Back to list
Re: The Skinny On How Not To Write An Article About WPA-PSK
Nov 18 2010 09:20PM
Christopher Byrd (chris riosec com)
Without a trust model for authenticating server certificates there is
no way to prevent MitM attacks against TLS. This same problem exists
with existing closed EAP-TLS and EAP-PEAP networks today, which
require manual configuration to prevent rogue attacks.
Even so, EAP-TLS without client authentication still presents a
substantive advantage over open wireless. Capturing traffic goes from
an easy, passive, possibly legal activity to a more difficult, active,
potentially illegal one. Also, it is more difficult for an attacker as
it's much easier to capture wireless than to perform a MitM / evil
twin attack for all the reasons I'm sure you and the other readers of
this list know well.
In addition I have also proposed a simple solution: that wireless
supplicants should, by default, validate that the SSID matches the
Subject CN or SubAltNames of the presented certificate when doing
EAP-TLS or EAP-PEAP, similar to how web browsers match the hostname to
What an end user would see would be a wireless network like
"GuestWiFi.MyCoffeeShop.com" with a lock icon. When they click on it
to join, it just connects - no other interaction needed.
In the background the supplicant has received the server certificate,
validated that it contains GuestWiFi.MyCoffeeShop.com or
*.MyCoffeeShop.com in it's Subject CN or SubAltNames, in addition to
the traditional checks like chain of trust and validity period. If it
fails the validation it either presents a prompt to the user (similar
to current browser warnings) or a failure message.
I absolutely agree with your point about "layer 8" problems, and I
that's why a solution to secure open wireless is warranted. It's not
enough to say that people should use secure protocols / applications -
unfortunately we know that just isn't going to always happen.
On Thu, Nov 18, 2010 at 10:47 AM, <dragorn (at) kismetwireless (dot) net [email concealed]> wrote:
> How do you handle the trust model where the user knows they can trust
> this AP? If they have to accept a cert, while technically sound, I fear
> it's not much better for actually protecting the users, because they'll
> just click OK anyhow. If it's signed w/ a public ca, I can just get my
> own and spoof the AP and get all the non-https traffic anyhow.
> I realize this argument mixes "is it cryptographically secure" and
> "layer 8" problems, but if we don't solve both, we haven't actually
> protected the users any.
[ reply ]
Copyright 2010, SecurityFocus