1. finance
2. bank
3. atms

WIRELESS LAN SECURITY FUNDAMENTALS
Jon Green
March 2015
#ATM15 |
Learning Goals
Authentication with 802.1X
But first: We need to understand PKI
And before that, we need a cryptography primer…
#ATM15 |
2
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Cryptography Primer
#ATM15 |
3
Why study cryptography?
• 
• 
• 
• 
#ATM15 |
Absolutely critical to wireless security
Heavily used during authentication process
Protects data in transit
Makes you more interesting at parties
4
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Meet Bob and Alice
Bob and Alice are traditionally used in examples of cryptography
#ATM15 |
5
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Symmetric Key Cryptography
#ATM15 |
6
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Symmetric Key Cryptography
•  Strength: –  Simple and very fast (order of 1000 to 10000 faster than asymmetric mechanisms) •  Challenges: –  Must agree on the key beforehand –  How to securely pass the key to the other party? •  Examples: AES, 3DES, DES, RC4 •  AES is the current “gold standard” for security #ATM15 |
7
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Symmetric Cipher “Modes”
#ATM15 |
8
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Public Key Cryptography (Asymmetric)
#ATM15 |
9
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Public Key Cryptography
•  Strength –  Solves problem of passing the key –  Allows establishment of trust context between parBes •  Challenges: –  Slow (MUCH slower than symmetric) –  Problem of trusBng public key (what if I’ve never met you?) •  Examples: RSA, DSA, ECDSA #ATM15 |
10
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Hybrid Cryptography
•  Randomly generate “session” key •  Encrypt data with “session” key (symmetric key cryptography) •  Encrypt “session” key with recipient’s public key (public key cryptography) #ATM15 |
11
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Hash Function
•  Properties
–  it is easy to compute the hash value for any given message
–  it is infeasible to find a message that has a given hash
–  it is infeasible to find two different messages with the same hash
–  it is infeasible to modify a message without changing its hash
•  Ensures message integrity
•  Also called message digests or fingerprints
•  Examples: MD5, SHA1, SHA2 (256/384/512)
#ATM15 |
12
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Digital Signature
•  Combines a hash with an asymmetric crypto algorithm
•  The sender’s private key is used in the digital signature operation
•  Digital signature calculation:
#ATM15 |
13
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Message Authentication
#ATM15 |
14
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
HMAC
#ATM15 |
15
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Message Integrity with CBC-MAC
•  Set IV=0
•  Run message through AES-CBC (or some other symmetric
cipher)
•  Discard everything except final block – this output is the MAC
#ATM15 |
16
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
CCMP (Counter with CBC-MAC)
CBC-MAC
AES in Counter
Mode
#ATM15 |
17
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Entropy
(Information-theoretic, not thermodynamic!)
•  When we create a random key, it must be unique and
unpredictable
•  We need good random numbers for this
•  What happens if it’s not unique or unpredictable?
#ATM15 |
18
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Summary: Security Building Blocks
Encryption provides
–  confidentiality, can provide authentication and integrity protection
Checksums/hash algorithms provide
–  integrity protection, can provide authentication
Digital signatures provide
Buy this Book!
–  authentication, integrity protection, and non-repudiation
For more info:
#ATM15 |
19
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
CerGficates, Trust & PKI
#ATM15 |
20
What is a Certificate?
•  Binds a public key to some identifying
information
– The signer of the certificate is called its issuer
– The entity talked about in the certificate is the
subject of the certificate
•  Certificates in the real world
– Any type of license, government-issued ID’s,
membership cards, ...
– Binds an identity to certain rights, privileges, or
other identifiers
#ATM15 |
21
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Public Key Infrastructure
•  A CerBficate Authority (CA) guarantees the binding between a public key and another CA or an “End EnBty” (EE) •  CA Hierarchies #ATM15 |
22
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Who do you trust?
Windows: Start->Run->certmgr.msc
#ATM15 |
23
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
What is a Certificate?
