Re: [OPSAWG] Simplified Alternative to CAPWAP

[Björn Smedman <bjorn.smedman@anyfinetworks.com>]

Hi Zhen,

On Tue, Feb 25, 2014 at 9:27 AM, Cao,Zhen <zehn.cao@gmail.com> wrote:
> Appreciate your analysis.

Thanks, likewise.

>> True, in CAPWAP it's a border case that 802.1X key exchange and 802.11
>> encryption protects the user data plane all the way from the mobile
>> STA to the AC. But I think there are strong reasons to make this the
>> default:
>
> But I do not agree here. The 802.11 key only protect the data from STA
> to WTP, NOT the AC, both in local MAC and also one option in the split
> model.  http://tools.ietf.org/html/rfc5416#section-2.2.2

I share your understanding that in the CAPWAP Local MAC mode, and most
implementations of Split MAC, the 802.11 key only protects user data
between STA and WTP. But what I'm saying is that this is unfortunate.

In the corporate WLAN environment for which CAPWAP was originally
designed there is an assumption that WTPs and the Distribution System
(DS) are physically protected, by doors, badges and security
personnel. If somebody gets through those protections and can access
the WTP or DS then there are other things to worry about.

But in a carrier Wi-Fi environment this assumption no-longer holds
true. WTPs are installed in coffee shops, restaurants, stadiums and
even fixed-line subscriber homes (as a "second SSID" on a residential
gateway). There is ample opportunity for an attacker to go to work on
a WTP, perhaps even in the privacy of their own home.

If a single one of those WTPs is compromised (and CAPWAP mode is Local
MAC or Split MAC with encryption in WTP) then there is no-longer any
guarantee of user plane integrity or confidentiality for users of that
WTP. But perhaps more alarmingly there is now also a gaping hole in
the mutual authentication property of IEEE 802.11i, which means that
all users of the wireless network are opened up to possible
man-in-the-middle (MITM) attack [1]. If you combine this fact with
automatic SIM authentication and global roaming the potential impact
is significant.

This is the reason we insist on always implementing both 802.11
encryption and 802.1X authentication at the tunnel termination point
(e.g. an access router) in our SDWN architecture [2]. Unlike the WTP
the tunnel termination point can often be physically protected. This
provides strong guarantees of user data plane integrity and
confidentiality, and also protects the mutual authentication property
of the underlying IEEE 802.11i security mechanism.

Best regards,

Björn

1. This risk of MITM in a "secure" Wi-Fi network may not be entirely
obvious. We explain this risk when an attacker has access to
authentication credentials/interface here:
http://anyfi.net/documentation#i_mutual_authentication. The same
reasoning however holds true if the attacker can forward IEEE 802.11
frames between a targeted device and a CAPWAP AC, and get the 802.11
key from that AC (as in
http://tools.ietf.org/html/rfc5416#section-6.15).

2. http://anyfi.net/documentation#a_data_plane