Posts Tagged ‘WPA’

AES is becoming very close to broken

July 30th, 2009

In earlier posts I discussed what’s wrong with WPA and why its always a bad idea to base a standard around a single method of encryption, even AES. Bruce Schneier posted to his blog today regarding a new attack against AES. In short, the paper he references identifies how to dramatically reduce the number of guesses required to retrieve a key. While its not practical today for a basement hack to perform the attack, its still nasty stuff.

The attack in question is what is referred to as a related key attack. This requires the attacker to have some level of knowledge of the plain text secured by multiple related keys. In other words, we need to already know a bit of what is being protected and where to look for it.

This is a serious problem when you are talking about VPNs or wireless, because we are using it to secure IP traffic. IP uses some pretty consistent values:

  • Byte 0 contains the IP version (usually 4) and the size of the IP header (usually 20 bytes)
  • Byte 1 contains the type of service field (usually not used so set to 0)
  • Bytes 2 & 3 contain the total length field (a consistent value for traffic like ARP packets if you know the OS)
  • Byte 8 contains the TTL (a consistent value on a per OS basis)
  • Bytes 12-15 contain the source IP address (a consistent value for each specific system)

And that’s just the IP header…

So when we protect traffic on the wire, related key attacks can be particularly evil because there are many repetitive values to work with.

So what should you do? I’ll fall back on the same advice I gave in those earlier posts I referenced above. Make sure you have more options than just a single encryption algorithm, just in case things get a whole lot worse.

No comments »

Posted in 1-emerg, VPN, Wireless

Tags:

Eliminating The Need For WPA In The Enterprise – Part 2

July 22nd, 2009

In my last post I discussed the problems with deploying WPA in an enterprise environment. Let’s back up a bit and list why we secure wireless networks:

  • Permitting uncontrolled access can lead to compromise
  • Authentication is required to verify the person connecting in
  • Data can be sniffed so encryption is needed for data privacy

Pretty straight forward reasoning, but now stop and consider why we secure remote users when they connect in from the Internet:

  • Permitting uncontrolled access can lead to compromise
  • Authentication is required to verify the person connecting in
  • Data can be sniffed so encryption is needed for data privacy

Note the reasons are the same. I’m big on root cause analysis, and the reason so many of us jump though hoops with WPA is that we’re trying to fit a square peg into a round hole. In other words, rather than recognize that a wireless signal is a separate uncontrolled entity, we try really hard to slap on a quick fix so it can be trusted at the same level as the wired segments secured behind our office walls. Not a surprise really, given that the first protocol we were given to secure wireless was called the Wired Equivalent Privacy (WEP) protocol. Needless to say the name directly implies that wireless can be made to be as secure as a wired switch port. History has shown, and continues to show otherwise however.

Consider the network drawing in Figure #1. Note that we have reconfigured the network to better address the root cause problems with wireless. Wireless is no longer considered as trustworthy as a wired switch port. Its treated in a similar fashion to its closest matching security zone, the Internet. We simply hang our access points off of another firewall port and apply a similar security posture.

wireless-vpn

So when someone connects to the access point, what happens? The connection is made in the clear with no security enabled. Simply connect to the proper SSID and go. The local DHCP server then hands the system an IP address. At this point our setup acts like any other non-secured network.

Look what a wireless system gets access to however. Through the firewall, the only permitted point of access is the VPN gateway. This is the same as when the user connects in from the Internet. So rather than having to trust a single security implementation (WPA) with its single choice for data privacy (AES), you can deploy what ever you feel is appropriate. The robustness and flexibility of SSH, SSL and IPSec all become possibilities for securing your datastream. While each solution supports AES for data privacy, they open up a plethora of other, some feel better, options like Blowfish and Twofish.

But wait, couldn’t an attacker connect to my access point and go after the laptops that are connecting in? Absolutely. Again, this zone has the same security level as the Internet so the same rules apply. Think about your typical wireless user however. They tend to be road warriors, who also connect in from the Internet. This means their system should already have the required VPN software and a personal firewall system. So if the laptop is configured to connect in from the Internet, its ready to go in this wireless configuration as well.

