1. No category

How to Secure your Wireless LAN
security concepts for modern enterprise infrastructures
Presented by Philipp Ebbecke @ WLPC_EU 2014
www.lancom.de
Secure your WLAN
Overview
Introduction
How to secure a modern enterprise class wireless network
Wireless LAN Infrastructure:
Wireless LAN Controller
Basic Security
802.1X
802.11r - Fast Transition
802.11w - Protected Management Frames
802.11u - HotSpot2.0 (R2)
Other aspects:
Monitor your network
Proper RF Design
Final Words
Page 2
Secure your WLAN
Introduction
■ Primary Connection Interface: Wi-Fi (Smartphones,
Tablets, IoT)
■ Signal does not „stay“ only in your building
■ Secure and easy installation/integration wanted
■ Sticking to the standard(s)
■ The chicken or the egg dilemma: Who implements
what first?
■ Legacy support
Page 3
Secure your WLAN
Introduction - Own Your Data (1)
Page 4
Source: http://www.zdnet.com/microsoft-ordered-to-hand-overoverseas-email-throwing-eu-privacy-rights-in-the-fire-7000032210/
Secure your WLAN
Introduction - Own Your Data (2)
Page 5
Source: http://www.reuters.com/article/2014/06/26/us-germanysecurity-verizon-idUSKBN0F11WJ20140626
Secure your WLAN
Introduction - Own Your Data (2)
Page 6
Source: http://www.digit.in/networking/2014-fifa-world-cups-wi-fipassword-revealed-accidentally-23101.html
Secure your WLAN
Overview
Introduction
How to secure a modern enterprise class wireless network
Wireless LAN Infrastructure:
Wireless LAN Controller
Basic Security
802.1X
802.11r - Fast Transition
802.11w - Protected Management Frames
802.11u - HotSpot2.0 (R2)
Other aspects:
Monitor your network
Proper RF Design
Final Words
Page 7
Secure your WLAN
WLC
■ Control and configure your APs via Wireless LAN
Controllers (WLCs)
■ Small enterprises can enable software options on their
routers
■ WLC required to distribute keys for 802.11r (FT) or
Opportunistic Key Caching (OKC)
■ Avoid cloud based WLCs if you want to truly own your
data
■ Avoid L3-Tunneling:
■ No stand-alone operation of APs possible
■ Data needs to travel through WLC
■ Expensive WLC due to hardware requirements
Page 8
Secure your WLAN
Overview
Introduction
How to secure a modern enterprise class wireless network
Wireless LAN Infrastructure:
Wireless LAN Controller
Basic Security
802.1X
802.11r - Fast Transition
802.11w - Protected Management Frames
802.11u - HotSpot2.0 (R2)
Other aspects:
Monitor your network
Proper RF Design
Final Words
Page 9
Secure your WLAN
RSN
■ Robust Security Network (RSN)
■ Self-evident: Don’t use PSK for enterprise
■ WPA2 only - WEP and WPA1 not secure and no (V)HT
support
■ WEP Cracking: http://goo.gl/0VmxFT
■ WPA1 Cracking: http://goo.gl/GEUuC
■ Isolate WEP and WPA1 SSIDs to their specific use
case (if necessary at all)
Page 10
Secure your WLAN
Overview
Introduction
How to secure a modern enterprise class wireless network
Wireless LAN Infrastructure:
Wireless LAN Controller
Basic Security
802.1X
802.11r - Fast Transition
802.11w - Protected Management Frames
802.11u - HotSpot2.0 (R2)
Other aspects:
Monitor your network
Proper RF Design
Final Words
Page 11
Secure your WLAN
802.1X
■
The one and only option for secure enterprise
networks
■
RADIUS Server required
■
Based on the Extensible Authentication Protocol
(EAP)
■
Native support in most client devices, watch out for
wireless printers(!)
