SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.
-
Upload
oswin-henderson -
Category
Documents
-
view
221 -
download
0
Transcript of SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.
![Page 1: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/1.jpg)
SEC405
Wireless LAN Security with802.1X, PEAP, and WPA
Steve Riley
Microsoft Corporation
![Page 2: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/2.jpg)
Why?Why?
Huge fear of wireless
Rooted in misunderstandings of security
Wireless can be made secureTakes work
Need to understand problem
Need to plan for secure solution
![Page 3: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/3.jpg)
So what’s the problem?
WEP is a euphemismWired
Equivalent
Privacy
Actually, it’s a lieIt isn’t equivalent to “wired privacy” at all!
How can you secure the air?
So: WEP suckshttp://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
![Page 4: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/4.jpg)
Wired equivalent privacy
![Page 5: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/5.jpg)
WEP setup and RC4
Secret key shared between access point and all clients
Encrypts traffic before transmission
Performs integrity check after transmission
WEP uses RC4, a stream cipher[key] XOR [plaintext] [ciphertext]
Maybe double-XOR for “better” security? Hah!
[ciphertext] XOR [key] [plaintext]
![Page 6: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/6.jpg)
Common attacks
Bit-flipping (encryption ≠ integrity)Flipping bit n in cipertext flips same bit in plaintext
Statistical attacksMultiple ciphertexts using same key permit determination of plaintext XOR
Enables statistical attacks to recover plaintext
More ciphertexts eases this
Once one plaintext is known, recovering others is trivial
![Page 7: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/7.jpg)
WEP’s “defenses”
Integrity check (IC) fieldCRC-32 checksum, part of encrypted payload
Not keyed
Subject to bit-flipping can modify IC to make altered message appear valid
Initialization vector (IV) added to keyAlters key somewhat for each packet
24-bit field; contained in plaintext portion
Alas, this small keyspace guarantees reuse
![Page 8: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/8.jpg)
More IV problems
Say an AP constantly sends 1500-byte packets at 11mbps
Keyspace exhausted in 5 hours
Could be quicker if packets are smaller
Key reuse causes even more collisionsSome cards reset IV to 0 after initialization
Some cards increment by 1 after each packet
802.11 standard does not mandate new per-packet IV!
![Page 9: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/9.jpg)
Classes of attacks
Key and IV reuse
Known plaintext attack
Partial known plaintext attack
Weaknesses in RC4 key scheduling algorithm
Authentication forging
Realtime decryption
![Page 10: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/10.jpg)
Tools
WEPCrack—breaks 802.11 keyshttp://wepcrack.sourceforge.net/
AirSnort—breaks 802.11 keysNeeds only 5-10 million packets
http://airsnort.shmoo.com/
NetStumbler—access point reconnaissancehttp://www.netstumbler.com
![Page 11: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/11.jpg)
WEP suckage
Same key reused over and over againPer-packet IV isn’t enough
Need to increase keyspace an attacker must analyze
Generate new keys (not just IVs) periodically
Use unique per-client keysThese are our first requirements…
![Page 12: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/12.jpg)
Other problems
Rogue access pointsMutual authentication—authentication server (RADIUS) authenticates to client
Disassociation attacksAssoc/disassoc messages are unencrypted and unauthenticated
Fix with keyed message integrity check
Unauthorized use or monitoringIncorporate user and computer authentication
![Page 13: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/13.jpg)
Now what?Now what?
Don’t fear wireless networksThey can be secured. It just takes…technology!
Our tasks today: understand howKey protection: 802.1X
Authentication: EAP
Enumerating and eliminating the vulnerabilities
Verifying that we did the right thing
Understanding the latest solution
Detailing the deployment steps
![Page 14: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/14.jpg)
802.1x
![Page 15: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/15.jpg)
Solution today: 802.1X
Port-based access control mechanism defined by IEEE
Works on anything, wired and wireless
Access point must support 802.1X
Allows choice of authentication methods using EAP
Chosen by peers at authentication time
Access point doesn’t care about EAP methods
Manages keys automagically
![Page 16: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/16.jpg)
Is 802.1X enough?
