securing 802.11
TRANSCRIPT
-
7/30/2019 Securing 802.11
1/114
ACC-232 1 2002, Cisco Systems, Inc. All rights reserved.
-
7/30/2019 Securing 802.11
2/114
222
-
7/30/2019 Securing 802.11
3/114
3 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Securing 802.11Wireless Networks
Session ACC-232
-
7/30/2019 Securing 802.11
4/114444 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Session Information
Basic understanding of components
of 802.11 networks
Please save questions until the end
-
7/30/2019 Securing 802.11
5/114555 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Agenda
Drivers for Wireless Security
Wireless Security in 802.11
Vulnerabilities in 802.11 Wireless Security Technologies for Secure Wireless LANs
Deploying Secure Wireless LANs What Lies Ahead
-
7/30/2019 Securing 802.11
6/114666 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Agenda
Drivers for Wireless Security
Wireless Security in 802.11
Vulnerabilities in 802.11 Wireless Security Technologies for Secure Wireless LANs
Deploying Secure Wireless LANs What Lies Ahead
-
7/30/2019 Securing 802.11
7/114777 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Key Markets for Wireless
Enterprise/Mid Market
Education
Manufacturing/Warehousing
Retail
Healthcare
-
7/30/2019 Securing 802.11
8/114888 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Enterprise/Mid Market
Employees want wireless
ROIUp to 70 minutesmore productivity per day
If IT doesnt rollout wireless,employees will
Low end APs at thelocal computer resellershop
-
7/30/2019 Securing 802.11
9/114999 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Enterprise/Mid Market
Rogue deployments exposecorporate network
IT should provide WLANsand secure them
-
7/30/2019 Securing 802.11
10/114101010 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Education
Collaborative learning
applications aidstudents and teachers
An unsecured WLAN
leaves the followingvulnerable
Student records
Administrative DBs
Proprietary learningmaterials
-
7/30/2019 Securing 802.11
11/114111111 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Manufacturing/Warehousing/Retail
Barcode readers andPOS terminalsvery common
Many wireless
appliances onlysupport static WEP,or dont use any
security! If connected to
corporate network,
network is vulnerable
-
7/30/2019 Securing 802.11
12/114
121212 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Healthcare
Wireless enabledpatient managementapplications anddevices becomingpervasive
Insecure deploymentsleave patient data
vulnerableSecure wireless LANSare an enablerfor HIPAA compliance
HIPAA : Health Insurance Portability and Accountability Act / US Protection of medical privacy
-
7/30/2019 Securing 802.11
13/114
131313 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Agenda
Drivers for Wireless Security
Wireless Security in 802.11
Vulnerabilities in 802.11 Wireless Security
Technologies for Secure Wireless LANs
Deploying Secure Wireless LANs What Lies Ahead
-
7/30/2019 Securing 802.11
14/114
141414 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.11 Wireless Security
Service Set Identifier (SSID)
Wired Equivalent Privacy (WEP)
Open Authentication
Shared Key Authentication
MAC Address Authentication
-
7/30/2019 Securing 802.11
15/114
151515 2002, Cisco Systems, Inc. All rights reserved.ACC-232
The Service Set Identifier (SSID)
SSID CiscoSSID Cisco SSID WirelessSSID Wireless Used to logically
separatewireless LANs
SSID CiscoSSID Cisco
-
7/30/2019 Securing 802.11
16/114
161616 2002, Cisco Systems, Inc. All rights reserved.ACC-232
WEP Encryption
Wired Equivalent Privacy
Based on the RC4 symmetric
stream cipher
Static, pre-shared, 40 bit or 104 bit
keys on client and access point
-
7/30/2019 Securing 802.11
17/114
171717 2002, Cisco Systems, Inc. All rights reserved.ACC-232
What Is a Stream Cipher?
Generates a key
stream of adesired lengthfrom the key
The key streamis mixed with theplaintext data
The result isciphertext data
KeyKey
CipherCipher CiphertextCiphertextXORXOR
Key StreamKey Stream
PlaintextPlaintext
-
7/30/2019 Securing 802.11
18/114
181818 2002, Cisco Systems, Inc. All rights reserved.ACC-232
What Is a Stream Cipher?
Ciphers, like mathequations, always
produce the sameoutput, given thesame input
This allowseavesdroppersto make educatedguesses, and noticeschanges in theplaintext
Key Stream 12345Key Stream 12345
Ciphertext AHGAECiphertext AHGAEXORXOR
Plaintext CISCOPlaintext CISCO
-
7/30/2019 Securing 802.11
19/114
191919 2002, Cisco Systems, Inc. All rights reserved.ACC-232
What Is an Initialization Vector?
