RE: 802.1x and PEAP

[shankarnarayan.d () netsol co in]

I agree with David when he says that the Cisco cards with TKIP and MIC don't
work with other cards - the basic reason may be enumerated as follows

1. Cisco uses the pre-standard version of TKIP/ MIC combine 
2. Cisco's TKIP works as follows
        a. A base key is hashed with the IV to provide a per packet key. The
same is used to derive a WEP key to encrypt the data
        b. When all the IV's for a particular base key are complete, the
base key is changed dynamically (based on a time defined by the sys admin)
        c. In this way, the regularly changing base key and the
ever-changing IV are hashed to provide new keys regularly
        d. MIC is provided using Neils Ferugeson's algorithm
 
This TKIP is not the same as the now revised draft standard for 802.11i and
hence it is not compatible with other Wireless LAN vendor cards (who may use
the same or alternate algorithms)

The TKIP key mixing function that the standards are pursuing include mixing
the 802MAC address and a temporal key to index and S-box. The MAC ensures
different key for different work stations. This provides a 16-byte output
that resembles 13-byte WEP key and 3-byte corresponding to the IV. The
process is pretty complex and runs through multiple equations / mixing
functions etc

This is one among the reasons why TKIP on Cisco may not be compatible with
those of other vendors when using Cisco AP's.

Shankar

-----Original Message-----
From: Rosenhan, David [mailto:David.Rosenhan () swiftbrands com] 
Sent: Friday, March 05, 2004 7:41 PM
To: Rosado, Rafael (Rafael); Camillo Bucciarelli
Cc: security-basics () securityfocus com; shankarnarayan.d () netsol co in
Subject: RE: 802.1x and PEAP

True, Cisco was one of the first vendors to even make it available.
WiFi or the IEEE hadn't come out with any true standard yet so Cisco
basically built their own, this is why you can't use another vendors
card and have TKIP with MIC and WEP enabled on a Cisco AP.  But I am
right when I say that no other card (that I have tried or that I know
of) then a Cisco card will work with a Cisco AP running WEP+TKIP+MIC. 

However with the new IBM T40 built in wireless card you can use the new
Cipher suite Cisco implemented in the IOS code on the 1200's, 350's and
1100's (after a free download of the software from the IBM website which
includes IBM's Application software and driver updates) This integrates
WPA with TKIP using the IEEE standard, it also works with Cisco LEAP and
with regular EAP.  

There is an option above the Cipher suite option that is Cisco
proprietary MIC and TKIP used with WEP in the IOS code.  I have spent
countless hours testing all of this so if you need more info then let me
know.

David Rosenhan, CCNP
Information Technology


-----Original Message-----
From: Rosado, Rafael (Rafael) [mailto:rarosado () lucent com] 
Sent: Friday, March 05, 2004 6:32 AM
To: Rosenhan, David; Camillo Bucciarelli
Cc: security-basics () securityfocus com; shankarnarayan.d () netsol co in
Subject: RE: 802.1x and PEAP

David,

I disagree with your comment about TKIP and MIC being proprietary.  TKIP
and
MIC are part of the Wifi Alliance's interim solution to WEP deficiencies
which are a subset of the Wifi Protected Access solution of IEEE 802.11i
(still in draft, expected to be ratified sometime 2nd-3rd QTR 2004).
Cisco
has a proprietary version of TKIP, but it is based on the framework
estabished by the WiFi Alliance. 

Rafael Rosado, CISSP, CISA
IT Security Manager
Lucent Technologies
IT Infrastructure - Network Design
2400 SW 145th Avenue 
Miramar, Florida 33027 
Office: 954-885-2176 
Facsimile: 954-885-3861 
Email: rarosado () lucent com 

This electronic mail message contains information belonging to Lucent
Technologies, which may be confidential and/or legal privileged. The
information is intended only for the use of the individual or entity
named
above. If you are not the intended recipient, you are hereby notified
that
any disclosure, printing, copying, distribution, or the taking of any
action
in reliance on the contents of this electronically mailed information is
strictly prohibited. If you receive this message in error, please
immediately notify us by electronic mail and delete this message.

