Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x,...
Transcript of Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x,...
![Page 1: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/1.jpg)
Wireless LAN Securitywith802.1x, EAP-TLS, andPEAP
Steve RileySenior ConsultantMCS Trustworthy Computing Services
![Page 2: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/2.jpg)
So what’s the problem?
WEP is a euphemismWiredEquivalentPrivacy
Actually, it’s a lieIt isn’t equivalent to “wired privacy” at all!How can you secure the air?
So: WEP suckshttp://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
![Page 3: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/3.jpg)
Wired equivalent privacy
![Page 4: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/4.jpg)
WEP setup and RC4
Secret key shared between access pointand all clients
Encrypts traffic before transmissionPerforms integrity check after transmission
WEP uses RC4, a stream cipher[key] XOR [plaintext] à [ciphertext]
Maybe double-XOR for “better” security? Hah!
[ciphertext] XOR [key] à [plaintext]
![Page 5: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/5.jpg)
Common attacks
Bit-flipping (encryption ≠ integrity)Flipping bit n in cipertext flips same bit inplaintext
Statistical attacksMultiple ciphertexts using same key permitdetermination of plaintext XOREnables statistical attacks to recover plaintextMore ciphertexts eases thisOnce one plaintext is known, recovering othersis trivial
![Page 6: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/6.jpg)
WEP’s “defenses”
Integrity check (IC) fieldCRC-32 checksum, part of encrypted payloadNot keyedSubject to bit-flipping à can modify IC to makealtered message appear valid
Initialization vector (IV) added to keyAlters key somewhat for each packet24-bit field; contained in plaintext portionAlas, this small keyspace guarantees reuse
![Page 7: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/7.jpg)
More IV problems
Say an AP constantly sends 1500-bytepackets at 11mbps
Keyspace exhausted in 5 hoursCould be quicker if packets are smaller
Key reuse causes even more collisionsSome cards reset IV to 0 after initializationSome cards increment by 1 after each packet
802.11 standard does not mandate newper-packet IV!
![Page 8: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/8.jpg)
Classes of attacks
Key and IV reuseSmall IV space; no IV replay protection
Known plaintext attackCan recover stream of length N for a given IVThen forge packets of length N in absence ofkeyed IC
Partial known plaintext attackCan recover M bytes of keystream, M < NRepeated probing à extend keystream to N
Weaknesses in RC4 key schedulingalgorithm
Large class of weak keys can break secret key
![Page 9: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/9.jpg)
Classes of attacks
Authentication forgingWEP encrypts challenge using client-chosenIVRecovery of keystream for a given IV allowsreuse of the IV for forging WEP authenticationDoesn’t provide key, so can’t join LAN
Realtime decryptionIV reuse and probing à construct dictionary ofIVs and keystreamsEnables decryption in real timeStorage: 1500 bytes of keystream for each IV;
24 b GB
![Page 10: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/10.jpg)
Tools
WEPCrack—breaks 802.11 keyshttp://wepcrack.sourceforge.net/
AirSnort—breaks 802.11 keysNeeds only 5-10 million packetshttp://airsnort.shmoo.com/
NetStumbler—access pointreconnaissance
http://www.netstumbler.com
![Page 11: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/11.jpg)
WEP suckage
Same key reused over and over againPer-packet IV isn’t enough
Need to increase keyspace an attackermust analyze
Generate new keys (not just IVs) periodicallyUse unique per-client keys
These are our first requirements…
![Page 12: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/12.jpg)
Other problems
Rogue access pointsMutual authentication—AP authenticates toclient
Disassociation attacksAssoc/disassoc messages are unencrypted andunauthenticatedFix with keyed message integrity check
Unauthorized use or monitoringIncorporate user and computer authentication
![Page 13: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/13.jpg)
802.1x
![Page 14: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/14.jpg)
Solution today: 802.1x
Port-based access control mechanismdefined by IEEE
Works on anything, wired and wirelessAccess point must support 802.1xNo special WIC requirements
Allows choice of authentication methodsusing EAP
Chosen by peers at authentication timeAccess point doesn’t care about EAP methods
Manages keys automagicallyNo need to preprogram WICs
![Page 15: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/15.jpg)
Is 802.1x enough?
