Capwap Mailing List: LWAPP Security Review

[T. Charles Clancy (clancy]

At the authors' request, I have completed a security review of LWAPP 
(http://www.ietf.org/internet-drafts/draft-ohara-capwap-lwapp-02.txt). 
The review can be found here:

http://www.cs.umd.edu/~clancy/docs/lwapp-review.pdf

Abstract:

This document introduces the LWAPP protocol and provides an analysis of 
its security features.  In particular, the public-key authentication, 
preshared-key authentication, and packet-level encryption are examined. 
Also, the security ramications introduced by the IEEE 802.11 binding are 
reviewed.  Lastly, recommendations on changes the the protocol are 
presented.

Overall, LWAPP is "secure". However, given access to the wired network, 
there are opportunities for denial of service attacks against the 
public-key authentication algorithm.  None of the attacks presented in 
this document result in the compromise of keying material for active 
sessions, or the ability to steal service.

[ t. charles clancy ]--[ tcc [at] umd.edu ]--[ www.cs.umd.edu/~clancy ]
[ computer science ]-----[ university of maryland | college park ]