How to Secure your Wireless LAN security concepts for modern enterprise infrastructures Presented by Philipp Ebbecke @ WLPC_EU 2014 www.lancom.de Secure your WLAN Overview Introduction How to secure a modern enterprise class wireless network Wireless LAN Infrastructure: Wireless LAN Controller Basic Security 802.1X 802.11r - Fast Transition 802.11w - Protected Management Frames 802.11u - HotSpot2.0 (R2) Other aspects: Monitor your network Proper RF Design Final Words Page 2 Secure your WLAN Introduction ■ Primary Connection Interface: Wi-Fi (Smartphones, Tablets, IoT) ■ Signal does not „stay“ only in your building ■ Secure and easy installation/integration wanted ■ Sticking to the standard(s) ■ The chicken or the egg dilemma: Who implements what first? ■ Legacy support Page 3 Secure your WLAN Introduction - Own Your Data (1) Page 4 Source: http://www.zdnet.com/microsoft-ordered-to-hand-overoverseas-email-throwing-eu-privacy-rights-in-the-fire-7000032210/ Secure your WLAN Introduction - Own Your Data (2) Page 5 Source: http://www.reuters.com/article/2014/06/26/us-germanysecurity-verizon-idUSKBN0F11WJ20140626 Secure your WLAN Introduction - Own Your Data (2) Page 6 Source: http://www.digit.in/networking/2014-fifa-world-cups-wi-fipassword-revealed-accidentally-23101.html Secure your WLAN Overview Introduction How to secure a modern enterprise class wireless network Wireless LAN Infrastructure: Wireless LAN Controller Basic Security 802.1X 802.11r - Fast Transition 802.11w - Protected Management Frames 802.11u - HotSpot2.0 (R2) Other aspects: Monitor your network Proper RF Design Final Words Page 7 Secure your WLAN WLC ■ Control and configure your APs via Wireless LAN Controllers (WLCs) ■ Small enterprises can enable software options on their routers ■ WLC required to distribute keys for 802.11r (FT) or Opportunistic Key Caching (OKC) ■ Avoid cloud based WLCs if you want to truly own your data ■ Avoid L3-Tunneling: ■ No stand-alone operation of APs possible ■ Data needs to travel through WLC ■ Expensive WLC due to hardware requirements Page 8 Secure your WLAN Overview Introduction How to secure a modern enterprise class wireless network Wireless LAN Infrastructure: Wireless LAN Controller Basic Security 802.1X 802.11r - Fast Transition 802.11w - Protected Management Frames 802.11u - HotSpot2.0 (R2) Other aspects: Monitor your network Proper RF Design Final Words Page 9 Secure your WLAN RSN ■ Robust Security Network (RSN) ■ Self-evident: Don’t use PSK for enterprise ■ WPA2 only - WEP and WPA1 not secure and no (V)HT support ■ WEP Cracking: http://goo.gl/0VmxFT ■ WPA1 Cracking: http://goo.gl/GEUuC ■ Isolate WEP and WPA1 SSIDs to their specific use case (if necessary at all) Page 10 Secure your WLAN Overview Introduction How to secure a modern enterprise class wireless network Wireless LAN Infrastructure: Wireless LAN Controller Basic Security 802.1X 802.11r - Fast Transition 802.11w - Protected Management Frames 802.11u - HotSpot2.0 (R2) Other aspects: Monitor your network Proper RF Design Final Words Page 11 Secure your WLAN 802.1X ■ The one and only option for secure enterprise networks ■ RADIUS Server required ■ Based on the Extensible Authentication Protocol (EAP) ■ Native support in most client devices, watch out for wireless printers(!) Page 12 Secure your WLAN 802.1X Page 13 Secure your WLAN 4-Way Handshake ■ Data transmission via transient keys derived from master keys ■ 2 Keys: Pairwise Master Key (PMK) and Groupwise Master Key (GMK) ■ New, unique PMK for every (re-)authentication of a client ■ PTK for Unicasts (individual for each client) ■ GMK is randomly created ■ GTK for Broad-/Multicasts (same for all clients) ■ PTK and GTK are stored on AP and Client ■ AP can store the PMK as well (PMK-Caching - No Authentication, just 4-Way Handshake) Page 14 Secure your WLAN 4-Way Handshake PTK = PRF(PMK + ANonce + SNonce + AA + SPA) Source: https://en.wikipedia.org/wiki/ IEEE_802.11i-2004#The_Four-Way_Handshake Page 15 Secure your WLAN 802.1X - EAP ■ In General: Username/Password, Certificate, SIM ■ Legacy Authentication Protocols: PAP: clear text username/password CHAP: clear text username, MD5-hashed password MS-CHAP: weak security, MS version of CHAP MS-CHAPv2: stronger hashing, also vulnerable ■ Legacy methods still in use but inside SSL/TLS Tunnel Page 16 Secure your