802.1x what it is, how its broken, and how to fix it. bruce potter the shmoo group [email protected]
TRANSCRIPT
![Page 2: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/2.jpg)
![Page 3: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/3.jpg)
Why Wireless?
• No cable plant– Lower cost (initially… TCO may be higher)– Rapid deployment
• Enhanced mobility
• Ad hoc relationships
• Many different requirements
![Page 4: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/4.jpg)
Why Not Wireless
• No physical security
• Low throughput
• Unregulated, noisy bands
![Page 5: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/5.jpg)
802.11, 802.11b, etc.• IEEE standard – based on well known Ethernet standards• 802.11 – FHSS or DSSS, WEP, 2.4 GHz, Infrastructure
(BSS) or Ad-Hoc (iBSS)– Limited to 2Mb/s due to FCC limits on dwell times per frequency
hop
• 802.11b – DSSS only, WEP, 2.4 GHz, Infrastructure or Ad-Hoc– Up to 11Mb/s– Also known as Wi-Fi
• 802.11a and 802.11g
![Page 6: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/6.jpg)
An Association
• Associations are a basic part of 802.11• Client Requests authentication• AP responds with auth type (Open/WEP)• Authentication is performed• If successful, then Association is requested
and granted• SSID is sent in the clear, so not advertising
SSID is NOT a valid security mechanism
![Page 7: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/7.jpg)
General Principles• Deal with the basics
– Integrity• Protecting your packets from modification by other parties
– Confidentiality• Keeping eavesdroppers within range from gaining useful
information• Keeping unauthorized users off the network
– Free Internet!– Risks to both internal and external network
– Availability• Low level DoS is hard to prevent
• Like any other environment, there are no silver bullets
![Page 8: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/8.jpg)
Current Security Practices
• WEP –Wired Equivalent Privacy– Link Level– Very Broken
• Firewalls/MAC Filtering
• Reactionary – IDS/Active Portal
• Higher level protocols
![Page 9: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/9.jpg)
WEP In a Nutshell
• 40 bits of security == 64 bits of marketing spam. • 104 bits of security == 128 bits of marketing spam
![Page 10: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/10.jpg)
Thoughts on WEP
• Key management beyond a handful of people is impossible– Too much trust– Difficult administration– Key lifetime can get very short in an enterprise
• No authentication for management frames• No per packet auth• False Advertising!!!
![Page 11: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/11.jpg)
What is Lacking?
• Scalability– Many clients– Large networks
• Protection for all parties
• Eliminate invalid trust assumptions
![Page 12: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/12.jpg)
802.1x
• Port based authentication for all IEEE 802 networks (layer 2 authentication)
• Originally for Campus networks
• Extended for wireless
• Allows for unified AAA services
• Provides means for key transport
![Page 13: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/13.jpg)
![Page 14: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/14.jpg)
Pre-Authentication State
![Page 15: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/15.jpg)
Post-Authentication State
![Page 16: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/16.jpg)
EAP
• Extensible Authentication Protocol• Originally designed for PPP
– Shoehorned into 802.1x• Switch/Access point is a pass through for EAP
traffic. New authentication mechanisms do not require infrastructure upgrades
• LEAP – Cisco’s Lightweight EAP– Password based and (relatively) widely available
• De facto mechanism between AS and AServ is RADIUS
![Page 17: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/17.jpg)
![Page 18: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/18.jpg)
EAP Methods• EAP-TLS: Uses certs! If implemented
properly, solves many problems• TTLS – Tunneled TLS. Allows encapsulation of
other auth mechanisms.– “machine” auth’d by TLS, person by the tunneled
protocol• PEAP – IETF Draft
– Like TTLS but with another EAP method encapsulated• TLS/TTLS and others require certs
– We all have a PKI setup, right? and use it properly and regularly?
