Contents[hide]
|
802.11 Layer 2 Dynamic encryption key generation
- 802.1X/EAP also does the job of generation and distribution of dynamic encryption keys. This is not the purpose of 802.1x though.
- Mutual authentication is required to generate dynamic encryption keys. i.e EAP-TLS,EAP-TTLS,EAP-FAST,EAP-LEAP and all versions of EAP-PEAP generate dynamic encryption keys.
- EAP-MD5 cannot as it only involves unidirectional authentication
- Prior to TKIP/RC4 or CCMP/AES (i.e the RSNA encryption algorithms), WEp offered dynamic key encryption
- they were proprietary solutions though
- Here using the mutual authentication credentials as a seed, matching dynamic encryption keys are generated for both the supplicant and the authentication server.
- These keys are created per session, per user .
- This key is the unicast key
- The broadcast key can either be manually configured on the AP or randomly generated and this is used to encrypt/decrypt all broadcast/multicast 802.11 traffic.
- The unicast key is unique per client, but the broadcast key for all must be the same.
- The authenticator sends this key to the client using an EAPoL message (which is encrypted by the client's unicast key)
- Note: The dynamic encryption keys are still weak and can still be cracked. Not recommended for usage
Robust Security network (RSN)
- RSN involves 2 802.11 stations to establish procedures to authenticate and associate with each other as well as create dynamic encryption keys through a process known as 4-way handshake.
- The association between the 2 stations is known as a RSNA.
- After RSNA, the station shares a key with the AP known as a Pairwise Transient key which is used to encrypt unicast traffic.
- All the stations also share a key called the Groupwise Temporal Key(GTK)" which is used to encrypt/decrypt all broadcast and multicast traffic
- The 802.11-2007 standard allows for the creation of pre-RSNAs.
- i.e legacy security methods are supported in the same BSS along with RSN security mechanisms.
- Example : Dynamic WEP,static WEP.
- Such a network is called Transition security network
- Here the lowest common denominator key will be used as the broadcast/multicast key. (ex: in this case, it'll be WEP)
- Controllers do the following
- They can create multiple SSIDs for multiple WLANs in a single coverage cell area
- For the multiple SSID's , they create multiple virtual BSSIDs
- Each SSID is associated with a L3 VLAN interface on the DS.
RSN Information Element
- This is used by the clients and the APs to notify one another of their RSN capabilities
- optional field
- Found in 4 different frames:
- Beacon (AP to client)
- Probe response (AP to client)
- Association request (client to AP)
- Reassociation request (client to AP)
- This contains the following info:
- Identifies the encryption capabilities of each station
- will indicate whether 802.1X authentication or PSK is being used. (i.e supported authentication methods)
- The client/AP will use one cipher suite for unicast traffic and another for broadcast/multicast traffic
- Check figure 5.10 on Page 187 of the study guide for a view of how the RSN IE will look in a frame
- The AKM(authentication key management) field is used to indicate whether the station supports 802.1X authentication or PSK authentication.
Authentication and Key Management(AKM)
- AKM services consist of a set of one or more algorithms designed to provide authentication and key management,either individually or in combination with higer layer authentication and key-management algorithms.
- These may include non-802 protocols
- AKM services links together authentication and encryption
- i.e an authentication process is necessary to generate dynamic encryption keys
- Untill the dynamic encryption keys are crteated,the controlled port will not open
- Refer to figure 5.14 on Page 190 of the study guide
- Overview of AKM is as follows
- Discovery:Active and Passive scanning
- This includes->Discovery, authentication and association
- Authentication: 802.1X/EAP or PSK
- Starts when the EAP exchange starts
- Master key creation: PMK/GMK
- Supplicant and the authentication server generate a master encryption key called the PMK.
- Temporal key creation : 4-way handshake creates GTK/PTK
- Authorization : Controlled port unblocked
- Encryption : The 802.11 data frames are encrypted
- Discovery:Active and Passive scanning
RSNA Key hierarchy
- 5 keys make up a top-to-bottom hierarchy that is needed to establish a final RSNA
- There are group-wise keys - used to protect a group of destinations
- There are pair-wise keys - used to protect 2 entitites
Master session key(MSK)
- Also called AAA key.
