802.1x what it is, how it’s broken, and how to fix it
Post on 07-Feb-2016
48 Views
Preview:
DESCRIPTION
TRANSCRIPT
802.1xWhat it is, How it’s broken, and
How to fix it.Bruce Potter
The Shmoo Group
gdead@shmoo.com
Why Wireless?
• No cable plant– Lower cost (initially… TCO may be higher)– Rapid deployment
• Enhanced mobility
• Ad hoc relationships
• Many different requirements
Why Not Wireless
• No physical security
• Low throughput
• Unregulated, noisy bands
802.11, 802.11b, etc.• IEEE standard – based on well known Ethernet standards• 802.11 – FHSS or DSSS, WEP, 2.4 GHz, Infrastructure
(BSS) or Ad-Hoc (iBSS)– Limited to 2Mb/s due to FCC limits on dwell times per frequency
hop
• 802.11b – DSSS only, WEP, 2.4 GHz, Infrastructure or Ad-Hoc– Up to 11Mb/s– Also known as Wi-Fi
• 802.11a and 802.11g
An Association
• Associations are a basic part of 802.11• Client Requests authentication• AP responds with auth type (Open/WEP)• Authentication is performed• If successful, then Association is requested
and granted• SSID is sent in the clear, so not advertising
SSID is NOT a valid security mechanism
General Principles• Deal with the basics
– Integrity• Protecting your packets from modification by other parties
– Confidentiality• Keeping eavesdroppers within range from gaining useful
information• Keeping unauthorized users off the network
– Free Internet!– Risks to both internal and external network
– Availability• Low level DoS is hard to prevent
• Like any other environment, there are no silver bullets
Current Security Practices
• WEP –Wired Equivalent Privacy– Link Level– Very Broken
• Firewalls/MAC Filtering
• Reactionary – IDS/Active Portal
• Higher level protocols
WEP In a Nutshell
• 40 bits of security == 64 bits of marketing spam. • 104 bits of security == 128 bits of marketing spam
Thoughts on WEP
• Key management beyond a handful of people is impossible– Too much trust– Difficult administration– Key lifetime can get very short in an enterprise
• No authentication for management frames• No per packet auth• False Advertising!!!
What is Lacking?
• Scalability– Many clients– Large networks
• Protection for all parties
• Eliminate invalid trust assumptions
802.1x
• Port based authentication for all IEEE 802 networks (layer 2 authentication)
• Originally for Campus networks
• Extended for wireless
• Allows for unified AAA services
• Provides means for key transport
Pre-Authentication State
Post-Authentication State
EAP
• Extensible Authentication Protocol• Originally designed for PPP
– Shoehorned into 802.1x• Switch/Access point is a pass through for EAP
traffic. New authentication mechanisms do not require infrastructure upgrades
• LEAP – Cisco’s Lightweight EAP– Password based and (relatively) widely available
• De facto mechanism between AS and AServ is RADIUS
EAP Methods• EAP-TLS: Uses certs! If implemented
properly, solves many problems• TTLS – Tunneled TLS. Allows encapsulation of
other auth mechanisms.– “machine” auth’d by TLS, person by the tunneled
protocol• PEAP – IETF Draft
– Like TTLS but with another EAP method encapsulated• TLS/TTLS and others require certs
– We all have a PKI setup, right? and use it properly and regularly?
What’s Right
• Protection of the infrastructure
• Authentication mechanism can – change as needed– address flaws in existing wireless security
• Lightweight– No encapsulation, no per packet overhead…
simply periodic authentication transactions
What’s Right
• In controlled environment, risks can be mitigated by higher level protocols– VPN/SSL/SSH
• NOTE: exchange of WEP key material is not part of 802.1x specification– Remember: designed for wired campus
networks
What’s Right
• Association happens BEFORE 802.1x transaction.– Good: If 802.1x session is protected by default
WEP key then the attacker must first compromise the WEP key to make use of 802.1x vulns
– Bad: Key management anyone? Just how does the default key get there?
What’s Wrong
• www.missl.cs.umd.edu/wireless/1x.pdf– First Open source supplicant– First holes in 802.1x
• One way authentication– Less of a concern in LAN environment
• Traffic Interception• Session Highjacking
What’s Wrong – Technical• One way Authentication
– Gateway authenticates the client
– Client has no explicit means to authenticate the Gateway
– Rouge gateways put client at risk• Remember – the loudest access point wins
• Still no Authentication of management frames (assoc/deassoc/beacons/etc…)
What’s Wrong - Technical
• MITM– Send “Authentication Successful” to client– Client associates with malicious AP
• Hijacking– Send deassociation message to client… AP is in
the dark– Change MAC to client and have live
connection
What’s Wrong – Technical• RADIUS uses shared secret with the Authenticator
– Same issue as WEP, but on a more reasonable scale
• Authentication after association presents roaming problems– Authentication takes a non-trivial amount of time… can
disrupt data in transit
• Failure of RADIUS server == failure of network– Many AP implementations don’t allow multiple
RADIUS servers
– Most RADIUS server failover is non-transparent
What’s Wrong – touchy feely
• They forgot about the client (trust assumptions)– Everyone is ask risk– Everyone is a threat– Lack of physical security requires encrypted channel to
secure 802.1x
• Wired “port” is not the same as wireless “port”• Protocol designed to not require hardware
replacement– Leads to less than stellar solution, esp WRT
authentication of management frames.
What’s Wrong – touchy feely
• Extensibility leads to complexity– Complexity leads to mistakes in
implementation– Read the MS Guide on create EAP methods as
an example.
• Multivendor support is difficult
• Using a shoehorn to force protocols to work together leads to problems
Why Did it Go Wrong?
• 802.1x – Designed for Campus networks
• EAP – Designed for PPP
• NEITHER designed with wireless threat model in mind
• Lesson: Don’t apply old protocols to new problems without understanding the risk.
Where Are We Today?
• Several 802.1x implementations available– Windows XP (not PocketPC 2002)– Open1x.org
• EAP implementations– Windows IAS– FreeRADIUS – MD5 and TLS– Cisco– Other RADIUS servers
Where Are We Today?
• 802.1x capable Access Points– Cisco– Lucent
• RG1000/RG1100 can be hacked with AP500 firmware to become 1x capable
• Some drawbacks
– OS authenticator from open1x.org– others
What’s Next
• Integration of existing solutions to “raise the bar”
• Limited 802.1x implementations
• 802.11i (Task Group I – Security)– On track… the right track– Mutual auth, per packet auth– 802.1x a part of
What’s Next• WEP has the right idea• End to End Solutions ala SSL, SSH, IPSec
– Not likely
Temporal Key Integrity Protocol
• Fast Packet Keying• Packet MAC• Dynamic Rekeying• Key distribution via 802.1x
• 3Q product deployment• Still RC4 based to be backward compatible• AES with 802.1x keying in the distant future
Questions
http://www.shmoo.com/1x/
top related