Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

802.1x What it Really Means to Wireless Security

advertisement 
802.1x
What it is, How it’s broken, and
How to fix it.
Bruce Potter
The Shmoo Group
gdead@shmoo.com
Why Wireless?
• No cable plant
– Lower cost (initially… TCO may be higher)
– Rapid deployment
• Enhanced mobility
• Ad hoc relationships
• Many different requirements
Why Not Wireless
• No physical security
• Low throughput
• Unregulated, noisy bands
802.11, 802.11b, etc.
• IEEE standard – based on well known Ethernet standards
• 802.11 – FHSS or DSSS, WEP, 2.4 GHz, Infrastructure
(BSS) or Ad-Hoc (iBSS)
– Limited to 2Mb/s due to FCC limits on dwell times per frequency
hop
• 802.11b – DSSS only, WEP, 2.4 GHz, Infrastructure or AdHoc
– Up to 11Mb/s
– Also known as Wi-Fi
• 802.11a and 802.11g
An Association
•
•
•
•
•
Associations are a basic part of 802.11
Client Requests authentication
AP responds with auth type (Open/WEP)
Authentication is performed
If successful, then Association is requested
and granted
• SSID is sent in the clear, so not advertising
SSID is NOT a valid security mechanism
General Principles
• Deal with the basics
– Integrity
• Protecting your packets from modification by other parties
– Confidentiality
• Keeping eavesdroppers within range from gaining useful
information
• Keeping unauthorized users off the network
– Free Internet!
– Risks to both internal and external network
– Availability
• Low level DoS is hard to prevent
• Like any other environment, there are no silver
bullets
Current Security Practices
• WEP –Wired Equivalent Privacy
– Link Level
– Very Broken
• Firewalls/MAC Filtering
• Reactionary – IDS/Active Portal
• Higher level protocols
WEP In a Nutshell
• 40 bits of security == 64 bits of marketing spam.
• 104 bits of security == 128 bits of marketing spam
Thoughts on WEP
• Key management beyond a handful of
people is impossible
– Too much trust
– Difficult administration
– Key lifetime can get very short in an enterprise
• No authentication for management frames
• No per packet auth
• False Advertising!!!
What is Lacking?
• Scalability
– Many clients
– Large networks
• Protection for all parties
• Eliminate invalid trust assumptions
802.1x
• Port based authentication for all IEEE 802
networks (layer 2 authentication)
• Originally for Campus networks
• Extended for wireless
• Allows for unified AAA services
• Provides means for key transport
Pre-Authentication State
Post-Authentication State
EAP
• Extensible Authentication Protocol
• Originally designed for PPP
– Shoehorned into 802.1x
• Switch/Access point is a pass through for EAP
traffic. New authentication mechanisms do not
require infrastructure upgrades
• LEAP – Cisco’s Lightweight EAP
– Password based and (relatively) widely available
• De facto mechanism between AS and AServ is
RADIUS
EAP Methods
• EAP-TLS: Uses certs! If implemented
properly, solves many problems
• TTLS – Tunneled TLS. Allows encapsulation of
other auth mechanisms.
– “machine” auth’d by TLS, person by the tunneled
protocol
• PEAP – IETF Draft
– Like TTLS but with another EAP method encapsulated
• TLS/TTLS and others require certs
– We all have a PKI setup, right? and use it properly and
regularly?
What’s Right
• Protection of the infrastructure
• Authentication mechanism can
– change as needed
– address flaws in existing wireless security
• Lightweight
– No encapsulation, no per packet overhead…
simply periodic authentication transactions
What’s Right
• In controlled environment, risks can be
mitigated by higher level protocols
– VPN/SSL/SSH
• NOTE: exchange of WEP key material is
not part of 802.1x specification
– Remember: designed for wired campus
networks
What’s Right
• Association happens BEFORE 802.1x
transaction.
– Good: If 802.1x session is protected by default
WEP key then the attacker must first
compromise the WEP key to make use of
802.1x vulns
– Bad: Key management anyone? Just how does
the default key get there?
