Network Computingwww.networkcomputing.com

Another Chance to Learn

In January, I wrote about another important wireless authentication mechanism, 802.1x. (See "Trust in Networking: A Fairy Tale?"). A month later, William Arbaugh and his colleagues published a whole set of attacks against 802.1x when it is used with 802.11 (Download the PDF).

The IEEE 802.1x workgroup focused its efforts on Ethernet, token ring and FDDI networks. However, the 802.1x standard clearly indicates that the intended application is principally for hub-based deployments. Only one section in the standard document covers using 802.1x in "shared-media LANs." That section warns that a secure association (EAP method) is required to avoid man-in-the-middle and denial-of-service attacks. During the development of 802.1x, some of the participants seemed to have thought, "802.11 access points could use the 802.1x protocol too." Shortly after the first papers on WEP's weaknesses were released, the 802.11 workgroup took on the task of improving 802.11's security, and 802.1x's MAC-based authentication method quickly became the cornerstone of this improvement effort. Since that move, all 802.11 efforts have been to build a complete security system using 802.1x.

Arbaugh's paper shows the necessity of considering the total set of exchanges between the wireless station and the access point -- and how we must forget our assumptions about what should happen and instead look for what could happen. What if Packet X is introduced at Point A? What if the authenticator fibs and says an authentication challenge was successful when in fact it was a rogue access point, resulting in the inability to perform the authentication check altogether? The IEEE efforts with which I have been connected have been diligent in producing state machines that show how things are intended to work. But when dealing with security, we must also demonstrate how protocols cope with unintended events, because attackers don't play by the rules.

Pay Attention

Whether you're a system designer or a system deployer, you will deal with security tools, and though you won't likely work with developing protocols as basic as 802.1x, the lessons will be the same. Maybe your security tools will be cryptographic primitives like RC4 and Diffie-Hellman, but more likely, they'll be security subsystems like IKE and SSL. Either way, you must understand the assumptions under which these tools were developed to operate.

Security is full of traps, both big and small, for those not intimately familiar with it. In the case of 802.11 and 802.1x, most 802.1x attacks are mitigated when MAC-layer encryption and authentication is present, as is 802.11's intention. This further illustrates the need to consider the entire security framework, including those aspects we like to dismiss as "too hard."