Upload
aruba-networks-an-hp-company
View
4.083
Download
1
Tags:
Embed Size (px)
Citation preview
2CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Today’s Agenda
• Cryptography for Wi-Fi
• Authentication with 802.1X
• Access Control
• WIDS
3CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Cryptography Primer
4CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Why study cryptography?
• Absolutely critical to wireless security
• Heavily used during authentication
process
• Protects data in transit
• Makes you more interesting at parties
5CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Meet Bob and Alice
• Bob and Alice are traditionally used in examples
of cryptography
6CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Symmetric Key Cryptography
7CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Symmetric Key Cryptography
• Strength:– Simple and very fast (order of 1000 to 10000 faster than
asymmetric mechanisms)
• Challenges:– Must agree the key beforehand
– How to securely pass the key to the other party?
• Examples: AES, 3DES, DES, RC4
• AES is the current “gold standard” for security
8CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Cryptography (Asymmetric)
9CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Cryptography
• Strength
– Solves problem of passing the key
– Allows establishment of trust context between parties
• Challenges:
– Slow (MUCH slower than symmetric)
– Problem of trusting public key (what if I’ve never met you?)
• Examples: RSA, DSA, ECDSA
10CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Entropy
• When we create a keypair, we need a high
likelihood that it is unique
• We need high quality random numbers for this
• What happens if it’s not unique?
11CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Hybrid Cryptography
• Randomly generate “session” key• Encrypt data with “session” key
(symmetric key cryptography)• Encrypt “session” key with recipient’s public key
(public key cryptography)
12CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Hash Function
• Properties
– it is easy to compute the hash value for any given message
– it is infeasible to find a message that has a given hash
– it is infeasible to find two different messages with the same hash
– it is infeasible to modify a message without changing its hash
• Ensures message integrity
• Also called message digests or fingerprints
• Examples: MD5, SHA1, SHA2 (256/384/512)
13CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Digital Signature
• Combines a hash with an asymmetric crypto algorithm
• The sender’s private key is used in the digital signature
operation
• Digital signature calculation:
14CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Summary: Security Building Blocks
• Encryption provides
– confidentiality, can provide authentication and integrity protection
• Checksums/hash algorithms provide
– integrity protection, can provide authentication
• Digital signatures provide
– authentication, integrity protection, and non-repudiation
• For more info:
Buy this Book!
15CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificates, Trust & PKI
16CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
What is a Certificate?
• Binds a public key to some identifying
information
– The signer of the certificate is called its
issuer
– The entity talked about in the certificate is
the subject of the certificate
• Certificates in the real world
– Any type of license, government-issued
ID’s, membership cards, ...
– Binds an identity to certain rights, privileges,
or other identifiers
17CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Who do you trust?
Windows: Start->Run->certmgr.msc
18CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Infrastructure
• A Certificate Authority (CA) guarantees the binding between a public key and another CA or an “End Entity” (EE)
• CA Hierarchies
19CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
What is a Certificate?
20CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificate Formats
• PEM / PKCS#7– Contains a certificate in base64 encoding (open in
a text editor)
• DER– Contains a certificate in binary encoding
• PFX / PKCS#12– Contains a certificate AND private key, protected
by a password
PEM-PKCS#7:-----BEGIN CERTIFICATE-----
MIID5TCCA2qgAwIBAgIKErZ83wAAAAAAEDAKBggqhkjOPQQDAzBLMRUwEwYKCZIm
iZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJk/IsZAEZFgRqb24xMRwwGgYDVQQDExNq
b24xLUpPTi1TRVJWRVIyLUNBMB4XDTEzMDIwNjIyNDAzN1oXDTE0MDIwNjIyNDAz
N1owHDEaMBgGA1UEAxMRMDA6MEI6ODY6ODA6MEU6REQwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAATrgMEy+gw3PpVmKmOZPykpKMQmcPBB9B676cnyxPlzGkmAQRR0
EzyD2X5KLBECq8hzmRTaVOlY3OQk/XfI6fVvo4ICYzCCAl8wPQYJKwYBBAGCNxUH
BDAwLgYmKwYBBAGCNxUIhe7KRYPsiXqElZMYhqH9BYTl+0SBA4Sn/SPJgGMCAWQC
AQkwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgOIMBsGCSsGAQQB
gjcVCgQOMAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFAvM3qRuBFR80o4raVwf5uYe
YUi5MB8GA1UdIwQYMBaAFOHxRRuokak66iwzfWV/CMvZ129sMIHUBgNVHR8Egcww
gckwgcaggcOggcCGgb1sZGFwOi8vL0NOPWpvbjEtSk9OLVNFUlZFUjItQ0EsQ049
Sk9OLVNFUlZFUjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO
PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9am9uMSxEQz1sb2NhbD9jZXJ0
aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJp
YnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0MIGxBggrBgEFBQcwAoaBpGxk
YXA6Ly8vQ049am9uMS1KT04tU0VSVkVSMi1DQSxDTj1BSUEsQ049UHVibGljJTIw
S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1q
b24xLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0
aWZpY2F0aW9uQXV0aG9yaXR5MAoGCCqGSM49BAMDA2kAMGYCMQDi+o5P1Tsdb24b
wH6JjHSJT1RPNyM1WUYQtPgInUBW0E7LsZtSoS50Jvp0MQ93ge0CMQC1qb/0gUEy
PSIw7GwjFz6MGI5dH42WsxKl9+dW2CptGdI/V9+LSCsgRaMjJt9Teh8=
-----END CERTIFICATE-----
21CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificate Crypto
1. Generate entropy
2. Use entropy to create random public/private
keypair (asymmetric crypto)
3. Attach identifying information to public key –
send to CA (Certificate Signing Request)
4. CA issues certificate in X.509 format – includes
public key
5. CA creates hash of certificate (hash algorithm)
6. CA digitally signs certificate with private key
(asymmetric crypto)
22CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Generating Certificate Signing Request
23CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Send CSR to your CA of choice
24CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificate Authority Best Practice
• Create self-signed root CAs
• Root CAs issue subordinate CA certs
• Root CA is taken offline
– If the root is compromised, the trust model is broken and the
bad guys can fool you into trusting a cert that is bogus
25CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificate Authority Best Practices
Symantec/VeriSign Data Center
26CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public CA versus Private CA
• Windows Server includes a domain-aware CA –
why not just use it?
• Disadvantages:
– PKI is complex. Might be easier to let Verisign/Thawte/etc.
do it for you.
– Nobody outside your Windows domain will trust your
certificates
• Advantages:
– Less costly
– Better security possible. Low chances of someone outside
organization getting a certificate from your internal PKI
27CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
ClearPass as a CA
• Only intended for BYOD – not a general-purpose
CA
– No Web enrollment interface
– No manual enrollment interface
– Limited (BYOD-focused) policy controls
• Recommendation: Use for deploying BYOD
certs which have limited applicability
– Valid for WLAN access to a limited access zone
– Not valid for other enterprise services (email, VPN, app sign-
on, etc.)
28CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Public Key Infrastructure
• We trust a certificate if there is a valid chain of trust to a root CA that we explicitly trust• Web browsers also check DNS hostname ==
certificate Common Name (CN)• Chain Building & Validation
29CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Certificate Validity
30CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
OCSP
• Can be used by the client (e.g. web browser) to
verify server’s certificate validity
– OCSP URL is read from server certificate’s AIA field
• Can be used by the server (e.g. mobility
controller) to verify client’s certificate validity
– OCSP URL is most often configured on the server to point to
specific OCSP responders
• OCSP transactions use HTTP for transport
protocol
• Important: Nonce Extension required for replay
prevention
– Some public CAs don’t like this…
31CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
For More Info
Buy this Book!
32CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Putting it all together: 802.1X
33CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Authentication with 802.1X
• Authenticates users before
granting access to L2 media
• Makes use of EAP
(Extensible Authentication
Protocol)
• 802.1X authentication
happens at L2 – users will
be authenticated before an
IP address is assigned
34CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Sample EAP Transaction
• 2-stage process
– Outer tunnel establishment
– Credential exchange happens inside encrypted tunnel
Clie
nt
Auth
entic
atio
n S
erv
er
Request Identity
Response Identity (anonymous) Response Identity
TLS Start
CertificateClient Key exchange
Cert. verification
Request credentials
Response credentials
Success
EAPOL RADIUS
Auth
entic
ato
r
EAPOL Start
35CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
802.1X Packet Capture
36CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
802.1X Acronym Soup
• PEAP (Protected EAP)
– Uses a digital certificate on the network side
– Password or certificate on the client side
• EAP-TLS (EAP with Transport Level Security)
– Uses a certificate on network side
– Uses a certificate on client side
• TTLS (Tunneled Transport Layer Security)
– Uses a certificate on the network side
– Password, token, or certificate on the client side
• EAP-FAST
– Cisco proprietary
– Do not use – known security weaknesses
38CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Configure Supplicant Properly
• Configure the Common
Name of your RADIUS
server (matches CN in
server certificate)
• Configure trusted CAs (an
in-house CA is better than
a public CA)
• ALWAYS validate the
server certificate
• Do not allow users to add
new CAs or trust new
servers
• Enforce with group policy
39CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Isn’t MSCHAPv2 broken?
• Short answer: Yes – because of things like
rainbow tables, distributed cracking, fast GPUs,
etc.
• This is why we use MSCHAPv2 inside a PEAP
(TLS) tunnel for Wi-Fi
– What happens if you don’t properly validate the server
certificate?
– Look up FreeRADIUS-WPE
• Still using PPTP for VPN? Watch out…
40CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
WPA2 Key Management Summary
Step 1: Use RADIUS to push PMK from AS to AP
Step 2: Use PMK and 4-Way Handshake to
derive, bind, and verify PTK
Step 3: Use Group Key Handshake to send GTK
from AP to STA
Auth Server
AP/Controller
41CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
4-Way Handshake
EAPoL-Key(Reply Required, Unicast, ANonce)
Pick Random ANonce
EAPoL-Key(Unicast, SNonce, MIC, STA SSN IE)
EAPoL-Key(Reply Required, Install
PTK, Unicast, ANonce, MIC, AP SSN IE)
Pick Random SNonce, Derive PTK = EAPoL-PRF(PMK, ANonce |
SNonce | AP MAC Addr | STA MAC Addr)
Derive PTK
EAPoL-Key(Unicast, ANonce, MIC)
Install PTK Install PTK
PMK PMK
43CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Centralized, User Centric Security Architecture
ApplicationsServices
Staff
Partner
Guest
Command
AAA
RADIUSLDAPADPKI
Role-Based Access Control
Flow / Application Classification
Role-based Firewalls
Centralized Crypto
Sessions
AP is Untrusted
Virtual AP 1SSID: Corp
Virtual AP 2SSID: Guest
SecurityBoundary
End-to-end crypto boundaryPer-user virtual connection
44CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Why Worry About Authorization?Where is the “network perimeter” today?
Mobility brings us:
Disappearance of physical security
New mobile users, devices appearing everyday
Increased exposure to malware
Assuming that “the bad guys are outside the firewall, the good guys are inside” is a recipe for disaster
We meet
again, 007!
45CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Wireless Intrusion Detection/Protection
46CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Summary
• Security is complex
• Once you understand it, people will envy you
• Make Facebook posts to confuse your parents
• More importantly: Do it right so you don’t get
hacked
47CONFIDENTIAL
© Copyright 2014. Aruba Networks, Inc.
All rights reserved#AirheadsConf
Credits
• Some graphics stolen from: http://cevi-
users.cevi.be/Portals/ceviusers/images/default/U
serdag-20101125-Certs.pptx
• Some others stolen from:
http://acs.lbl.gov/~mrt/talks/secPrimer.ppt