What’s Wrong
• www.missl.cs.umd.edu/wireless/1x.pdf
– First Open source supplicant
– First holes in 802.1x
• One way authentication
– Less of a concern in LAN environment
• Traffic Interception
• Session Highjacking
What’s Wrong – Technical
• One way Authentication
– Gateway authenticates the client
– Client has no explicit means to authenticate the Gateway
– Rouge gateways put client at risk
• Remember – the loudest access point wins
• Still no Authentication of management frames
(assoc/deassoc/beacons/etc…)
What’s Wrong - Technical
• MITM
– Send “Authentication Successful” to client
– Client associates with malicious AP
• Hijacking
– Send deassociation message to client… AP is in
the dark
– Change MAC to client and have live
connection
What’s Wrong – Technical
• RADIUS uses shared secret with the Authenticator
– Same issue as WEP, but on a more reasonable scale
• Authentication after association presents roaming
problems
– Authentication takes a non-trivial amount of time… can
disrupt data in transit
• Failure of RADIUS server == failure of network
– Many AP implementations don’t allow multiple
RADIUS servers
– Most RADIUS server failover is non-transparent
What’s Wrong – touchy feely
• They forgot about the client (trust assumptions)
– Everyone is ask risk
– Everyone is a threat
– Lack of physical security requires encrypted channel to
secure 802.1x
• Wired “port” is not the same as wireless “port”
• Protocol designed to not require hardware
replacement
– Leads to less than stellar solution, esp WRT
authentication of management frames.
What’s Wrong – touchy feely
• Extensibility leads to complexity
– Complexity leads to mistakes in
implementation
– Read the MS Guide on create EAP methods as
an example.
• Multivendor support is difficult
• Using a shoehorn to force protocols to work
together leads to problems
Why Did it Go Wrong?
• 802.1x – Designed for Campus networks
• EAP – Designed for PPP
• NEITHER designed with wireless threat
model in mind
• Lesson: Don’t apply old protocols to new
problems without understanding the risk.
Where Are We Today?
• Several 802.1x implementations available
– Windows XP (not PocketPC 2002)
– Open1x.org
• EAP implementations
–
–
–
–
Windows IAS
FreeRADIUS – MD5 and TLS
Cisco
Other RADIUS servers
Where Are We Today?
• 802.1x capable Access Points
– Cisco
– Lucent
• RG1000/RG1100 can be hacked with AP500
firmware to become 1x capable
• Some drawbacks
– OS authenticator from open1x.org
– others
What’s Next
• Integration of existing solutions to “raise
the bar”
• Limited 802.1x implementations
• 802.11i (Task Group I – Security)
– On track… the right track
– Mutual auth, per packet auth
– 802.1x a part of
What’s Next
• WEP has the right idea
• End to End Solutions ala SSL, SSH, IPSec
– Not likely
Temporal Key Integrity Protocol
•
•
•
•
Fast Packet Keying
Packet MAC
Dynamic Rekeying
Key distribution via 802.1x
• 3Q product deployment
• Still RC4 based to be backward compatible
• AES with 802.1x keying in the distant future
Questions
http://www.shmoo.com/1x/
Related documents
Tutorial 7 - Prince Sultan University
Tutorial 7 - Prince Sultan University
CS 2813 - Loyola College
CS 2813 - Loyola College
CCNA Security - Skill Exam 2012
CCNA Security - Skill Exam 2012
Chapter 11 HW
Chapter 11 HW
Chapter 1:
Chapter 1:
17.1 Case Study Worksheet1
17.1 Case Study Worksheet1
Week_Eight_Network
Week_Eight_Network
I think that public-key`s authentication process and symmetric key`s
I think that public-key`s authentication process and symmetric key`s
Ch09 - CST Home
Ch09 - CST Home
Chapter 3 (b) – Wireless LAN Security
Chapter 3 (b) – Wireless LAN Security
NETW 05A: APPLIED WIRELESS SECURITY Data-Link Security Solutions By Mohammad Shanehsaz
NETW 05A: APPLIED WIRELESS SECURITY Data-Link Security Solutions By Mohammad Shanehsaz
802.11i Overview
802.11i Overview
Download
advertisement