1© 2000, Cisco Systems, Inc. Cisco Company Confidential - Do not distributeSE Meeting – November 16th 2000
Security for Next Security for Next Generation Wireless Generation Wireless
LANsLANsWNBU Technical MarketingWNBU Technical Marketing
2350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
AgendaAgenda
• Recap – WEP/SSIDs/authentication
• Deployment issues with 802.11 today
• 802.1X for 802.11
• Deployment of new security feature-set
• Standards update/Pointers
• Questions ?
3350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
AgendaAgenda
Recap – WEP/SSIDs/authenticationSSIDs in 802.11
Association
Open Authentication
Shared-key Authentication
WEP/RC4 in 802.11
WEP encrypted frames
4350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
Past Security MethodsPast Security Methods
• SSID (Service Set Identifier)Commonly used feature in Wireless LANs which provides a rudimentary level of security.
Serves to logically segment the users and Access Points that form part of a Wireless subsystem.
May be advertised or manually pre-configured at the station.
5350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
RECAP - SSIDs in 802.11RECAP - SSIDs in 802.11
S S S I D f o r A P S S I D f o r A P S S I D f o r A P
S S I D f o r A P
S S I D f o r C l i e n t
6350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
SSID problemSSID problem
• 32 ASCII character string
• Under 802.11, any client with a ‘NULL’ string will associate to any AP regardless of SSID setting on AP
• This is NOT a security feature!
7350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
RECAP- Association With 802.11RECAP- Association With 802.11
Client (user machine)
Access Point
Probe requeston 11 channels; may include (broadcast) SSID
Probe responseincluding info not in spec, such as # clients, % load
AP selectionbased on strength and
quality of signal
Wired Ethernet LAN
Access Point
8350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
RECAP - Open Authentication RECAP - Open Authentication With 802.11With 802.11
ClientAP
Authentication request
Open Authentication
Authentication response
Open or Shared needs to be setup identically on both the Access Point and Client
9350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
RECAP - WEP/RC4 in 802.11RECAP - WEP/RC4 in 802.11
10350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
RECAP – WEP Encrypted FramesRECAP – WEP Encrypted Frames
IV MSDU ICV
Encrypted
0-2304 4
Initialization Vector Pad Key ID
2624
Octets
Bits
11350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
RECAP - Shared-key RECAP - Shared-key Authentication With 802.11Authentication With 802.11
Open or Shared needs to be setup identically on both the Access Point and Client
ClientAP
Authentication request
Shared-Key Authentication
Challenge text packet
Authentication response
Encrypted challenge text packet
12350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
AgendaAgenda
• Recap – WEP/SSIDs/authentication
• Deployment issues with 802.11 today
• 802.1X for 802.11
• Deployment of new security feature-set
• Standards Update/Pointers
• Questions ?
13350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
Deployment issues with 802.11 todayDeployment issues with 802.11 today
• Lack of integrated User administration Integration with existing user administration tools required (RADIUS, LDAP-based directories)
Identification via User-Name easier to administer than MAC address identification
Usage accounting and auditing desirable
• Lack of Key management solutionStatic keys difficult to manage on clients, access points
Proprietary key management solutions require separate user databases
14350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
802.11 Security Issues802.11 Security Issues
• User loses wireless NIC, doesn’t report itWithout user authentication, Intranet now accessible by attackers
Without centralized accounting and auditing, no means to detect unusual activity
Users who don’t log on for periods of time
Users who transfer too much data, stay on too long
Multiple simultaneous logins
Logins from the “wrong” machine account
With global keys, large scale re-keying required
15350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
Comparison First-generation 802.11 Comparison First-generation 802.11 Security IssuesSecurity Issues
Vulnerability802.11 w/per
Packet IV
Addition of keyed Integrity
check3DES instead of
WEP/ RC4802.11 w/MICKerb + DES
Impersonation Vulnerable Vulnerable Vulnerable Fixed
NIC theft Vulnerable Vulnerable Vulnerable Fixed
Brute force attack (40/56 bit key) Vulnerable Vulnerable Fixed Vulnerable
Packet spoofing Vulnerable Fixed Vulnerable Fixed
Rogue Access Points Vulnerable Vulnerable Vulnerable Fixed
Disassociation spoofing Vulnerable Fixed Vulnerable Fixed
Passive monitoring Vulnerable Vulnerable Vulnerable Vulnerable
Global keying issues Vulnerable Vulnerable Vulnerable Fixed
Pre-computed dictionary attack Implementation Implementation Implementation Vulnerable
Offline dictionary attack Vulnerable Vulnerable Vulnerable Vulnerable
16350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
AgendaAgenda
• Recap – WEP/SSIDs/authentication
• Deployment issues with 802.11 today
• 802.1X for 802.11
• Deployment of new security feature-set
• Standards Update/Pointers
• Questions ?