Page 12
Secure your WLAN
802.1X
Page 13
Secure your WLAN
4-Way Handshake
■
Data transmission via transient keys derived from
master keys
■
2 Keys: Pairwise Master Key (PMK) and Groupwise
Master Key (GMK)
■
New, unique PMK for every (re-)authentication of a
client
■
PTK for Unicasts (individual for each client)
■
GMK is randomly created
■
GTK for Broad-/Multicasts (same for all clients)
■
PTK and GTK are stored on AP and Client
■
AP can store the PMK as well (PMK-Caching - No
Authentication, just 4-Way Handshake)
Page 14
Secure your WLAN
4-Way Handshake
PTK = PRF(PMK +
ANonce + SNonce
+ AA + SPA)
Source: https://en.wikipedia.org/wiki/
IEEE_802.11i-2004#The_Four-Way_Handshake
Page 15
Secure your WLAN
802.1X - EAP
■
In General: Username/Password, Certificate, SIM
■
Legacy Authentication Protocols:
PAP: clear text username/password
CHAP: clear text username, MD5-hashed
password
MS-CHAP: weak security, MS version of CHAP
MS-CHAPv2: stronger hashing, also vulnerable
■
Legacy methods still in use but inside SSL/TLS
Tunnel
Page 16
Secure your WLAN
802.1X - EAP
■
Weak EAP Methods:
EAP-MD5
EAP-LEAP
■
■
Username in clear text
Strong EAP Protocols
■
Use of outer identity (anonymous) for tunnel
establishment
■
inner, encrypted identity inside the tunnel
Page 17
Secure your WLAN
802.1X - EAP-PEAP/TTLS
EAP-PEAP
■
Popular and secure
■
Supplicant validates server certificate
■
EAP-PEAPv0 (EAP-MSCHAPv2): Username +
password, no client certificate support
■
EAP-PEAPv0 (EAP-TLS): requires client
certificate, no username
EAP-FAST: Secure if credentials are not autoprovisioned
EAP-TTLS: EAP and non-EAP methods for inner
identity, client certificate optional
Page 18
Secure your WLAN
802.1X - EAP-TLS
EAP-TLS
■
One of the most secure EAP methods
■
Requires client-side certificates (mutual
authentication)
■
No username/password authentication
■
Secure and high-availability certificate store is a
must
■
Checks against:
– Subject Alternative Name (SAN)
– Subject Common Name (CN)
– Binary - check against user object from LDAP/
AD
Page 19
Secure your WLAN
802.1X - EAP-SIM/AKA
■
EAP Methods for mobile phones
■
Important for 802.11u
EAP-SIM
– based on 2G GSM authentication
– short key length
– no mutual authentication
EAP-AKA
– designed for 3G networks
– AKA runs inside SIM module
– longer keys
– mutual authentication included
Page 20
Secure your WLAN
Overview
Introduction
How to secure a modern enterprise class wireless network
Wireless LAN Infrastructure:
Wireless LAN Controller
Basic Security
802.1X
802.11r - Fast Transition
802.11w - Protected Management Frames
802.11u - HotSpot2.0 (R2)
Other aspects:
Monitor your network
Proper RF Design
Final Words
Page 21
Secure your WLAN
802.11r
■
Fast BSS Transition (FT) alias Roaming
■
802.11i: Full Authentication via RADIUS on every
handoff
■
.11r: „PMK Caching“ at multiple APs
■
Reduced # of Frames:
■
■
Number EAP Authentication Frames depends on
EAP Protocol
■
4-Way Handshake
■
QoS Admission Control
Over the Air or Distribution System (Wired)
Page 22
Secure your WLAN
802.11r - Over the Air
Page 23
Secure your WLAN
802.11r vs. OKC
Page 24
Secure your WLAN
802.11r - Over the DS
Page 25
Secure your WLAN
802.11r vs. OKC
■
Opportunistic Key Caching (OKC):
■
Clients sends PMKID within (Re-)Association
Request
■
If AP recognizes PMKID, EAP Authentication is
skipped and 4-Way Handshake is started
■
QoS Admission Control not integrated
■
not standardized
Page 26
Secure your WLAN
802.11r - Reassociation Request
Page 27
Secure your WLAN
802.11r - Reassociation Request
New AKM Suite
FT works with .1X and PSK
PMKID added to RSN IE
Page 28
Secure your WLAN
802.11r - Reassociation Request
Page 29
Secure your WLAN
802.11r - Reassociation Request
FT only in same
Mobility Domain
A/SNonce
included
Page 30
Who owns the original PMK?