NoIt does solve:
Key discovery by changing keys often andusing different keys for each clientRogue APs and man-in-the-middle attacks byperforming mutual device authenticationUnauthorized access by authenticating usersand computers
It does not solve:Packet and disassociation spoofing because802.1x doesn’t use a keyed MIC
![Page 16: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/16.jpg)
Clarifying terminology
802.11 is the specification for over-the-airwireless networks802.1x is a PHY-independent specificationfor port-based access controlCombining them makes senseThere is no such thing as 802.11x
But there is work on something called 802.11i
![Page 17: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/17.jpg)
802.1x over 802.11Supplicant Authenticator
AuthenticationServer
802.11 association
EAPOL-start
EAP-request/identity
EAP-response/identity
RADIUS-access-request
EAP-request RADIUS-access-challenge
EAP-response(credentials)
RADIUS-access-request
EAP-success RADIUS-access-accept
EAPOW-key (WEP)
Access blocked
Access allowed
![Page 18: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/18.jpg)
Association andauthentication
The 802.11 association happens firstNeed to talk to the AP and get an IP addressOpen authentication—we don’t have the WEPkey yet
Access beyond AP prohibited until authNsucceeds
AP drops non-EAPOL trafficAfter key is sent in EAPOW-key, accessbeyond AP is allowed
Security conversation between supplicantand authentication server
Wireless NIC and AP are passthrough devices
![Page 19: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/19.jpg)
Before authenticationControlled port preventssupplicant LAN accessUncontrolled port allowsauthenticator to contactauthentication server
Directory
Supplicant
AuthNServer
Authenticatorthe Air
![Page 20: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/20.jpg)
After authenticationControlled port nowpermits supplicant toaccess LAN
Directory
Supplicant
AuthNServer
Authenticatorthe Air
![Page 21: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/21.jpg)
802.11/802.1x state machineState 1
802.11 unauthenticatedUnassociated
State 2802.11 authenticated
Unassociated
State 3802.11 authenticated
Associated
State 4802.11 authenticated
Associated802.1x authenticated
Successful open authN
Successful assoc orreassoc
Successful 802.1x authN
DeauthN notification
Disassoc notification
EAPOL-logoff
DeauthNnotification
Class 1 frames
Class 1, 2 frames
Class 1, 2, 3frames
Class 1, 2, 3frames
![Page 22: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/22.jpg)
Encryption keys
Client and RADIUS server generate per-user session WEP keys
Never sent over the airRADIUS server sends key to AP (encryptedwith RADIUS shared secret)
Access point has a global WEP keyUsed during AP authentication to clientSent in EAPOW-key messageEncrypted with session key
Session keys regenerated when…Key time exceeded (60 minute default)Client roams to new AP
![Page 23: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/23.jpg)
Extensibleauthentication protocol
![Page 24: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/24.jpg)
EAP
Link-layer security frameworkSimple encapsulation protocol forauthentication mechanismsRuns over any link layer, lossy or lossless
No built-in securityDoesn’t assume physically secure linkAuthentication methods must incorporate theirown security
![Page 25: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/25.jpg)
Authentication methods
EAP allows choice of authenticationmethodsFor mutual authentication—
TLS: authentication server supplies certificateIKE: server demonstrates possession ofpreshared key or private key (certificate)Kerberos: server demonstrates knowledge ofsession key
![Page 26: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/26.jpg)
AuthN supported in Windows
EAP-MD5 disallowed for wirelessCan’t create encrypted session betweensupplicant and authenticatorWould transfer password hashes in the clearCannot perform mutual authentication
Vulnerable to man-in-the-middle attacks
EAP-TLS in Windows XP releaseRequires client certificatesBest to have machine and user
Service pack 1 adds protected EAP
![Page 27: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/27.jpg)
Protected EAP (PEAP)
Extension to EAPAllows use of any secure authenticationmechanism for EAP
No need to write individual EAP-enabledmethods
Windows PEAP allows:MS-CHAPv2—passwordsTLS—certificatesSecurID
For many deployments, passwords still(alas) are necessary
