WLAN Security (EAP, PEAP & LEAP) - Fhi · • IEEE defined RSN (Robust Secure Network) as CCMP +...
Transcript of WLAN Security (EAP, PEAP & LEAP) - Fhi · • IEEE defined RSN (Robust Secure Network) as CCMP +...
• Platforms to network, access and manage anything over the Internet
• Networking solutions for 20 years (Founded 1989)
• Sales, support and manufacturing in Asia, Europe, United States
• Market and technology leader in device servers, console servers, and embedded Ethernet solutions
About Lantronix (LTRX)
2Lantronix, Inc. Confidential & Proprietary
and embedded Ethernet solutions
• Network-enabled over 2,000,000 devices
• 20,000+ customers worldwide
• www.lantronix.comLantronix Headquarters, Irvine California
WLAN Security
• After this presentation you will know the differences between
• WEP
• IEEE 802.11i
• TKIP, CCMP
• PSK, 802.1X
• EAP, LEAP, PEAP, EAP-TLS, EAP-TTLS, EAP-FAST
3Lantronix, Inc. Confidential & Proprietary
• EAP, LEAP, PEAP, EAP-TLS, EAP-TTLS, EAP-FAST
• WPA(-1), WPA-2
• WPA Personal, WPA Enterprise
• RSN, TSN
WEP
• Originally defined as security suite for WLAN (802.11)
• A Pre Shared Key is used for encryption and authentication
• All STAs are sharing the same PSK
• WEP is using
• Short keys (40 bit or 104 bit)
• RC4 stream cipher
4Lantronix, Inc. Confidential & Proprietary
• RC4 stream cipher
• CRC for integrity
• WEP has a couple of problems
• is insecure, can be cracked with
- a passive attack within a day
- an active attack within minutes
• CRC can detect bit errors, but is no integrity measurement
802.11i
• THE official standard for WLAN security
• 802.11i was released 2004 and it is now incorporated into the 802.11-2007
• It improves the security by
• Temporary Key Integrity Protocol (TKIP)
- TKIP is a short-term solution for fixing WEP weaknesses.
- Allows using of old AP hardware
5Lantronix, Inc. Confidential & Proprietary
• Counter Mode with CBC-MAC Protocol (CCMP)
- Using AES-128 for encryption
• Athentication done through Pre Shared Keys (PSK) or 802.1X
• Adds key management (2 layer hirarchy & seperate keys for unicast & broadcast)
• Using Michael MIC for integrity (Michael MIC is a hash)
TKIP
• Introduced as stop gap measurement for WEP insecuritites
• Goal was a „software patch“ for exisisting AP hardware
• Major features are
• Still based on RC4 stream cipher (no new access point hardware)
• 128 bit key & 48 bit IV (Initialization Vector)
• Keys are no longer valid per session. They are generated per frame
6Lantronix, Inc. Confidential & Proprietary
• Keys are no longer valid per session. They are generated per frame through Temporal Key Integrity Protocol (TKIP)
• Michael MIC is used for message integrity
• Not recommended for future use
CCMP
• Combines encryption and data integrity
• Based on 128 bit AES encryption with 128bit block length
• State of the art encryption, no exploids known
7Lantronix, Inc. Confidential & Proprietary
TSN, WPA(-1) , RSN, WPA-2
• IEEE took too long with 802.11i � WiFi created WPA
• WPA is a marketing standard based on 802.11i Draft 3
• WPA is basically TKIP + 802.1X
• It is also called TSN (Transition Security Network)
• IEEE released the 802.11i standard in 2004
• IEEE defined RSN (Robust Secure Network) as CCMP + 802.1X
8Lantronix, Inc. Confidential & Proprietary
• IEEE defined RSN (Robust Secure Network) as CCMP + 802.1X
• For IEEE TKIP + 802.1X is optional and should be used for migration only
• RSN may also be called WPA-2
• Basically
• TSN = WPA(-1) = TKIP + 802.1X
• RSN = WPA-2 = CCMP + 802.1X
802.1X
• Authentication only
• Doesn’t define any cipher (CCMP and TKIP is defined in 802.11i)
• Uses EAP as authentication framework
• Result of the authentication is the Pairwise Master Key (PMK)
9Lantronix, Inc. Confidential & Proprietary
Personal vs Enterprise
• 802.11i comes in 2 flavours
• Personal or PSK (Pre Shared Keys)
• The PSK can be either- Pairwise Master Key (PMK)- Password / Passphrase (PMK is generated from it)
• Authentication through PSK, both sides need the same keys
• Each STA and AP can have a different PSK
10Lantronix, Inc. Confidential & Proprietary
• Each STA and AP can have a different PSK
• Enterprise
• Authentication by a server (e.g. Radius) and through the Extensible Authentication Protocol (EAP)
• Result of the authentication is the Pairwise Master Key (PMK)
• EAP is a framework and uses authentication protocols like LEAP, PEAP, EAP-TLS, EAP-TTLS...
