Radius Vulnerabilities in Wireless Overview

1
Radius Vulnerabilities in Wireless Overview

• Randy Chou - rchou_at_arubanetworks.com
• Merv Andrade - merv_at_arubanetworks.com
• Joshua Wright - jwright_at_sans.org

2
Background Vulnerability
AP (Authenticator)
Client (Supplicant)
Radius Auth Server
Associate EAP
Key Exchange w/ Server Cert
User Auth inside TLS
Send MPPE Key
Send encryption Keys

• Sniff packets. Wired risky, wireless
  undetectable.
• VLAN separation does not mitigate sniffing.
• Radius key known or attacked offline, see draft.
• Wireless data decryption, can be offline.

3
Attack Methodology

• Adversary captures request and response
  authenticators
• Mounts brute-force/dictionary attack against
  secret
• Adversary uses secret to
• Forge Access-Accept frames
• Decrypt MPPE for EAP keys

Response Auth MD5(code id len request
auth attributes secret)
4
The Problem

• Several references disclose vulnerabilities but
  are largely ignored
• Some popular clients dont implement IPSEC per
  RFC3579
• Impact of compromised secret is serious
• Compromised authentication, decryption of
  link-layer encryption mechanisms
• Loss of keys Loss of certificates

5
Goals

• Update RFC3579 to MUST for IPsec support
• Analyze seriousness of vulnerabilities in
  existing implementations
• Provide best practice recommendations
• Certification process for RADIUS devices
• Not just interoperability, conformance tests

6
Questions?

• Please direct comments to the authors or RADEXT
  reflector
• Randy Chou - rchou_at_arubanetworks.com
• Merv Andrade - merv_at_arubanetworks.com
• Joshua Wright - jwright_at_sans.org
• http//www.drizzle.com/aboba/RADEXT/radius_vuln_
  00.txt