An initialization vector
(IV) is value that altersthe key stream
It augments the key
to generate a newkey stream
As the IV changes,so does thekey stream
Ciphertext WGSSFCiphertext WGSSF
Key Stream 45678Key Stream 45678
XORXOR
KeyKey
CipherCipher
IVIV
Plaintext CISCOPlaintext CISCO
-
7/30/2019 Securing 802.11
20/114
202020 2002, Cisco Systems, Inc. All rights reserved.ACC-232
IVs in 802.11 Wireless Security
0-2304 4
VectorVectorPadPad
Key
ID
Key
ID
IVIV MSDUMSDU ICVICV
Encrypted
802.11 IVs are 24bit integer values
Augment 40 bit
keys to 64 bits
Augment 104 bitkeys to 128 bits
Sent in the clear
Octets
BitsInitializationInitialization
-
7/30/2019 Securing 802.11
21/114
212121 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.11 Authentication
Wired
Network
1. Probe Request
2. Probe Response
4. Authentication Response3. Authentication Request
5. Association Request
6. Association Response
Client probes for an AP
Client requests authentication Client requests association
Client can begin data exchange
-
7/30/2019 Securing 802.11
22/114
222222 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.11 Open Authentication
Device oriented authentication
Uses null authenticationAll requestsare granted
With no WEP, network is wide opento any user
If WEP encryption is enabled, WEP keybecomes indirect authenticator
-
7/30/2019 Securing 802.11
23/114
232323 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.11 Open Authentication
1. Authentication Request
2. Authentication Response (Success)
3. Association Request/Response
Wired
Network
Access PointWEP Key 112233
4. WEP Data Frame to Wired NetworkClient
WEP Key 123456
Client send authentication request
AP sends Success response
WEP keys must match for data
to traverse AP
4. Key MismatchFrame Discarded X
-
7/30/2019 Securing 802.11
24/114
242424 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.11 Shared Key Authentication
1. Authentication Request
2. Authentication Response (Challenge)
4. Authentication Response (Success)
3. Authentication Request (Encrypted Challenge)
Wired
Network
Access PointWEP Key 112233
ClientWEP Key 112233
Client and AP must use WEP with pre-shared keys
Client requests shared key authentication
AP sends plaintext challenge Client encrypts challenge with WEP key
and responds
If the AP can decrypt the response, client is valid
-
7/30/2019 Securing 802.11
25/114
252525 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.11 MAC Address Authentication
Not part of 802.11 specification
Vendor specific implementation Used to augment Open or Shared
Key Authentication
-
7/30/2019 Securing 802.11
26/114
262626 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.11 MAC Address Authentication
1. Association
Request2. Client MAC Sent as RADIUS
Request (PAP)
4. AuthenticationResponse (Success)
Client MACAddress ABC
Access Point RADIUS
3. RADIUS-Accept
Client requests authentication Client requests association
AP check MAC against:1) Local allowed list
2) Forward to AAA server
Accept Association
-
7/30/2019 Securing 802.11
27/114
272727 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Wireless Security in 802.11 Summary
Authentication is device oriented
Static, pre-shared WEP for encryption
No key management specified
-
7/30/2019 Securing 802.11
28/114
282828 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Agenda
Drivers for Wireless Security
Wireless Security in 802.11
Vulnerabilities in 802.11 Wireless Security
Technologies for Secure Wireless LANs
Deploying Secure Wireless LANs What Lies Ahead
-
7/30/2019 Securing 802.11
29/114
292929 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Vulnerabilities in 802.11 Wireless Security
Authentication Vulnerabilities
Statistical WEP Key Derivation
Inductive WEP Key Derivation
-
7/30/2019 Securing 802.11
30/114
303030 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Authentication Vulnerabilities
SSID is not a security mechanism!
