Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
1. Wi-Fi: Open or Secure
Making the best out of both...
Presented by François Proulx
At the HackFest 2011
Wednesday, 9 November, 11
2. Who am I ?
• François Proulx
• Jack of all trade, master of none
• RFCs junkie
• Specialized in mobile development (iOS)
• Been into Wi-Fi (in)security for a while
• Founding member of Île Sans Fil
• Started the WiFiDog captive portal
• Studied 802.11 specs in more depth while working on
a Wi-Fi based location system - iFIND @ MIT
Wednesday, 9 November, 11
3. The take-away message for this talk
• We need to fix the insecurity of Wi-Fi hotspot
• We already have all the building blocks we need
• There’s a simple and elegant solution and
it is entirely software based
• It’s called “Secure Open Wireless Access”
• We, as security pundits, need to advocate so that the
industry makes the necessary changes
Wednesday, 9 November, 11
4. But let’s rewind for a moment
• A brief recap of the state of 802.11
• 1999 - IEEE 802.11b (the one we know and love)
•Open System Authentication
•Shared Key Authentication (i.e. WEP)
• 2001 - 2005
•WEP proved utterly insecure (WEP cracking as a sport)
• In the meantime...
•Starbucks sells outrageously expensive lattés
+ Wi-Fi to poser kids surfing the Interwebs on their
shiny MacBook Pro
Wednesday, 9 November, 11
5. The state of 802.11 continued...
• At home
• We tell everybody to secure their home router by
using WPA2 with an unguessable passphrase
• In public Wi-Fi hotspots
• It is still the far west (MITM, Firesheep, SSLStrip, etc.)
• The majority of hotspots are Open Wi-Fi APs
• We know the dangers, so we behave accordingly
• Use SSL for all sensitive traffic
• Or VPN out to a safer place
• Meanwhile, the latté-sipping poser kids have lots of
fun browsing the Interwebs ... at our expense ;-)
Wednesday, 9 November, 11
6. What can we do about it?
• We want robust and yet usable security
• WPA2 + scan-click-and-connect usability
• We have very strong building blocks available
• 802.11i brought us 802.1X over wireless (EAPoW)
• Most of us don’t use 802.1X at home
• On the enterprise side, though...
• EAP is a way for deploying secure and robust setups
• Many EAP authentication methods exist (> 40)
• LEAP, EAP-TLS, EAP-TTLS, EAP-SIM, EAP-AKA...
Wednesday, 9 November, 11
7. How can we leverage EAP
for the good of public Wi-Fi hotspots?
• Enter “Secure Open Wireless Access” (SOWA)
• A simple technique relying on WPA2 with EAP-TLS
• Typically, EAP-TLS requires server and client side certs.
• Efficiently distributing certificates to clients
can be a pain in the b*tt
• Good! That’s the part we throw aside for SOWA
• Works just like the good old Web (HTTPS)
• You type in an address (ex. https://www.paypal.com),
establish an SSL connection (one-way auth.)
• With SOWA you pick the SSID and do anon. EAP-TLS
Wednesday, 9 November, 11
8. Brief recap of EAP-TLS
http://commons.wikimedia.org/wiki/File:EAP-TLS_handshake.png
Wednesday, 9 November, 11
9. Brief recap of EAP-TLS
http://commons.wikimedia.org/wiki/File:EAP-TLS_handshake.png
Wednesday, 9 November, 11
10. Brief recap of EAP-TLS
http://commons.wikimedia.org/wiki/File:EAP-TLS_handshake.png
Wednesday, 9 November, 11
11. Wait! Is that compliant with the spec?
• Actually, yes it is!
• RFC5216 (latest version of EAP-TLS) defines the
certificate_request message as optional
• The auth. server (RADIUS) can skip that message
(most implementations already behave correctly)
• The idea was that APs could be used anonymously
for emergency services
http://tools.ietf.org/html/rfc5216
http://tools.ietf.org/html/draft-ietf-ecrit-unauthenticated-access-03
Wednesday, 9 November, 11
12. What do we need to deploy it?
Note the secure.expensivecafe.com string
in both the SSID and the certifcate common name (CN)
They need to match to provide authentication
Protecting the user against rogue access points
Wednesday, 9 November, 11
13. But... it’s not that easy
1. Operating Systems patches
• Network selection GUI (to allow connection without a client cert.)
• Supplicant (so that is matches the SSID with the CN in the X.509 cert)
2. RADIUS server patches (FreeRadius patches exist)
• Allowing anonymous EAP-TLS
3. APs should use the RSN caps field (802.11 beacon)
to differentiate from other EAP-TLS SSID
(NOT mandatory for SOWA to work, but helps usability)
Wednesday, 9 November, 11
14. But... it’s not that easy
1. Operating Systems patches
• Network selection GUI (to allow connection without a client cert.)
• Supplicant (so that is matches the SSID with the CN in the X.509 cert)
2. RADIUS server patches (FreeRadius patches exist)
• Allowing anonymous EAP-TLS
3. APs should use the RSN caps field (802.11 beacon)
to differentiate from other EAP-TLS SSID
(NOT mandatory for SOWA to work, but helps usability)
Wednesday, 9 November, 11
15. Food for thought...
• What kind of iconography should we use to differentiate
• “Open”
• “Secure and Authenticated”
• “Secure Open”
Wednesday, 9 November, 11
16. Food for thought...
• What kind of iconography should we use to differentiate
• “Open”
• “Secure and Authenticated”
• “Secure Open”
Wednesday, 9 November, 11
17. Please, help us spread the word
• Thanks to Chris Byrd and IBM X-Force for inventing the
technique and presenting it at BlackHat 2011
http://blogs.iss.net/archive/SownCode.html
• There’s still a long way to go before SOWA can be used
by actual users, but play with it and spread the word
Wednesday, 9 November, 11