Secure your WLAN
802.11r - Reassociation Response
Page 31
Secure your WLAN
802.11r - Reassociation Response
Groupwise Transient Key in Reassociation Response
Page 32
Secure your WLAN
802.11r (Measurements)
Full Authentication (EAP-PEAP)
Page 33
Without .11r: ~298 ms (EAP-PEAP)
Secure your WLAN
802.11r (Measurements)
Fast Transition
With .11r: ~20 ms
Over the Air [ms]
300
DUT: iPad 3 with iOS 8.0.2
RF Band: 5 GHz
298
225
-93 %
150
75
0
20
without .11r
Mike Albano
802.11r-Over-the-Air: 16 ms
802.11r-Over-the-DS: 71 ms
with .11r
Reference: http://www.mikealbano.com/2014/06/80211r-80211k-fastbss-transition.html
Page 34
Secure your WLAN
802.11r - APs & Clients
■
Enterprise APs:
■
Feature is offered by Aerohive, Aruba, Cisco,
LANCOM, Motorola, Ruckus, […]
!
■
Clients:
■
Apple: iOS 6 devices (iPad 3, iPhone 4s and
newer)
■
Android: Samsung Galaxy Note 3, Sony Xperia
Z2 and Z3
■
BlackBerry Bold 9000
!
■
WFA Search for cert. devices: http://goo.gl/Z00Pso
Page 35
Secure your WLAN
802.11r - Conclusion
+ High level of security + fast connection phase
possible
+ Great amount of AP support
-
Lack of decent client support
-
VOIP WLAN Phones as latency sensitive should
adopt this quickly
-
WFA Certification „Voice Enterprise“ did not leverage
this feature
Page 36
Secure your WLAN
Overview
Introduction
How to secure a modern enterprise class wireless network
Wireless LAN Infrastructure:
Wireless LAN Controller
Basic Security
802.1X
802.11r - Fast Transition
802.11w - Protected Management Frames
802.11u - HotSpot2.0 (R2)
Other aspects:
Monitor your network
Proper RF Design
Final Words
Page 37
Secure your WLAN
802.11w
■
Protected Management Frames (PMF)
■
WFA: Required for .11n and .11ac certification since
July 1st 2014 - WPA2 only
■
Prohibits „Spoofed Disconnects“ Attacks Deauthenticate/Disassociate or via Channel Switch
Announcements
■
Prevents forged (Re)Associations
■
WPA1/2 required, no WEP support
Page 38
Secure your WLAN
802.11w - Disassociate Frame (unprotected)
Page 39
No reason code required
Secure your WLAN
802.11w
■
Protected Management Frames are:
■
Disassociate
■
Deauthenticate
■
Action Frames: Block ACK, QoS, FT, Radio
Measurement, Spectrum Management
!
■
Unprotected frames:
■
Beacons, Probes, Authentication, Association
■
Announcement Traffic Indication Message
■
Vendor-specific-class Action Frames
Page 40
Secure your WLAN
802.11w - Unicasts
■
Unicast Management Frames:
■
Extend AES-CCM to handle unicast management
frames
■
Protect the previously unencrypted frame header
via additional authentication data (AAD)
■
Uses same PTK as for data frames
■
Separate Receive Sequence Counter (RSC) for
replay protection
Page 41
Secure your WLAN
802.11w - Broad-/Multicasts
■
Broad-/Multicast Management Frames:
■
New Algorithm: Broadcast Integrity Protocol (BIP)
■
New Information Element: Management MIC IE:
Sequence Number + Cryptographic Hash
(AES128-CMAC based)
■
BIP uses Integrity Group Temporal Key (IGTK)
received during WPA key handshake
Page 42
Secure your WLAN
802.11w - Connection option
AP Setting
Client Setting
Outcome
No PMF
No PMF
No PMF
PMF Optional Connection without PMF
No PMF
PMF Required No Connection
PMF Optional No PMF
Secure?