![Page 28: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/28.jpg)
EAP architecture
TLS GSS_APIKerberos
PEAP IKE MD5
EAP
PPP 802.3 802.5 802.11 Anything…
methodlayer
EAPlayer
medialayer
MS
-CH
AP
v2
TL
S
Secu
rID
![Page 29: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/29.jpg)
Note
Do not configure IAS and XP for both—EAP-TLS alonePEAP with any method
Man-in-the-middle vulnerabilityIf you need TLS and MS-CHAPv2together—
Deploy only PEAPSelect both MS-CHAPv2 and TLS methods
![Page 30: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/30.jpg)
How it works:The Windows logonprocess over PEAP withMS-CHAPv2
![Page 31: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/31.jpg)
Security requirements, again
Mutual device authenticationWorkstation and APNo rogue access pointsPrevents man-in-the-middle attacksEnsures key is transferred to correct entity
User authenticationNo unauthorized access or interception
WEP key uniqueness and regenerationStop packet/disassociation spoofing
![Page 32: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/32.jpg)
Windows domain logon
Two logons occurMachineUser
Machine accounts look like user accountsCertificate credentialUser ID/password/domain credentialTake advantage of this
![Page 33: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/33.jpg)
Windows PEAPauthentication
First phase—machine logon802.11 associationAuthenticate APAuthenticate computerTransition controlled port status
For machine account access to authorizedresources
Second phase—user logonAuthenticate userTransition controlled port status
For user account access to authorized resources
![Page 34: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/34.jpg)
Windows PEAP authentication
First phase1. Supplicant performs regular 802.11
association2. Supplicant sets up TLS channel with
authenticator and requests authenticationserver’s certificate
3. Supplicant—Verifies name and dates on certificateValidates chain
![Page 35: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/35.jpg)
Our requirements so far
Mutual device authenticationWorkstation and APNo rogue access points
User authenticationNo unauthorized access or interception
WEP key uniqueness and regenerationPacket/disassociation spoofing
![Page 36: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/36.jpg)
Windows PEAP authentication
First phase4. Supplicant sends machine credentials to
authenticator over previously-establishedTLS channel
5. Authenticator checks validity bycontacting authentication server(RADIUS)
6. Authentication server contacts directory toverify credentials
![Page 37: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/37.jpg)
Windows PEAP authentication
First phase7. If valid, RADIUS generates WEP key8. Authenticator delivers key to supplicant
and transitions controlled port status topermit supplicant access to LAN (toresources allowed access throughmachine account only)
9. Computer logs on to domain
![Page 38: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/38.jpg)
Our requirements so far
Mutual device authenticationWorkstation and APNo rogue access points
User authenticationNo unauthorized access or interception
WEP key uniqueness and regenerationPacket/disassociation spoofing
![Page 39: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/39.jpg)
Windows PEAP authentication
Second phase1. Logon dialog appears2. Supplicant sends user credentials to
authenticator3. Authenticator checks validity by
contacting authentication server(RADIUS)
4. Authentication server contacts directory5. If valid, authenticator extends controlled
port status to permit supplicant full accessto LAN
6. User logged on to domain
![Page 40: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/40.jpg)
Our requirements so far
Mutual device authenticationWorkstation and APNo rogue access points
User authenticationNo unauthorized access or interception
WEP key uniqueness and regenerationPacket/disassociation spoofing
![Page 41: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/41.jpg)
Why use machine accounts?
Domain logon required for:Machine group policiesComputer startup scriptsSoftware installation settings
When user account passwords expireNeed associated WIC and transitionedcontrolled port for user notification and changedialog
Machine account logon phase allows passwordexpiration notices and changes to occur normally
Cisco’s LEAP can’t deal with thisNo facility for machine authentication
![Page 42: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/42.jpg)
Why passwords?
