CAPWAP Overview

1
CAPWAP Overview

• Saag Presentation
• 65th IETF
• 23 March 2006

T. Charles Clancy clancy_at_cs.umd.edu
Scott G. Kelly scott_at_hyperthought.com
2
Agenda

• Introduction
• Some background and current scope
• Security-related protocols, relationships,
  considerations, requirements
• Current state of things
• Conclusion

3
Introduction

• Defining a protocol to control and provision
  wireless access points
• Things carried over protocol include
• Access Point configuration/control
• Network access control decisions
• Cryptographic session keys
• Security is obviously a significant concern
• Compromised communications may result in
  infrastructure take-over
• Working group wants to invite security area
  participation
• Requesting appointment of a security advisor
• Formal liaison with security area
• Avoid delays in document advancement due to
  security concerns
• Provide security community connection for
  security reviews, advice

4
Background

• Early Architecture

Mgmt
AS/AAA
WLAN ELEMENTS AS Authentication Server,
typically RADIUS AP wireless access point STA
wireless station (typically a laptop)
AP
AP
STA
STA
STA
STA
5
Current Architecture(Security Protocol Hierarchy
and Interactions)
Mgmt
AAA
SNMP HTTP TLS SSH
RADIUS IPsec
AC
AC
CAPWAP
CAPWAP
WTP
WTP
WTP
WTP
802.1X, 802.11i, WPA
802.1X, 802.11i, WPA
STA
STA
STA
STA
STA
STA
STA
STA
Each layer in hierarchy depends on layers above
for security
6
Complex Trust Relationships
Color Coding
Mgmt
AAA

• short-term keys

RADIUS PSK

• long-term keys

Admin Credential
MK
AC
AC
Long-Term EAP Credential
MSK/PMK
PSK/Cert
WTP
WTP
WTP
WTP
PTK
STA
STA
STA
STA
STA
STA
STA
STA
7
Why is security important in CAPWAP?

• Many interdependent security protocols between
  station and network
• CAPWAP must not degrade existing security (cant
  become weak link)
• Multiple deployment models
• Direct L2 connection
• Physical security solves most problems
• Routed connection, one administrative domain
• Mobile network elements introduce infrastructure
  risks
• Routed connection, potentially hostile hops
• Remote WTP scenarios
• Employees take WTPs home
• Branch office WTP, Central office AC
• Hotspots
• some hops may be over wireless
• Mesh (e.g. metro wifi)

8
Additional CAPWAP Security Considerations

• Splitting the MAC introduces security
  complexity
• If 802.11 crypto is terminated at the WTP,
  security context must arrive there securely (via
  AC), and WTP must implement 802.11 data security
  functions
• Otherwise, AC implements 802.11 data security
  functions
• Since user/station authentication is mediated by
  the AC, it must securely interact with AS
• WTP forwards 802.1x frames to AC
• AC-WTP communications must not be a weak link
  they require
• Strong mutual authentication
• Data integrity verification
• Confidentiality (depends on deployment nuances,
  threats)

9
CAPWAP Protocol Security Requirements
IN SCOPE

• AC ? WTP
• Authentication is unique, strong, mutual, and
  explicit
• Communications protected by strong ciphersuite

• AC ? AAA
• STA ? AAA
• STA ? WTP
• Management ? AC

NOT CURRENTLY IN SCOPE (but requirements
nonetheless)
10
Current State of CAPWAP

• 4 competing protocol proposals were evaluated
• WG created independent eval team
• Protocols LWAPP,SLAPP,WiCoP,CTP
• WG chose LWAPP as basis for new CAPWAP protocol
• LWAPP provides its own proprietary security
  mechanisms
• Eval team (and others) recommended replacing this
  with DTLS

11
LWAPP Security Protocol, cont.

• T. Charles Clancy (UMD) conducted security
  review, proposed improvements
• Protocol subsequently modified to meet wg
  objectives draft requirements and Clancy
  suggestions
• LWAPP/DTLS draft submitted by Kelly Rescorla
• DTLS added to capwap-00 draft as proposed
  security mechanism
• Numerous operational details yet to be specified,
  but no show-stoppers uncovered or anticipated
• WG still discussing, hopefully to reach closure
  soon

12
Compare/Contrast DTLS vs LWAPP
DTLS
LWAPP

• Standards-based protocol
• TLS is well reviewed (DTLS is equivalent from
  security perspective)
• Widely deployed on the Internet (TLS)
• Negotiation capability provides for algorithm
  agility
• Several freely available implementations
• Built-in DoS protection
• Employs security best practices
• Unidirectional crypto keys
• Each side contributes to IVs
• Security parameter verification via message hash
• Continued benefit from broad deployment and
  scrutiny

• Home-grown protocol
• Latest incarnation has only one public review
• Little deployment experience
• No algorithm negotiation crypto change requires
  protocol forklift
• No known open source implementations
• No DoS protection
• A few questionable security practices
• Same key used for transmit/receive
• One side controls IV generation
• No verification of negotiable parameters (psk vs
  cert)
• One-off (capwap-only) deployment severely limits
  exposure to scrutiny

13
SUMMARY

• Security is clearly an integral concern for
  CAPWAP
• IEEE efforts primarily focused on STAWTPAS
• AC??WTP interactions introduce various subtleties
• Its easy to get security wrong, even when
  clueful people are involved more eyes on the
  problem mitigates the risk
• CAPWAP would clearly benefit from additional
  security community participation
• Group needs formal security advisor
• Formal liaison with security area
• Avoid delays in document advancement due to
  security concerns
• Provide security community connection for
  security reviews, advice
• Questions?

14
(No Transcript)
15
Background

• Early WLAN deployments rely on fat access
  points
• Standalone, individually managed network elements
• Limited range implies mgmt scaling issues
• User roaming implies other infrastructure issues
• Current generation moving to centralized control
  model, thin access points
• This presents a number of challenges that merit
  IETF attention

16
Background, cont.

• Next Generation WLAN Architecture

New Terms AC Access Controller WTP Wireless
Termination Point
AAA
Mgmt
AC
AC
CAPWAP Domain
WTP
WTP
WTP
WTP
STA
STA
STA
STA
STA
STA
STA
STA
17
Current CAPWAP Scope

• There are many security-related interactions
  among wlan elements
• Management Plane
• AAA/AS
• AC
• WTP
• Arguably, should be managed entirely by AC
• AC-WTP communications
• WTP-STA communications
• Much of the related security is out of scope
  (provided by various IEEE protocols, RADIUS/EAP
  extensions)
• Current CAPWAP scope covers only AC-WTP
  communications
• Obviously dont want to introduce weak link

18
Preaching to the choir

• CAPWAP group has familiar question
• Homegrown vs standards-based security?
• This is a debate weve had before in IETF
• Roll your own security protocol?
• Or use a standard, well-scrutinized one instead?
• Getting to closure on this ASAP is a priority for
  capwap wg

19
LWAPP Security Overview

• Initial protocol was certificate-based
• WTP generates random session ID, forwards this
  with cert to AC
• AC validates cert, generates crypto keys,
  encrypts with WTP public key, signs encrypted
  keys session ID, returns these to WTP (RSA key
  wrap)
• WTP unwraps keys, uses AES-CCM for subsequent
  control channel communications
• This protocol had a number of shortcomings

20
CAPWAP Attack Containment
AAA
Unaffected Nodes
WTP Compromise
AC
AC
WTP
WTP
WTP
WTP
Affected Nodes
STA
STA
STA
STA
STA
STA
STA
STA