Radius Vulnerabilities in Wireless Overview - PowerPoint PPT Presentation

About This Presentation
Title:

Radius Vulnerabilities in Wireless Overview

Description:

Joshua Wright - jwright_at_sans.org. 2. Background & Vulnerability. Client (Supplicant) ... VLAN separation does not mitigate sniffing. Radius key known or ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Slides: 7
Provided by: ietf
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Radius Vulnerabilities in Wireless Overview


1
Radius Vulnerabilities in Wireless Overview
  • Randy Chou - rchou_at_arubanetworks.com
  • Merv Andrade - merv_at_arubanetworks.com
  • Joshua Wright - jwright_at_sans.org

2
Background Vulnerability
AP (Authenticator)
Client (Supplicant)
Radius Auth Server
Associate EAP
Key Exchange w/ Server Cert
User Auth inside TLS
Send MPPE Key
Send encryption Keys
  • Sniff packets. Wired risky, wireless
    undetectable.
  • VLAN separation does not mitigate sniffing.
  • Radius key known or attacked offline, see draft.
  • Wireless data decryption, can be offline.

3
Attack Methodology
  • Adversary captures request and response
    authenticators
  • Mounts brute-force/dictionary attack against
    secret
  • Adversary uses secret to
  • Forge Access-Accept frames
  • Decrypt MPPE for EAP keys

Response Auth MD5(code id len request
auth attributes secret)
4
The Problem
  • Several references disclose vulnerabilities but
    are largely ignored
  • Some popular clients dont implement IPSEC per
    RFC3579
  • Impact of compromised secret is serious
  • Compromised authentication, decryption of
    link-layer encryption mechanisms
  • Loss of keys Loss of certificates

5
Goals
  • Update RFC3579 to MUST for IPsec support
  • Analyze seriousness of vulnerabilities in
    existing implementations
  • Provide best practice recommendations
  • Certification process for RADIUS devices
  • Not just interoperability, conformance tests

6
Questions?
  • Please direct comments to the authors or RADEXT
    reflector
  • Randy Chou - rchou_at_arubanetworks.com
  • Merv Andrade - merv_at_arubanetworks.com
  • Joshua Wright - jwright_at_sans.org
  • http//www.drizzle.com/aboba/RADEXT/radius_vuln_
    00.txt
Write a Comment
User Comments (0)
About PowerShow.com