Disabling SSID broadcast in the
beacons does not prevent an attackerfrom seeing them
Disabling SSID broadcasts may impactWiFi compliance
-
7/30/2019 Securing 802.11
31/114
313131 2002, Cisco Systems, Inc. All rights reserved.ACC-232
SSID for Authentication
-
7/30/2019 Securing 802.11
32/114
323232 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Authentication Vulnerabilities
Wireless NIC is authenticated,not the user
Unauthorized users can useauthorized devices
Lost or stolen laptop
Disgruntled Employees
-
7/30/2019 Securing 802.11
33/114
333333 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Authentication Vulnerabilities
Key StreamKey Stream
CiphertextCiphertextXORXOR
PlaintextPlaintext
Given This
This Is Also TrueKey StreamKey StreamXORXOR
PlaintextPlaintext
CiphertextCiphertext
-
7/30/2019 Securing 802.11
34/114
343434 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Authentication Vulnerabilities
Plaintext ChallengePlaintext Challenge
AccessPoint
Listening Listening
Plaintext ChallengePlaintext Challenge
Ciphertext ResponseCiphertext ResponseClient
Key StreamKey StreamXORXOR
Ciphertext ResponseCiphertext Response
Attacker(Listening)
Shared Key is vulnerable
to Man in the Middle Attack
-
7/30/2019 Securing 802.11
35/114
353535 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Authentication Vulnerabilities
MAC Authentication is weak
MAC addresses are sent in the clear MAC addresses can be sniffed
and spoofed
-
7/30/2019 Securing 802.11
36/114
363636 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Statistical Key Derivation
802.11 WEP is flawed A WEP key can be derived in 1M to 4M
frames using statistical analysis
Attacker is passive, and listensto wireless LAN
Implemented in the AirSnort application
-
7/30/2019 Securing 802.11
37/114
373737 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Inductive Key Derivation
An attacker can derive the keyby soliciting info from a wireless LAN
Common Methods
IV/WEP Key Replay
Frame Bit Flipping
-
7/30/2019 Securing 802.11
38/114
383838 2002, Cisco Systems, Inc. All rights reserved.ACC-232
IV/WEP Key Reuse Vulnerability
Attacker can send a known plaintext
to an observable wireless client(i.e. via email)
Attacker will listen to wireless LAN,waiting to see predicted ciphertext
Once attacker sees the ciphertext,
key stream is derived
Key stream is valid only for the specific IV
-
7/30/2019 Securing 802.11
39/114
393939 2002, Cisco Systems, Inc. All rights reserved.ACC-232
IV/WEP Key Reuse Vulnerability
Access
Point
CiphertextCiphertext
1. Plaintext DataSent to Victim
Attacker
AuthenticatedClient
CorporateNetwork
InternetListening Listening
PlaintextPlaintext
2. Attacker CiphertextReaches Victim
-
7/30/2019 Securing 802.11
40/114
404040 2002, Cisco Systems, Inc. All rights reserved.ACC-232
IV/WEP Key Reuse Vulnerability
Two plaintextsXORed have thesame outputas their ciphertextsXORed
This enhancesa snoopers
chances ofpredictingthe plaintext
Ciphertext (1)Ciphertext (1)
Ciphertext (2)Ciphertext (2)
Plaintext (1)Plaintext (1)
Plaintext (2)Plaintext (2)
WEPWEP
Same ValueSame ValueXORXOR
Plaintext (1)Plaintext (1)
Plaintext (2)Plaintext (2)
XORXOR
Ciphertext (1)Ciphertext (1)
Ciphertext (2)Ciphertext (2)
Bit Fli i V l bilit
-
7/30/2019 Securing 802.11
41/114
414141 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Bit Flipping Vulnerability
Attacker captures a framefrom a wireless LAN
The frame is modified by flipping bits
Attacker predicts a high layer error Attacker waits for predicted error
ciphertext
The key stream is derived upon seeingpredicted ciphertext
Bit Fli i V l bilit
-
7/30/2019 Securing 802.11
42/114
424242 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Bit Flipping Vulnerability
Integrity Check Value (ICV) basedon CRC-32 polynomial
Known mathematical flaw with ICV allowschanges to the encrypted frame and ICV
AP and or client will accept the frameas valid due to this flaw
Bit Fli i V l bilit
-
7/30/2019 Securing 802.11
43/114
434343 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Bit Flipping Vulnerability
Attacker
Bit Flipped FrameBit Flipped Frame WEPWEP Bit Flipped FrameBit Flipped FrameICVPassICVPass
CRCFail
CRCFail
AccessPoint
Layer 3Receiver
Plaintext Error MsgPlaintext Error MsgCiphertext Error Msg WEPWEPCiphertext Error Msg
Predicted PlaintextError Msg
Predicted PlaintextError Msg
Ciphertext Error MsgCiphertext Error Msg
XORXOR Key StreamKey Stream
Bit Fli i P
-
7/30/2019 Securing 802.11
44/114
444444 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Bit Flipping Process
XORXOR
010110 01010101010110 01010101
010110 01010101010110 01010101
101101
101101
010010
XORXOR
110110
0101101011010101011010110101 110110
000000111 00000000000111 00000
ICVICV
WEP Frame (F1 and C1)
Bits to Flip (F2) New ICV
Calculated (C3)
Bit Flipped Frame (F3)
ICV Calculated (C2)
Bit Flipped Frame + ICV
(F3 + C3)
802 11 Sec rit S mmar
-
7/30/2019 Securing 802.11
45/114
454545 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.11 Security Summary
The security mechanisms in the 1997802.11 specification are flawed
Open authentication
Shared Key authentication
WEP
These will NOT secure your wireless LAN!!