EAP
• Extensible Authentication Protocol (RFC3748)
• EAP provides a framework only (Extensible)
• Authentication is done by methods
• Currently about 40 methods are defined, e.g. EAP-MD5, EAP-OTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, EAP-AKA
• EAP was designed with PPP in mind, it doesn’t require IP
11Lantronix, Inc. Confidential & Proprietary
• EAP was designed with PPP in mind, it doesn’t require IP
• EAPoL (EAP over LAN) is the encapsulation of EAP through an IP network
• Simple Request Response protocol
EAP
• 802.11i officially supports
• EAP-TLS
• EAP-TTLS/MSCHAPv2
• PEAPv0/EAP-MSCHAPv2
• PEAPv1/EAP-GTC (Generic Token Card)
• EAP-SIM (GSM Subscriber Identity Module)
12Lantronix, Inc. Confidential & Proprietary
• EAP-SIM (GSM Subscriber Identity Module)
• Two additional protocols are added with the introduction of 802.11n
• EAP-FAST
• EAP-AKA (UMTS Authentication and Key Agreement)
LEAP
• Lightweight Extensible Authentication Protocol
• Invented by Cisco in year 2000 before 802.11i was available
• Proprietary protocol, no official specification available
• Basically an enhanced version of EAP-MD5 with
• Dynamic key rotation
• Mutual authentication
13Lantronix, Inc. Confidential & Proprietary
• Mutual authentication
• Modified version of MS-CHAPV2 for authentication
LEAP Pro & Con
• Pro
• Invented by Cisco
• Still widely used
• Simple to deploy (user/password instead of certificates
• Con
• Can be easily attacked in a passive attack within minutes
14Lantronix, Inc. Confidential & Proprietary
• Can be easily attacked in a passive attack within minutes(ASLEAP from http://asleap.sourceforge.net )
• Cisco recommends
- long and complex passwords
- EAP protocols such as EAP-FAST, PEAP, or EAP-TLS.
EAP-TLS
• EAP-Transport Layer Security (RFC 5216, obsolete RFC2716)
• Through EAP a TLS session is build up.
