Presentation is loading. Please wait.

Presentation is loading. Please wait.

CAPWAP Overview Saag Presentation 65 th IETF 23 March 2006 Scott G. Kelly T. Charles Clancy

Published byArline Lambert Modified over 9 years ago

Similar presentations

Presentation on theme: "CAPWAP Overview Saag Presentation 65 th IETF 23 March 2006 Scott G. Kelly T. Charles Clancy"— Presentation transcript:

1 CAPWAP Overview Saag Presentation 65 th IETF 23 March 2006 Scott G. Kelly scott@hyperthought.com T. Charles Clancy clancy@cs.umd.edu

2 Agenda Introduction Some background and current scope Security-related protocols, relationships, considerations, requirements Current state of things Conclusion

3 Introduction Defining a protocol to control and provision wireless access points Things carried over protocol include –Access Point configuration/control –Network access control decisions –Cryptographic session keys Security is obviously a significant concern –Compromised communications may result in infrastructure take-over Working group wants to invite security area participation Requesting appointment of a security advisor –Formal liaison with security area –Avoid delays in document advancement due to security concerns –Provide security community connection for security reviews, advice

4 Background Early Architecture AP STA AS/AAA Mgmt WLAN ELEMENTS AS: Authentication Server, typically RADIUS AP: wireless access point STA: wireless station (typically a laptop)

5 Current Architecture ( Security Protocol Hierarchy and Interactions) WTP AC STA WTP AC STA AAA RADIUS IPsec CAPWAP 802.1X, 802.11i, WPA Mgmt SNMP HTTP TLS SSH 802.1X, 802.11i, WPA Each layer in hierarchy depends on layers above for security

6 Complex Trust Relationships WTP AC STA WTP AC STA AAA RADIUS PSK Long-Term EAP Credential PSK/Cert PTK WTP MSK/PMK MK Mgmt Admin Credential Color Coding short-term keys long-term keys

7 Why is security important in CAPWAP? Many interdependent security protocols between station and network CAPWAP must not degrade existing security (can’t become weak link) Multiple deployment models –Direct L2 connection Physical security solves most problems –Routed connection, one administrative domain Mobile network elements introduce infrastructure risks –Routed connection, potentially hostile hops Remote WTP scenarios –Employees take WTPs home –Branch office WTP, Central office AC –Hotspots –some hops may be over wireless Mesh (e.g. metro wifi)

8 Additional CAPWAP Security Considerations “Splitting the MAC” introduces security complexity If 802.11 crypto is terminated at the WTP, security context must arrive there securely (via AC), and WTP must implement 802.11 data security functions –Otherwise, AC implements 802.11 data security functions Since user/station authentication is mediated by the AC, it must securely interact with AS –WTP forwards 802.1x frames to AC AC-WTP communications must not be a weak link; they require –Strong mutual authentication –Data integrity verification –Confidentiality (depends on deployment nuances, threats)

9 CAPWAP Protocol Security Requirements AC ↔ AAA STA ↔ AAA STA ↔ WTP Management ↔ AC NOT CURRENTLY IN SCOPE (but requirements nonetheless) IN SCOPE AC ↔ WTP –Authentication is unique, strong, mutual, and explicit –Communications protected by strong ciphersuite

10 Current State of CAPWAP 4 competing protocol proposals were evaluated –WG created independent eval team –Protocols: LWAPP,SLAPP,WiCoP,CTP WG chose LWAPP as basis for new CAPWAP protocol LWAPP provides its own proprietary security mechanisms Eval team (and others) recommended replacing this with DTLS

11 LWAPP Security Protocol, cont. T. Charles Clancy (UMD) conducted security review, proposed improvements Protocol subsequently modified to meet wg objectives draft requirements and Clancy suggestions LWAPP/DTLS draft submitted by Kelly & Rescorla DTLS added to capwap-00 draft as proposed security mechanism Numerous operational details yet to be specified, but no show-stoppers uncovered or anticipated WG still discussing, hopefully to reach closure soon

12 Compare/Contrast DTLS vs LWAPP Standards-based protocol TLS is well reviewed (DTLS is equivalent from security perspective) Widely deployed on the Internet (TLS) Negotiation capability provides for algorithm agility Several freely available implementations Built-in DoS protection Employs security best practices –Unidirectional crypto keys –Each side contributes to IVs –Security parameter verification via message hash Continued benefit from broad deployment and scrutiny Home-grown protocol Latest incarnation has only one public review Little deployment experience No algorithm negotiation – crypto change requires protocol forklift No known open source implementations No DoS protection A few questionable security practices –Same key used for transmit/receive –One side controls IV generation –No verification of negotiable parameters (psk vs cert) One-off (capwap-only) deployment severely limits exposure to scrutiny DTLSLWAPP

13 SUMMARY Security is clearly an integral concern for CAPWAP IEEE efforts primarily focused on STA+WTP+AS AC  WTP interactions introduce various subtleties It’s easy to get security wrong, even when clueful people are involved – more eyes on the problem mitigates the risk CAPWAP would clearly benefit from additional security community participation Group needs formal security advisor Formal liaison with security area –Avoid delays in document advancement due to security concerns –Provide security community connection for security reviews, advice Questions?

14

15 Background Early WLAN deployments rely on “fat” access points –Standalone, individually managed network elements –Limited range implies mgmt scaling issues –User roaming implies other infrastructure issues Current generation moving to centralized control model, “thin” access points This presents a number of challenges that merit IETF attention

16 Background, cont. Next Generation WLAN Architecture WTP AC STA AAA Mgmt WTP AC STA New Terms AC: Access Controller WTP: Wireless Termination Point CAPWAP Domain

17 Current CAPWAP Scope There are many security-related interactions among wlan elements –Management Plane AAA/AS AC WTP –Arguably, should be managed entirely by AC –AC-WTP communications –WTP-STA communications Much of the related security is out of scope (provided by various IEEE protocols, RADIUS/EAP extensions) Current CAPWAP scope covers only AC-WTP communications Obviously don’t want to introduce weak link

18 Preaching to the choir CAPWAP group has familiar question Homegrown vs standards-based security? This is a debate we’ve had before in IETF –Roll your own security protocol? –Or use a standard, well-scrutinized one instead? Getting to closure on this ASAP is a priority for capwap wg

19 LWAPP Security Overview Initial protocol was certificate-based –WTP generates random session ID, forwards this with cert to AC –AC validates cert, generates crypto keys, encrypts with WTP public key, signs encrypted keys + session ID, returns these to WTP (RSA key wrap) –WTP unwraps keys, uses AES-CCM for subsequent control channel communications This protocol had a number of shortcomings

20 CAPWAP Attack Containment WTP AC STA WTP AC STA AAA WTP Compromise Affected Nodes Unaffected Nodes

Download ppt "CAPWAP Overview Saag Presentation 65 th IETF 23 March 2006 Scott G. Kelly T. Charles Clancy"

Similar presentations

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Doc.: IEEE 802.11-04/250r2 Submission March 2004 Lily Yang, IETF CAPWAP Design Team EditorSlide 1 802.11 WLAN Architectural Considerations for IETF CAPWAP.

Doc.: IEEE /250r2 Submission March 2004 Lily Yang, IETF CAPWAP Design Team EditorSlide WLAN Architectural Considerations for IETF CAPWAP.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

1 Wireless LAN Security Kim W. Tracy NEIU, University Computing
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Similar presentations

Ads by Google