No
It does solve:Key discovery by changing keys often and using different keys for each client
Rogue APs and man-in-the-middle attacks by performing mutual device authentication
Unauthorized access by authenticating users and computers
It does not solve:Packet and disassociation spoofing because 802.1X doesn’t use a keyed MIC
![Page 17: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/17.jpg)
Clarifying terminology
802.11 is the specification for over-the-air wireless networks
802.1X is a PHY-independent specification for port-based access control
Combining them makes sense
There is no such thing as 802.11XBut there is work on something called 802.11i
![Page 18: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/18.jpg)
802.1X over 802.11SupplicantSupplicantSupplicantSupplicant AuthenticatorAuthenticatorAuthenticatorAuthenticator AuthenticationAuthentication
ServerServerAuthenticationAuthentication
ServerServer
802.11 802.11 associationassociation
EAPOL-startEAPOL-start
EAP-request/EAP-request/identityidentity
EAP-response/EAP-response/identityidentity
RADIUS-access-RADIUS-access-requestrequest
EAP-requestEAP-request RADIUS-access-RADIUS-access-challengechallenge
EAP-response EAP-response (credentials)(credentials)
RADIUS-access-RADIUS-access-requestrequest
EAP-successEAP-success RADIUS-access-acceptRADIUS-access-accept
EAPOW-key EAPOW-key (WEP)(WEP)
Access blockedAccess blocked
Access allowedAccess allowed
![Page 19: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/19.jpg)
Association and authN
The 802.11 association happens firstNeed to talk to the AP and get an IP address
Open authentication—don’t have the WEP key yet
Access beyond AP prohibited until authN succeeds
AP drops non-EAPOL traffic
After key is sent in EAPOW-key, access beyond AP is allowed
Security conversation between supplicant and authentication server
Wireless NIC and AP are passthrough devices
![Page 20: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/20.jpg)
Before authenticationControlled port prevents supplicant LAN access
Uncontrolled port allows authenticator to contact authentication server
DirectoryDirectoryDirectoryDirectory
SupplicantSupplicantSupplicantSupplicant
AuthNAuthNServerServerAuthNAuthNServerServerAuthenticatorAuthenticatorAuthenticatorAuthenticator
the Airthe Airthe Airthe Air
![Page 21: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/21.jpg)
After authenticationControlled port now permits supplicant to access LAN
DirectoryDirectoryDirectoryDirectory
SupplicantSupplicantSupplicantSupplicant
AuthNAuthNServerServerAuthNAuthNServerServerAuthenticatorAuthenticatorAuthenticatorAuthenticator
the Airthe Airthe Airthe Air
![Page 22: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/22.jpg)
802.11/802.1x state machineState 1State 1
802.11 802.11 ununauthenticatedauthenticatedUnUnassociatedassociated
State 1State 1802.11 802.11 ununauthenticatedauthenticated
UnUnassociatedassociated
State 2State 2802.11 authenticated802.11 authenticated
UnUnassociatedassociated
State 2State 2802.11 authenticated802.11 authenticated
UnUnassociatedassociated
State 3State 3802.11 authenticated802.11 authenticated
AssociatedAssociated
State 3State 3802.11 authenticated802.11 authenticated
AssociatedAssociated
State 4State 4802.11 authenticated802.11 authenticated
AssociatedAssociated802.1X authenticated802.1X authenticated
State 4State 4802.11 authenticated802.11 authenticated
AssociatedAssociated802.1X authenticated802.1X authenticated
Successful open Successful open authNauthN
Successful assoc or Successful assoc or reassocreassoc
Successful 802.1X Successful 802.1X authNauthN
DeauthN DeauthN notificationnotification
Disassoc Disassoc notificationnotification
EAPOL-logoffEAPOL-logoff
DeauthNDeauthNnotificatinotificationon
Class 1 framesClass 1 frames
Class 1, 2 Class 1, 2 framesframes
Class 1, 2, 3 Class 1, 2, 3 framesframes
Class 1, 2, 3 Class 1, 2, 3 framesframes
![Page 23: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/23.jpg)
Encryption keys
Client and RADIUS server generate per-user session WEP keys
Never sent over the air
RADIUS server sends key to AP (encrypted with RADIUS shared secret)
Access point has a global WEP keyUsed during AP authentication to client
Sent in EAPOW-key message
Encrypted with session key
Session keys regenerated when…Key time exceeded (60 minute default)
Client roams to new AP
![Page 24: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/24.jpg)
Extensibleauthentication protocol
![Page 25: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/25.jpg)
EAP
Link-layer security frameworkSimple encapsulation protocol for authentication mechanisms
