Wi-Fi Security Fundamentals

#ATM15 |

WIRELESS LAN SECURITY FUNDAMENTALSJon GreenMarch 2015

2 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |

Learning Goals

Authentication with 802.1X

But first: We need to understand PKI

And before that, we need a cryptography primer…

3#ATM15 |

Cryptography Primer


Why study cryptography?

• Absolutely critical to wireless security

• Heavily used during authentication process

• Protects data in transit

• Makes you more interesting at parties


Meet Bob and Alice

Bob and Alice are traditionally used in examples of cryptography


Symmetric Key Cryptography

CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved7#ATM15 |

Symmetric Key Cryptography

• Strength:– Simple and very fast (order of 1000 to 10000 faster than asymmetric mechanisms)

• Challenges:– Must agree on the key beforehand

– How to securely pass the key to the other party?

• Examples: AES, 3DES, DES, RC4

• AES is the current “gold standard” for security


Symmetric Cipher “Modes”


Public Key Cryptography (Asymmetric)


Public Key Cryptography

• Strength– Solves problem of passing the key

– Allows establishment of trust context between parties

• Challenges:– Slow (MUCH slower than symmetric)

– Problem of trusting public key (what if I’ve never met you?)

• Examples: RSA, DSA, ECDSA


Hybrid Cryptography

• Randomly generate “session” key• Encrypt data with “session” key

(symmetric key cryptography)• Encrypt “session” key with recipient’s public key

(public key cryptography)


Hash Function

• Properties

– it is easy to compute the hash value for any given message

– it is infeasible to find a message that has a given hash

– it is infeasible to find two different messages with the same hash

– it is infeasible to modify a message without changing its hash

• Ensures message integrity

• Also called message digests or fingerprints

• Examples: MD5, SHA1, SHA2 (256/384/512)


Digital Signature

• Combines a hash with an asymmetric crypto algorithm

• The sender’s private key is used in the digital signature operation

• Digital signature calculation:


Message Authentication


HMAC


Message Integrity with CBC-MAC

• Set IV=0

• Run message through AES-CBC (or some other symmetric cipher)

• Discard everything except final block – this output is the MAC


CCMP (Counter with CBC-MAC)

CBC-MAC

AES in Counter

Mode


Entropy(Information-theoretic, not thermodynamic!)

• When we create a random key, it must be unique and unpredictable

• We need good random numbers for this

• What happens if it’s not unique or unpredictable?


Summary: Security Building Blocks

Encryption provides

– confidentiality, can provide authentication and integrity protection

Checksums/hash algorithms provide

– integrity protection, can provide authentication

Digital signatures provide

– authentication, integrity protection, and non-repudiation

For more info:

Buy this Book!

20#ATM15 |

Certificates, Trust & PKI


What is a Certificate?

• Binds a public key to some identifying information

–The signer of the certificate is called its issuer

–The entity talked about in the certificate is the subject of the certificate

• Certificates in the real world

–Any type of license, government-issued ID’s, membership cards, ...

–Binds an identity to certain rights, privileges, or other identifiers


Public Key Infrastructure

• A Certificate Authority (CA) guarantees the binding between a public key and another CA or an “End Entity” (EE)

• CA Hierarchies


Who do you trust?

Windows: Start->Run->certmgr.msc


What is a Certificate?

Identity

Trusted

3rd-party

Identity bound

to public key


Public Key Infrastructure

• We trust a certificate if there is a valid chain of trust to a root CA that we explicitly trust• Web browsers also check DNS hostname == certificate

Common Name (CN)• Chain Building & Validation


Certificate Validity

1. Date/Time

2. Revocation

• CRL

• OCSP


Certificate Formats

PEM / PKCS#7– Contains a certificate in base64 encoding (open in a text editor)

DER– Contains a certificate in binary encoding

PFX / PKCS#12– Contains a certificate AND private key, protected by a password

PEM-PKCS#7:-----BEGIN CERTIFICATE-----

MIID5TCCA2qgAwIBAgIKErZ83wAAAAAAEDAKBggqhkjOPQQDAzBLMRUwEwYKCZIm

iZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRqb24xMRwwGgYDVQQDExNq

b24xLUpPTi1TRVJWRVIyLUNBMB4XDTEzMDIwNjIyNDAzN1oXDTE0MDIwNjIyNDAz

N1owHDEaMBgGA1UEAxMRMDA6MEI6ODY6ODA6MEU6REQwWTATBgcqhkjOPQIBBggq

hkjOPQMBBwNCAATrgMEy+gw3PpVmKmOZPykpKMQmcPBB9B676cnyxPlzGkmAQRR0

EzyD2X5KLBECq8hzmRTaVOlY3OQk/XfI6fVvo4ICYzCCAl8wPQYJKwYBBAGCNxUH

BDAwLgYmKwYBBAGCNxUIhe7KRYPsiXqElZMYhqH9BYTl+0SBA4Sn/SPJgGMCAWQC

AQkwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOIMBsGCSsGAQQB

gjcVCgQOMAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFAvM3qRuBFR80o4raVwf5uYe