WLAN 802.1X - EAP ■ Weak EAP Methods: EAP-MD5 EAP-LEAP ■ ■ Username in clear text Strong EAP Protocols ■ Use of outer identity (anonymous) for tunnel establishment ■ inner, encrypted identity inside the tunnel Page 17 Secure your WLAN 802.1X - EAP-PEAP/TTLS EAP-PEAP ■ Popular and secure ■ Supplicant validates server certificate ■ EAP-PEAPv0 (EAP-MSCHAPv2): Username + password, no client certificate support ■ EAP-PEAPv0 (EAP-TLS): requires client certificate, no username EAP-FAST: Secure if credentials are not autoprovisioned EAP-TTLS: EAP and non-EAP methods for inner identity, client certificate optional Page 18 Secure your WLAN 802.1X - EAP-TLS EAP-TLS ■ One of the most secure EAP methods ■ Requires client-side certificates (mutual authentication) ■ No username/password authentication ■ Secure and high-availability certificate store is a must ■ Checks against: – Subject Alternative Name (SAN) – Subject Common Name (CN) – Binary - check against user object from LDAP/ AD Page 19 Secure your WLAN 802.1X - EAP-SIM/AKA ■ EAP Methods for mobile phones ■ Important for 802.11u EAP-SIM – based on 2G GSM authentication – short key length – no mutual authentication EAP-AKA – designed for 3G networks – AKA runs inside SIM module – longer keys – mutual authentication included Page 20 Secure your WLAN Overview Introduction How to secure a modern enterprise class wireless network Wireless LAN Infrastructure: Wireless LAN Controller Basic Security 802.1X 802.11r - Fast Transition 802.11w - Protected Management Frames 802.11u - HotSpot2.0 (R2) Other aspects: Monitor your network Proper RF Design Final Words Page 21 Secure your WLAN 802.11r ■ Fast BSS Transition (FT) alias Roaming ■ 802.11i: Full Authentication via RADIUS on every handoff ■ .11r: „PMK Caching“ at multiple APs ■ Reduced # of Frames: ■ ■ Number EAP Authentication Frames depends on EAP Protocol ■ 4-Way Handshake ■ QoS Admission Control Over the Air or Distribution System (Wired) Page 22 Secure your WLAN 802.11r - Over the Air Page 23 Secure your WLAN 802.11r vs. OKC Page 24 Secure your WLAN 802.11r - Over the DS Page 25 Secure your WLAN 802.11r vs. OKC ■ Opportunistic Key Caching (OKC): ■ Clients sends PMKID within (Re-)Association Request ■ If AP recognizes PMKID, EAP Authentication is skipped and 4-Way Handshake is started ■ QoS Admission Control not integrated ■ not standardized Page 26 Secure your WLAN 802.11r - Reassociation Request Page 27 Secure your WLAN 802.11r - Reassociation Request New AKM Suite FT works with .1X and PSK PMKID added to RSN IE Page 28 Secure your WLAN 802.11r - Reassociation Request Page 29 Secure your WLAN 802.11r - Reassociation Request FT only in same Mobility Domain A/SNonce included Page 30 Who owns the original PMK? Secure your WLAN 802.11r - Reassociation Response Page 31 Secure your WLAN 802.11r - Reassociation Response Groupwise Transient Key in Reassociation Response Page 32 Secure your WLAN 802.11r (Measurements) Full Authentication (EAP-PEAP) Page 33 Without .11r: ~298 ms (EAP-PEAP) Secure your WLAN 802.11r (Measurements) Fast Transition With .11r: ~20 ms Over the Air [ms] 300 DUT: iPad 3 with iOS 8.0.2 RF Band: 5 GHz 298 225 -93 % 150 75 0 20 without .11r Mike Albano 802.11r-Over-the-Air: 16 ms 802.11r-Over-the-DS: 71 ms with .11r Reference: http://www.mikealbano.com/2014/06/80211r-80211k-fastbss-transition.html Page 34 Secure your WLAN 802.11r - APs & Clients ■ Enterprise APs: ■ Feature is offered by Aerohive, Aruba, Cisco, LANCOM, Motorola, Ruckus, […] ! ■ Clients: ■ Apple: iOS 6 devices (iPad 3, iPhone 4s and newer) ■ Android: Samsung Galaxy Note 3, Sony Xperia Z2 and Z3 ■ BlackBerry Bold 9000 ! ■ WFA Search for cert. devices: http://goo.gl/Z00Pso Page 35 Secure your WLAN 802.11r - Conclusion + High level of security + fast connection phase possible + Great amount of AP support - Lack of decent client support - VOIP WLAN Phones as latency sensitive should adopt this quickly - WFA Certification „Voice Enterprise“ did not leverage this feature Page 36 Secure your WLAN Overview Introduction How to secure a modern enterprise class wireless network Wireless LAN Infrastructure: Wireless LAN Controller Basic Security 802.1X 802.11r - Fast Transition 802.11w - Protected Management Frames 802.11u - HotSpot2.0 (R2) Other aspects: Monitor your network Proper RF Design Final Words Page 37 Secure your WLAN 802.11w ■ Protected Management Frames (PMF) ■ WFA: Required for .11n and .11ac certification since July 1st 2014 - WPA2 only ■ Prohibits „Spoofed Disconnects“ Attacks Deauthenticate/Disassociate or via Channel Switch Announcements ■ Prevents forged (Re)Associations ■ WPA1/2 required, no WEP support Page 38 Secure your WLAN 802.11w - Disassociate Frame (unprotected) Page 39 No reason code required Secure your WLAN 802.11w ■ Protected Management Frames are: ■ Disassociate ■ Deauthenticate ■ Action Frames: Block ACK, QoS, FT, Radio Measurement, Spectrum Management ! ■ Unprotected frames: ■ Beacons, Probes, Authentication, Association ■ Announcement Traffic Indication Message ■ Vendor-specific-class Action Frames Page 40 Secure your WLAN 802.11w - Unicasts ■ Unicast Management Frames: ■ Extend AES-CCM to handle unicast management frames ■ Protect the previously unencrypted frame header via additional authentication data (AAD) ■ Uses same PTK as for data frames ■ Separate Receive Sequence Counter (RSC) for replay protection Page 41 Secure your WLAN 802.11w - Broad-/Multicasts ■ Broad-/Multicast Management Frames: ■ New Algorithm: Broadcast Integrity Protocol (BIP) ■ New Information Element: Management MIC IE: Sequence Number + Cryptographic Hash (AES128-CMAC based) ■ BIP uses Integrity Group Temporal Key (IGTK) received during WPA key handshake Page 42 Secure your WLAN 802.11w - Connection option AP Setting Client Setting Outcome No PMF No PMF No PMF PMF Optional Connection without PMF No PMF PMF Required No Connection PMF Optional No PMF Secure? Connection without PMF Connection without PMF PMF Optional PMF Optional Connection with PMF PMF Optional PMF Required Connection with PMF PMF Required No PMF No Connection PMF Required PMF Optional Connection with PMF PMF Required PMF Required Connection with PMF Page 43 Secure your WLAN 802.11w - RSN without .11w Check the AKM on the next slides 2 Flags: Required = Mandatory Capable = Optional Page 44 Secure your WLAN 802.11w - .11w optional Support for SHA1 and SHA256 PMF Optional Page 45 Secure your WLAN 802.11w - .11w required Support only for SHA256 PMF Mandatory New Cipher Suite for Broad-/Multicasts Page 46 Secure your WLAN 802.11w - Disassociate (protected) Protected bit set Mgmt. Frame Sequence Counter Page 47 Secure your WLAN 802.11w - SA-Query ■ Source Address Query (SA-Query) Procedure ■ Protects against forged (de)authentication and (dis)association frames and solves „association lockout“ problem ■ AP Scenario 1 (No Attack): ■ Client discards all keys (due to a restart) and sends an unprotected association request for a reconnection ■ AP still has a valid association from the client including his key material Page 48 Secure your WLAN 802.11w - AP Scenario 1 Page 49 Secure your WLAN 802.11w - AP Scenario 2 ■ AP Scenario 2 (Attack): ■ Attacker sends an unprotected association request for a forged reconnection ■ AP still has a valid association from the client including his key material ■ AP rejects the association requests with a special status code (association rejected temporarily) and an association comeback interval Page 50 Secure your WLAN 802.11w - AP Scenario 2 Page 51 Secure your WLAN 802.11w - Client Scenario 1 Page 52 Secure your WLAN 802.11w - Client Scenario 2 Page 53 Secure your WLAN 802.11w Reason code for this scenario: 6 Page 54 Secure your WLAN 802.11w - APs & Clients ■ Enterprise APs: ■ Feature is offered by Aerohive, AirTight, Aruba, Cisco, LANCOM, Motorola, Ruckus, Xirrus, […] ! ■ Clients: ■ Support since Windows 8 ■ Intel 7260, Qualcomm Adapters since AR5BXB92 ■ Samsung Galaxy S5 ■ Playstation 4 ! Page 55 ■ WFA search for cert. devices: http://goo.gl/3Gk5lG Secure your WLAN 802.11w - Conclusion and Outlook + Feature is now required for WFA 11n, 11ac and Passpoint + Prevents (Dis-)Connect Attacks + Finally(!): Adds security to management frames - Today: Don’t make PMF required on main SSID (due to lack of client support) ! ■ Remaining easy disturbances of connections: ■ CTS control frames with long reservation times ■ RF jamming Page 56 Secure your WLAN Overview Introduction How to secure a modern enterprise class wireless network Wireless LAN Infrastructure: Wireless LAN Controller Basic Security 802.1X 802.11r - Fast Transition 802.11w - Protected Management Frames 802.11u - HotSpot2.0 (R2) Other aspects: Monitor your network Proper RF Design Final Words Page 57 Secure your WLAN 802.11u - Guest Network ■ ■ Today: ■ Companies usually offer guest access via Captive Portal ■ Open Network for guest devices ■ No enterprise network for guest devices Near Future: ■ Companies offer guest access via HS2.0 (R2 starting now) ■ Authentication via NAI realm or mobile operator ■ R2: Open or Server-side encryption for device provisioning ■ Keep guest devices out of enterprise network but on an encrypted network Page 58 Secure your WLAN 802.11u - Advertisement Server ■ Authentication via: ■ Internal NAI Server ■ External NAI Server ■ External Advertisement Server from Mobile Operator ■ Device has no IP yet => L2 based Page 59 Secure your WLAN 802.11u ■ Interworking alias HotSpot 2.0 ■ Client authenticates via his mobile operator or NAI Realm (e.g. keith@wlanpros.com) ■ Differentiate between guest and employee device ■ Choose SSID according to given user details ■ More details on HS2.0 R2 in Dave Wright’s presentation at WLPC 2014: http://goo.gl/zIqpMR ■ Release 1 Problem: Someone has to pre-configure devices Page 60 Secure your WLAN 802.11u - Provisioning R1 Apple Configurator Page 61 Secure your WLAN 802.11u - Flow Diagram Page 62 See slide 10 for the EAP Flow Secure your WLAN 802.11u - APs & Clients ■ Enterprise APs: ■ Feature is offered by Aruba, Cisco, Ericsson, LANCOM, Ruckus, […] ! ■ Clients: ■ Apple iOS Devices since iOS7 ■ Android on HTC, LG, Samsung, Sony high end smartphones ! ■ WFA search for cert. R1 devices: http://goo.gl/rghHlt ■ WFA search for cert. R2 devices: http://goo.gl/0udr31 Page 63 Secure your WLAN 802.11u - Conclusion and Outlook + Release 1 is widely adopted already + Authentication via internal and/or external authentication server(s) + Encrypted guest network + Great solution for BYOD - Today: Lack of Release 2 support by enterprise and client device vendors Page 64 Secure your WLAN Overview Introduction How to secure a modern enterprise class wireless network Wireless LAN Infrastructure: Wireless LAN Controller Basic Security 802.1X 802.11r - Fast Transition 802.11w - Protected Management Frames 802.11u - HotSpot2.0 (R2) Other aspects: Monitor your network Proper RF Design Final Words Page 65 Secure your WLAN Monitor your network ■ Overview of your current network status ■ History of status, events, logs and graphs ■ Requires deep understanding and knowledge especially for troubleshooting ■ Should include wired and wireless network ■ Integration of multiple vendors ■ Sensors for RF spectrum, Rogue AP detection ■ Alarms/Notifications - but don’t flood your IT crew Page 66 Secure your WLAN Overview Introduction How to secure a modern enterprise class wireless network Wireless LAN Infrastructure: Wireless LAN Controller Basic Security 802.1X 802.11r - Fast Transition 802.11w - Protected Management Frames 802.11u - HotSpot2.0 (R2) Other aspects: Monitor your network Proper RF Design Final Words Page 67 Secure your WLAN Proper RF Design ■ Signal does not stop at building walls ■ Consider fabric of a building ■ Directional antennas ■ Drop/Ignore clients below certain SNR ■ Not easy to deploy - proper design and verification required ■ Survey around your site Page 68 Secure your WLAN Overview Introduction How to secure a modern enterprise class wireless network Wireless LAN Infrastructure: Wireless LAN Controller Basic Security 802.1X 802.11r - Fast Transition 802.11w - Protected Management Frames 802.11u - HotSpot2.0 (R2) Other aspects: Monitor your network Proper RF Design Final Words Page 69 Secure your WLAN Final Words ■ Enterprise security should be based on strong EAP methods ■ „Make it as hard as possible to break your security“ ■ Lack of client support of some optional features - no one size fits all solution ■ Troubleshooting requires great(er) knowledge ! ■ Secure WLAN will play a greater role in the future (http://www.cwnp.com/covers/2014-09-SAE-atCWNP.PDF) ■ HotSpot 2.0 (Release 2) can make a difference Page 70 Thank you for your attention! Further information… More information about our products, solutions and services at: www.lancom.eu Presenter: Philipp Ebbecke (@MTroi84, philipp.ebbecke@lancom.de) QA Engineer for WLAN LANCOM Systems GmbH Adenauerstraße 20/B2 52146 Wuerselen Germany info@lancom.eu Page 71
© Copyright 2024