Security and Privacy Considerations in eduroam

Similar documents
Joint Research Activity 5 Task Force Mobility

Belnet Networking Conference 2013

Wireless security. Any station within range of the RF receives data Two security mechanism

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

CSC574: Computer and Network Security

Wireless Networks. Welcome to Wireless

Authentication in WLAN

Configure WorkGroup Bridge on the WAP131 Access Point

Nokia E90 Communicator Using WLAN

WLAN Information Security Best Practice Document

Wireless Robust Security Networks: Keeping the Bad Guys Out with i (WPA2)

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

United States Trustee Program s Wireless LAN Security Checklist

vwlan External RADIUS 802.1x Authentication

Case Study - Configuration between NXC2500 and LDAP Server

WIRELESS SECURITY IN (WI-FI ) NETWORKS

Network Authentication X Secure the Edge of the Network - Technical White Paper

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Implementing Security for Wireless Networks

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

WIRELESS LAN SECURITY FUNDAMENTALS

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

IPsec Details 1 / 43. IPsec Details

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Huawei WLAN Authentication and Encryption

Particularities of security design for wireless networks in small and medium business (SMB)

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

IEEE 802.1X For Wireless LANs

Wireless Local Area Networks (WLANs)

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Configuring WPA-Enterprise/WPA2 with Microsoft RADIUS Authentication

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Setting up a WiFi Network (WLAN)

A practical guide to Eduroam

Security in IEEE WLANs

Certified Wireless Security Professional (CWSP) Course Overview

The following chart provides the breakdown of exam as to the weight of each section of the exam.

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

Security Awareness. Wireless Network Security

The next generation of knowledge and expertise Wireless Security Basics

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

The Importance of Wireless Security

Configuration of Cisco Autonomous Access Point with 802.1x Authentication for Avaya 3631 Wireless Telephone

Wireless Encryption Protection

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Exam Questions SY0-401

How To Configure L2TP VPN Connection for MAC OS X client

Connecting to Secure Wireless (iitk-sec) on Fedora

2.1.1 This policy and any future changes requires ratification by CAUDIT.

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS

ClickShare Network Integration

Welch Allyn Connex, VitalsLink by Cerner, and Connex CSK Network installation. Best practices overview

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Computer Networks. Secure Systems

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business

RadSec RADIUS improved. Stig Venaas

Building Robust Security Solutions Using Layering And Independence

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Mobility System Software Quick Start Guide

Protocol Security Where?

Self Help Guide IMPORTANT! Securing Your Wireless Network. This Guide refers to the following Products: Please read the following carefully; Synopsis:

VLANs. Application Note

Chapter 2 Wireless Networking Basics

CS549: Cryptography and Network Security

21.4 Network Address Translation (NAT) NAT concept

VPN. Date: 4/15/2004 By: Heena Patel

Securing end devices

WLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles

Penn State Wireless 2.0 and Related Services for Network Administrators

ALL Mbits Powerline WLAN N Access Point. User s Manual

Design and Implementation Guide. Apple iphone Compatibility

WiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise

Link Layer and Network Layer Security for Wireless Networks

Topics in Network Security

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

WiFi Security Assessments

Enterprise WLAN Architecture

Wireless LAN Access Control and Authentication

Optimizing Converged Cisco Networks (ONT)

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

Step-by-step Guide for Configuring Cisco ACS server as the Radius with an External Windows Database

WIRELESS NETWORKING SECURITY

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Recommended Wireless Local Area Network Architecture

How To Secure Wireless Networks

Transcription:

Fondation RESTENA RedIRIS WiFi-Workshop 31 March 06 Security and Privacy Considerations in eduroam Stefan Winter <stefan.winter@restena.lu> 1

Overview Security in wireless networks general part the early days: hidden SSIDs, MAC auth, WEP Dynamic WEP, WPA and WPA2 Enterprise Security : adding IEEE 802.1X to the mix Security settings in eduroam User authentication mandatory Sensible use of 802.1X client configuration Enhancing user privacy minimising the disclosed information abuse tracking 2

Wireless security The early days hidden SSIDs do not broadcast network name (SSID) in beacons everybody can see that a network is present, but need its name in order to associate nice try, but: valid users send network name in the clear when associating sniffing attack possible! MAC address authentication in theory, every NIC has a unique, unchangeable MAC address in practice: ifconfig eth1 hw ether 00:00:DE:AD:BE:EF 3