YUi5MB8GA1UdIwQYMBaAFOHxRRuokak66iwzfWV/CMvZ129sMIHUBgNVHR8Egcww

gckwgcaggcOggcCGgb1sZGFwOi8vL0NOPWpvbjEtSk9OLVNFUlZFUjItQ0EsQ049

Sk9OLVNFUlZFUjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO

PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9am9uMSxEQz1sb2NhbD9jZXJ0

aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJp

YnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0MIGxBggrBgEFBQcwAoaBpGxk

YXA6Ly8vQ049am9uMS1KT04tU0VSVkVSMi1DQSxDTj1BSUEsQ049UHVibGljJTIw

S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1q

b24xLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0

aWZpY2F0aW9uQXV0aG9yaXR5MAoGCCqGSM49BAMDA2kAMGYCMQDi+o5P1Tsdb24b

wH6JjHSJT1RPNyM1WUYQtPgInUBW0E7LsZtSoS50Jvp0MQ93ge0CMQC1qb/0gUEy

PSIw7GwjFz6MGI5dH42WsxKl9+dW2CptGdI/V9+LSCsgRaMjJt9Teh8=

-----END CERTIFICATE-----


Creating Certificates A-Z

1. Generate entropy

2. Use entropy to create random public/private keypair(asymmetric crypto)

3. Attach identifying information to public key – send to CA (Certificate Signing Request)

4. CA issues certificate in X.509 format– Contains public key as supplied in CSR

– Contains hash of certificate contents

– Contains digital signature signed with CA’s private key (hash + asymmetric crypto)

5. Retrieve certificate from CA – match up with private key. Ready for use.


Generating Certificate Signing Request


Send CSR to your CA of choice


Certificate Authority Best Practices

Symantec/VeriSign Data Center


Public CA versus Private CA

• Windows Server includes a domain-aware CA – why not just use it?

• Disadvantages:– PKI is complex. Might be easier to let Verisign/Thawte/etc. do it for you.

– Nobody outside your Windows domain will trust your certificates

• Advantages:– Less costly

– Better security possible. Low chances of someone outside organization getting a certificate from your internal PKI


OCSP

• Can be used by the client (e.g. web browser) to verify server’s certificate validity

– OCSP URL is read from server certificate’s AIA field

• Can be used by the server (e.g. mobility controller) to verify client’s certificate validity

– OCSP URL is most often configured on the server to point to specific OCSP responders

• OCSP transactions use HTTP for transport protocol

• Important: Nonce Extension required for replay prevention– Some public CAs don’t like this…


For More Info

Buy this Book!

35#ATM15 |

Putting it all together: 802.1X


Authentication with 802.1X

• Authenticates users before granting access to L2 media

• Makes use of EAP (Extensible Authentication Protocol)

• 802.1X authentication happens at L2 – users will be authenticated before an IP address is assigned


Sample EAP Transaction

2-stage process– Outer tunnel establishment

– Credential exchange happens inside encrypted tunnel

Clie

nt

Auth

entic

atio

n S

erv

er

Request Identity

Response Identity (anonymous) Response Identity

TLS Start

CertificateClient Key exchange

Cert. verification

Request credentials

Response credentials

Success

EAPOL RADIUSA

uth

entic

ato

r

EAPOL Start


802.1X Packet Capture


802.1X Acronym Soup

PEAP (Protected EAP)– Uses a digital certificate on the network side

– Password or certificate on the client side

EAP-TLS (EAP with Transport Level Security)– Uses a certificate on network side

– Uses a certificate on client side

TTLS (Tunneled Transport Layer Security)– Uses a certificate on the network side

– Password, token, or certificate on the client side

EAP-FAST– Cisco proprietary

– Do not use – known security weaknesses



Configure Supplicant Properly

• Configure the Common Name of your RADIUS server (matches CN in server certificate)

• Configure trusted CAs (an in-house CA is better than a public CA)

• ALWAYS validate the server certificate

• Do not allow users to add new CAs or trust new servers

• Enforce with group policy


Isn’t MSCHAPv2 broken?

• Short answer: Yes – because of things like rainbow tables, distributed cracking, fast GPUs, etc.

• This is why we use MSCHAPv2 inside a PEAP (TLS) tunnel for Wi-Fi

– What happens if you don’t properly validate the server certificate?

– Look up FreeRADIUS-WPE

• Still using PPTP for VPN? Watch out…


WPA2 Key Management Summary

Step 1: Use RADIUS to push PMK from AS to AP

Step 2: Use PMK and 4-Way Handshake to

derive, bind, and verify PTK

Step 3: Use Group Key Handshake to send GTK

from AP to STA

Auth Server

AP/Controller


4-Way Handshake

EAPoL-Key(Reply Required, Unicast, ANonce)

Pick Random ANonce

EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)

EAPoL-Key(Reply Required, Install PTK,

Unicast, ANonce, MIC, AP SSN IE)

Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce |

SNonce | AP MAC Addr | STA MAC Addr)

Derive PTK

EAPoL-Key(Unicast, ANonce, MIC)

Install PTK Install PTK

PMK PMK


Summary

• Security is complex

• Once you understand it, people will envy you

• You can make Facebook posts to confuse your parents

• More importantly: Do it right so you don’t get hacked


Sign up, save $200!

arubanetworks.com/atmosphere2016

Give feedback!

… Before You Go

atmosphere

2016

Technology

Wi-Fi Security Fundamentals