One of the things I really like about this configuration is that it not only reduces back end administration (no more WPA management), but help desk support time as well. Users just want their laptop to work and are more effective when they can follow a consistent process. When we tell them “Perform steps A, then B, then C to connect in from the Internet, but steps D, then E then F if you are at the office”, some will inevitability become confused. With the setup above they always follow the same connection process, regardless of physical location.

Since no security solution is ever perfect, there has to be some down sides, right? First, we are putting a slightly higher load on the firewall. Internal communications between a wireless system and a server would normally not involve the firewall, but now it does. This problem could easily be resolved with a second firewall however.

The second issue is security related but is dependent on how we deploy the above configuration. In an ideal world all access points would be connected to a single isolated switch. Reality in a large environment however might necessitate the use of VLANs because the access points are geographically dispersed from each other. The use of VLANs opens up the possibility of VLAN hopping. While this author does not think an attacker could mess with DTP through an access point in order to gain access to the trunk, its certainly possible from a directly connected system so eventually someone smarter than I may figure it out. In short, remember that this security zone has the same trust level as the Internet and handle it accordingly. Shut off DTP or any other auto VLAN negotiation capability the vendor has turned on by default.

Finally, rogue access points are still an issue. This solution does nothing to stop an end user from bringing in an access point from home and plugging it in. You still need to keep a watchful eye for this activity. About the only thing this solution does for you is now you know any access point plugged into the wired network is rogue and needs to be addressed.

Hope this is helpful!

C

2 comments »

Posted in 3-err, VPN, Wireless

Tags:

Eliminating The Need For WPA In The Enterprise – Part 1

July 21st, 2009

Many of us who leverage wireless in an enterprise environment dutifully deploy wireless encryption (WEP or WPA) as well. This is not trivial, as it requires a continual commitment of time and resources in order to maintain the system’s integrity. But is this expenditure really necessary, or is there a more effective solution available that most of us simply overlook?

The need to properly secure wireless

Most of us recognize why wireless connections need to be properly secured. Running a wide open access point is just begging to have your network broken into. Wireless is trivial to sniff and there are a tons of tools available to help you crack it. A good wireless hack knows that proximity affords little protection. I’ve personally been able to get 802.11 working over 5 miles. With the right antennas, others have pushed this as far as 35 miles.

What’s wrong with WEP and WPA?

Most of us understand why WEP is completely broken. If not, Google is your friend. If you don’t understand why WEP is bad its worth the time to do the research. Its a great example of how to do everything wrong.

So the accepted protocol today for wireless security is WPA. At the time of this writing, WPA is faltering but not completely broken. Researches have figured out how to perform key recovery in small packets. Vendors have figured out how to speed up the process of brute forcing keys. The recommended WPA key size today is 48 characters or larger. This is far too big for end users to remember so inevitably the value is written down, in clear text, probably in multiple locations.

There are resource issues here as well. Wireless security is an entire infrastructure system that needs to be managed. Keys and credentials need to be maintained. Even if we take the easy way out and deploy EAP-TTLS we still have a healthy number of components to keep in sync. When things go wrong, troubleshooting can also be a pain as it can sometimes be difficult to determine if the problem is the wireless signal, credentials or even DHCP.

Limiting your data privacy options

When you use WPA, your only data privacy option is AES. AES is a NIST standard that is widely deployed. While it has survived the last eight years without a major vulnerability, timing attacks have been discovered along with a few dents in AES’s armor. Its never a good idea to put all of your eggs in one basket. This is why we backup mission critical data or transmit it over redundant routes. If the worst occurs and AES is found to be broken, you are completely hosed until a new protocol is chosen and incorporated by vendors. The solution will most certainly include replacing all of your access points, as it did when we moved with RC4 under WEP to AES under WPA.

Exec Summary

So we absolutely need to secure wireless connections but the current options available are either slightly better than useless (WEP) or very cumbersome (WPA). Clearly we need additional possibilities that will reduce administration as well as increase the number of choices for data privacy. In my next post I will propose one possibility that is immediately viable for deployment in today’s enterprise environment.

No comments »

Posted in 3-err, VPN, Wireless

Tags: