170 likes | 289 Views
CAPWAP Overview. SAAG Presentation 65 th IETF 23 March 2006. T. Charles Clancy clancy@cs.umd.edu. Scott G. Kelly scott@hyperthought.com. Agenda. Introduction Some background and current scope Security-related protocols, relationships, considerations, requirements
E N D
CAPWAP Overview SAAG Presentation 65th IETF 23 March 2006 T. Charles Clancy clancy@cs.umd.edu Scott G. Kelly scott@hyperthought.com
Agenda • Introduction • Some background and current scope • Security-related protocols, relationships, considerations, requirements • Current state of things • Conclusion CAPWAP Overview
Introduction • CAPWAP working group is defining a protocol to control and provision wireless access points • Things carried over the protocol include • Access Point configuration/control • Network access control decisions • Cryptographic session keys • User data • Security is obviously a significant concern • Working group wants to invite security area participation • Requesting appointment of a security advisor • Provide designated point of contact with security directorate • Help to avoid delays, surprises in document advancement process due to unforeseen security concerns CAPWAP Overview
Background Early Architecture Mgmt WLAN ELEMENTS AS: Authentication Server, typically RADIUS AP: wireless access point STA: wireless station (typically a laptop) AS/AAA AP AP STA STA STA STA CAPWAP Overview
Background • Early WLAN deployments rely on “fat” access points • Standalone, individually managed network elements • mgmt scaling issues • Limited RF range implies many APs required for significant coverage area • User roaming implies other infrastructure issues • Relatively simple trust chain • STA-AP • EAPoL • WEP • AP-AS • EAP over RADIUS CAPWAP Overview
Current Architecture(Security Protocol Hierarchy and Interactions) Mgmt AAA SNMP HTTP TLS SSH RADIUS Optional IPsec AC AC CAPWAP CAPWAP WTP WTP WTP WTP 802.1X, 802.11i, WPA 802.1X, 802.11i, WPA STA STA STA STA STA STA STA STA Each layer in hierarchy depends on layers above for security CAPWAP Overview
Background, cont. • Current generation moving to centralized control model, “thin” access points • AC: access controller, centralized point of control • WTP: wireless termination point (new name for access points) • Complex interactions • AC-AAA • EAP over RADIUS (optional IPsec) • WTP-STA • WEP, WPA, WPA2, 802.11i • AC-WTP • Intermediate communications impacting all aspects of operations • This presents a number of challenges that merit IETF attention CAPWAP Overview
Complex Trust Relationships Color Coding Mgmt AAA • short-term keys RADIUS PSK • long-term keys Admin Credential MK AC Long-Term EAP Credential AC MSK/PMK PSK/Cert WTP WTP WTP WTP PTK STA STA STA STA STA STA STA STA CAPWAP Overview
CAPWAP InterdependenciesProtocols, trust relationships, etc • Many interdependent security protocols between STA and network • CAPWAP is used to bootstrap trust between the STA and WTP using a series of pre-established trust relationships • AAA credential between AC and AS • CAPWAP credential between AC and WTP • EAP credentials between STA and AS • 802.11i security context (PTK) between WTP and STA • CAPWAP must not degrade security of surrounding components CAPWAP Overview
CAPWAP Threats • Multiple deployment models • Direct L2 connection • Routed L3 connection, one administrative domain • Routed L3 connection, over potentially hostile hops • Direct L2 connection • Largely a physical security problem • Post a guard, lock the doors, etc. • Routed L3 connection, same administrative domain • Seems similar to L2 at first glance, but… • Mobile systems invalidate many assumptions regarding security of local LAN (soft and chewy inside is now exposed) • Can mitigate with network admission control, VLANs, etc, but CAPWAP cannot assume or mandate these things CAPWAP Overview
CAPWAP Threats, cont. • Routed L3 connection, over potentially hostile hops • Examples • Remote WTP scenarios • Employees take WTPs home, connect back to central AC • Branch office WTP, central office AC • Hotspots • some hops may be over wireless • Mesh (e.g. metro wifi) • Threat mitigation requires strong crypto • Mutual authentication • Data integrity verification • Confidentiality in many cases CAPWAP Overview
Additional CAPWAP Security Considerations • “Splitting the MAC” introduces security complexity, subtleties • Functionality previously handled by AP is now divided between WTP and AC • Examples • If 802.11 crypto is terminated at the WTP, security context must arrive there securely (via AC), and WTP must implement 802.11 data security functions • Otherwise, AC implements 802.11 data security functions • Since user/station authentication is mediated by the AC, it must securely interact with AS • WTP forwards 802.1X frames to AC • AC-WTP communications must not be weak link in chain CAPWAP Overview
CAPWAP Protocol Security Requirements • AC ↔ AAA • STA ↔ AAA • STA ↔ WTP • Management ↔ AC IN SCOPE • AC ↔ WTP • Authentication is unique, strong, mutual, and explicit • Communications protected by strong ciphersuite NOT CURRENTLY IN SCOPE (but important to be aware of) CAPWAP Overview
Current State of CAPWAP • 4 competing protocol proposals were evaluated • WG created independent eval team • Protocols: LWAPP,SLAPP,WiCoP,CTP • WG chose LWAPP as basis for new CAPWAP protocol • LWAPP provides its own proprietary security mechanisms • Eval team (and others) recommended replacing this with DTLS CAPWAP Overview
LWAPP Security Protocol, cont. • T. Charles Clancy (UMD) conducted security review, proposed improvements • Protocol subsequently modified to meet wg objectives draft requirements and Clancy suggestions • LWAPP/DTLS draft submitted by Kelly & Rescorla • DTLS added to capwap-00 draft as proposed security mechanism • Numerous operational details yet to be specified, but no show-stoppers uncovered or anticipated • WG still discussing, hopefully to reach closure soon CAPWAP Overview
Standards-based protocol TLS is well reviewed (DTLS is equivalent from security perspective) Widely deployed on the Internet (TLS) Negotiation capability provides for algorithm agility Several freely available implementations Built-in DoS protection Employs security best practices Unidirectional crypto keys Each side contributes to IVs Security parameter verification via message hash Continued benefit from broad deployment and scrutiny Home-grown protocol Latest incarnation has only one public review Little deployment experience No algorithm negotiation – crypto change requires protocol forklift No known open source implementations No DoS protection A few questionable security practices Same key used for transmit/receive One side controls IV generation No verification of negotiable parameters (psk vs cert) One-off (capwap-only) deployment severely limits exposure to scrutiny Compare/Contrast DTLS vs LWAPP DTLS LWAPP CAPWAP Overview
SUMMARY • Security is clearly an integral concern for CAPWAP • IEEE efforts primarily focused on STA+WTP+AS • ACWTP interactions introduce various subtleties • It’s easy to get security wrong, even when clueful people are involved – more skilled reviewers mitigates the risk • CAPWAP would clearly benefit from additional security community participation • Group is requesting a security advisor • Designated point of contact with security directorate • Avoid delays in document advancement due to security concerns • Questions? CAPWAP Overview