Runs over any link layer, lossy or lossless
No built-in securityDoesn’t assume physically secure link
Authentication methods must incorporate their own security
![Page 26: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/26.jpg)
Authentication methods
EAP allows choice of authentication methods
For mutual authentication—TLS: authentication server supplies certificate
IKE: server demonstrates possession of preshared key or private key (certificate)
Kerberos: server demonstrates knowledge of session key
PEAP: any pluggable method supporting mutual authentication
![Page 27: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/27.jpg)
AuthN supported in Windows
EAP-MD5 disallowed for wirelessCan’t create encrypted session between supplicant and authenticator
Would transfer password hashes in the clear
Cannot perform mutual authenticationVulnerable to man-in-the-middle attacks
EAP-TLS in Windows XP releaseRequires client certificates
Best to have machine and user
Service pack 1 adds protected EAP (PEAP)
![Page 28: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/28.jpg)
Protected EAP (PEAP)
Extension to EAP
Allows use of any secure authentication mechanism for EAP
No need to write individual EAP-enabled methods
Windows PEAP allows:MS-CHAPv2—passwords
TLS (SSL channel)—certificatesPEAP-EAP-TLS a little slower than EAP-TLS
SecurID—but not tested/supported for wireless
For many deployments, machine and user passwords still (alas) are necessary
![Page 29: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/29.jpg)
EAP architecture
TLSTLSTLSTLS GSS_APIGSS_APIKerberosKerberos
GSS_APIGSS_APIKerberosKerberos PEAPPEAPPEAPPEAP IKEIKEIKEIKE MD5MD5MD5MD5
EAPEAPEAPEAP
PPPPPPPPPPPP 802.3802.3802.3802.3 802.5802.5802.5802.5 802.11802.11802.11802.11 Anything…Anything…Anything…Anything…
methodmethodlayerlayer
methodmethodlayerlayer
EAPEAPlayerlayerEAPEAPlayerlayer
mediamedialayerlayer
mediamedialayerlayer
MS
-CH
AP
v2
MS
-CH
AP
v2
MS
-CH
AP
v2
MS
-CH
AP
v2
TLS
TLS
TLS
TLS
Secu
rIDS
ecu
rIDS
ecu
rIDS
ecu
rID
![Page 30: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/30.jpg)
How it works:The Windows logon process over PEAP with MS-CHAPv2
![Page 31: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/31.jpg)
Security requirements, again
Mutual device authenticationWorkstation and authentication server
No rogue access points
Prevents man-in-the-middle attacks
Ensures key is transferred to correct entity
User authenticationNo unauthorized access or interception
WEP key uniqueness and regeneration
Stop packet/disassociation spoofing
![Page 32: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/32.jpg)
Windows domain logon
Two logons occurMachine
User
Machine accounts look like user accountsCertificate credential
User ID/password/domain credential
Take advantage of this
![Page 33: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/33.jpg)
Windows PEAP authentication
First phase—machine logon802.11 association
Authenticate AP
Authenticate computer
Transition controlled port statusFor machine account access to authorized resources
Second phase—user logonAuthenticate user
Transition controlled port statusFor user account access to authorized resources
![Page 34: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/34.jpg)
Windows PEAP authentication
First phase1. Supplicant performs regular 802.11
association
2. Supplicant sets up TLS channel with authenticator and requests authentication server’s certificate
3. Supplicant—Verifies name and dates on certificate
Validates chain
![Page 35: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/35.jpg)
Our requirements so far
Mutual device authenticationWorkstation and authentication server
No rogue access pointsOnly authorized APs are allowed to talk to authenticator
Only authorized authenticators are allowed to talk to clients
User authenticationNo unauthorized access or interception
WEP key uniqueness and regeneration
Packet/disassociation spoofing
![Page 36: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/36.jpg)
Windows PEAP authentication
First phase4. Supplicant sends machine credentials to
authenticator over previously-established TLS channel
5. Authenticator checks validity by contacting authentication server (RADIUS)
6. Authentication server contacts directory to verify credentials
![Page 37: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/37.jpg)
Windows PEAP authentication
First phase7. If valid, RADIUS generates WEP key
8. Authenticator delivers key to supplicant and transitions controlled port status to permit supplicant access to LAN (to resources allowed access through machine account only)
