WLAN Security (EAP, PEAP & LEAP) - Fhi · • IEEE defined RSN (Robust Secure Network) as CCMP +...

WLAN Security(EAP, PEAP & LEAP)

[email protected]

[email protected]

Version 1.3 (15092010)

• Platforms to network, access and manage anything over the Internet

• Networking solutions for 20 years (Founded 1989)

• Sales, support and manufacturing in Asia, Europe, United States

• Market and technology leader in device servers, console servers, and embedded Ethernet solutions

About Lantronix (LTRX)

2Lantronix, Inc. Confidential & Proprietary

and embedded Ethernet solutions

• Network-enabled over 2,000,000 devices

• 20,000+ customers worldwide

• www.lantronix.comLantronix Headquarters, Irvine California

WLAN Security

• After this presentation you will know the differences between

• WEP

• IEEE 802.11i

• TKIP, CCMP

• PSK, 802.1X

• EAP, LEAP, PEAP, EAP-TLS, EAP-TTLS, EAP-FAST


• EAP, LEAP, PEAP, EAP-TLS, EAP-TTLS, EAP-FAST

• WPA(-1), WPA-2

• WPA Personal, WPA Enterprise

• RSN, TSN

WEP

• Originally defined as security suite for WLAN (802.11)

• A Pre Shared Key is used for encryption and authentication

• All STAs are sharing the same PSK

• WEP is using

• Short keys (40 bit or 104 bit)

• RC4 stream cipher


• RC4 stream cipher

• CRC for integrity

• WEP has a couple of problems

• is insecure, can be cracked with

- a passive attack within a day

- an active attack within minutes

• CRC can detect bit errors, but is no integrity measurement

802.11i

• THE official standard for WLAN security

• 802.11i was released 2004 and it is now incorporated into the 802.11-2007

• It improves the security by

• Temporary Key Integrity Protocol (TKIP)

- TKIP is a short-term solution for fixing WEP weaknesses.

- Allows using of old AP hardware


• Counter Mode with CBC-MAC Protocol (CCMP)

- Using AES-128 for encryption

• Athentication done through Pre Shared Keys (PSK) or 802.1X

• Adds key management (2 layer hirarchy & seperate keys for unicast & broadcast)

• Using Michael MIC for integrity (Michael MIC is a hash)

TKIP

• Introduced as stop gap measurement for WEP insecuritites

• Goal was a „software patch“ for exisisting AP hardware

• Major features are

• Still based on RC4 stream cipher (no new access point hardware)

• 128 bit key & 48 bit IV (Initialization Vector)

• Keys are no longer valid per session. They are generated per frame


• Keys are no longer valid per session. They are generated per frame through Temporal Key Integrity Protocol (TKIP)

• Michael MIC is used for message integrity

• Not recommended for future use

CCMP

• Combines encryption and data integrity

• Based on 128 bit AES encryption with 128bit block length

• State of the art encryption, no exploids known


TSN, WPA(-1) , RSN, WPA-2

• IEEE took too long with 802.11i � WiFi created WPA

• WPA is a marketing standard based on 802.11i Draft 3

• WPA is basically TKIP + 802.1X

• It is also called TSN (Transition Security Network)

• IEEE released the 802.11i standard in 2004

• IEEE defined RSN (Robust Secure Network) as CCMP + 802.1X


• IEEE defined RSN (Robust Secure Network) as CCMP + 802.1X

• For IEEE TKIP + 802.1X is optional and should be used for migration only

• RSN may also be called WPA-2

• Basically

• TSN = WPA(-1) = TKIP + 802.1X

• RSN = WPA-2 = CCMP + 802.1X

802.1X

• Authentication only

• Doesn’t define any cipher (CCMP and TKIP is defined in 802.11i)

• Uses EAP as authentication framework

• Result of the authentication is the Pairwise Master Key (PMK)


Personal vs Enterprise

• 802.11i comes in 2 flavours

• Personal or PSK (Pre Shared Keys)

• The PSK can be either- Pairwise Master Key (PMK)- Password / Passphrase (PMK is generated from it)

• Authentication through PSK, both sides need the same keys

• Each STA and AP can have a different PSK


• Each STA and AP can have a different PSK

• Enterprise

• Authentication by a server (e.g. Radius) and through the Extensible Authentication Protocol (EAP)

• Result of the authentication is the Pairwise Master Key (PMK)

• EAP is a framework and uses authentication protocols like LEAP, PEAP, EAP-TLS, EAP-TTLS...

EAP

• Extensible Authentication Protocol (RFC3748)

• EAP provides a framework only (Extensible)

• Authentication is done by methods

• Currently about 40 methods are defined, e.g. EAP-MD5, EAP-OTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, EAP-AKA

• EAP was designed with PPP in mind, it doesn’t require IP


• EAP was designed with PPP in mind, it doesn’t require IP

• EAPoL (EAP over LAN) is the encapsulation of EAP through an IP network

• Simple Request Response protocol

EAP

• 802.11i officially supports

• EAP-TLS

• EAP-TTLS/MSCHAPv2

• PEAPv0/EAP-MSCHAPv2

• PEAPv1/EAP-GTC (Generic Token Card)

• EAP-SIM (GSM Subscriber Identity Module)


• EAP-SIM (GSM Subscriber Identity Module)

• Two additional protocols are added with the introduction of 802.11n

• EAP-FAST

• EAP-AKA (UMTS Authentication and Key Agreement)

LEAP

• Lightweight Extensible Authentication Protocol

• Invented by Cisco in year 2000 before 802.11i was available

• Proprietary protocol, no official specification available

• Basically an enhanced version of EAP-MD5 with

• Dynamic key rotation

• Mutual authentication


• Mutual authentication

• Modified version of MS-CHAPV2 for authentication

LEAP Pro & Con

• Pro

• Invented by Cisco

• Still widely used

• Simple to deploy (user/password instead of certificates

• Con

• Can be easily attacked in a passive attack within minutes


• Can be easily attacked in a passive attack within minutes(ASLEAP from http://asleap.sourceforge.net )

• Cisco recommends

- long and complex passwords

- EAP protocols such as EAP-FAST, PEAP, or EAP-TLS.

EAP-TLS

• EAP-Transport Layer Security (RFC 5216, obsolete RFC2716)

• Through EAP a TLS session is build up.

• Authentication is done through TLS certificates

• Sever side certificate is needed and a certificate for each client

• PMK is derived from the TLS master secret

• Through a one way function


• Through a one way function

• The AS sends the PMK to the Authenticator (Access Point)

• The supplicant (STA) knows the TLS master secret and can calculate it

• Invented by Microsoft

EAP-TLS Pro & Con

• Pro

• TLS is a proven and safe protocol

• No exploit known

• Very good security through client certificates

• Con

• Requires client PKI (Public Key Infrastructure) certificate from an CA


• Requires client PKI (Public Key Infrastructure) certificate from an CA (Certification Authority) in every STA and the Radius

- Big administration overhead

- Appr. $60 per certificate per year for each STA and Radius

• Identity of client and server are transferred in clear

EAP-TTLS

• EAP-Tunneled Transport Layer Security

• v0 RFC 5281

• v1 expired IETF draft

• Protocol is 2 phased

• Build a secure TLS tunnel first

• Uses standard authentication mechanism through this TLS tunnel


• Uses standard authentication mechanism through this TLS tunnel

- PAP, CHAP, MS-CHAP, MS- CHAP-V2, EAP

• Sever side certificate is needed, but none on the client side

• PMK is derived from the TLS master secret

• Invented by Funk Software and Certicom

EAP-TTLS Pro & Con

• Pro

• Avoids creating a client side PKI certificate

• Username / password is sufficient

• Con

• Cisco, Microsoft and RSA have created with PEAP s similarly protocol

• Funk Software and Certicom are no major player in the market


• Funk Software and Certicom are no major player in the market

• Not integrated in Windows

PEAP

• Protected Extensible Authentication Protocol

• v0 expired IETF draft (draft-kamath-pppext-peapv0)

• v1/v2 expired IETF draft (draft-josefsson-pppext-eap-tls-eap)

• Similarly to EAP-TTLS


• Builds a secure TLS tunnel first


• Builds a secure TLS tunnel first

• Authentication through

- EAP-MS-CHAPV2, EAP-SIM, EAP-GTC and EAP-TLS

- EAP-MS-CHAPV2 is the dominant PEAP authentication method

• Sever side certificate is needed, but none on the client side

• Invented by Cisco Systems, Microsoft and RSA Security

PEAP Pro & Con

• Pro

• Avoids creating a client side PKI certificate

• Username / password is sufficient

• Con

• Cisco, Microsoft and RSA have a big market power but

- Microsoft supports


- Microsoft supports

• PEAPv0 with EAP-MS-CHAPv2 (WinXP SP1)

• PEAPv0 with EAP-TLS

- Cisco supports

• PEAPv0 with EAP-MS-CHAPv2 and EAP-SIM

• PEAPV1 with EAP-GTC and EAP-SIM

- Cisco is promoting EAP-FAST

EAP-FAST

• EAP - Flexible Authentication via Secure Tunneling (RFC4851)

• Designed by Cisco for replacing LEAP (As simple as LEAP and as secure as PEAP)


• Distribute Protected Access Credential (PAC) manually or automatically (optional)


• Create a TLS tunnel with the PAC

• Authenticate through EAP-GTC, EAP-MSCHAPv2, EAP-TLS

EAP-FAST Pro & Con

• Pro

• Avoids certificates on the client side

• Cisco supports it

• Con

• You can have either simply deployment or secure, but not both

- It is difficult making an automatic PAC deployment secure


- It is difficult making an automatic PAC deployment secure

- A manual PAC deployment doesn‘t offer a big advantage

• Not build into Windows, additional moduel is needed

PremierWave EN

• WLAN 802.11abgn (single stream)

• 10/100 Mb Ethernet (RJ45 and magnetics external)

• High Speed SPI, I2C, USB, Serial RS232, 920kbps

• 9 GPIO pins + dedicated pins for RTS/CTS

• WEP, WPA1, WPA2 Personal

• WPA2 Enterprise (EAP, EAP-TLS, EAP-TTLS, EAP-FAST, LEAP, PEAP )


• WPA2 Enterprise (EAP, EAP-TLS, EAP-TTLS, EAP-FAST, LEAP, PEAP )

• ARM9, 64MB RAM, 64MB Flash

• Linux based (full Linux)

• FCC certified, EU precertified

• -40°C - +85°C

• Samples avail Oct 2010

Summary

• WPA-2 Personal

• In a small installation WPA-2 Personal is sufficient

• Just configure the PSK and here you go

• WPA-2 Enterprise

• For large installations a PSK can only be change with a lot of effort

• Individual credentials are much easier to handle


• Individual credentials are much easier to handle

• Deploying EAP is more complex

• Authentication server (e.g. Radius, LDAP) is needed

WLAN Security (EAP, PEAP & LEAP) - Fhi · • IEEE defined RSN (Robust Secure Network) as CCMP +...

Documents

Transcript of WLAN Security (EAP, PEAP & LEAP) - Fhi · • IEEE defined RSN (Robust Secure Network) as CCMP +...