Re: [saag] Would love some feedback on Opportunistic Wireless Encryption
Christian Huitema <huitema@microsoft.com> Fri, 28 August 2015 22:11 UTC
Return-Path: <huitema@microsoft.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D62351B34AE for <saag@ietfa.amsl.com>; Fri, 28 Aug 2015 15:11:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0N0sANvngEXN for <saag@ietfa.amsl.com>; Fri, 28 Aug 2015 15:11:21 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0785.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::785]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D199E1B3496 for <saag@ietf.org>; Fri, 28 Aug 2015 15:11:20 -0700 (PDT)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) by DM2PR0301MB0653.namprd03.prod.outlook.com (10.160.96.15) with Microsoft SMTP Server (TLS) id 15.1.256.15; Fri, 28 Aug 2015 22:11:18 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) with mapi id 15.01.0256.013; Fri, 28 Aug 2015 22:11:17 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Warren Kumari <warren@kumari.net>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] Would love some feedback on Opportunistic Wireless Encryption
Thread-Index: AQHQ4SMAZFCDPTU0j0ar6+bHp05ul54hJH4AgACfYCCAADKTQA==
Date: Fri, 28 Aug 2015 22:11:17 +0000
Message-ID: <DM2PR0301MB0655E3A7BB979DC667D4691BA86E0@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <CAHw9_iKt39m+tCHYxN4VuVFkJf65Go_V2x0udOtEn32ke+nrkQ@mail.gmail.com> <20150826170138.GB9021@mournblade.imrryr.org> <CAHw9_iJsg3WLRBW-h3nW14aAHF0f1UTAATRBmy5eR3-hS1QDZw@mail.gmail.com> <DM2PR0301MB0655816443EC6146F639C7DFA8600@DM2PR0301MB0655.namprd03.prod.outlook.com> <CAHw9_iJ1BgYWgdEJHivZeabgPUJ9soOrZr1DdxBiH2k4dquoLg@mail.gmail.com> <55E028E0.6080803@restena.lu> <DM2PR0301MB06558A9A77453010C046A024A86E0@DM2PR0301MB0655.namprd03.prod.outlook.com>
In-Reply-To: <DM2PR0301MB06558A9A77453010C046A024A86E0@DM2PR0301MB0655.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=huitema@microsoft.com;
x-originating-ip: [131.107.174.23]
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0653; 5:X1HuHQD1RVeMAFpiFQh9TpntabyAiKbsswTu82yZt2B3/gWolejBoBDuVDe58nOvUoKAJ39rhbL+8eLTwck48LyAcVnAzkVTefCZpOLuyxorA/+OQitSGwyRLbFasa9wNjhRgCCQzFgyCdoSGCyzyg==; 24:13xmMc+dAI6n6ZotAPpF25WOjG/GsBXBi6T8w973XQWkkEByiuC/WCRWx1R/+A1azPEQhoZhdMm+kkeFIdE6CBjKwA+YxIiRyoEK4naEv00=; 20:EMBH0fb0Sunk2QaXSvO4HrAzUE7EVuuDnSxY9wnfIZy5s/WcMWIYTel+jUVL7DxrY3YN+HDJE6pJdE/vICTqqw==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0653;
x-o365ent-eop-header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
x-microsoft-antispam-prvs: <DM2PR0301MB06539909F41CB73628521158A86E0@DM2PR0301MB0653.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(8121501046)(3002001); SRVR:DM2PR0301MB0653; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0653;
x-forefront-prvs: 0682FC00E8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(15594002)(377454003)(189002)(24454002)(74316001)(5001830100001)(50986999)(77156002)(77096005)(189998001)(5001860100001)(62966003)(64706001)(107886002)(2501003)(5001770100001)(87936001)(2900100001)(8990500004)(54356999)(2950100001)(97736004)(81156007)(76176999)(4001540100001)(101416001)(92566002)(66066001)(86612001)(10290500002)(76576001)(5001960100002)(2656002)(86362001)(10400500002)(5003600100002)(10090500001)(5005710100001)(105586002)(5007970100001)(5002640100001)(40100003)(5004730100002)(122556002)(99286002)(106356001)(102836002)(33656002)(93886004)(106116001)(68736005)(46102003)(551544002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0653; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Aug 2015 22:11:17.8251 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0653
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/_ZTsYy-kFCRAoMOOauG_tWKI7ww>
