Wireless LAN Security with 802.1x, EAP-TLS, and PEAP - Black Hat

More documents

Recommendations

Info

Classes of attacks Key and IV reuse Small IV space; no IV replay protection Known plaintext attack Can recover stream of length N for a given IV Then forge packets of length N in absence of keyed IC Partial known plaintext attack Can recover M bytes of keystream, M < N Repeated probing � extend keystream to N Weaknesses in RC4 key scheduling algorithm Large class of weak keys can break secret key
Classes of attacks Authentication forging WEP encrypts challenge using client-chosen IV Recovery of keystream for a given IV allows reuse of the IV for forging WEP authentication Doesn’t provide key, so can’t join LAN Realtime decryption IV reuse and probing � construct dictionary of IVs and keystreams Enables decryption in real time Storage: 1500 bytes of keystream for each IV; 24 b GB
Page 1 and 2: Wireless LAN Security with 802.1x,
Page 3 and 4: Wired equivalent privacy
Page 5 and 6: Common attacks Bit-flipping (encryp
Page 7: More IV problems Say an AP constant
Page 11 and 12: WEP suckage Same key reused over an
Page 13 and 14: 802.1x
Page 15 and 16: Is 802.1x enough? No It does solve:
Page 17 and 18: 802.1x over 802.11 Supplicant Authe
Page 19 and 20: Before authentication Supplicant th
Page 21 and 22: 802.11/802.1x state machine Class 1
Page 23 and 24: Extensible authentication protocol
Page 25 and 26: Authentication methods EAP allows c
Page 27 and 28: Protected EAP (PEAP) Extension to E
Page 29 and 30: Note Do not configure IAS and XP fo
Page 31 and 32: Security requirements, again Mutual
Page 33 and 34: Windows PEAP authentication First p
Page 35 and 36: Our requirements so far Mutual devi
Page 37 and 38: Windows PEAP authentication First p
Page 39 and 40: Windows PEAP authentication Second
Page 41 and 42: Why use machine accounts? Domain lo
Page 43 and 44: Remaining vulnerabilities
Page 45 and 46: Bit-flipping attacks WEP doesn’t
Page 47 and 48: Solution: keyed IC Change behavior
Page 49 and 50: System requirements Client: Windows
Page 51 and 52: Access policy Policy condition NAS-
Page 53 and 54: Interoperability PEAP standards aut
Page 55 and 56: The future—long term IEEE is work
Page 57: © 2003 Microsoft Corporation. All

Wireless LAN Security with 802.1x, EAP-TLS, and PEAP - Black Hat

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?