• Authentication is done through TLS certificates
• Sever side certificate is needed and a certificate for each client
• PMK is derived from the TLS master secret
• Through a one way function
15Lantronix, Inc. Confidential & Proprietary
• Through a one way function
• The AS sends the PMK to the Authenticator (Access Point)
• The supplicant (STA) knows the TLS master secret and can calculate it
• Invented by Microsoft
EAP-TLS Pro & Con
• Pro
• TLS is a proven and safe protocol
• No exploit known
• Very good security through client certificates
• Con
• Requires client PKI (Public Key Infrastructure) certificate from an CA
16Lantronix, Inc. Confidential & Proprietary
• Requires client PKI (Public Key Infrastructure) certificate from an CA (Certification Authority) in every STA and the Radius
- Big administration overhead
- Appr. $60 per certificate per year for each STA and Radius
• Identity of client and server are transferred in clear
EAP-TTLS
• EAP-Tunneled Transport Layer Security
• v0 RFC 5281
• v1 expired IETF draft
• Protocol is 2 phased
• Build a secure TLS tunnel first
• Uses standard authentication mechanism through this TLS tunnel
17Lantronix, Inc. Confidential & Proprietary
• Uses standard authentication mechanism through this TLS tunnel
- PAP, CHAP, MS-CHAP, MS- CHAP-V2, EAP
• Sever side certificate is needed, but none on the client side
• PMK is derived from the TLS master secret
• Invented by Funk Software and Certicom
EAP-TTLS Pro & Con
• Pro
• Avoids creating a client side PKI certificate
• Username / password is sufficient
• Con
• Cisco, Microsoft and RSA have created with PEAP s similarly protocol
• Funk Software and Certicom are no major player in the market
18Lantronix, Inc. Confidential & Proprietary
• Funk Software and Certicom are no major player in the market
• Not integrated in Windows
PEAP
• Protected Extensible Authentication Protocol
• v0 expired IETF draft (draft-kamath-pppext-peapv0)
• v1/v2 expired IETF draft (draft-josefsson-pppext-eap-tls-eap)
• Similarly to EAP-TTLS
• Protocol is 2 phased
• Builds a secure TLS tunnel first
19Lantronix, Inc. Confidential & Proprietary
• Builds a secure TLS tunnel first
• Authentication through
- EAP-MS-CHAPV2, EAP-SIM, EAP-GTC and EAP-TLS
- EAP-MS-CHAPV2 is the dominant PEAP authentication method
• Sever side certificate is needed, but none on the client side
• Invented by Cisco Systems, Microsoft and RSA Security
PEAP Pro & Con
• Pro
• Avoids creating a client side PKI certificate
• Username / password is sufficient
• Con
• Cisco, Microsoft and RSA have a big market power but
- Microsoft supports
20Lantronix, Inc. Confidential & Proprietary
- Microsoft supports
• PEAPv0 with EAP-MS-CHAPv2 (WinXP SP1)
• PEAPv0 with EAP-TLS
- Cisco supports
• PEAPv0 with EAP-MS-CHAPv2 and EAP-SIM
• PEAPV1 with EAP-GTC and EAP-SIM
- Cisco is promoting EAP-FAST
EAP-FAST
• EAP - Flexible Authentication via Secure Tunneling (RFC4851)
• Designed by Cisco for replacing LEAP (As simple as LEAP and as secure as PEAP)
• Protocol is 3 phased
• Distribute Protected Access Credential (PAC) manually or automatically (optional)
21Lantronix, Inc. Confidential & Proprietary
• Create a TLS tunnel with the PAC
• Authenticate through EAP-GTC, EAP-MSCHAPv2, EAP-TLS
EAP-FAST Pro & Con
• Pro
• Avoids certificates on the client side
• Cisco supports it
• Con
• You can have either simply deployment or secure, but not both
- It is difficult making an automatic PAC deployment secure
22Lantronix, Inc. Confidential & Proprietary
- It is difficult making an automatic PAC deployment secure
- A manual PAC deployment doesn‘t offer a big advantage
• Not build into Windows, additional moduel is needed
PremierWave EN
• WLAN 802.11abgn (single stream)
• 10/100 Mb Ethernet (RJ45 and magnetics external)
• High Speed SPI, I2C, USB, Serial RS232, 920kbps
• 9 GPIO pins + dedicated pins for RTS/CTS
• WEP, WPA1, WPA2 Personal
• WPA2 Enterprise (EAP, EAP-TLS, EAP-TTLS, EAP-FAST, LEAP, PEAP )
23Lantronix, Inc. Confidential & Proprietary
• WPA2 Enterprise (EAP, EAP-TLS, EAP-TTLS, EAP-FAST, LEAP, PEAP )
• ARM9, 64MB RAM, 64MB Flash
• Linux based (full Linux)
• FCC certified, EU precertified
• -40°C - +85°C
• Samples avail Oct 2010
Summary
• WPA-2 Personal
• In a small installation WPA-2 Personal is sufficient
• Just configure the PSK and here you go
• WPA-2 Enterprise
• For large installations a PSK can only be change with a lot of effort
• Individual credentials are much easier to handle
24Lantronix, Inc. Confidential & Proprietary
• Individual credentials are much easier to handle
• Deploying EAP is more complex
• Authentication server (e.g. Radius, LDAP) is needed