Wireless LAN Security with 802.1x, EAP-TLS, and PEAP - Black Hat

More documents

Recommendations

Info

WEP’s “defenses” Integrity check (IC) field CRC-32 checksum, part of encrypted payload Not keyed Subject to bit-flipping � can modify IC to make altered message appear valid Initialization vector (IV) added to key Alters key somewhat for each packet 24-bit field; contained in plaintext portion Alas, this small keyspace guarantees reuse
More IV problems Say an AP constantly sends 1500-byte packets at 11mbps Keyspace exhausted in 5 hours Could be quicker if packets are smaller Key reuse causes even more collisions Some cards reset IV to 0 after initialization Some cards increment by 1 after each packet 802.11 st<strong>and</strong>ard does not m<strong>and</strong>ate new per-packet IV!
Page 1 and 2: Wireless LAN Security with 802.1x,
Page 3 and 4: Wired equivalent privacy
Page 5: Common attacks Bit-flipping (encryp
Page 9 and 10: Classes of attacks Authentication f
Page 11 and 12: WEP suckage Same key reused over an
Page 13 and 14: 802.1x
Page 15 and 16: Is 802.1x enough? No It does solve:
Page 17 and 18: 802.1x over 802.11 Supplicant Authe
Page 19 and 20: Before authentication Supplicant th
Page 21 and 22: 802.11/802.1x state machine Class 1
Page 23 and 24: Extensible authentication protocol
Page 25 and 26: Authentication methods EAP allows c
Page 27 and 28: Protected EAP (PEAP) Extension to E
Page 29 and 30: Note Do not configure IAS and XP fo
Page 31 and 32: Security requirements, again Mutual
Page 33 and 34: Windows PEAP authentication First p
Page 35 and 36: Our requirements so far Mutual devi
Page 37 and 38: Windows PEAP authentication First p
Page 39 and 40: Windows PEAP authentication Second
Page 41 and 42: Why use machine accounts? Domain lo
Page 43 and 44: Remaining vulnerabilities
Page 45 and 46: Bit-flipping attacks WEP doesn’t
Page 47 and 48: Solution: keyed IC Change behavior
Page 49 and 50: System requirements Client: Windows
Page 51 and 52: Access policy Policy condition NAS-
Page 53 and 54: Interoperability PEAP standards aut
Page 55 and 56: The future—long term IEEE is work
Page 57:
© 2003 Microsoft Corporation. All
show all

Wireless LAN Security with 802.1x, EAP-TLS, and PEAP - Black Hat

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?