9. Computer logs on to domain
![Page 38: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/38.jpg)
Our requirements so far
Mutual device authenticationWorkstation and authentication server
No rogue access points
User authenticationNo unauthorized access or interception
WEP key uniqueness and regeneration
Packet/disassociation spoofing
![Page 39: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/39.jpg)
Windows PEAP authentication
Second phase1. Logon dialog appears
2. Supplicant sends user credentials to authenticator
3. Authenticator checks validity by contacting authentication server (RADIUS)
4. Authentication server contacts directory
5. If valid, authenticator extends controlled port status to permit supplicant full access to LAN
6. User logged on to domain
![Page 40: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/40.jpg)
Our requirements so far
Mutual device authenticationWorkstation and authentication server
No rogue access points
User authenticationNo unauthorized access or interception
WEP key uniqueness and regeneration
Packet/disassociation spoofing
![Page 41: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/41.jpg)
Why use machine accounts?
Domain logon required for:Machine group policies
Computer startup scripts
Software installation settings
When user account passwords expireNeed associated WIC and transitioned controlled port for user notification and change dialog
Machine account logon phase allows password expiration notices and changes to occur normally
![Page 42: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/42.jpg)
Why passwords?
Not all customers are ready for a PKI
Managing user certificates stored on computer hard drives will always be painful
Some personnel might roam among computers
Smartcards solve thisTechnical and sociological issues can delay or prevent deployment
PEAP enables (pretty) secure wireless nowAllows easy migration to certificates and smartcards later
![Page 43: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/43.jpg)
Remaining vulnerabilities
![Page 44: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/44.jpg)
Remaining vulnerabilities
Two related vulnerabilities not addressed with 802.1X
Bit flipping with known IVs packet spoofing
Disassociation denials of service
Simple addition to 802.1X will solve both
![Page 45: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/45.jpg)
Bit-flipping attacks
WEP doesn’t perform per-packet authenticationIC is not a keyed message integrity check
Flipped bits in WEP packet recalculated IC
To spoof or replay:Flip bits in WEP packet where IV is known
AP accepts packet
Layer 3 device rejects, sends predictable response
Build response database and derive key
![Page 46: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/46.jpg)
Disassociation attacks
802.11 associate/disassociate messages are unauthenticated and unencrypted
Attacker can forge disassociation message
Bothersome denials of service
![Page 47: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/47.jpg)
Solution: keyed IC
Change behavior of WEP’s IC
Derive key from seed value, source and destination MACs, payload
Any change to these will alter the IC
Include in every WEP packet
![Page 48: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/48.jpg)
WPA: Wi-Fi protected access
![Page 49: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/49.jpg)
An interim until 802.11i
GoalsRequire secure networking
Solve WEP issues with software and firmware upgrades
Provide secure wireless for SOHONo RADIUS needed
Be forward compatible with 802.11i
Be available today
Wi-Fi Alliance began testing in February; will require WEP support for certification in August and beyond
![Page 50: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/50.jpg)
Authentication
802.1X is required
Still uses open authentication for initial 802.11 association
Supports pre-shared key if no RADIUSSame key configured on access point and on all wireless clients
Initial unicast key derived from authentication process
Verifies that AP and client have the same key
![Page 51: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/51.jpg)
Key managementTKIP replaces 802.1X key management
Temporal key integrity protocol
128-bit RC4 combined with 128-bit IV and client MAC address
Changes unicast key every frame
Has undergone thorough cryptanalysis
Not actually a replacement for WEPMore of a wrapper to work around weaknesses
![Page 52: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/52.jpg)
Key protectionRegenerates session and global keys
802.1X doesn’t regenerate global key used for multicast and broadcast traffic
