subject of the certificate Certificates in the real world Any type of license, government-issued ID s, membership cards,... Binds an identity to certain rights, privileges, or other identifiers 19

20 Public Key Infrastructure A Certificate Authority (CA) guarantees the binding between a public key and another CA or an End Entity (EE) CA Hierarchies 20

21 Who do you trust? Windows: Start->Run->certmgr.msc 21

22 Public Key Infrastructure We trust a certificate if there is a valid chain of trust to a root CA that we explicitly trust Web browsers also check DNS hostname == certificate Common Name (CN) Chain Building & Validation 22

23 Creating Certificates A-Z 1. Generate entropy 2. Use entropy to create random public/private keypair (asymmetric crypto) 3. Attach identifying information to public key send to CA (Certificate Signing Request) 4. CA issues certificate in X.509 format Contains public key as supplied in CSR Contains hash of certificate contents Contains digital signature signed with CA s private key (hash + asymmetric crypto) 5. Retrieve certificate from CA match up with private key. Ready for use. 23

24 Generating Certificate Signing Request 24

25 Public CA versus Private CA Windows Server includes a domain-aware CA why not just use it? Disadvantages: PKI is complex. Might be easier to let Verisign/Thawte/etc. do it for you. Nobody outside your Windows domain will trust your certificates Advantages: Less costly Better security possible. Low chances of someone outside organization getting a certificate from your internal PKI 25

26 For More Info Buy this Book! 26

27 PUTTING IT ALL TOGETHER: 802.1X

28 Authentication with 802.1X Authenticates users before granting access to L2 media Makes use of EAP (Extensible Authentication Protocol) 802.1X authentication happens at L2 users will be authenticated before an IP address is assigned 28

29 Sample EAP Transaction 2-stage process Outer tunnel establishment Credential exchange happens inside encrypted tunnel EAPOL Start Client Request Identity Response Identity (anonymous) Client Key exchange Cert. verification Response credentials Authenticator Response Identity TLS Start Certificate Request credentials Authentication Server Success EAPOL RADIUS 29

30 802.1X Acronym Soup PEAP (Protected EAP) Uses a digital certificate on the network side Password or certificate on the client side EAP-TLS (EAP with Transport Level Security) Uses a certificate on network side Uses a certificate on client side TTLS (Tunneled Transport Layer Security) Uses a certificate on the network side Password, token, or certificate on the client side EAP-FAST Cisco proprietary Do not use known security weaknesses 30

31 #ATM15 31 CONFIDENTIAL Copyright Aruba Networks, Inc. All rights reserved

32 Configure Supplicant Properly Configure the Common Name of your RADIUS server (matches CN in server certificate) Configure trusted CAs (an in-house CA is better than a public CA) ALWAYS validate the server certificate Do not allow users to add new CAs or trust new servers Enforce with group policy 32

33 Isn t MSCHAPv2 broken? Short answer: Yes because of things like rainbow tables, distributed cracking, fast GPUs, etc. This is why we use MSCHAPv2 inside a PEAP (TLS) tunnel for Wi-Fi What happens if you don t properly validate the server certificate? Look up FreeRADIUS-WPE Test at Aruba HQ Sunnyvale 33

34 WPA2 Key Management Summary Auth Server AP/Controller Step 2: Use PMK and 4-Way Handshake to derive, bind, and verify PTK Step 1: Use RADIUS to push PMK from AS to AP Step 3: Use Group Key Handshake to send GTK from AP to STA 34

35 THANK YOU THANK YOU