Wireless security The early days (2) WEP attempts to encrypt traffic specification seriously flawed: original key length too short (64-bit) only part of those 64 bit are secret 40 bit (5 characters) long user keys, 24 bit IV mathematically weak crypto algorithm: depending on IV, parts of the secret key are deductible sniffing attack possible! key is static various, unstandardized key lengths or workarounds 4

Wireless Security Dynamic WEP, WPA, WPA2 WEP disaster led to further development dynamic WEP: an external source provides keying material on a regular basis, AP and client change their (still weak) keys accordingly WPA: redesign crypto algorithm to avoid IV problem (WPA is no real standard: snapshot of what later became WPA2) WPA-TKIP: longer IV, makes password sniffing harder password used as seed to create per-packet unique keys replay protection WPA-CCMP (aka WPA-AES): AES as cryptographic algorithm 5

Wireless Security Dynamic WEP, WPA, WPA2 (2) WPA2 mandate better key management and key exchange aka. RSN ( robust security network ) WPA/WPA2 offer two operation modes Personal - pre-shared key Enterprise - combined with an external authentication source, i.e. IEEE 802.1X (see next slides) older hardware not WPA/WPA2 capable 6

Wireless Security IEEE 802.1X Authentication Server performs authentication Authenticator insists on authentication grants access when ok Supplicant wants access to internet EAPoL authentication credentials travel end-to-end RADIUS (or other) internet 7

Wireless Security IEEE 802.1X - EAP EAP (Extensible Authentication Protocol) is a container protocol that can carry arbitrary authentication payloads Supplicant can encapsulate his desired protocol in EAP and send the authentication data to the authenticator communication is on layer 2 authentication payload travels through to authentication server depending on the payload, opaque to authenticator 8

Wireless Security IEEE 802.1X after first hop authenticator can talk at layer 3 (IP) encapsulates EAP data in a higher-layer protocol and transports to authentication server authentication server evaluates EAP payload either performs auth himself, sending back a yes/no answer to authenticator or delegates auth decision to another authentication server (as in the case of eduroam: delegation by realm) protocols for encapsulating EAP payload: TACACS+ (obsolete), RADIUS (de-facto standard), Diameter (yet-to-come), RADSec (extended RADIUS) 9

Wireless Security What EAP payload type? No clear text pass on the wire! forget EAP-PAP Trust no one! only methods with mutual authentication; forget EAP-MD5 Protocols with mutual, certificate-based authentication are: EAP-TLS (requires both server and user certificates) EAP-TTLS (server authenticates via cert, user sends credentials within TLS tunnel) EAP-PEAP (like EAP-TTLS, with encrypted tunnel payload) 10

IEEE 802.1X Enterprise Security - Benefits all network users are known (and traceable if they do nasty things) different service levels depending on user type possible: dynamic VLAN assignment no shared key floating around re-keying in arbitrary intervals secure roaming possible 11

Wireless Security Commercial roaming Commercial roaming: Web redirect unsecured WLAN, you get an IP w/o authentication access to internet blocked by ACL until user authenticates at a web site on first access: redirected to authentication web site; enters his credentials afterwards, ACL allows access for user's IP drawback 1: connection not secured, IP data is broadcasted in clear text drawback 2: user forced to enter credentials on a untrusted web site 12

Wireless Security VPN over untrusted WLANs Point of view: don't care about this complicated WLAN security stuff, create an open network only allow VPN traffic, which takes care of encryption and authentication works, but: how to do roaming? all users connect to your VPN, get authenticated via RADIUS hierarchy backend: drawback: user needs to enter credentials on a remote (untrusted?) site open VPN ports for roaming partner's VPN boxes (drawback: poor scalability) open VPN ports for world (drawback: NREN AUP?) 13

eduroam Choice of technology as seen, a mixed bag of technologies to choose quite a lot of them are a no-go for roaming: hidden SSIDs: this is a semi-public service after all MAC authentication: no seamless roaming static WEP: no seamless roaming WPA/WPA2 Personal : no seamless roaming and some suffer of drawbacks web redirect: spoofing risk, credentials to untrusted VPN: doesn't scale to European level / breaks AUP 14

eduroam Remaining options Encryption dynamic WEP with IEEE 802.1X WPA/WPA2 Enterprise (also IEEE 802.1X) Authentication only EAP methods with mutual authentication proper client configuration to ensure mutual trust secure RADIUS backend as best as we can (or even move on to something better than RADIUS) 15

