240 likes | 313 Vues
Threat Model. Tim Moore. Focused on ESS Looked at 802.11 1999 and then RSN to fix 1999 issues Not complete. 802.1X key management. Station. AP. 802.11 MAC. Threats. Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of Privilege. Data message
E N D
Threat Model Tim Moore Tim Moore, Microsoft
Focused on ESS • Looked at 802.11 1999 and then RSN to fix 1999 issues • Not complete Tim Moore, Microsoft
802.1X key management Station AP 802.11 MAC Tim Moore, Microsoft
Threats • Spoofing • Tampering • Repudiation • Information Disclosure • Denial of Service • Elevation of Privilege Tim Moore, Microsoft
Data message • Spoofing • Information Disclosure • Tampering • WEP! • Integrity and Privacy from RSN • MAC address spoof detection requires Pairwise keys • Station bridging unicast traffic will be decrypted as a Group key • Should this be allowed? As it allows spoofing of MAC addresses Tim Moore, Microsoft
TKIP/AES • If the IV is repeated with a particular key then it is easy to recover the key • 4-way handshake and 48bit IV Tim Moore, Microsoft
Michael • Counter measures make a DoS • Snoop packet • Destroy packet CRC • Flip a bit • Flip bits in ICV to correct • Send packet • RSN uses 1X to information AP in secure way • Rate limit keying to limit affect on other stations until their keys are attacked. Tim Moore, Microsoft
Ack message • Need RA, more bit and Duration from frame to be acked • If more is 0 then do not need duration • Acks for data messages can cause data loss • Destroy message and then send ack • Timing is difficult to respond to a message with a valid ack especially for more=1 but could be done by random acks being sent for more=0 • Acks are generated very low in stack – below encryption/integrity • So protecting is hard • Can detect acks received at wrong time • Should have MIB to log this occurring Tim Moore, Microsoft
(Re-)Association request • Causes station to join DS • implementations send level 2 message to setup bridges • Pass data on/off DS • Change capabilities to AP • RSN IE • Listen interval – DoS causes AP to lose data and disassociate station • With RSN station should not join DS until 4-way handshake completes • Data isn’t sent on/off DS because keys are not configured but also need to hold up level 2 bridge message • Association allocates resources on AP • APs need to limit resources used and recover resources if 4-way handshake doesn’t complete Tim Moore, Microsoft
Note Draft 2.2 pre-auth has a problem in that 4-way handshake completes in pre-auth, anyone sending an association opened DS • Fixed in 298r3 Tim Moore, Microsoft
Authentication • Open – no auth • Shared – dictionary attack • RSN – 802.11 auth is open (i.e. no security) • Currently do open to return 802.11 state machine to 1999 version but should we remove state 2 in RSN? Tim Moore, Microsoft
(Re-)Association response • Change station state • Stations check they are in correct state • Flood AP with association requests for different mac addresses – resource DoS • If received when expecting then goes to correct state and real response is ignored • If received after then ignored • Limit resource usage, recover resources quickly if 802.1X key management doesn’t complete Tim Moore, Microsoft
Probe request • Wastes bandwidth • Gets info from AP Tim Moore, Microsoft
Beacon/Probe response • Change capabilities of AP • Privacy bit • RSN information element • A rogue AP with different capabilities but same SSID • Discloses information about ciphers etc that helps attacker • Station select most secure capabilities of APs in range • DoS by more secure AP • RSN duplicate capabilities into 4-way handshake which is protected • RSN requires Privacy bit to be set • DoS attack by modifying 4-way handshake • RSN requires a configuration option to disallow non-RSN associations. Tim Moore, Microsoft
Disassociation/De-authentication • Deletes/changes state on AP • Remove stations from AP and DS • Nothing in RSN • Sign Disassociation/De-authenticate messages • Do not change 802.11 MAC state • Re-authenticate 802.1X and let 1X delete MAC state Tim Moore, Microsoft
PS-Poll • Used by station to get AP to send packets to station • Causes packets to be dropped at the AP - Dos • Log packets sent on request of a PS-Poll that didn’t get received • Could be joined with ack spoofing to ack the data Tim Moore, Microsoft
RTS/CTS • Not looked at because normally threshold large • Contention free/ack • ATIM Tim Moore, Microsoft
Others • Radio flood • Can we detect this as radio noise and add MIB variables to log it? • Interfere with packet CRC • Detect packet errors – packets with bad CRCs or in particular with radio noise corrupting CRC Tim Moore, Microsoft
802.1X • Flood EAPOL-Start messages • DoS Authenticator • Flood EAP Request/Identity • Dos Supplicant • EAP_SUCCESS • Supplicant believes auth complete • RSN uses Secure bit for key management complete • RSN encrypts 1X with Pairwise key • EAP_FAILURE • DoS • RSN encrypts 1X with Pairwise key Tim Moore, Microsoft
EAP_Logoff • Encrypt 1X • EAP Request/Identity contains identity information • Change identity for DoS • Read identity • EAP scheme such as EAP_PEAP or EAP_TTLS • Outer identity only needs NAI domain Tim Moore, Microsoft
EAP_Start, logoff and Notification can be tampered with • RSN encrypts 1X after 4-way handshake • PEAP or TTLS will protect inner EAP Tim Moore, Microsoft
PSK • Bad pre-shared keys Tim Moore, Microsoft
4-way handshake • Send message 1 with wrong ANonce • Implementation mustn’t change session change until message 3 • Changing dest MAC address – DoS Tim Moore, Microsoft
Issues • Association • Sign association message • Use 4-way handshake as network secure • This is in draft 2.2 • Disassociation/De-authenticate • Sign disassociate • Can’t sign de-authenticate because there are cases when you can’t • Disassociation/De-authenticate force 802.1X reauth • If valid disassociate/de-authenticate then 802.1X fails and removes state • If spoofed disassociate/de-authenticate then 802.1X succeeds and state is not removed • Note: Could be used to force 802.1X reauths using resources Tim Moore, Microsoft