![Page 19: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/19.jpg)
What’s Right
• Protection of the infrastructure
• Authentication mechanism can – change as needed– address flaws in existing wireless security
• Lightweight– No encapsulation, no per packet overhead…
simply periodic authentication transactions
![Page 20: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/20.jpg)
What’s Right
• In controlled environment, risks can be mitigated by higher level protocols– VPN/SSL/SSH
• NOTE: exchange of WEP key material is not part of 802.1x specification– Remember: designed for wired campus
networks
![Page 21: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/21.jpg)
What’s Right
• Association happens BEFORE 802.1x transaction.– Good: If 802.1x session is protected by default
WEP key then the attacker must first compromise the WEP key to make use of 802.1x vulns
– Bad: Key management anyone? Just how does the default key get there?
![Page 22: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/22.jpg)
What’s Wrong
• www.missl.cs.umd.edu/wireless/1x.pdf– First Open source supplicant– First holes in 802.1x
• One way authentication– Less of a concern in LAN environment
• Traffic Interception• Session Highjacking
![Page 23: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/23.jpg)
What’s Wrong – Technical• One way Authentication
– Gateway authenticates the client
– Client has no explicit means to authenticate the Gateway
– Rouge gateways put client at risk• Remember – the loudest access point wins
• Still no Authentication of management frames (assoc/deassoc/beacons/etc…)
![Page 24: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/24.jpg)
What’s Wrong - Technical
• MITM– Send “Authentication Successful” to client– Client associates with malicious AP
• Hijacking– Send deassociation message to client… AP is in
the dark– Change MAC to client and have live
connection
![Page 25: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/25.jpg)
What’s Wrong – Technical• RADIUS uses shared secret with the Authenticator
– Same issue as WEP, but on a more reasonable scale
• Authentication after association presents roaming problems– Authentication takes a non-trivial amount of time… can
disrupt data in transit
• Failure of RADIUS server == failure of network– Many AP implementations don’t allow multiple
RADIUS servers
– Most RADIUS server failover is non-transparent
![Page 26: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/26.jpg)
What’s Wrong – touchy feely
• They forgot about the client (trust assumptions)– Everyone is ask risk– Everyone is a threat– Lack of physical security requires encrypted channel to
secure 802.1x
• Wired “port” is not the same as wireless “port”• Protocol designed to not require hardware
replacement– Leads to less than stellar solution, esp WRT
authentication of management frames.
![Page 27: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/27.jpg)
What’s Wrong – touchy feely
• Extensibility leads to complexity– Complexity leads to mistakes in
implementation– Read the MS Guide on create EAP methods as
an example.
• Multivendor support is difficult
• Using a shoehorn to force protocols to work together leads to problems
![Page 28: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/28.jpg)
Why Did it Go Wrong?
• 802.1x – Designed for Campus networks
• EAP – Designed for PPP
• NEITHER designed with wireless threat model in mind
• Lesson: Don’t apply old protocols to new problems without understanding the risk.
![Page 29: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/29.jpg)
Where Are We Today?
• Several 802.1x implementations available– Windows XP (not PocketPC 2002)– Open1x.org
• EAP implementations– Windows IAS– FreeRADIUS – MD5 and TLS– Cisco– Other RADIUS servers
![Page 30: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/30.jpg)
Where Are We Today?
• 802.1x capable Access Points– Cisco– Lucent
• RG1000/RG1100 can be hacked with AP500 firmware to become 1x capable
• Some drawbacks
– OS authenticator from open1x.org– others
![Page 31: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/31.jpg)
What’s Next
• Integration of existing solutions to “raise the bar”
• Limited 802.1x implementations
• 802.11i (Task Group I – Security)– On track… the right track– Mutual auth, per packet auth– 802.1x a part of
![Page 32: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/32.jpg)
What’s Next• WEP has the right idea• End to End Solutions ala SSL, SSH, IPSec
– Not likely
![Page 33: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/33.jpg)
Temporal Key Integrity Protocol
• Fast Packet Keying• Packet MAC• Dynamic Rekeying• Key distribution via 802.1x
• 3Q product deployment• Still RC4 based to be backward compatible• AES with 802.1x keying in the distant future
![Page 34: 802.1x What it is, How its broken, and How to fix it. Bruce Potter The Shmoo Group gdead@shmoo.com](https://reader033.vdocuments.net/reader033/viewer/2022061305/55141800550346dd488b53fe/html5/thumbnails/34.jpg)
Questions
http://www.shmoo.com/1x/