2 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Learning Goals
Authentication with 802.1X But first: We need to understand PKI And before that, we need a cryptography primer…
4 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Why study cryptography?
• Absolutely critical to wireless security • Heavily used during authentication process • Protects data in transit • Makes you more interesting at parties
5 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Meet Bob and Alice
Bob and Alice are traditionally used in examples of cryptography
6 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Symmetric Key Cryptography
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
7 #ATM15 |
Symmetric Key Cryptography
• Strength: – Simple and very fast (order of 1000 to 10000 faster than asymmetric mechanisms)
• Challenges: – Must agree on the key beforehand – How to securely pass the key to the other party?
• Examples: AES, 3DES, DES, RC4 • AES is the current “gold standard” for security
8 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Symmetric Cipher “Modes”
9 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Public Key Cryptography (Asymmetric)
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
10 #ATM15 |
Public Key Cryptography
• Strength – Solves problem of passing the key – Allows establishment of trust context between parBes
• Challenges: – Slow (MUCH slower than symmetric) – Problem of trusBng public key (what if I’ve never met you?)
• Examples: RSA, DSA, ECDSA
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
11 #ATM15 |
Hybrid Cryptography
• Randomly generate “session” key • Encrypt data with “session” key
(symmetric key cryptography) • Encrypt “session” key with recipient’s public key
(public key cryptography)
12 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Hash Function
• Properties – it is easy to compute the hash value for any given message – it is infeasible to find a message that has a given hash – it is infeasible to find two different messages with the same hash – it is infeasible to modify a message without changing its hash
• Ensures message integrity • Also called message digests or fingerprints • Examples: MD5, SHA1, SHA2 (256/384/512)
13 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Digital Signature
• Combines a hash with an asymmetric crypto algorithm
• The sender’s private key is used in the digital signature operation
• Digital signature calculation:
14 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Message Authentication
16 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Message Integrity with CBC-MAC
• Set IV=0 • Run message through AES-CBC (or some other symmetric
cipher) • Discard everything except final block – this output is the MAC
17 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
CCMP (Counter with CBC-MAC)
CBC-MAC
AES in Counter Mode
18 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Entropy (Information-theoretic, not thermodynamic!)
• When we create a random key, it must be unique and unpredictable
• We need good random numbers for this • What happens if it’s not unique or unpredictable?
19 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Summary: Security Building Blocks
Encryption provides
– confidentiality, can provide authentication and integrity protection
Checksums/hash algorithms provide
– integrity protection, can provide authentication
Digital signatures provide
– authentication, integrity protection, and non-repudiation
For more info:
Buy this Book!
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
21 #ATM15 |
What is a Certificate?
• Binds a public key to some identifying information
– The signer of the certificate is called its issuer – The entity talked about in the certificate is the
subject of the certificate • Certificates in the real world
– Any type of license, government-issued ID’s, membership cards, ...
– Binds an identity to certain rights, privileges, or other identifiers
22 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Public Key Infrastructure
• A CerBficate Authority (CA) guarantees the binding between a public key and another CA or an “End EnBty” (EE)
• CA Hierarchies
23 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Who do you trust?
Windows: Start->Run->certmgr.msc
24 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
What is a Certificate?
Identity
Trusted 3rd-party
Identity bound to public key
25 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Public Key Infrastructure
• We trust a cerGficate if there is a valid chain of trust to a root CA that we explicitly trust • Web browsers also check DNS hostname == cerBficate
Common Name (CN) • Chain Building & ValidaGon
26 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Certificate Validity
1. Date/Time
2. Revocation • CRL • OCSP
27 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Certificate Formats
PEM / PKCS#7 – Contains a certificate in base64 encoding (open in a text editor)
DER – Contains a certificate in binary encoding
PFX / PKCS#12 – Contains a certificate AND private key, protected by a password
PEM-PKCS#7: -----BEGIN CERTIFICATE----- MIID5TCCA2qgAwIBAgIKErZ83wAAAAAAEDAKBggqhkjOPQQDAzBLMRUwEwYKCZIm iZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRqb24xMRwwGgYDVQQDExNq b24xLUpPTi1TRVJWRVIyLUNBMB4XDTEzMDIwNjIyNDAzN1oXDTE0MDIwNjIyNDAz N1owHDEaMBgGA1UEAxMRMDA6MEI6ODY6ODA6MEU6REQwWTATBgcqhkjOPQIBBggq hkjOPQMBBwNCAATrgMEy+gw3PpVmKmOZPykpKMQmcPBB9B676cnyxPlzGkmAQRR0 EzyD2X5KLBECq8hzmRTaVOlY3OQk/XfI6fVvo4ICYzCCAl8wPQYJKwYBBAGCNxUH BDAwLgYmKwYBBAGCNxUIhe7KRYPsiXqElZMYhqH9BYTl+0SBA4Sn/SPJgGMCAWQC AQkwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOIMBsGCSsGAQQB gjcVCgQOMAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFAvM3qRuBFR80o4raVwf5uYe YUi5MB8GA1UdIwQYMBaAFOHxRRuokak66iwzfWV/CMvZ129sMIHUBgNVHR8Egcww gckwgcaggcOggcCGgb1sZGFwOi8vL0NOPWpvbjEtSk9OLVNFUlZFUjItQ0EsQ049 Sk9OLVNFUlZFUjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9am9uMSxEQz1sb2NhbD9jZXJ0 aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJp YnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0MIGxBggrBgEFBQcwAoaBpGxk YXA6Ly8vQ049am9uMS1KT04tU0VSVkVSMi1DQSxDTj1BSUEsQ049UHVibGljJTIw S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1q b24xLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0 aWZpY2F0aW9uQXV0aG9yaXR5MAoGCCqGSM49BAMDA2kAMGYCMQDi+o5P1Tsdb24b wH6JjHSJT1RPNyM1WUYQtPgInUBW0E7LsZtSoS50Jvp0MQ93ge0CMQC1qb/0gUEy PSIw7GwjFz6MGI5dH42WsxKl9+dW2CptGdI/V9+LSCsgRaMjJt9Teh8= -----END CERTIFICATE-----
28 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Creating Certificates A-Z
1. Generate entropy 2. Use entropy to create random public/private keypair (asymmetric
crypto) 3. Attach identifying information to public key – send to CA
(Certificate Signing Request) 4. CA issues certificate in X.509 format – Contains public key as supplied in CSR – Contains hash of certificate contents – Contains digital signature signed with CA’s private key (hash + asymmetric
crypto)
