radius vulnerabilities in wireless overview
Download
Skip this Video
Download Presentation
Radius Vulnerabilities in Wireless Overview

Loading in 2 Seconds...

play fullscreen
1 / 6

Radius Vulnerabilities in Wireless Overview - PowerPoint PPT Presentation


  • 119 Views
  • Uploaded on

Radius Vulnerabilities in Wireless Overview . Randy Chou - [email protected] Merv Andrade - [email protected] Joshua Wright - [email protected] Background & Vulnerability. AP (Authenticator). Client (Supplicant). Radius Auth Server. Associate + EAP. Key Exchange w/ Server Cert.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Radius Vulnerabilities in Wireless Overview ' - kyrie


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
background vulnerability
Background & Vulnerability

AP (Authenticator)

Client (Supplicant)

Radius Auth Server

Associate + EAP

Key Exchange w/ Server Cert

User Auth inside TLS

Send MPPE Key

Send encryption Keys

  • Sniff packets. Wired risky, wireless undetectable.
  • VLAN separation does not mitigate sniffing.
  • Radius key known or attacked offline, see draft.
  • Wireless data decryption, can be offline.
attack methodology
Attack Methodology
  • Adversary captures request and response authenticators
  • Mounts brute-force/dictionary attack against secret
  • Adversary uses secret to:
    • Forge Access-Accept frames
    • Decrypt MPPE for EAP keys

Response Auth = MD5(code + id + len + request auth + attributes + secret)

the problem
The Problem
  • Several references disclose vulnerabilities but are largely ignored
  • Some popular clients don’t implement IPSEC per RFC3579
  • Impact of compromised secret is serious
    • Compromised authentication, decryption of link-layer encryption mechanisms
    • Loss of keys == Loss of certificates
goals
Goals
  • Update RFC3579 to MUST for IPsec support
  • Analyze seriousness of vulnerabilities in existing implementations
  • Provide best practice recommendations
  • Certification process for RADIUS devices
    • Not just interoperability, conformance tests
questions
Questions?
  • Please direct comments to the authors or RADEXT reflector

Randy Chou - [email protected]

Merv Andrade - [email protected]

Joshua Wright - [email protected]

http://www.drizzle.com/~aboba/RADEXT/radius_vuln_00.txt

ad