| RE: LWAPP Security Review | <– Date –> <– Thread –> |
From: Michael Cheng (M.Z.Cheng mdx.ac.uk)
|
|
| Date: Fri, 13 May 2005 07:31:38 -0400 (EDT) | |
We had a review on the early version of LWAPP in 2004 which can be found via http://www.cs.mdx.ac.uk/staffpages/m_cheng/link/lwapp_g.pdf. Abstract. Light Weight Access Point Protocol (LWAPP) is a new protocol being designed to make communications between access points and wireless switches automatic. This protocol allows a router or switch to interop- erably control and manage a collection of wireless access points, so as to move some of the loading due to Wi-Fi processes and function com- plexity to the centralized wireless switches or routers. In this report we analyze the security design of the protocol, address some possible attacks and present some fix solutions. Moreover the proposed key- transport protocols have their own interest and can be used in other scenarios. -- We did not follow the development of LWAPP. But from Charles' work, we found the public-key based scheme has not siginificant change in the new version. As Charles pointed out, the scheme is vulnerable to DoS attack. Michael Cheng -----Original Message----- From: capwap-admin [at] frascone.com [mailto:capwap-admin [at] frascone.com] On Behalf Of T. Charles Clancy Sent: Thursday, May 12, 2005 5:14 PM To: capwap [at] frascone.com Cc: housley [at] vigilsec.com Subject: [Capwap] LWAPP Security Review At the authors' request, I have completed a security review of LWAPP (http://www.ietf.org/internet-drafts/draft-ohara-capwap-lwapp-02.txt). The review can be found here: http://www.cs.umd.edu/~clancy/docs/lwapp-review.pdf Abstract: This document introduces the LWAPP protocol and provides an analysis of its security features. In particular, the public-key authentication, preshared-key authentication, and packet-level encryption are examined. Also, the security ramications introduced by the IEEE 802.11 binding are reviewed. Lastly, recommendations on changes the the protocol are presented. Overall, LWAPP is "secure". However, given access to the wired network, there are opportunities for denial of service attacks against the public-key authentication algorithm. None of the attacks presented in this document result in the compromise of keying material for active sessions, or the ability to steal service. [ t. charles clancy ]--[ tcc [at] umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]-----[ university of maryland | college park ] _______________________________________________ Capwap mailing list Capwap [at] frascone.com http://mail.frascone.com/mailman/listinfo/capwap
-
LWAPP Security Review T. Charles Clancy, May 12 2005
- RE: LWAPP Security Review Agcaoili, Philip, May 12 2005
- RE: LWAPP Security Review Michael Cheng, May 13 2005
Results generated by Tiger Technologies using MHonArc.