Connection without PMF
Connection without PMF
PMF Optional PMF Optional Connection with PMF
PMF Optional PMF Required Connection with PMF
PMF Required No PMF
No Connection
PMF Required PMF Optional Connection with PMF
PMF Required PMF Required Connection with PMF
Page 43
Secure your WLAN
802.11w - RSN without .11w
Check the AKM on the next slides
2 Flags:
Required = Mandatory
Capable = Optional
Page 44
Secure your WLAN
802.11w - .11w optional
Support for SHA1 and SHA256
PMF Optional
Page 45
Secure your WLAN
802.11w - .11w required
Support only for SHA256
PMF Mandatory
New Cipher Suite for
Broad-/Multicasts
Page 46
Secure your WLAN
802.11w - Disassociate (protected)
Protected bit set
Mgmt. Frame
Sequence Counter
Page 47
Secure your WLAN
802.11w - SA-Query
■
Source Address Query (SA-Query) Procedure
■
Protects against forged (de)authentication and
(dis)association frames and solves „association
lockout“ problem
■
AP Scenario 1 (No Attack):
■
Client discards all keys (due to a restart) and
sends an unprotected association request for a
reconnection
■
AP still has a valid association from the client
including his key material
Page 48
Secure your WLAN
802.11w - AP Scenario 1
Page 49
Secure your WLAN
802.11w - AP Scenario 2
■
AP Scenario 2 (Attack):
■
Attacker sends an unprotected association
request for a forged reconnection
■
AP still has a valid association from the client
including his key material
■
AP rejects the association requests with a special
status code (association rejected temporarily)
and an association comeback interval
Page 50
Secure your WLAN
802.11w - AP Scenario 2
Page 51
Secure your WLAN
802.11w - Client Scenario 1
Page 52
Secure your WLAN
802.11w - Client Scenario 2
Page 53
Secure your WLAN
802.11w
Reason code for this scenario: 6
Page 54
Secure your WLAN
802.11w - APs & Clients
■
Enterprise APs:
■
Feature is offered by Aerohive, AirTight, Aruba,
Cisco, LANCOM, Motorola, Ruckus, Xirrus, […]
!
■
Clients:
■
Support since Windows 8
■
Intel 7260, Qualcomm Adapters since AR5BXB92
■
Samsung Galaxy S5
■
Playstation 4
!
Page 55
■
WFA search for cert. devices: http://goo.gl/3Gk5lG
Secure your WLAN
802.11w - Conclusion and Outlook
+ Feature is now required for WFA 11n, 11ac and
Passpoint
+ Prevents (Dis-)Connect Attacks
+ Finally(!): Adds security to management frames
-
Today: Don’t make PMF required on main SSID (due
to lack of client support)
!
■
Remaining easy disturbances of connections:
■
CTS control frames with long reservation times
■
RF jamming
Page 56
Secure your WLAN
Overview
Introduction
How to secure a modern enterprise class wireless network
Wireless LAN Infrastructure:
Wireless LAN Controller
Basic Security
802.1X
802.11r - Fast Transition
802.11w - Protected Management Frames
802.11u - HotSpot2.0 (R2)
Other aspects:
Monitor your network
Proper RF Design
Final Words
Page 57
Secure your WLAN
802.11u - Guest Network
■
■
Today:
■
Companies usually offer guest access via
Captive Portal
■
Open Network for guest devices
■
No enterprise network for guest devices
Near Future:
■
Companies offer guest access via HS2.0 (R2
starting now)
■
Authentication via NAI realm or mobile operator
■
R2: Open or Server-side encryption for device
provisioning
■
Keep guest devices out of enterprise network but
on an encrypted network
Page 58
Secure your WLAN
802.11u - Advertisement Server
■ Authentication via:
■ Internal NAI Server
■ External NAI Server
■ External Advertisement Server from Mobile
Operator
■ Device has no IP yet => L2 based
Page 59
Secure your WLAN
802.11u
■
Interworking alias HotSpot 2.0
■
Client authenticates via his mobile operator or NAI
Realm (e.g. [email protected])
■
Differentiate between guest and employee device
■
Choose SSID according to given user details
■
More details on HS2.0 R2 in Dave Wright’s
presentation at WLPC 2014: http://goo.gl/zIqpMR
■
Release 1 Problem: Someone has to pre-configure
devices
Page 60
Secure your WLAN
802.11u - Provisioning R1
Apple Configurator
Page 61
Secure your WLAN
802.11u - Flow Diagram
Page 62
See slide 10 for the EAP Flow
Secure your WLAN
802.11u - APs & Clients
■
Enterprise APs:
■
Feature is offered by Aruba, Cisco, Ericsson,
LANCOM, Ruckus, […]
!
