Wi-Fi Security Fundamentals

#ATM15 |
WIRELESS LAN SECURITY FUNDAMENTALS
Jon Green
March 2015

2 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
Learning Goals
Authentication with 802.1X
But first: We need to understand PKI
And before that, we need a cryptography primer…

Why study cryptography?
• Absolutely critical to wireless security
• Heavily used during authentication process
• Protects data in transit
• Makes you more interesting at parties

Meet Bob and Alice
Bob and Alice are traditionally used in examples of cryptography

Symmetric Key Cryptography

CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved7#ATM15 |
Symmetric Key Cryptography
• Strength:
– Simple and very fast (order of 1000 to 10000 faster than asymmetric mechanisms)
• Challenges:
– Must agree on the key beforehand
– How to securely pass the key to the other party?
• Examples: AES, 3DES, DES, RC4
• AES is the current “gold standard” for security

Symmetric Cipher “Modes”

Public Key Cryptography (Asymmetric)

Public Key Cryptography
• Strength
– Solves problem of passing the key
– Allows establishment of trust context between parties
• Challenges:
– Slow (MUCH slower than symmetric)
– Problem of trusting public key (what if I’ve never met you?)
• Examples: RSA, DSA, ECDSA

Hybrid Cryptography
• Randomly generate “session” key
• Encrypt data with “session” key
(symmetric key cryptography)
• Encrypt “session” key with recipient’s public key
(public key cryptography)

Hash Function
• Properties
– it is easy to compute the hash value for any given message
– it is infeasible to find a message that has a given hash
– it is infeasible to find two different messages with the same hash
– it is infeasible to modify a message without changing its hash
• Ensures message integrity
• Also called message digests or fingerprints
• Examples: MD5, SHA1, SHA2 (256/384/512)

Digital Signature
• Combines a hash with an asymmetric crypto algorithm
• The sender’s private key is used in the digital signature operation
• Digital signature calculation:

Message Authentication

HMAC

Message Integrity with CBC-MAC
• Set IV=0
• Run message through AES-CBC (or some other symmetric
cipher)
• Discard everything except final block – this output is the MAC

CCMP (Counter with CBC-MAC)
CBC-MAC
AES in Counter
Mode

Entropy
(Information-theoretic, not thermodynamic!)
• When we create a random key, it must be unique and
unpredictable
• We need good random numbers for this
• What happens if it’s not unique or unpredictable?

Summary: Security Building Blocks
Encryption provides
– confidentiality, can provide authentication and integrity protection
Checksums/hash algorithms provide
– integrity protection, can provide authentication
Digital signatures provide
– authentication, integrity protection, and non-repudiation
For more info:
Buy this Book!

20#ATM15 |
Certificates, Trust & PKI

What is a Certificate?
• Binds a public key to some identifying
information
–The signer of the certificate is called its issuer
–The entity talked about in the certificate is the
subject of the certificate
• Certificates in the real world
–Any type of license, government-issued ID’s,
membership cards, ...
–Binds an identity to certain rights, privileges, or
other identifiers

Public Key Infrastructure
• A Certificate Authority (CA) guarantees the
binding between a public key and another CA or
an “End Entity” (EE)
• CA Hierarchies

Who do you trust?
Windows: Start->Run->certmgr.msc

What is a Certificate?
Identity
Trusted
3rd-party
Identity bound
to public key

Public Key Infrastructure
• We trust a certificate if there is a valid chain of trust to a root
CA that we explicitly trust
• Web browsers also check DNS hostname == certificate
Common Name (CN)
• Chain Building & Validation

Certificate Validity
1. Date/Time
2. Revocation
• CRL
• OCSP

Certificate Formats
PEM / PKCS#7
– Contains a certificate in base64 encoding (open in a text editor)
DER
– Contains a certificate in binary encoding
PFX / PKCS#12
– Contains a certificate AND private key, protected by a password
PEM-PKCS#7:
-----BEGIN CERTIFICATE-----
MIID5TCCA2qgAwIBAgIKErZ83wAAAAAAEDAKBggqhkjOPQQDAzBLMRUwEwYKCZIm
iZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRqb24xMRwwGgYDVQQDExNq
b24xLUpPTi1TRVJWRVIyLUNBMB4XDTEzMDIwNjIyNDAzN1oXDTE0MDIwNjIyNDAz
N1owHDEaMBgGA1UEAxMRMDA6MEI6ODY6ODA6MEU6REQwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAATrgMEy+gw3PpVmKmOZPykpKMQmcPBB9B676cnyxPlzGkmAQRR0
EzyD2X5KLBECq8hzmRTaVOlY3OQk/XfI6fVvo4ICYzCCAl8wPQYJKwYBBAGCNxUH
BDAwLgYmKwYBBAGCNxUIhe7KRYPsiXqElZMYhqH9BYTl+0SBA4Sn/SPJgGMCAWQC
AQkwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOIMBsGCSsGAQQB
gjcVCgQOMAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFAvM3qRuBFR80o4raVwf5uYe
YUi5MB8GA1UdIwQYMBaAFOHxRRuokak66iwzfWV/CMvZ129sMIHUBgNVHR8Egcww
gckwgcaggcOggcCGgb1sZGFwOi8vL0NOPWpvbjEtSk9OLVNFUlZFUjItQ0EsQ049
Sk9OLVNFUlZFUjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO
PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9am9uMSxEQz1sb2NhbD9jZXJ0
aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJp
YnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0MIGxBggrBgEFBQcwAoaBpGxk
YXA6Ly8vQ049am9uMS1KT04tU0VSVkVSMi1DQSxDTj1BSUEsQ049UHVibGljJTIw
S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1q
b24xLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0
aWZpY2F0aW9uQXV0aG9yaXR5MAoGCCqGSM49BAMDA2kAMGYCMQDi+o5P1Tsdb24b
wH6JjHSJT1RPNyM1WUYQtPgInUBW0E7LsZtSoS50Jvp0MQ93ge0CMQC1qb/0gUEy
PSIw7GwjFz6MGI5dH42WsxKl9+dW2CptGdI/V9+LSCsgRaMjJt9Teh8=
-----END CERTIFICATE-----

Creating Certificates A-Z
1. Generate entropy
2. Use entropy to create random public/private keypair
(asymmetric crypto)
3. Attach identifying information to public key – send to CA
(Certificate Signing Request)
4. CA issues certificate in X.509 format
– Contains public key as supplied in CSR
– Contains hash of certificate contents
– Contains digital signature signed with CA’s private key (hash + asymmetric
crypto)
5. Retrieve certificate from CA – match up with private key. Ready
for use.

Generating Certificate Signing Request

Send CSR to your CA of choice

Certificate Authority Best Practices
Symantec/VeriSign Data Center

Public CA versus Private CA
• Windows Server includes a domain-aware CA – why not just use
it?
• Disadvantages:
– PKI is complex. Might be easier to let Verisign/Thawte/etc. do it for you.
– Nobody outside your Windows domain will trust your certificates
• Advantages:
– Less costly
– Better security possible. Low chances of someone outside organization getting a
certificate from your internal PKI

OCSP
• Can be used by the client (e.g. web browser) to verify server’s
certificate validity
– OCSP URL is read from server certificate’s AIA field
• Can be used by the server (e.g. mobility controller) to verify
client’s certificate validity
– OCSP URL is most often configured on the server to point to specific OCSP
responders
• OCSP transactions use HTTP for transport protocol
• Important: Nonce Extension required for replay prevention
– Some public CAs don’t like this…

For More Info
Buy this Book!

35#ATM15 |
Putting it all together: 802.1X

Authentication with 802.1X
• Authenticates users before
granting access to L2 media
• Makes use of EAP (Extensible
Authentication Protocol)
• 802.1X authentication happens at
L2 – users will be authenticated
before an IP address is assigned

Sample EAP Transaction
2-stage process
– Outer tunnel establishment
– Credential exchange happens inside encrypted tunnelClient
AuthenticationServer
Request Identity
Response Identity (anonymous) Response Identity
TLS Start
Certificate
Client Key exchange
Cert. verification
Request credentials
Response credentials
Success
EAPOL RADIUS
Authenticator
EAPOL Start

802.1X Packet Capture

802.1X Acronym Soup
PEAP (Protected EAP)
– Uses a digital certificate on the network side
– Password or certificate on the client side
EAP-TLS (EAP with Transport Level Security)
– Uses a certificate on network side
– Uses a certificate on client side
TTLS (Tunneled Transport Layer Security)
– Uses a certificate on the network side
– Password, token, or certificate on the client side
EAP-FAST
– Cisco proprietary
– Do not use – known security weaknesses

Configure Supplicant Properly
• Configure the Common Name of
your RADIUS server (matches CN
in server certificate)
• Configure trusted CAs (an in-
house CA is better than a public
CA)
• ALWAYS validate the server
certificate
• Do not allow users to add new
CAs or trust new servers
• Enforce with group policy

Isn’t MSCHAPv2 broken?
• Short answer: Yes – because of things like rainbow
tables, distributed cracking, fast GPUs, etc.
• This is why we use MSCHAPv2 inside a PEAP (TLS)
tunnel for Wi-Fi
– What happens if you don’t properly validate the server certificate?
– Look up FreeRADIUS-WPE
• Still using PPTP for VPN? Watch out…

WPA2 Key Management Summary
Step 1: Use RADIUS to push PMK from AS to AP
Step 2: Use PMK and 4-Way Handshake to
derive, bind, and verify PTK
Step 3: Use Group Key Handshake to send GTK
from AP to STA
Auth Server
AP/Controller

4-Way Handshake
EAPoL-Key(Reply Required, Unicast, ANonce)
Pick Random ANonce
EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)
EAPoL-Key(Reply Required, Install PTK,
Unicast, ANonce, MIC, AP SSN IE)
Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce |
SNonce | AP MAC Addr | STA MAC Addr)
Derive PTK
EAPoL-Key(Unicast, ANonce, MIC)
Install PTK Install PTK
PMK PMK

Summary
• Security is complex
• Once you understand it, people will envy you
• You can make Facebook posts to confuse your parents
• More importantly: Do it right so you don’t get hacked

Sign up, save $200!
arubanetworks.com/atmosphere2016
Give feedback!
… Before You Go
atmosphere
2016

Wi-Fi Security Fundamentals

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (7)

Similar to Wi-Fi Security Fundamentals

Similar to Wi-Fi Security Fundamentals (20)

More from Aruba, a Hewlett Packard Enterprise company

More from Aruba, a Hewlett Packard Enterprise company (20)

Recently uploaded

Recently uploaded (20)

Wi-Fi Security Fundamentals