5. Retrieve certificate from CA – match up with private key. Ready for use.
29 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Generating Certificate Signing Request
30 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Send CSR to your CA of choice
31 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Certificate Authority Best Practices
Symantec/VeriSign Data Center
32 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Public CA versus Private CA
• Windows Server includes a domain-aware CA – why not just use it?
• Disadvantages: – PKI is complex. Might be easier to let Verisign/Thawte/etc. do it for you. – Nobody outside your Windows domain will trust your certificates
• Advantages: – Less costly – Better security possible. Low chances of someone outside organization getting a
certificate from your internal PKI
33 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
OCSP
• Can be used by the client (e.g. web browser) to verify server’s certificate validity – OCSP URL is read from server certificate’s AIA field
• Can be used by the server (e.g. mobility controller) to verify client’s certificate validity – OCSP URL is most often configured on the server to point to specific OCSP
responders
• OCSP transactions use HTTP for transport protocol • Important: Nonce Extension required for replay prevention – Some public CAs don’t like this…
34 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
For More Info
Buy this Book!
36 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Authentication with 802.1X
• Authenticates users before granting access to L2 media
• Makes use of EAP (Extensible Authentication Protocol)
• 802.1X authentication happens at L2 – users will be authenticated before an IP address is assigned
37 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Sample EAP Transaction
2-stage process – Outer tunnel establishment – Credential exchange happens inside encrypted tunnel
Client
Authentication S
erver Request Identity
Response Identity (anonymous) Response Identity
TLS Start Certificate
Client Key exchange Cert. verification
Request credentials
Response credentials
Success
EAPOL RADIUS A
uthenticator
EAPOL Start
38 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
802.1X Packet Capture
39 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
802.1X Acronym Soup
PEAP (Protected EAP) – Uses a digital certificate on the network side – Password or certificate on the client side
EAP-TLS (EAP with Transport Level Security) – Uses a certificate on network side – Uses a certificate on client side
TTLS (Tunneled Transport Layer Security) – Uses a certificate on the network side – Password, token, or certificate on the client side
EAP-FAST – Cisco proprietary – Do not use – known security weaknesses
41 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Configure Supplicant Properly
• Configure the Common Name of your RADIUS server (matches CN in server certificate)
• Configure trusted CAs (an in-house CA is better than a public CA)
• ALWAYS validate the server certificate
• Do not allow users to add new CAs or trust new servers
• Enforce with group policy
42 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Isn’t MSCHAPv2 broken?
• Short answer: Yes – because of things like rainbow tables, distributed cracking, fast GPUs, etc.
• This is why we use MSCHAPv2 inside a PEAP (TLS) tunnel for Wi-Fi – What happens if you don’t properly validate the server certificate? – Look up FreeRADIUS-WPE
• Still using PPTP for VPN? Watch out…
43 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
WPA2 Key Management Summary
Step 1: Use RADIUS to push PMK from AS to AP
Step 2: Use PMK and 4-Way Handshake to derive, bind, and verify PTK
Step 3: Use Group Key Handshake to send GTK from AP to STA
Auth Server
AP/Controller
44 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
4-Way Handshake
EAPoL-Key(Reply Required, Unicast, ANonce)
Pick Random ANonce
EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)
EAPoL-Key(Reply Required, Install PTK, Unicast, ANonce, MIC, AP SSN IE)
Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce | SNonce | AP MAC Addr | STA MAC Addr)
Derive PTK
EAPoL-Key(Unicast, ANonce, MIC)
Install PTK Install PTK
PMK PMK
45 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Summary
• Security is complex • Once you understand it, people will envy you • You can make Facebook posts to confuse your parents
• More importantly: Do it right so you don’t get hacked