- Generated from either the 802.1X/EAP process or the PSK process
- This key is exported to both the supplicant and the authetnication server
- Atleast 64 octects in length
- We can think of this as a seeding material used to create other keys
Master keys
- After MSK is created, 2 master keys are created
- The MSK is used to create a master key called Pairwise Master Key(PTK)
- This resides on both the supplicant and the AS
- A new PMK is created everytime a client authenticates or reauthenticates
- The PMK is also sent from the AS to the authenticator
- Another master key, Group-wise Master Key(GMK) is generated on the Authenticator
- These master keys are not used to encrypt/decrypt data traffic
- These are the seeding material for the 4-way handshake
- PMK helps create the PTK
- GMK helps create the GTK
Temporal Keys
- PTK is comprised of 3 sections
- Key confirmation key(KCK)
- provides data integrity during the 4-way handshake and group key handshake
- Key Encryption Key (KEK)
- Is used by EAPoL frames to encrypt the 4-way handshake and the group key handshake
- Temporal Key (TK)
- This is used for MSDU encryption
- Key confirmation key(KCK)
- The PTK/GTKs are either CCMP/AES or TKIP/RC4.
4-way handshake
- The 4-way handshake basically does the following:
- Confirm the existence of the PMK at the peer session
- Ensure that the PMK is current
- Derive a new PTK from the PMK
- Install the PTK on the supplicant and the authenticator
- Transfer the GTK from the authenticator to the supplicant and install the GTK on the supplicant , and if necessary on the authenticator
- Confirm the selction of cipher suites
- The PMK along with a nonce is used to create the PTK
- 2 nonces are created by the 4-way handshake
- The Authenticator nonce
- The Supplicant nonce
- PMK+Authenticator nonce+supplicant nonce+Authenticator MAC address + Supplicant MAC address is fed into a pseudo-random function and the PTK is generated
- The 4-way handshake consists of the following steps
- Message 1
- Authenticator -> Supplicant
- The authenticator and supplicant create their respective nonces
- The authenticator sends it's Athenticator nonce to the supplicant
- The supplicant now has all the info it needs to derive the PTK from the PMK.
- Message 2
- Supplicant -> Authenticator
- The supplicant sends it's supplicant nonce to the authenticator
- The supplicant also sends its RSN IE and a MIC.
- The authenticator derives a PTK and also validates the MIC.
- Message 3
- Authenticator -> Supplicant
- The authenticator derives the GTK from the GMK
- Authenticator sends a message to the supplicant with the following information
- ANonce
- RSN IE
- MIC
- GTK
- This message is encrypted using the PTK
- Message 4
- Supplicant -> Authenticator
- Tells the authenticator that the temporal keys are now available and installed and ready for use
- Message 1
Group Key Handshake
- 2 frame handshake used to distribute new keys to client stations that already have a PTK and a GTK
- Is exactly the last 2 frames of the 4-way handshake
Peer key handshake
- 802.11-2007 gives a way for clients to talk to one another without involving the AP
- After establsighing the individual security associations with the AP, a station-to-station link(STSL) can also be established
- The clients use PeerKey Handshake management protocol to create peer keys.
RSNA Security Associations
- A RSNA requires 2 802.11 stations to establish proceudres to authenticate and associate with each other as well as create dynamic encryption keys through a 4-WAY handshake
Passphrase-to-PSK matching
- As discussed earlier, AKMP can either be derived using 802.1X/EAP or PSK
- When using PSK, the AKM procedures are as follows
- Discovery
- Negotiation
- The STA associates with the AP and negotiates a security policy.
- The PSK becomes the PMK
- Temporal Key Generation and Authorization
- 4-way handshake to create temporal keys
- Actually the RSNA PSK must be 256 bits in length when represented in hex.
- Most end users prefer a smaller ASCII password
- So a password-to-PSK mapping formula is defined
- ASCII simple password is converted into a 64 character HEX RSNA PSK
- In case of PSK AKM, the PMK of every station is the same because all of them use the same "pre-shared key" which is nothing but the PMK
- This is a security risk
- This allows the hacker , who captures to frames to duplicate the PTK and thereby decrypt the encrypted frames
Roaming and Dynamic Keys
- Everytime a client roams to another AP, unique encryption keys must be generated using the 4-way handshake process
- This means that everytime the client roams, the STA must perform the EAP process all over again
- This leads to crappy VoWLAN and other time-sensitive applications when using a (WPA|WPA2)Enterprise solution
- The 802.1x process takes about 700ms or greater!
- PSK authentication is much faster when compared to Enterprise solutions
- Recently ratified 802.11r-2008 also known as fast BSS tranisition defines faster handoffs when roaming occurs between cells in a WLAN using 802.1X/EAP.
Thanks to :
No comments:
Post a Comment