-----Original Message-----
From: Rosenhan, David [mailto:David.Rosenhan () swiftbrands com] 
Sent: Thursday, March 04, 2004 3:18 PM
To: Camillo Bucciarelli
Cc: security-basics () securityfocus com; shankarnarayan.d () netsol co in
Subject: RE: 802.1x and PEAP

Camillo,

Broadcast key rotation can only be done with an authentication server. 

TKIP and MIC are Cisco proprietary, if you have an AP running VXWorks
and
not IOS they you won't get a different vendors card other then a 340 or
350
card to work with TKIP and MIC, period, even if you upgrade to IOS a
different vendors card will not work with TKIP and MIC, but there are
other
options with IOS.

If you upgrade to IOS on your AP (1200's and 350 AP's are up-gradable to
IOS) then you have some new options, you can now use new IEEE standards
like
WPA, the problem is the manufacturers card has to support it.  WPA is
really
new, even with Cisco 340 and 350 cards you have to use a separate piece
of
software (Like the Funk Odyssey client) to use WPA pre-shared keys.
IEEE
also included TKIP with WPA and you don't need a server to use it with
the
new IOS software on the 1200 and 350 AP's.
Plus there are options for EAP with WPA and broadcast key rotation with
authentication to a RADIUS server (Cisco has doc's that talk about how
the
ACS server works with all of this on their website).

Thanks!

David Rosenhan, CCNP
Information Technology


-----Original Message-----
From: Camillo Bucciarelli [mailto:camillobucciarelli () yahoo it]
Sent: Thursday, March 04, 2004 8:43 AM
To: shankarnarayan.d () netsol co in
Cc: security-basics () securityfocus com
Subject: RE: 802.1x and PEAP

Can I  use these features(Enhanced MIC verification for WEP, Temporal
Key
Integrity Protocol, Broadcast WEP Key rotation) with a non-cisco
wireless
adatpter?
Such as a 3com wireless PCMCIA? 
Actually I've tried a cisco aironet 340 wireless card.

Regards,
Camillo Bucciarelli

 --- shankarnarayan.d () netsol co in ha scritto: > This can be done best
on
the wireless networks
> having AP's from Cisco. The
> others are still in the process of accomplishing the same on their 
> Access Points (most have done it, some are yet to accomplish the 
> same). The broadcast key is negotiated for the first time and then the

> same is changed at periodic intervals (configurable by an 
> administrator). The old broadcast key is used to encrypt the new key 
> and the same is broadcast out to all the clients on the access point 
> at the expiry of the administrator defined time limit. On a Cisco you 
> would use the following commands on the Aironet 1100/ 1200 (with IOS) 
> in order
>  
> BM_1036542configure terminal
> BM_1036548
> interface dot11radio { 0 | 1 }
>  
> broadcast-key change seconds
> BM_1036574
> end
> BM_1036580
> copy running-config startup-config
>  
> Rgds,
> Shankar
>  
>  
>  
> -----Original Message-----
> From: Camillo Bucciarelli
> [mailto:camillobucciarelli () yahoo it]
> Sent: Wednesday, March 03, 2004 3:03 PM
> To: shankarnarayan.d () netsol co in
> Subject: RE: 802.1x and PEAP
>  
> Thanks,
> this is what I need to know.
>  
> I have another question: I need to use 802.1x in order to enable the 
> "broadcast key rotation"?
>  
> Camillo
>
> shankarnarayan.d () netsol co in wrote:
> The Lines below have been pulled straight from the PEAP working draft.

> This clearly defines that the initial negotiation of the PEAP is as in

> the TLS - thus providing the necessary security.
> Hope this answers your question OR have I got it wrong - If you 
> believe this is not the information that you were looking for request 
> you to please rephrase your question
>
> Shankar
>
> Protected EAP (PEAP) Version 2 is comprised of a two-part
> conversation:
>
> [1] In Part 1, a TLS session is negotiated, with server authenticating

> to the client and optionally the client to the server. The negotiated 
> key is then used to encrypt the rest of the conversation.
>
> [2] In Part 2, within the TLS session, zero or more EAP methods are 
> carried out. Part 2 completes with a success/failure indication 
> protected by the TLS session or a protected error (TLS alert).
>
> The PEAP conversation typically begins with an optional identity 
> exchange. The initial identity exchange is used primarily to route the

> EAP conversation to the EAP server. Since the initial identity 
> exchange is in the clear, the peer MAY decide to place a routing realm

> instead of its real name in the EAP-Response/Identity.
>
> In short, the first exchange is based on TLS where certificates are 
> used much in the same way as that used in the EAP-TLS.
> The remaining information
> of identity etc is then pumped through the TLS tunnel. Hence, EAP-TLS 
> may be one of the methods (actually the most common method) used to 
> establish the tunnel (using certificates)
>
> Shankar
>
> -----Original Message-----
> From: Camillo Bucciarelli
> [mailto:camillobucciarelli () yahoo it]
> Sent: Tuesday, March 02, 2004 3:46 PM
> To: security-basics () securityfocus com
> Subject: 802.1x and PEAP
>
> Good morning,
> I'm looking for detailed information about the Protected EAP. I can't 
> understand what the supplicant and Access Server use to establish the 
> TLS tunnel.
> Here's an example:
>
> Authenticating Peer Authenticator
> ------------------- -------------
> <- EAP-Request/
> Identity
> EAP-Response/
> Identity (MyID) ->
> <- EAP-Request/
> EAP-Type=PEAP, V=0
> (PEAP Start, S bit set)
>
> EAP-Response/
> EAP-Type=PEAP, V=0
> (TLS client_hello)->
> <- EAP-Request/
> EAP-Type=PEAP, V=0
> (TLS server_hello,
> TLS certificate,
> [TLS server_key_exchange,]
> [TLS certificate_request,]
> TLS server_hello_done)
> EAP-Response/
> EAP-Type=PEAP, V=0
> ([TLS certificate,]
> TLS client_key_exchange,
> [TLS certificate_verify,]
> TLS change_cipher_spec,
> TLS finished) ->
> <- EAP-Request/
> EAP-Type=PEAP, V=0
> (TLS change_cipher_spec,
> TLS finished)
> EAP-Response/
> EAP-Type=PEAP ->
>
> TLS channel established
> (messages sent within the TLS channel)
>
> They exchange a server_key_exchange and a client_key_exchange used to 
> derive the session key.
>
>
> It seems to me that the key exchange between the client and the server

> is done in clear text, but this means that I can actually sniff this 
> exchange. Now, this seems not logical to me. Anyone here has any idea 
> about "where" I am wrong ? Do the two elements hash in some way the 
> keys ? Or, another possibility, do we actually have the client key 
> encrypted with the public key that belongs to the server - that is of 
> course available - and we have the server key *only* that is 
> transmitted in clear text ? In the TLS protocol of course the two key 
> are encrypted with the ublic key of the "other end". But in PEAP ?
>
> Thanks in advance,
> Camillo
>
> =====
> Camillo Bucciarelli
______________________________________________________________________
> Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, 
> l'antivirus, il filtro Anti-spam
http://it.yahoo.com/mail_it/foot/?http://it.mail.yahoo.com/
>
------------------------------------------------------------------------
---
> Free 30-day trial: firewall with virus/spam protection, URL filtering,

> VPN, wireless security
>
> Protect your network against hackers, viruses, spam and other risks 
> with Astaro Security Linux, the comprehensive security solution that 
> combines six
=== message truncated === 

=====
Camillo Bucciarelli
 



______________________________________________________________________
Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati,
l'antivirus,
il filtro Anti-spam
http://it.yahoo.com/mail_it/foot/?http://it.mail.yahoo.com/

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------