■
Clients:
■
Apple iOS Devices since iOS7
■
Android on HTC, LG, Samsung, Sony high end
smartphones
!
■
WFA search for cert. R1 devices: http://goo.gl/rghHlt
■
WFA search for cert. R2 devices: http://goo.gl/0udr31
Page 63
Secure your WLAN
802.11u - Conclusion and Outlook
+ Release 1 is widely adopted already
+ Authentication via internal and/or external
authentication server(s)
+ Encrypted guest network
+ Great solution for BYOD
-
Today: Lack of Release 2 support by enterprise and
client device vendors
Page 64
Secure your WLAN
Overview
Introduction
How to secure a modern enterprise class wireless network
Wireless LAN Infrastructure:
Wireless LAN Controller
Basic Security
802.1X
802.11r - Fast Transition
802.11w - Protected Management Frames
802.11u - HotSpot2.0 (R2)
Other aspects:
Monitor your network
Proper RF Design
Final Words
Page 65
Secure your WLAN
Monitor your network
■ Overview of your current network status
■ History of status, events, logs and graphs
■ Requires deep understanding and knowledge
especially for troubleshooting
■ Should include wired and wireless network
■ Integration of multiple vendors
■ Sensors for RF spectrum, Rogue AP detection
■ Alarms/Notifications - but don’t flood your IT crew
Page 66
Secure your WLAN
Overview
Introduction
How to secure a modern enterprise class wireless network
Wireless LAN Infrastructure:
Wireless LAN Controller
Basic Security
802.1X
802.11r - Fast Transition
802.11w - Protected Management Frames
802.11u - HotSpot2.0 (R2)
Other aspects:
Monitor your network
Proper RF Design
Final Words
Page 67
Secure your WLAN
Proper RF Design
■ Signal does not stop at building walls
■ Consider fabric of a building
■ Directional antennas
■ Drop/Ignore clients below certain SNR
■ Not easy to deploy - proper design and verification
required
■ Survey around your site
Page 68
Secure your WLAN
Overview
Introduction
How to secure a modern enterprise class wireless network
Wireless LAN Infrastructure:
Wireless LAN Controller
Basic Security
802.1X
802.11r - Fast Transition
802.11w - Protected Management Frames
802.11u - HotSpot2.0 (R2)
Other aspects:
Monitor your network
Proper RF Design
Final Words
Page 69
Secure your WLAN
Final Words
■ Enterprise security should be based on strong EAP
methods
■ „Make it as hard as possible to break your security“
■ Lack of client support of some optional features - no
one size fits all solution
■ Troubleshooting requires great(er) knowledge
!
■ Secure WLAN will play a greater role in the future
(http://www.cwnp.com/covers/2014-09-SAE-atCWNP.PDF)
■ HotSpot 2.0 (Release 2) can make a difference
Page 70
Thank you for your attention!
Further information…
More information about our products, solutions and services at:
www.lancom.eu
Presenter: Philipp Ebbecke (@MTroi84,
[email protected])
QA Engineer for WLAN
LANCOM Systems GmbH
Adenauerstraße 20/B2
52146 Wuerselen
Germany
[email protected]
Page 71