Identity
Trusted
3rd-party
Identity bound
to public key
#ATM15 |
24
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Public Key Infrastructure
•  We trust a cerGficate if there is a valid chain of trust to a root CA that we explicitly trust •  Web browsers also check DNS hostname == cerBficate Common Name (CN) •  Chain Building & ValidaGon #ATM15 |
25
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Certificate Validity
1. Date/Time
2. Revocation
•  CRL
•  OCSP
#ATM15 |
26
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Certificate Formats
PEM / PKCS#7
PEM-PKCS#7:
-----BEGIN CERTIFICATE----MIID5TCCA2qgAwIBAgIKErZ83wAAAAAAEDAKBggqhkjOPQQDAzBLMRUwEwYKCZIm
iZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRqb24xMRwwGgYDVQQDExNq
b24xLUpPTi1TRVJWRVIyLUNBMB4XDTEzMDIwNjIyNDAzN1oXDTE0MDIwNjIyNDAz
N1owHDEaMBgGA1UEAxMRMDA6MEI6ODY6ODA6MEU6REQwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAATrgMEy+gw3PpVmKmOZPykpKMQmcPBB9B676cnyxPlzGkmAQRR0
EzyD2X5KLBECq8hzmRTaVOlY3OQk/XfI6fVvo4ICYzCCAl8wPQYJKwYBBAGCNxUH
BDAwLgYmKwYBBAGCNxUIhe7KRYPsiXqElZMYhqH9BYTl+0SBA4Sn/SPJgGMCAWQC
AQkwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOIMBsGCSsGAQQB
gjcVCgQOMAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFAvM3qRuBFR80o4raVwf5uYe
YUi5MB8GA1UdIwQYMBaAFOHxRRuokak66iwzfWV/CMvZ129sMIHUBgNVHR8Egcww
gckwgcaggcOggcCGgb1sZGFwOi8vL0NOPWpvbjEtSk9OLVNFUlZFUjItQ0EsQ049
Sk9OLVNFUlZFUjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO
PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9am9uMSxEQz1sb2NhbD9jZXJ0
aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJp
YnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0MIGxBggrBgEFBQcwAoaBpGxk
YXA6Ly8vQ049am9uMS1KT04tU0VSVkVSMi1DQSxDTj1BSUEsQ049UHVibGljJTIw
S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1q
b24xLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0
aWZpY2F0aW9uQXV0aG9yaXR5MAoGCCqGSM49BAMDA2kAMGYCMQDi+o5P1Tsdb24b
wH6JjHSJT1RPNyM1WUYQtPgInUBW0E7LsZtSoS50Jvp0MQ93ge0CMQC1qb/0gUEy
PSIw7GwjFz6MGI5dH42WsxKl9+dW2CptGdI/V9+LSCsgRaMjJt9Teh8=
-----END CERTIFICATE-----
–  Contains a certificate in base64 encoding (open in a text editor)
DER
–  Contains a certificate in binary encoding
PFX / PKCS#12
–  Contains a certificate AND private key, protected by a password
#ATM15 |
27
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Creating Certificates A-Z
1.  Generate entropy
2.  Use entropy to create random public/private keypair (asymmetric
crypto)
3.  Attach identifying information to public key – send to CA
(Certificate Signing Request)
4.  CA issues certificate in X.509 format
– 
– 
– 
Contains public key as supplied in CSR
Contains hash of certificate contents
Contains digital signature signed with CA’s private key (hash + asymmetric
crypto)
5.  Retrieve certificate from CA – match up with private key. Ready
for use.
#ATM15 |
28
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Generating Certificate Signing Request
#ATM15 |
29
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Send CSR to your CA of choice
#ATM15 |
30
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Certificate Authority Best Practices
Symantec/VeriSign Data Center
#ATM15 |
31
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Public CA versus Private CA
•  Windows Server includes a domain-aware CA – why not just use
it?
•  Disadvantages:
–  PKI is complex. Might be easier to let Verisign/Thawte/etc. do it for you.