Not all customers are ready for a PKIManaging user certificates stored oncomputer hard drives will always be painful
Some personnel might roam amongcomputersSmartcards solve this
Technical and sociological issues can delay orprevent deployment
PEAP enables (pretty) secure wirelessnow
Allows easy migration to certificates andsmartcards later
![Page 43: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/43.jpg)
Remaining vulnerabilities
![Page 44: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/44.jpg)
Remaining vulnerabilities
Two related vulnerabilities not addressedwith 802.1x
Bit flipping with known IVs à packet spoofingDisassociation denials of service
Simple addition to 802.1x will solve both
![Page 45: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/45.jpg)
Bit-flipping attacks
WEP doesn’t perform per-packetauthentication
IC is not a keyed message integrity checkFlipped bits in WEP packet à recalculated IC
To spoof or replay:Flip bits in WEP packet where IV is knownAP accepts packetLayer 3 device rejects, sends predictableresponseBuild response database and derive key
![Page 46: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/46.jpg)
Disassociation attacks
802.11 associate/disassociate messagesare unauthenticated and unencryptedAttacker can forge disassociation message
Bothersome denials of service
![Page 47: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/47.jpg)
Solution: keyed IC
Change behavior of WEP’s ICDerive key from seed value, source anddestination MACs, payload
Any change to these will alter the IC
Include in every WEP packet
![Page 48: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/48.jpg)
Deployment
![Page 49: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/49.jpg)
System requirements
Client: Windows XP service pack 1Server: Windows Server 2003 IAS
Internet Authentication Service—our RADIUSserverCertificate on IAS computer
Backporting to Windows 2000Client and IAS must have SP3No zero-config support in the clientSee KB article 313664Supports only TLS and MS-CHAPv2
Future EAP methods in XP and 2003 might not bebackported
![Page 50: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/50.jpg)
Setup
1. Build Windows Server 2003 IAS server2. Join to domain3. Enroll computer certificate4. Register IAS in Active Directory5. Configure RADIUS logging6. Add AP as RADIUS client7. Configure AP for RADIUS and 802.1x8. Create wireless client access policy9. Configure clients
Don’t forget to import CA root
![Page 51: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/51.jpg)
Access policy
Policy conditionNAS-port-type = Wireless IEEE 802.11 andWireless otherWindows-group = <some group in AD>
Optional; allows administrative controlShould contain user and computer accounts
ProfileNo regular authentication methodsEAP type: protected EAP; use certificate fromstep 3Encryption: only strongest (MPPE 128-bit)Attributes: Ignore-user-dialin-properties =True
![Page 52: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/52.jpg)
What else?
![Page 53: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/53.jpg)
Interoperability
PEAP standards authorsMicrosoftCiscoRSA
Our implementation is version 0Not compatible with version 1
Working towards interoperabilityPEAP allows servers and clients to supportmultiple versions
![Page 54: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/54.jpg)
802.1x alternative
WPA (Wi-Fi protected access)Includes TKIP (temporal key integrityprotection)
Uses RC4, rotates keys every 10,000 packetsCombines shared 128-bit key with client MACand 128-bit IVProvides key uniqueness
WPA relies on 802.1x for user and mutualdevice authenticationIn beta now for Windows XP
![Page 55: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/55.jpg)
The future—long term
IEEE is working on 802.11iReplacement for WEPIncludes TKIP, 802.1x, and keyed ICUses AESAddresses all currently known vulnerabilitiesand poor implementation decisions
Need to be IEEE member to read work inprogressExpected ratification in September 2003
![Page 56: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/56.jpg)
References
Security of the WEP Algorithmhttp://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
802.1x--Port Based Network AccessControl
http://www.ieee802.org/1/pages/802.1x.html
PPP Extensible Authentication Protocolhttp://www.ietf.org/rfc/rfc2284.txt
PPP EAP-TLS Authentication Protocolhttp://www.ietf.org/rfc/rfc2176.txt
Protected EAP Protocolftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-
![Page 57: Wireless LAN Security with 802.1x, EAP-TLS, and · PDF fileWireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley ... with RADIUS shared secret) Access point has a global](https://reader034.fdocuments.us/reader034/viewer/2022050902/5a9fa5907f8b9a6c178d00e6/html5/thumbnails/57.jpg)
© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.