802 11 Security Summary
-
7/30/2019 Securing 802.11
46/114
464646 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.11 Security Summary
Requirements for wireless authentication
User-based, centralized, strong authentication
Mutual authentication of client and network
Requirements for wireless privacy
Strong, effective encryption
Effective message integrity check
Centralized, dynamic WEP key management
Agenda
-
7/30/2019 Securing 802.11
47/114
474747 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Agenda
Drivers for Wireless Security
Wireless Security in 802.11
Vulnerabilities in 802.11 Wireless Security
Technologies for Secure Wireless LANs
Deploying Secure Wireless LANs What Lies Ahead
Secure Wireless LANsUser Considerations
-
7/30/2019 Securing 802.11
48/114
484848 2002, Cisco Systems, Inc. All rights reserved.ACC-232
User Considerations
Single sign on
Extensible authentication support
Minimal security overhead
Secure Wireless LANsInfrastructure Considerations
-
7/30/2019 Securing 802.11
49/114
494949 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Infrastructure Considerations
Cost
Additional Server Hardware
Additional Network Infrastructure
Rapid Deployment
Maintenance and Support
Impact to client and infrastructure
Future 802.11 Enhancements
Interoperability with enhancements
Technologies for Secure Wireless LANs
-
7/30/2019 Securing 802.11
50/114
505050 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Technologies for Secure Wireless LANs
VPN
802.1X with TKIP encryption
Secure Authentication Requirements
-
7/30/2019 Securing 802.11
51/114
515151 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Secure Authentication Requirements
Centralized authentication via AAA server Mutual authentication of client
and network
Support for dynamic, user-basedencryption keys
Optional capability to change keys
VPN over 802 11
-
7/30/2019 Securing 802.11
52/114
525252 2002, Cisco Systems, Inc. All rights reserved.ACC-232
VPN over 802.11
Two phase authentication
Device authentication via pre-sharedkey or PKI
User authentication via AAA server
Mutual authentication
Extensible user authentication types
802 1x Standard
-
7/30/2019 Securing 802.11
53/114
535353 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.1x Standard
Port-Based Network Access Control
Falls under 802.1 not 802.11
This is a network standard, not awireless standard
Is part of the 802.11i draft
Provides network authentication, not encryption
Incorporated as part of LEAP
802.1x Overview
-
7/30/2019 Securing 802.11
54/114
545454 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.1x Overview
Standard set by the IEEE 802.1 working group
Describes a standard link layer protocol used fortransporting higher-level authenticationprotocols
Works between the supplicant (client) and theauthenticator(network device)
Maintains backend communication to anauthentication (RADIUS) server
EAP Overview
-
7/30/2019 Securing 802.11
55/114
555555 2002, Cisco Systems, Inc. All rights reserved.ACC-232
EAP Overview
EAPThe Extensible Authentication Protocol
A flexible protocol used to carry arbitrary
authentication information Typically rides on top of another protocol such
as 802.1x or RADIUS (could be TACACS+, etc.)
Specified in RFC 2284
Support multiple authentication types:
Plain password hash (MD5) (not mutual)
OTP Tokens (not mutual)
TLS (based on X.509 certificates)
And EAP-Cisco Wireless!!
802.1x and EAP
-
7/30/2019 Securing 802.11
56/114
565656 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.1x and EAP
802.1x Transport authentication information in the form ofExtensible Authentication Protocol (EAP) payloads
The authenticator (AP or switch) becomes the middlemanfor relaying EAP received in 802.1x packets to anauthentication server by using RADIUS to carry the EAPinformation
Three forms of EAP are specified in the 802.1x standardEAP-MD5MD5 Hashed Username/Password
EAP-OTPOne-Time Passwords
EAP-TLSStrong PKI Authenticated Transport Layer Security (TLS)
EAP PayloadEAP Payload802.1x Header
802.1x, EAP and RADIUS
-
7/30/2019 Securing 802.11
57/114
575757 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.1x, EAP and RADIUS
RADIUSThe Remote Authentication Dial In User Service
A protocol used to communicate between a networkdevice and an authentication server or database
Allows the communication of login and authenticationinformation; i.e., username/password, OTP, etc.
Allows the communication of arbitrary value pairs usingVendor Specific Attributes (VSAs)
Can also act as a transport for EAP messages
EAP PayloadEAP PayloadUDP Header RADIUS Header
802.1x / EAP Authentication
-
7/30/2019 Securing 802.11
58/114
585858 2002, Cisco Systems, Inc. All rights reserved.ACC-232
802.11 Association Complete; Data Blocked by AP
Normal Data
Authentication Traffic
802.1X Traffic RADIUS Traffic
AP Encapsulates 802.1x Traffic
into RADIUS Traffic, and Visa Versa
AP Blocks Everything but 802.1x-to-RADIUS Authentication Traffic
EAP over WirelessEAP over RADIUS
RADIUS
Server
802.1x / EAP Authentication Steps
-
7/30/2019 Securing 802.11
59/114
595959 2002, Cisco Systems, Inc. All rights reserved.ACC-232
p
RADIUS
ServerAP
Start ProcessEAPOL StartAsk Client for IdentityIdentity Request
Provide IdentityIdentity Response
EAP RequestEAP Request
EAP ResponseEAP Response
Access ChallengeAccess Challenge
Access RequestAccess Request
Perform SequenceDefined byAuthentication Method(e.g. EAP-TLS, Cisco-EAP Wireless )Client Receives or
Derives Session Key
Access Request Pass Request to RADIUS
Pass Session Key to APAccess Success
Start Using WEPEAP Success
Deliver Broadcast Key,Encrypted with Session KeyEAPOW Key
802.1x for Wireless LANs
-
7/30/2019 Securing 802.11
60/114
606060 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Cisco has led the way with EAP-CiscoWireless (LEAP)
Multiple wireless vendors have adopted 802.1xfor WLANs
802.1X authentication protocols include EAP-Cisco
Wireless, EAP-TLS, EAP-MD5, TTLS, and PEAP
Microsoft has integrated support for EAP-TLS andEAP-MD5 into Windows XP operating system
Also has announced support for EAP on nativeplatforms (Windows 2000, Windows NT 4, Windows 98and Windows ME)
EAP AuthenticationTypes for Wireless LANs
-
7/30/2019 Securing 802.11
61/114
616161 2002, Cisco Systems, Inc. All rights reserved.ACC-232
yp
EAP-Cisco (aka LEAP)
Password-based
EAP-TLS (Transport Layer Security)
Certificates-based
EAP-PEAP (Protected EAP)HybridCertificate/Password
EAP-TTLS (Tunneled TLS)
HybridCertificate/Password
EAP-SIM (SIM Card)
Authentication by SIM Cards
EAP-Cisco Authentication
-
7/30/2019 Securing 802.11
62/114
626262 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Client Support
Windows 95-XP
Windows CE
Macintosh OS 9.X and 10.X
Linux
Device Support
Workgroup Bridges (WGB 340 and 350)
Point to Point Bridges (BR350 series)
EAP-Cisco Authentication
-
7/30/2019 Securing 802.11
63/114
636363 2002, Cisco Systems, Inc. All rights reserved.ACC-232
RADIUS Server
Cisco ACS
Cisco AR
Funk Steel Belted RADIUS
Interlink Merit
Microsoft Domain or Active Directory(optional) for back end authentication
EAP-Cisco Authentication
-
7/30/2019 Securing 802.11
64/114
646464 2002, Cisco Systems, Inc. All rights reserved.ACC-232
AccessPointClient RADIUS
Server Controller
NT/AD
AP Blocks all Requests until
Authentication Completes
Start
Request Identity
Client Authenticates RADIUS ServerDerive
keykey
Derive
keykey
RADIUS Server Authenticates ClientIdentity Identity
AP Sends Client
Broadcast Key, Encryptedwith Session Key
Broadcast Key
Key Length
EAP-TLS Authentication
-
7/30/2019 Securing 802.11
65/114
656565 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Client Support
Windows 2000, XP
Clients require a local user or machinecertificate
Infrastructure Requirements
EAP-TLS supported RADIUS server
Cisco ACS, Cisco AR, MS IAS
RADIUS server requires a server certificateCertificate Authority Server
Windows 2000 Server
EAP-TLS Authentication
-
7/30/2019 Securing 802.11
66/114
666666 2002, Cisco Systems, Inc. All rights reserved.ACC-232
AccessPointClient RADIUS
Server
Certificate
Authority
AP Blocks all Requests until
Authentication Completes
Start
Request Identity
Random Session Keys GeneratedEncryptedExchange
Encrypted
Exchange
Identity Identity
Server Certificate Server Certificate
Client Certificate Client Certificate
AP Sends Client
Broadcast key, Encryptedwith Session Key
Broadcast Key
Key Length
Hybrid Authentication
-
7/30/2019 Securing 802.11
67/114
676767 2002, Cisco Systems, Inc. All rights reserved.ACC-232
EAP-TTLS
Server side authentication with TLSClient side authentication with legacyauthentication types (CHAP, PAP, etc)
EAP-PEAP
Server side authentication with TLS
Client side authentication with EAPauthentication types (EAP-GTC, EAP-MD5, etc)
Hybrid Authentication
-
7/30/2019 Securing 802.11
68/114
686868 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Both require CA, as with EAP-TLS
Clients do not require certificates
Simplifies end user/device management
Allows for one way authentication typesto be used
One Time Passwords
Proxy to LDAP, Unix, NT/AD, Kerberos, etc
EAP-TTLS Authentication
-
7/30/2019 Securing 802.11
69/114
696969 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Legacy AuthenticationClient Side
AuthenticationClient Side
Authentication
RADIUS
Server
Client
AAA ServerAP Blocks all
Requests Until
Authentication Completes
Certificate
Authority
AccessPointClient
Start
Request Identity
Identity Identity
Server Certificate Server Certificate
Encrypted Tunnel EstablishedServer SideAuthentication
Server SideAuthentication
AP Sends Client
Broadcast Key, Encryptedwith Session Key
Broadcast Key
Key Length
EAP-PEAP Authentication
-
7/30/2019 Securing 802.11
70/114
707070 2002, Cisco Systems, Inc. All rights reserved.ACC-232
EAP in EAP AuthenticationClient Side
AuthenticationClient Side
Authentication
RADIUS
Server
Client
AAA ServerAP Blocks all
Requests until
Authentication Completes
Certificate
Authority
AccessPointClient
Start
Request Identity
Identity Identity
Server Certificate Server Certificate
Encrypted Tunnel EstablishedServer SideAuthentication
Server SideAuthentication
AP Sends Client
Broadcast Key, Encryptedwith Session Key
Broadcast Key
Key Length
EAP-MD5 Authentication
-
7/30/2019 Securing 802.11
71/114
717171 2002, Cisco Systems, Inc. All rights reserved.ACC-232
An example of what NOT to use in a WLAN
One way authentication
Network authenticates client
No support for dynamic keys
EAP-MD5 Authentication
-
7/30/2019 Securing 802.11
72/114
727272 2002, Cisco Systems, Inc. All rights reserved.ACC-232
AccessPointClient RADIUS
Server
RADIUS Server Authenticates Client
AP Blocks all Requests Until
Authentication Completes
Start
Request Identity
Identity Identity
Success Success
EAP-SIM Authentication Overview
-
7/30/2019 Securing 802.11
73/114
737373 2002, Cisco Systems, Inc. All rights reserved.ACC-232
User authentication performed based on an IMSI in the SIM cardwhich is used to authenticate GSM phones today
Strong Authentication Using 802.1x
Mutual authentication (not currently implemented)
One time password algorithm
Dynamic WEP keys
Back-end Integration
Uses existing GSM operator provisioning chainLeverage existing roaming agreements
Leverage existing authentication and billing infrastructure
EAP-SIM Authentication
-
7/30/2019 Securing 802.11
74/114
747474 2002, Cisco Systems, Inc. All rights reserved.ACC-232
ClientAuthenticated
ClientAuthenticated
MAC_SRES Pass?
Derive
KeyKeyDerive
KeyKey
Challenge-Resp Challenge-Resp
AcceptEAP-Success
RADIUS
Server
AuC
AP Blocks all Requests until
Authentication Completes
AccessPointClient
Start
Request Identity
1IMSI@realm 1IMSI@realm GetAuthInfo
SIM-Challenge SIM-ChallengeServer
AuthenticatedServer
Authenticated
MAC_RAND Pass?
Broadcast KeyKey Length
AP Sends ClientBroadcast Key, Encryptedwith Session Key
TripletsSIM-Start SIM-Start
Random Random
Authentication Attack Mitigation
-
7/30/2019 Securing 802.11
75/114
757575 2002, Cisco Systems, Inc. All rights reserved.ACC-232
VPNVPN
XX
XX
XX
XX
XX
XX
XX
EAP-
TTLS/PEAP
EAP-
TTLS/PEAP
XX
XX
XX
EAP-TLSEAP-TLS
XX
XX
EAP-CiscoEAP-Cisco
XX
XX
XX
X*X*
EAP-MD5EAP-MD5
X*X*
Rogue APsRogue APs
Session HijackingSession Hijacking
Man in the MiddleMan in the Middle
Dictionary AttackDictionary Attack
*Requires the Use of Strong Passwords
X: Mitigates Vulnerability
Strong Encryption Requirements
-
7/30/2019 Securing 802.11
76/114
767676 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Cryptographically sound encryption
algorithm Effective message integrity
Strong Encryption
-
7/30/2019 Securing 802.11
77/114
777777 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Temporal Key Integrity Protocol (TKIP)
Enhances WEP encryptionPer Packet Keying
Message Integrity Check
VPN over Wireless
3DES encryptionTried and trueHMAC-SHA1 or HMAC-MD5 messageauthentication
TKIP Encryption
-
7/30/2019 Securing 802.11
78/114
787878 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Cisco offers a pre-standardsimplementation
Per Packet Keying Message Integrity Check
Broadcast Key Rotation
Per Packet Keying Operation
-
7/30/2019 Securing 802.11
79/114
797979 2002, Cisco Systems, Inc. All rights reserved.ACC-232
HashHash
Base WEP KeyBase WEP KeyIVIV
Packet KeyPacket KeyIVIV
PlaintextPlaintext
CiphertextCiphertextXORXOR
Key StreamKey Stream
IV SequencingIVs increment by one
Per Packet IV is hashed with base WEP key
Result is a new Packet WEP key
The Packet WEP key changes per IV
WEPWEP
Per Packet Keying Caveats
-
7/30/2019 Securing 802.11
80/114
808080 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Packet key remains unique as long
as IV is unique
802.11 IV has 2^24 possible integers
(roughly 0 to 16.7M) Base WEP key must be changed
via 802.1X in order to avoid IV/Packetkey stream derivation
Message Integrity Check (MIC)
-
7/30/2019 Securing 802.11
81/114
818181 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Prevents IV/WEP key reuse
Prevents frame tampering
Message Integrity Check (MIC)
-
7/30/2019 Securing 802.11
82/114
828282 2002, Cisco Systems, Inc. All rights reserved.ACC-232
StandardWEP Frame
WEP Encrypted
802.11Header802.11Header IV
IV LLC SNAP Payload ICV
MIC EnhancedWEP Frame
WEP Encrypted
802.11Header802.11Header
IVIV LLC SNAP MIC SEQ Payload ICV
Message Integrity Check (MIC)
-
7/30/2019 Securing 802.11
83/114
838383 2002, Cisco Systems, Inc. All rights reserved.ACC-232
MIC is calculated from
Random Seed Value
MAC HeaderSequence Number
Data Payload
Components arehashed to derivea 32 bit MIC
SEQ number mustbe in order, or frameis dropped
LLC SNAP SEQ PayloadSADASeed
MMHHashMMHHash
4 Byte
MIC
4 Byte
MIC
Broadcast Key Rotation
-
7/30/2019 Securing 802.11
84/114
848484 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Broadcast key is required in 802.1Xenvironments
Broadcast key is vulnerable to same
attacks as static WEP key
Broadcast key needs to rotate,
as with unicast key
Encryption Attack Mitigation
-
7/30/2019 Securing 802.11
85/114
858585 2002, Cisco Systems, Inc. All rights reserved.ACC-232
TKIPTKIP
XX
XX
XX
WEPWEP VPNVPN
XX
XX
XXBit FlippingBit Flipping
IV ReuseIV Reuse
AirSnortAirSnort
Agenda
-
7/30/2019 Securing 802.11
86/114
868686 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Drivers for Wireless Security
Wireless Security in 802.11
Vulnerabilities in 802.11 Wireless Security
Technologies for Secure Wireless LANs
Deploying Secure Wireless LANs
What Lies Ahead
Deploying Secure Wireless LANs
-
7/30/2019 Securing 802.11
87/114
878787 2002, Cisco Systems, Inc. All rights reserved.ACC-232
VPN over 802.11
802.1X w/TKIP Encryption
VPN over 802.11Client
-
7/30/2019 Securing 802.11
88/114
888888 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Requires a separate
logon for VPN
VPN over 802.11Client
-
7/30/2019 Securing 802.11
89/114
898989 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Before VPNauthenticationclient is onunprotected WLAN
Personal Firewallcan mitigate attacks
on these clients
PersonalFirewall
RogueClient
UnauthenticatedClient
VPN over 802.11 Filters & Access Lists
-
7/30/2019 Securing 802.11
90/114
909090 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Protect as much as we can the open WLAN :
Filters on the Access Points Access Lists on the L3 switches/routers
VPN Logical Topology
-
7/30/2019 Securing 802.11
91/114
919191 2002, Cisco Systems, Inc. All rights reserved.ACC-232
CorporateNetwork
VPNConcentrator
AAAServer
SiSi
Personal Firewall
VPN Client
ACLs to Allow
VPN, DHCP, DNS
AccessPoint
DistributionRouter
Client
VPN over 802.11 Bridging Scenarios
-
7/30/2019 Securing 802.11
92/114
929292 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Corporate
Network
Remote
Network
AAAServer
IPSecRouter
IPSecRouter
ACLs to Allow
VPN
Bridge Bridge
VPN over 802.11Performance
-
7/30/2019 Securing 802.11
93/114
939393 2002, Cisco Systems, Inc. All rights reserved.ACC-232
All message authenticityand encryption done in software
Average of 30% to 40%performance impact
VPN over 802.11Issues
-
7/30/2019 Securing 802.11
94/114
949494 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Client throughput may require multipleconcentrators
Support for IP unicast exclusively
No support for IPX, AppleTalk
No support for multicast
802.11e QoS enhancements uselessfor VPN WLAN clients
All traffic is IP/ESP encapsulated
VPN over 802.11Issues
-
7/30/2019 Securing 802.11
95/114
959595 2002, Cisco Systems, Inc. All rights reserved.ACC-232
No support for WLAN appliancesBarcode readers, 802.11 phones
Roaming IssuesLayer 2ESP session timeout
Layer 3Interoperability with Mobile IP
802.1X w/TKIPConfigurations
-
7/30/2019 Securing 802.11
96/114
969696 2002, Cisco Systems, Inc. All rights reserved.ACC-232
