1 / 24

Threat Model

Threat Model. Tim Moore. Focused on ESS Looked at 802.11 1999 and then RSN to fix 1999 issues Not complete. 802.1X key management. Station. AP. 802.11 MAC. Threats. Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of Privilege. Data message

keita
Download Presentation

Threat Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Threat Model Tim Moore Tim Moore, Microsoft

  2. Focused on ESS • Looked at 802.11 1999 and then RSN to fix 1999 issues • Not complete Tim Moore, Microsoft

  3. 802.1X key management Station AP 802.11 MAC Tim Moore, Microsoft

  4. Threats • Spoofing • Tampering • Repudiation • Information Disclosure • Denial of Service • Elevation of Privilege Tim Moore, Microsoft

  5. Data message • Spoofing • Information Disclosure • Tampering • WEP! • Integrity and Privacy from RSN • MAC address spoof detection requires Pairwise keys • Station bridging unicast traffic will be decrypted as a Group key • Should this be allowed? As it allows spoofing of MAC addresses Tim Moore, Microsoft

  6. TKIP/AES • If the IV is repeated with a particular key then it is easy to recover the key • 4-way handshake and 48bit IV Tim Moore, Microsoft

  7. Michael • Counter measures make a DoS • Snoop packet • Destroy packet CRC • Flip a bit • Flip bits in ICV to correct • Send packet • RSN uses 1X to information AP in secure way • Rate limit keying to limit affect on other stations until their keys are attacked. Tim Moore, Microsoft

  8. Ack message • Need RA, more bit and Duration from frame to be acked • If more is 0 then do not need duration • Acks for data messages can cause data loss • Destroy message and then send ack • Timing is difficult to respond to a message with a valid ack especially for more=1 but could be done by random acks being sent for more=0 • Acks are generated very low in stack – below encryption/integrity • So protecting is hard • Can detect acks received at wrong time • Should have MIB to log this occurring Tim Moore, Microsoft

  9. (Re-)Association request • Causes station to join DS • implementations send level 2 message to setup bridges • Pass data on/off DS • Change capabilities to AP • RSN IE • Listen interval – DoS causes AP to lose data and disassociate station • With RSN station should not join DS until 4-way handshake completes • Data isn’t sent on/off DS because keys are not configured but also need to hold up level 2 bridge message • Association allocates resources on AP • APs need to limit resources used and recover resources if 4-way handshake doesn’t complete Tim Moore, Microsoft

  10. Note Draft 2.2 pre-auth has a problem in that 4-way handshake completes in pre-auth, anyone sending an association opened DS • Fixed in 298r3 Tim Moore, Microsoft

  11. Authentication • Open – no auth • Shared – dictionary attack • RSN – 802.11 auth is open (i.e. no security) • Currently do open to return 802.11 state machine to 1999 version but should we remove state 2 in RSN? Tim Moore, Microsoft

  12. (Re-)Association response • Change station state • Stations check they are in correct state • Flood AP with association requests for different mac addresses – resource DoS • If received when expecting then goes to correct state and real response is ignored • If received after then ignored • Limit resource usage, recover resources quickly if 802.1X key management doesn’t complete Tim Moore, Microsoft

  13. Probe request • Wastes bandwidth • Gets info from AP Tim Moore, Microsoft

  14. Beacon/Probe response • Change capabilities of AP • Privacy bit • RSN information element • A rogue AP with different capabilities but same SSID • Discloses information about ciphers etc that helps attacker • Station select most secure capabilities of APs in range • DoS by more secure AP • RSN duplicate capabilities into 4-way handshake which is protected • RSN requires Privacy bit to be set • DoS attack by modifying 4-way handshake • RSN requires a configuration option to disallow non-RSN associations. Tim Moore, Microsoft

  15. Disassociation/De-authentication • Deletes/changes state on AP • Remove stations from AP and DS • Nothing in RSN • Sign Disassociation/De-authenticate messages • Do not change 802.11 MAC state • Re-authenticate 802.1X and let 1X delete MAC state Tim Moore, Microsoft

  16. PS-Poll • Used by station to get AP to send packets to station • Causes packets to be dropped at the AP - Dos • Log packets sent on request of a PS-Poll that didn’t get received • Could be joined with ack spoofing to ack the data Tim Moore, Microsoft

  17. RTS/CTS • Not looked at because normally threshold large • Contention free/ack • ATIM Tim Moore, Microsoft

  18. Others • Radio flood • Can we detect this as radio noise and add MIB variables to log it? • Interfere with packet CRC • Detect packet errors – packets with bad CRCs or in particular with radio noise corrupting CRC Tim Moore, Microsoft

  19. 802.1X • Flood EAPOL-Start messages • DoS Authenticator • Flood EAP Request/Identity • Dos Supplicant • EAP_SUCCESS • Supplicant believes auth complete • RSN uses Secure bit for key management complete • RSN encrypts 1X with Pairwise key • EAP_FAILURE • DoS • RSN encrypts 1X with Pairwise key Tim Moore, Microsoft

  20. EAP_Logoff • Encrypt 1X • EAP Request/Identity contains identity information • Change identity for DoS • Read identity • EAP scheme such as EAP_PEAP or EAP_TTLS • Outer identity only needs NAI domain Tim Moore, Microsoft

  21. EAP_Start, logoff and Notification can be tampered with • RSN encrypts 1X after 4-way handshake • PEAP or TTLS will protect inner EAP Tim Moore, Microsoft

  22. PSK • Bad pre-shared keys Tim Moore, Microsoft

  23. 4-way handshake • Send message 1 with wrong ANonce • Implementation mustn’t change session change until message 3 • Changing dest MAC address – DoS Tim Moore, Microsoft

  24. Issues • Association • Sign association message • Use 4-way handshake as network secure • This is in draft 2.2 • Disassociation/De-authenticate • Sign disassociate • Can’t sign de-authenticate because there are cases when you can’t • Disassociation/De-authenticate force 802.1X reauth • If valid disassociate/de-authenticate then 802.1X fails and removes state • If spoofed disassociate/de-authenticate then 802.1X succeeds and state is not removed • Note: Could be used to force 802.1X reauths using resources Tim Moore, Microsoft

More Related