Subject: Re: [saag] Would love some feedback on Opportunistic Wireless Encryption
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Aug 2015 22:11:23 -0000
On Friday, August 28, 2015 12:14 PM, Christian Huitema wrote: > ... > This is in fact the main limitation to Warren's approach. The proposed OWE > system will still be vulnerable to passive listener attacks, and is thus not much of > an improvement over open networks. > > Note that this is also a limitation of the "public password" approach, as in "ask > the password to the bartender." We can hypothesize that mass surveillance > systems will quickly build a database linking networks, SSID and public > passwords. After all, the initial WPA2 exchange carries authentication codes that > are the hash of the nonce and the password, which trivially enables dictionary > attacks. That means the procedure will be: > > 1) Capture the initial exchange between Station and Access point, and > remember the nonce. > 2) Retrieve the password associated to the SSID from the database. > 3) Derive the per station key using the nonce. > 4) Win! > > Thinks would be different if instead of just sending the nonce in clear text the > WPA2 exchange used some variation of Diffie-Hellman or EKE. Attackers would > need to move from "passive listening" to "actively implement MITM attack," and > we believe that might curtail mass surveillance efforts. But that's not the case. In fact, there is a way out, but it requires a bit more coding than Warren's simple hack. Suppose that instead of using WPA2-PSK, the access point would be using 802.1x and EAP-Password (RFC 5931). Suppose that in addition, the AP will send an information element explaining that it uses the OWE convention, which means that the user name is "anonymous" and the password is the name of the SSID. The updated station automatically proceeds with the authentication. This results in the derivation of a one-time session key, which is not vulnerable to dictionary attacks and the like. It is still vulnerable to MITM attacks, but that's kind of the definition of opportunistic security. A variation of the implementation would define that the user name is "anonymous" and that the user needs to enter a password. That variation would be as easy to use as WPA2-PSK, but would be protected against dictionary attacks. Now of course that requires a fair amount of coding: implement this EAP Password variation in the AP, and make sure it is available in the clients. But we would have actually improved Wi-Fi security, without compromising the user experience. -- Christian Huitema
- [saag] Would love some feedback on Opportunistic … Warren Kumari
- Re: [saag] Would love some feedback on Opportunis… Viktor Dukhovni
- Re: [saag] Would love some feedback on Opportunis… Warren Kumari
- Re: [saag] Would love some feedback on Opportunis… Henry B (Hank) Hotz, CISSP
- Re: [saag] Would love some feedback on Opportunis… Christian Huitema
- Re: [saag] Would love some feedback on Opportunis… Dan Harkins
- Re: [saag] Would love some feedback on Opportunis… Dan Harkins
- Re: [saag] Would love some feedback on Opportunis… Warren Kumari
- Re: [saag] Would love some feedback on Opportunis… Warren Kumari
- Re: [saag] Would love some feedback on Opportunis… Warren Kumari
- Re: [saag] Would love some feedback on Opportunis… Stefan Winter
- Re: [saag] Would love some feedback on Opportunis… Christian Huitema
- Re: [saag] Would love some feedback on Opportunis… Christian Huitema
- Re: [saag] Would love some feedback on Opportunis… Michael Richardson
- Re: [saag] Would love some feedback on Opportunis… Josh Howlett
- Re: [saag] Would love some feedback on Opportunis… Warren Kumari
- Re: [saag] Would love some feedback on Opportunis… David Bird