–  Nobody outside your Windows domain will trust your certificates
•  Advantages:
–  Less costly
–  Better security possible. Low chances of someone outside organization getting a
certificate from your internal PKI
#ATM15 |
32
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
OCSP
•  Can be used by the client (e.g. web browser) to verify server’s
certificate validity
–  OCSP URL is read from server certificate’s AIA field
•  Can be used by the server (e.g. mobility controller) to verify
client’s certificate validity
–  OCSP URL is most often configured on the server to point to specific OCSP
responders
•  OCSP transactions use HTTP for transport protocol
•  Important: Nonce Extension required for replay prevention
–  Some public CAs don’t like this…
#ATM15 |
33
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
For More Info
Buy this Book!
#ATM15 |
34
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Putting it all together: 802.1X
#ATM15 |
35
Authentication with 802.1X
•  Authenticates users before
granting access to L2 media
•  Makes use of EAP (Extensible
Authentication Protocol)
•  802.1X authentication happens at
L2 – users will be authenticated
before an IP address is assigned
#ATM15 |
36
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Sample EAP Transaction
2-stage process
–  Outer tunnel establishment
–  Credential exchange happens inside encrypted tunnel
EAPOL Start
Client
Client Key exchange
Cert. verification
Response Identity
Authenticator
Response Identity (anonymous)
TLS Start
Certificate
Request credentials
Response credentials
Authentication Server
Request Identity
Success
EAPOL
#ATM15 |
RADIUS
37
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
802.1X Packet Capture
#ATM15 |
38
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
802.1X Acronym Soup
PEAP (Protected EAP)
–  Uses a digital certificate on the network side
–  Password or certificate on the client side
EAP-TLS (EAP with Transport Level Security)
–  Uses a certificate on network side
–  Uses a certificate on client side
TTLS (Tunneled Transport Layer Security)
–  Uses a certificate on the network side
–  Password, token, or certificate on the client side
EAP-FAST
–  Cisco proprietary
–  Do not use – known security weaknesses
#ATM15 |
39
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
40
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Configure Supplicant Properly
•  Configure the Common Name of
your RADIUS server (matches CN
in server certificate)
•  Configure trusted CAs (an inhouse CA is better than a public
CA)
•  ALWAYS validate the server
certificate
•  Do not allow users to add new
CAs or trust new servers
•  Enforce with group policy
#ATM15 |
41
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Isn’t MSCHAPv2 broken?
•  Short answer: Yes – because of things like rainbow
tables, distributed cracking, fast GPUs, etc.
•  This is why we use MSCHAPv2 inside a PEAP (TLS)
tunnel for Wi-Fi
–  What happens if you don’t properly validate the server certificate?
–  Look up FreeRADIUS-WPE
•  Still using PPTP for VPN? Watch out…
#ATM15 |
42
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
WPA2 Key Management Summary
Auth Server
AP/Controller
Step 1: Use RADIUS to push PMK from AS to AP
Step 2: Use PMK and 4-Way Handshake to
derive, bind, and verify PTK
Step 3: Use Group Key Handshake to send GTK
from AP to STA
#ATM15 |
43
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
4-Way Handshake
PMK
PMK
Pick Random ANonce
EAPoL-Key(Reply Required, Unicast, ANonce)
Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce |
SNonce | AP MAC Addr | STA MAC Addr)
EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)
Derive PTK
EAPoL-Key(Reply Required, Install PTK,
Unicast, ANonce, MIC, AP SSN IE)
Install PTK
Install PTK
EAPoL-Key(Unicast, ANonce, MIC)
#ATM15 |
44
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
Summary
•  Security is complex
•  Once you understand it, people will envy you
•  You can make Facebook posts to confuse your parents
•  More importantly: Do it right so you don’t get hacked
#ATM15 |
45
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
… Before You Go
Sign up, save $200!
Give feedback!
atmosphere
2016
arubanetworks.com/atmosphere2016
#ATM15 |
46
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved