Security is always a top-of-mind issue for WLAN deployments, no matter what business you're in. But it’s an issue that's loaded with acronyms, confusing terminology, and some degree of black-art mystique. This session starts with basic principles of cryptography and gives you a thorough understanding of how Wi-Fi authentication and encryption work to keep your network safe. You’ll also learn about 802.1X authentication, tradeoffs of different EAP methods, why proper client configuration is so important, and why Aruba believes that role-based access control is critical in a modern mobile network.
4. 4#ATM16
Why study cryptography?
• Absolutely critical to wireless security
• Heavily used during authentication process
• Protects data in transit
• Makes you more interesting at parties
5. 5#ATM16
Meet Bob and Alice
– Bob and Alice are traditionally used in examples of cryptography
7. 7#ATM16
Symmetric Key Cryptography
• Strength:
– Simple and very fast (order of 1000 to 10000 faster than asymmetric mechanisms)
• Challenges:
– Must agree on the key beforehand
– How to securely pass the key to the other party?
• Examples: AES, 3DES, DES, RC4
• AES is the current “gold standard” for security
10. 10#ATM16
Public Key Cryptography
•Strength
– Solves problem of passing the key
– Allows establishment of trust context between parties
•Challenges:
– Slow (MUCH slower than symmetric)
– Problem of trusting public key (what if I’ve never met you?)
•Examples: RSA, DSA, ECDSA
11. 11#ATM16
Hybrid Cryptography
•Randomly generate “session” key
•Encrypt data with “session” key
(symmetric key cryptography)
•Encrypt “session” key with recipient’s public key
(public key cryptography)
12. 12#ATM16
Hash Function
• Properties
– it is easy to compute the hash value for any given message
– it is infeasible to find a message that has a given hash
– it is infeasible to find two different messages with the same hash
– it is infeasible to modify a message without changing its hash
• Ensures message integrity
• Also called message digests or fingerprints
• Examples: MD5, SHA1, SHA2 (256/384/512)
13. 13#ATM16
Digital Signature
• Combines a hash with an asymmetric crypto algorithm
• The sender’s private key is used in the digital signature operation
• Digital signature calculation:
16. 16#ATM16
Message Integrity with CBC-MAC
• Set IV=0
• Run message through AES-CBC (or some other symmetric cipher)
• Discard everything except final block – this output is the MAC
19. 19#ATM16
Summary: Security Building Blocks
–Encryption provides
– confidentiality, can provide authentication and integrity protection
–Checksums/hash algorithms provide
– integrity protection, can provide authentication
–Digital signatures provide
– authentication, integrity protection, and non-repudiation
–For more info:
Buy this Book!
21. 21#ATM16
What is a Certificate?
• Binds a public key to some identifying
information
–The signer of the certificate is called its issuer
–The entity talked about in the certificate is the subject
of the certificate
• Certificates in the real world
–Any type of license, government-issued ID’s,
membership cards, ...
–Binds an identity to certain rights, privileges, or other
identifiers
22. 22#ATM16
Public Key Infrastructure
• A Certificate Authority (CA) guarantees the
binding between a public key and another CA or
an “End Entity” (EE)
• CA Hierarchies
24. 24#ATM16
What is a Certificate?
Identity
Trusted
3rd-party
Identity bound
to public key
25. 25#ATM16
Public Key Infrastructure
• We trust a certificate if there is a valid chain of trust to a root CA
that we explicitly trust
• Web browsers also check DNS hostname == certificate
Common Name (CN)
• Chain Building & Validation
27. 27#ATM16
Certificate Formats
–PEM / PKCS#7
–Contains a certificate in base64 encoding (open in a text editor)
–DER
–Contains a certificate in binary encoding
–PFX / PKCS#12
–Contains a certificate AND private key, protected by a password
PEM-PKCS#7:
-----BEGIN CERTIFICATE-----
MIID5TCCA2qgAwIBAgIKErZ83wAAAAAAEDAKBggqhkjOPQQDAzBLMRUwEwYKCZIm
iZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRqb24xMRwwGgYDVQQDExNq
b24xLUpPTi1TRVJWRVIyLUNBMB4XDTEzMDIwNjIyNDAzN1oXDTE0MDIwNjIyNDAz
N1owHDEaMBgGA1UEAxMRMDA6MEI6ODY6ODA6MEU6REQwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAATrgMEy+gw3PpVmKmOZPykpKMQmcPBB9B676cnyxPlzGkmAQRR0
EzyD2X5KLBECq8hzmRTaVOlY3OQk/XfI6fVvo4ICYzCCAl8wPQYJKwYBBAGCNxUH
BDAwLgYmKwYBBAGCNxUIhe7KRYPsiXqElZMYhqH9BYTl+0SBA4Sn/SPJgGMCAWQC
AQkwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOIMBsGCSsGAQQB
gjcVCgQOMAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFAvM3qRuBFR80o4raVwf5uYe
YUi5MB8GA1UdIwQYMBaAFOHxRRuokak66iwzfWV/CMvZ129sMIHUBgNVHR8Egcww
gckwgcaggcOggcCGgb1sZGFwOi8vL0NOPWpvbjEtSk9OLVNFUlZFUjItQ0EsQ049
Sk9OLVNFUlZFUjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO
PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9am9uMSxEQz1sb2NhbD9jZXJ0
aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJp
YnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0MIGxBggrBgEFBQcwAoaBpGxk
YXA6Ly8vQ049am9uMS1KT04tU0VSVkVSMi1DQSxDTj1BSUEsQ049UHVibGljJTIw
S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1q
b24xLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0
aWZpY2F0aW9uQXV0aG9yaXR5MAoGCCqGSM49BAMDA2kAMGYCMQDi+o5P1Tsdb24b
wH6JjHSJT1RPNyM1WUYQtPgInUBW0E7LsZtSoS50Jvp0MQ93ge0CMQC1qb/0gUEy
PSIw7GwjFz6MGI5dH42WsxKl9+dW2CptGdI/V9+LSCsgRaMjJt9Teh8=
-----END CERTIFICATE-----
28. 28#ATM16
Creating Certificates A-Z
1. Generate entropy
2. Use entropy to create random public/private keypair (asymmetric
crypto)
3. Attach identifying information to public key – send to CA (Certificate
Signing Request)
4. CA issues certificate in X.509 format
– Contains public key as supplied in CSR
– Contains hash of certificate contents
– Contains digital signature signed with CA’s private key (hash + asymmetric crypto)
5. Retrieve certificate from CA – match up with private key. Ready for
use.
32. 32#ATM16
Public CA versus Private CA
• Windows Server includes a domain-aware CA – why not just
use it?
• Disadvantages:
–PKI is complex. Might be easier to let Verisign/Thawte/etc. do it for
you.
–Nobody outside your Windows domain will trust your certificates
• Advantages:
–Less costly
–Better security possible. Low chances of someone outside
organization getting a certificate from your internal PKI
33. 33#ATM16
OCSP
• Can be used by the client (e.g. web browser) to verify server’s certificate validity
– OCSP URL is read from server certificate’s AIA field
• Can be used by the server (e.g. mobility controller) to verify client’s certificate validity
– OCSP URL is most often configured on the server to point to specific OCSP responders
• OCSP transactions use HTTP for transport protocol
• Important: Nonce Extension required for replay prevention
– Some public CAs don’t like this…
36. 36#ATM16
Authentication with 802.1X
• Authenticates users before
granting access to L2 media
• Makes use of EAP (Extensible
Authentication Protocol)
• 802.1X authentication happens at
L2 – users will be authenticated
before an IP address is assigned
39. 39#ATM16
802.1X Acronym Soup
–PEAP (Protected EAP)
– Uses a digital certificate on the network side
– Password or certificate on the client side
–EAP-TLS (EAP with Transport Level Security)
– Uses a certificate on network side
– Uses a certificate on client side
–TTLS (Tunneled Transport Layer Security)
– Uses a certificate on the network side
– Password, token, or certificate on the client side
–EAP-FAST
– Cisco proprietary
– Do not use – known security weaknesses
41. 41#ATM16
Configure Supplicant Properly
• Configure the Common Name of
your RADIUS server (matches CN
in server certificate)
• Configure trusted CAs (an in-
house CA is better than a public
CA)
• ALWAYS validate the server
certificate
• Do not allow users to add new
CAs or trust new servers
• Enforce with group policy
42. 42#ATM16
Isn’t MSCHAPv2 broken?
•Short answer: Yes – because of things like rainbow
tables, distributed cracking, fast GPUs, etc.
•This is why we use MSCHAPv2 inside a PEAP (TLS)
tunnel for Wi-Fi
–What happens if you don’t properly validate the server
certificate?
–Look up FreeRADIUS-WPE
•Still using PPTP for VPN? Watch out…
43. 43#ATM16
WPA2 Key Management Summary
Step 1: Use RADIUS to push PMK from AS to AP
Step 2: Use PMK and 4-Way Handshake to
derive, bind, and verify PTK
Step 3: Use Group Key Handshake to send GTK
from AP to STA
Auth Server
AP/Controller
44. 44#ATM16
4-Way Handshake
EAPoL-Key(Reply Required, Unicast, ANonce)
Pick Random ANonce
EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)
EAPoL-Key(Reply Required, Install PTK,
Unicast, ANonce, MIC, AP SSN IE)
Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce |
SNonce | AP MAC Addr | STA MAC Addr)
Derive PTK
EAPoL-Key(Unicast, ANonce, MIC)
Install PTK Install PTK
PMK PMK
45. 45#ATM16
Summary
• Security is complex
• Once you understand it, people will envy you
• You can make Facebook posts to confuse your parents
• More importantly: Do it right so you don’t get hacked
46. 46#ATM16
Join Aruba’s Titans of Tomorrow
force in the fight against network
mayhem. Find out what your
IT superpower is.
Share your results with friends
and receive a free superpower
t-shirt.
www.arubatitans.com