EAP-Cisco
EAP-TLS Both require Cisco clients and APs
802.1X w/TKIPTopology
-
7/30/2019 Securing 802.11
97/114
979797 2002, Cisco Systems, Inc. All rights reserved.ACC-232
CorporateNetwork
Distribution Routers
CA or Back EndAuthentication
SiSi SiSi
Access Switches
Access Points RADIUS Servers
EAP-Cisco w/TKIPBridging Scenario
-
7/30/2019 Securing 802.11
98/114
989898 2002, Cisco Systems, Inc. All rights reserved.ACC-232
RemoteNetwork
CorporateNetwork
NT/W2KAD Servers
Root BridgeEAP-Cisco
Authenticator
Non-Root BridgeEAP-Cisco Client
RADIUS Servers
EAP-TLS w/TKIPClient
-
7/30/2019 Securing 802.11
99/114
999999 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Included in WinXP
OS release Configure multiple
network profiles
Client displays allknown networkswith broadcastSSID enabled
802.1X w/TKIPGeneral Issues
-
7/30/2019 Securing 802.11
100/114
100100100 2002, Cisco Systems, Inc. All rights reserved.ACC-232
New cryptographic techniquesProven in IEEE, but only time will tell
802.11 standard is evolvingChanges should be expected
802.11 task groups E, F, H, and I
802.1X w/TKIPPerformance
-
7/30/2019 Securing 802.11
101/114
101101101 2002, Cisco Systems, Inc. All rights reserved.ACC-232
WEP encryption done in hardware
MIC and per packet keying done
in software Depending on traffic type, throughput hit
of 5% to 15% with enhancements enabled
802.1X w/TKIPGeneral Issues
-
7/30/2019 Securing 802.11
102/114
102102102 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Authentication types not pervasive (yet)
No one scheme satisfies every scenarioor requirement
Roaming
RADIUS request adds ~ 300600 msto roam time
A pre-authentication mechanism is needed toexpedite roaming process
Other Security Features
-
7/30/2019 Securing 802.11
103/114
103103103 2002, Cisco Systems, Inc. All rights reserved.ACC-232
RADIUS Accounting
Publicly Secure Packet Forwarding (PSPF)
RADIUS Accounting
-
7/30/2019 Securing 802.11
104/114
104104104 2002, Cisco Systems, Inc. All rights reserved.ACC-232
AP will log client associations anddisassociations using RFC2866 RADIUSaccounting
No client upgrade required; AP onlyenhancement
Vendor Neutral
RADIUS Accounting Overview
-
7/30/2019 Securing 802.11
105/114
105105105 2002, Cisco Systems, Inc. All rights reserved.ACC-232
AP will send a start message to theaccounting server after client association
AP will send update messages
at configurable intervals
AP will send a stop message when client
disassociates
RADIUS Accounting Overview
-
7/30/2019 Securing 802.11
106/114
106106106 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Accounting can be configured for EAPclients, Non-EAP clients, or both
Non-EAP refers to standard Open/SharedKey authentication and/or MACauthentication
RADIUS Accounting Overview
What info does RADIUS
-
7/30/2019 Securing 802.11
107/114
107107107 2002, Cisco Systems, Inc. All rights reserved.ACC-232
What info does RADIUSaccounting provide?
Input/Output bytes
Input/Output packets
Session duration
Association ID
NAS (Access Point) IP Address
These values are on a per client basis
Publicly Secure Packet Forwarding
-
7/30/2019 Securing 802.11
108/114
108108108 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Prevents WLAN inter-clientcommunication
Client can communicate out through
the AP
Clients cannot communicate to other
stations in the BSS
PSPFBlocking Inter-clientCommunication
-
7/30/2019 Securing 802.11
109/114
109109109 2002, Cisco Systems, Inc. All rights reserved.ACC-232
WiredNetwork
Agenda
-
7/30/2019 Securing 802.11
110/114
110110110 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Drivers for Wireless Security
Wireless Security in 802.11
Vulnerabilities in 802.11 Wireless Security
Technologies for Secure Wireless LANs
Deploying Secure Wireless LANs
What Lies Ahead
What Lies Ahead
-
7/30/2019 Securing 802.11
111/114
111111111 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Ratification of IEEE 802.11i
Adoption of TKIP encryption
Certifiable vender interoperability (WiFi) AES encryption
3DES successor
-
7/30/2019 Securing 802.11
112/114
112 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Securing 802.11Wireless Networks
Session ACC-232
-
7/30/2019 Securing 802.11
113/114
113 2002, Cisco Systems, Inc. All rights reserved.ACC-232
Please Complete YourEvaluation Form
Session ACC-232
-
7/30/2019 Securing 802.11
114/114
ACC-232 114114114 2002, Cisco Systems, Inc. All rights reserved.