17350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
What Is 802.1X ?What Is 802.1X ?
• IEEE Standard in progress
• Port Based Network Access Control
18350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
General Description General Description IEEE 802.1X TerminologyIEEE 802.1X Terminology
AuthenticatorAuthenticator(e.g. Switch, (e.g. Switch,
Access Point)Access Point)
SupplicantSupplicant
Enterprise NetworkEnterprise NetworkSemi-Public Network /Semi-Public Network /Enterprise EdgeEnterprise Edge
AuthenticationAuthenticationServerServer
RADIUS
EAP Over Wireless (EAPOW)
EAP Over Wireless (EAPOW)
EAP Over RADIUS
EAP Over RADIUS
PAEPAE
PAEPAE
Controlled port
Uncontrolled port
EAP Over LAN (EAPOL)
EAP Over LAN (EAPOL)
19350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
IEEE 802.1X Conversation IEEE 802.1X Conversation
EthernetLaptop computer
802.1X Authenticator/Bridge
Radius Server
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity
EAP-Request
Radius-Access-Request
Radius-Access-Challenge
EAP-Response (cred) Radius-Access-Request
EAP-Success
Access blockedPort connect
Radius-Access-Accept
Access allowed
RADIUSEAPOL
20350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
IEEE 802.1X Over 802.11IEEE 802.1X Over 802.11
Ethernet
Access Point
Radius Server
EAPOL-Start
EAP-Request/IdentityEAP-Response/Identity
EAP-Request
Radius-Access-Request
Radius-Access-Challenge
EAP-Response (cred) Radius-Access-Request
EAP-Success
Access blockedAssociation
Radius-Access-Accept
RADIUSEAPOW
Laptop computer
Wireless
802.11802.11 Associate
Access allowed
EAPOW-Key (WEP)
21350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
802.1X Packet exchange802.1X Packet exchange
Start
Authenticate
Finish
22350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
802.1X Packet Exchange 802.1X Packet Exchange Start -1 Start -1
EAPOL-Start
• Defined in IEEE 802.1X draft
• Purpose: Start the authentication process. EAP supplicant is ready for authenticator.
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity Radius-Access-Request
23350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
802.1X Packet Exchange 802.1X Packet Exchange Start -2 Start -2
EAP-Request/Identity
• EAP-Packet defined in 802.1X draft.
• EAP-Request/Identity defined in RFC2284.
• Purpose: Start the authentication process. Authenticator asks for supplicants Identity.
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity Radius-Access-Request
24350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
802.1X Packet Exchange 802.1X Packet Exchange Start -3 Start -3
EAP-Response/Identity
• EAP-Packet defined in 802.1X draft.
• EAP-Response/Identity defined in RFC2284.
• Purpose: Supplicant delivers its Identity. AP uses this to send the Radius-Access-Request.
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity Radius-Access-Request
25350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
802.1X Packet Exchange 802.1X Packet Exchange Authenticate Authenticate
EAP-Request
EAP-Response Radius-Access-Request
Radius-Access-Challenge
Authenticate sequence varies per authentication method
Radius-Access-Request
26350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
802.1X Packet Exchange 802.1X Packet Exchange Authenticate Authenticate
• Draft-ietf-radius-ext-07 describes encapsulating EAP in the radius protocol.
• Transport Level Security (TLS) described in RFC2246
• EAP-TLS described in RFC2716
EAP-Request
EAP-Response Radius-Access-Request
Radius-Access-Challenge
Radius-Access-Request
27350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
802.1X Packet Exchange 802.1X Packet Exchange Finish -1 Finish -1
Radius-Access-Accept
• Contains MS-MPPE-Send-Key attribute per RFC2548.
• This WEP session key has already been delivered/derived by the supplicant in the authentication phase. It is delivered here to the AP.
EAP-Success Radius-Access-Accept
EAPOW-Key
28350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
802.1X Packet Exchange 802.1X Packet Exchange Finish -2 Finish -2
EAP-Success
• Defined in IEEE 802.1X draft.
• Supplicant could turn WEP on (timing).
EAP-Success Radius-Access-Accept
EAPOW-Key
29350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
802.1X Packet Exchange 802.1X Packet Exchange Finish -3 Finish -3
EAPOW-Key
• Defined in IEEE 802.1X draft 5.
• Broadcast WEP key to the supplicant.EAPOW-Key gets sent without WEP since timing is not certain. The WEP broadcast keys are encrypted with the session key via software.
EAP-Success Radius-Access-Accept
EAPOW-Key
Supplicant & Authenticator start using the WEP session key.
30350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
Advantages of 802.1X for 802.11Advantages of 802.1X for 802.11
• Open, extensible and standards based.Enables interoperable user identification, centralized authentication, key management.
Leverages existing standards: EAP (extensible authentication protocol), RADIUS.
Compatible with existing roaming technologies, enabling use in hotels and public places.
• User-based identification.
• Dynamic key management.
• Centralized user administration.Support for RADIUS (RFC 2138, 2139) enables centralized authentication, authorization and accounting.
RADIUS/EAP (draft-ietf-radius-ext-07.txt) enables encapsulation of EAP packets within RADIUS.
31350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
Advantages of 802.1X for 802.11 - Advantages of 802.1X for 802.11 - continuedcontinued
• Extensible authentication supportEAP designed to allow additional authentication methods to be deployed with no changes to the access point or client NIC
RFC 2284 includes support for password authentication (EAP-MD5), One-Time Passwords (OTP)
Windows 2000 supports smartcard authentication (RFC 2716) and Security Dynamics
32350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
AgendaAgenda
• Recap – WEP/SSIDs/authentication
• Deployment issues with 802.11 today
• 802.1X for 802.11
• Deployment case study with new security features
• Standards Update
• Questions ?
33350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
Cisco Security FrameworkCisco Security Framework
EAPLayer
MethodLayerTLSTLSTLS
MediaLayer
NDIS
APIs
EAP
APIs
PPPPPP 802.3802.3 802.3802.3 802.11
LEAPLEAPGSS_APIGSS_APIGSS_API
VPNVPNVPN
802.1X802.1X
Backend AAA infrastructure
CS-ACS2000 2.6, Third party EAP-Radius, Kerberos ...
Backend AAA infrastructureBackend AAA infrastructure
CS-ACS2000 2.6, Third party EAP-Radius, CS-ACS2000 2.6, Third party EAP-Radius, Kerberos Kerberos ......
IKEIKEIKE
EAPLayer
NDIS
APIs
EAP
MethodLayer
EAP
LEAP
MediaLayer
APIs
802.11
34350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
Why LEAP ?Why LEAP ?
• Cisco Lightweight EAP (LEAP) Authentication type• No native EAP support currently available on legacy
operating systems
• EAP-MD5 does not do mutual authentication
• EAP-TLS (certificates/PKI) too intense for security baseline feature-set
• Quick support on multitude of host systems
• Lightweight implementation reduces support requirements on host systems
• Need support in backend for delivery of session key to access points to speak WEP with client
35350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
Cisco LEAP deploymentCisco LEAP deployment
Ethernet
EAP Access Point
LEAPRadius ServerLaptop computer with
LEAP supplicant
Wireless
Network Logon• Win 95/98• Win NT• Win 2K• Win CE• MacOS• Linux
BackbonBackbonee
Driver for OS x• LEAP Authentication support• Dynamic WEP key support• Capable of speaking EAP
Radius • Cisco Secure ACS 2.6• Authentication database• Can use Windows user database
Radius DLL• LEAP Authentication support• MS-MPPE-Send-key support• EAP extensions for Radius
EAP Authenticator• EAP-LEAP today• EAP-TLS soon• …..
Client/SupplicantClient/Supplicant AuthenticatorAuthenticator Backend/Radius serverBackend/Radius server
36350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
LEAP Client / Supplicant Support LEAP Client / Supplicant Support
Integrated Wireless and Microsoft Network Logon
37350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
EAP Support in Access Point EAP Support in Access Point
38350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
LEAP Support in Radius Server -1 LEAP Support in Radius Server -1
Configuring the Configuring the user databaseuser database
39350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
LEAP Support in Radius Server -2 LEAP Support in Radius Server -2
Configuring the Configuring the NAS/APNAS/AP
Same shared secret as that configured for
access point
Radius (Cisco Aironet) For EAP supported
Access Point
40350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
What Does the Radius Server What Does the Radius Server Perform? Cont.Perform? Cont.
• Authentication
• Generates dynamic session key
• Sends session key to access point
41350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
What Does the AP Perform? Cont.What Does the AP Perform? Cont.
• On successful authentication,
Send broadcast WEP key to client.
Maintain clients WEP key.
Start running WEP with client.
Distribute pre-auth.
42350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
Future EAP Client Work ?Future EAP Client Work ?
• Microsoft placing 802.11 EAP Native supplicant in,
Win2K, WinCE
• What about other Microsoft OS’s?
Win9x/WinNT (need LEAP)
• What about other OS’s?
Linux, MacOS (need LEAP)
43350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
Future Backend Work ?Future Backend Work ?
• Support for Kerberos
• Promote EAP authentication types on backend servers
• Integrate with SSGs .. etc
44350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
What About Edge Devices Support What About Edge Devices Support for 802.1X Authenticator ? for 802.1X Authenticator ?
• ELoB Switches.
Catalyst 6k/5k/4k ...
• DSBU Switches.
Catalyst 29xx/35xx ...
45350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
AgendaAgenda
• Recap – WEP/SSIDs/authentication
• Deployment issues with 802.11 today
• 802.1X for 802.11
• Deployment of new security feature-set
• Standards Update/Pointers
• Questions ?
46350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
Standards UpdateStandards Update
• 802.1X Current StatusDraft 8 : http://www.manta.ieee.org/groups/802/1/pages/802.1x.html
Scheduled for letter ballot, January 2001
• 802.11 SecurityTG e (Task Group E) Working on security and QoS extensions to the MAC 802.11 layer
TG-e Security sub-group chair : Dave Halasz (Cisco- Aironet Engineering)
Joint multi-vendor 802.1X for 802.11 proposal accepted as baseline security document.
47350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
PointersPointers
• Whitepaper : Security for Next Generation Wireless LANs v1.1
http://wwwin.cisco.com/cmc/cc/pd/witc/ao340ap/prodlit/wlanw_in.msw
• IEEE 802.1X
http://grouper.ieee.org/groups/802/1/pages/802.1x.html
• RADIUS
http://www.ietf.org/rfc/rfc2138.txt
http://www.ietf.org/rfc/rfc2139.txt
http://www.ietf.org/rfc/rfc2548.txt
http://www.ietf.org/internet-drafts/draft-ietf-radius-radius-v2-06.txt
http://www.ietf.org/internet-drafts/draft-ietf-radius-accounting-v2-05.txt
http://www.ietf.org/internet-drafts/draft-ietf-radius-ext-07.txt
http://www.ietf.org/internet-drafts/draft-ietf-radius-tunnel-auth-09.txt
http://www.ietf.org/internet-drafts/draft-ietf-radius-tunnel-acct-05.txt
• EAP
http://www.ietf.org/rfc/rfc2284.txt
http://www.ietf.org/rfc/rfc2716.txt
48350 Security Update 1/2001 Cisco Company Confidential - Do not distribute
AgendaAgenda
• Recap 1st-generation security for 802.11 WLANs
• Deployment issues with 802.11 today
• 802.1X for 802.11
• Standards Update
• Questions ?
49Presentation_ID © 2000, Cisco Systems, Inc.