“Michael”: message integrity check8-byte MIC between payload and 4-byte IC
Encrypted along with everything else
Encrypted frame counter prevents replay attacks
Set to zero when key is set
Incremented for every frame
Receiver drops out-of-order frames
![Page 53: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/53.jpg)
Before adding WPA
EncryptionWEP only
AuthenticationOpen
Shared
![Page 54: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/54.jpg)
After adding WPA
EncryptionDisabled
WEP
TKIP
AES
AuthenticationOpen
Shared
WPA
WPA-PSK
![Page 55: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/55.jpg)
Deployment
![Page 56: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/56.jpg)
System requirements
Client: Windows XP service pack 1
Server: Windows Server 2003 IASInternet Authentication Service—our RADIUS server
Certificate on IAS computer
Backporting to Windows 2000Client and IAS must have SP3
No zero-config support in the client
See KB article 313664
Supports only TLS and MS-CHAPv2Future EAP methods in XP and 2003 might not be backported
![Page 57: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/57.jpg)
Setup1. Build Windows Server 2003 IAS server
2. Join to domain
3. Enroll computer certificate
4. Register IAS in Active Directory
5. Configure RADIUS logging
6. Add AP as RADIUS client
7. Configure AP for RADIUS and 802.1x
8. Create wireless client access policy
9. Configure clientsDon’t forget to import CA root
![Page 58: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/58.jpg)
Access policy
Policy conditionNAS-port-type = Wireless IEEE 802.11 and Wireless other
Windows-group = <some group in AD>
Optional; allows administrative control
Should contain user and computer accounts
![Page 59: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/59.jpg)
Access policy ProfileTimeout: 60 min (802.11b) or 10 min (802.11a/g)
No regular authentication methods
EAP type: protected EAP; use certificate from step 3
Encryption: only strongest (MPPE 128-bit)
Attributes: Ignore-user-dialin-properties = True
![Page 60: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/60.jpg)
What else?
![Page 61: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/61.jpg)
Interoperability
PEAP standards authorsMicrosoft
Cisco
RSA
Our implementation is version 0Not compatible with version 1
Working towards interoperabilityPEAP allows servers and clients to support multiple versions
![Page 62: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/62.jpg)
The future—long term
IEEE is working on 802.11iReplacement for WEP
Includes TKIP, 802.1x, and keyed IC
Mandatory AES (in WPA it’s optional)
Addresses all currently known vulnerabilities and poor implementation decisions
Need to be IEEE member to read work in progress
Expected ratification in September 2003
![Page 63: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/63.jpg)
References
Security of the WEP Algorithm
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
802.1x--Port Based Network Access Control
http://www.ieee802.org/1/pages/802.1x.html
PPP Extensible Authentication Protocol
http://www.ietf.org/rfc/rfc2284.txt
PPP EAP-TLS Authentication Protocol
http://www.ietf.org/rfc/rfc2176.txt
Protected EAP Protocol
ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-josefsson-pppext-eap-tls-eap-05.txt
![Page 64: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/64.jpg)
Next stepsNext steps
Eliminate fear of wireless!
Plan for wireless deployments where there’s a business case
Conduct a site surveyRadio engineering isn’t rocket science, but it isn’t a science fair project either
Add appropriate technology
Deploy a secure wireless network
![Page 65: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/65.jpg)
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
![Page 66: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/66.jpg)
Suggested Reading And Resources
The tools you need to put technology to work!The tools you need to put technology to work!
TITLETITLE AvailableAvailable
8/13/038/13/03
Deploying Secure 802.11 Deploying Secure 802.11 Wireless Networks with Wireless Networks with Microsoft® Windows®:Microsoft® Windows®:0-7356-1939-50-7356-1939-5
Microsoft Press books are 20% off at the TechEd Bookstore
Also buy any TWO Microsoft Press books and get a FREE T-Shirt
![Page 67: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/67.jpg)
evaluationsevaluations
![Page 68: SEC405 Wireless LAN Security with 802.1X, PEAP, and WPA Steve Riley Microsoft Corporation.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf761a28abf838c80c78/html5/thumbnails/68.jpg)
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.