eduroam Mutual authentication Identity providers set up a RADIUS Server that identifies itself with certificate The choice of accepted EAP payload types is in principle the IdP's own choice...... but the remote organisation may decide to block authentication attempts that use an insecure protocol EAP-TTLS, EAP-TLS, EAP-PEAP are always on the safe side 16

eduroam Server certificate validation more difficult than in browser case in browser, user explicitly enters the server name in 802.1X he enters his user name therefore, automatic checking CN=input not possible higher certificate requirements in typical browser case, any trusted root CA is sufficient in 802.1X, you want to connect to exactly one server from exactly one CA proper client configuration is essential to prevent spoofing 17

eduroam Risks in certificate validation Case 1: User doesn't validate cert at all will send credentials to any server, incl. bad guys Case 2: any trusted root CA will send credentials to any server with a valid cert, possibly to a bad guy who registered badguy.com at VeriSign Case 3: only CA that issues the server cert close to ideal, but: if that CA is a public CA like VeriSign, he could still end up at badguy.com Case 4: only that CA, plus explicit server name ideal, credentials will only go to the right server 18

eduroam Proper client configuration CA only for eduroam servers: case 3 secure How to get towards case 4? educate users? audit user settings? provide pre-configured client program an eduroam client : way to go! SecureW2 is an open source EAP-TTLS client and has pre-configuring options Intel PROset Wireless can load profiles developing an own codebase for eduroam client is currently discussed in JRA5 19

eduroam RADIUS hierarchy RADIUS is a rather old protocol with some peculiarities UDP transport client-server communication relies on static IP addresses and a shared secret only very few parts of auth packet are encrypted anyway, it is the state-of-the-art protocol circumvent weak encryption by using secure EAP payloads (that use TLS, and don't need to rely on RADIUS security) 20

eduroam move on to a new protocol? Diameter: designated successor of RADIUS uses TCP or SCTP peer validation with TLS certificates avoids the hierarchy traffic aggregation by dynamic server discovery lots of nice other features but: no suitable implementations yet intermediate solution: RADSec still transports RADIUS packets, but over TCP/SCTP and validates peers with TLS certificates i.e.: full RADIUS packet encryption, reliable transport 21

eduroam (-ng) RADSec implementation of the RADSec extensions was provided by OSC ( Radiator ) test hierarchy was set up to test functionality result: things mostly worked as expected (some minor bugs, quickly fixed) an extra step was tried as well: dynamic peer discovery with DNS NAPTR records nice idea, but: without DNSSEC no secure method to validate server identity implementation way too buggy for real use 22

eduroam user privacy in RADIUS: most attributes traverse the network unencrypted intermediate IP hops can read some data supplicant's MAC address EAP outer user name current location (at least coarsely) VSAs if authenticator sends accounting tickets, more complete session data (time, amount of data transferred), associated with outer EAP identity sending real user name in outer EAP bad idea 23

eduroam (-ng) Changes with RADSec TLS encryption between RADIUS hops intermediate IP hops don't see data still, the involved RADIUS servers do not entire hierarchy can speak RADSec no authenticators do; communication between authenticator and first RADSec server is open eduroam participants currently not obliged to use RADSec unencrypted plain RADIUS in between possible (pre-)configure clients to use anonymous outer identity 24

eduroam abuse handling when using 802.1X, you need a means of correlating MAC and IP 802.1X authenticates (and binds user name to) MAC address abuse is happening on IP level so, to track people MAC <-> IP binding is important mainly two options log DHCP to find out which MAC got which IP (good, not perfect: user may change his IP manually) ARP sniffing: also picks up a changed address 25

eduroam abuse handling (2) don't rely on EAP outer identity person may have used anonymous outer identity, or worse: a valid outer EAP identity belonging to someone else but inner EAP identity is TLS-encrypted and not visible to visited institution solution: ask IdP, he has info about inner identity needs synchronised time source for logs users can be sure no one is tracking them just for fun admins need a good reason when calling home for user info 26

Links and References 802.11 Wireless Networks, 2 nd Edition (O'Reilly) RADSec Whitepaper http://www.open.com.au./radiator/radsec-whitepaper.pdf SecureW2 http://www.securew2.com./ GN2 JRA5 Deliverables http://www.geant2.net./server/show/nav.778 (DJ5.x.y; coming soon: policy document DJ5.1.3-2) TERENA TF-Mobility Website http://www.terena.nl./activities/tf-mobility/ 27

The end Thank you! 28

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information