2017年10月18日 星期三

Aruba針對wpa2的漏洞公告中文翻譯版

沒啥時間就翻了一點點,也許之後會補完,僅供參考



常問問題

WPA 安全漏洞
V1.0 - OCTOBER 16, 2017

Q:        發生了什麼事?

A:         A researcher has published a paper documenting fairly widespread vulnerabilities in various implementations of WPA2. The vulnerabilities are related to different key handshakes, used between the Wi-Fi supplicant (client) and the AP (authenticator) to derive and install encryption keys. Different implementations respond in different ways when keying handshake messages are retransmitted – some of these responses did not anticipate that the retransmission may be due to an attacker’s action rather than simple packet loss. Because these vulnerabilities are related to implementation flaws, they can be fixed through software updates.
One vulnerability is related to 802.11r (also known as Fast BSS Transition). This vulnerability is in the protocol itself, where the protocol does not adequately protect against malicious attack. It is possible to mitigate this vulnerability through a software update as well.

Q:        衝擊是什麼?

             A:當成功的用AES-CCMP(大多數Wi-Fi網絡的默認操作模式)使用WPA2時,攻擊者可以在一 個通信
              方向(從客戶端到AP)解密和重放數據包,但不能偽造數據包並將其注入網絡。
              當使用WPA-TKIP(一種已經遭受嚴重安全漏洞的加密方案,不推薦使用) - 攻擊者可以解密,重放和偽
              造數據包。

Q:        使此攻擊成為可能的原因?

A:         Wi-Fi uses AES-CTR (Advanced Encryption Standard in Counter Mode) to provide confidentiality.
With AES-CTR, the combination of a specific key and nonce value should only be used once to encrypt a block of plaintext.  If the combination is used twice, an attacker can possibly decrypt the two pieces of plaintext – particularly if the plaintext contains easily predicted values such as IP packet headers.
The attack described in the paper does exactly this – it causes various implementations of WPA2 to re- use the same key/nonce multiple times.

Q:        這攻擊很難實現嗎?

A:         An attacker must establish a man-in-the-middle position between a client and an AP. Further, the AP must be impersonating the MAC address of a legitimate AP, and must be on a different channel.
There are existing tools that can create such a scenario. Someone will then need to write code to attack the newly exposed vulnerability. Finally, tools will be needed to perform decryption of traffic based on a reused nonce/key combination. Aruba’s assessment is that this is within the capabilities of a skilled attacker with cryptography and Wi-Fi experience, but it will likely take some time before easy- to-use tools are developed.

Q:        為什麼這麼多廠商被攻擊?

A:         The IEEE 802.11 specification was silent about how to handle certain conditions, so that an implementation could be 100% standard-compliant but still vulnerable. In particular, the standard told implementers what to do, but not necessarily when to do it. To protect against this vulnerability, implementers must add additional state machine checks beyond what the standard requires. All vendors worked from the same specification documents, which is why the flaw is widespread.



Q:        這會影響WPA2-PSK或是WPA2-Enterprise?

A:         兩者都會被影響. 這攻擊對抗key exchange handshake而非對抗authentication exchange.

Q:        這影響 Wi-Fi infrastructure (APs/controllers)Wi-Fi clients或是兩者?

A:         兩者都會被影響

Q:        這意味著WPA2現在被攻破了?

A:         No. The vulnerability is due to implementation flaws (programmers did not anticipate and guard against a particular set of circumstances when writing the code) rather than a protocol-level weakness. Contributing to the problem was insufficient/ambiguous guidance to developers in the 802.11 standard. All vulnerabilities can be mitigated through software updates to affected systems without the need for a change in the protocol.

Q:        會有額外的漏洞在未來被揭露嗎?

A:         所有最近已知的漏洞已經在這次被公開。我們預期這一連串的漏洞與額外的研究都有被私人研究與IEEE 802.11委員會展示。額外的漏洞有可能在未來被揭露。

Q:        這攻擊會暴露憑證或是 keys?

A:         這攻擊不會揭露WPA2 authentication credentials諸如密碼或是pre-shared keys.
不需要為了此漏洞修改密碼或是re-key一個Wi-Fi 網路.

Q:        Aruba controlled Aps與運行ArubaOS Mobility Controllers的影響?

A:         ArubaOS contains both authenticator and supplicant functionality. The two are affected differently:
·         As an authenticator (standard WPA2 functionality where the AP/controller exchanges encrypted information with a Wi-Fi client), ArubaOS is not vulnerable to the key reinstallation attack in the 4- way and group key handshakes. This is because ArubaOS stores the latest value of the replay counter and will reject any message that contains a different replay value.
·         As an authenticator in the 802.11r Fast BSS Transition (FT) handshake, ArubaOS is vulnerable to the key reinstallation attack. This is made possible because the first two messages of the FT handshake do not contain a replay counter. Aruba has mitigated this attack through a software update. Note that 802.11r is not enabled by default in ArubaOS; the majority of Aruba customers will not be affected. For customers who have enabled 802.11r, disabling it will prevent the attack. Bug 168097 is tracking this issue.
·         The “mesh” feature of ArubaOS allows APs to connect to other APs over wireless links for the purpose of network extension. Mesh links are protected using WPA2, and the open-source Linux “wpa_supplicant” utility is used to provide 802.1X authentication. The research paper points out that wpa_supplicant is vulnerable to the key reinstallation attack. Mesh is not enabled by default in ArubaOS. For customers who have enabled this feature, disabling it will prevent the attack. Bug 168489 is tracking this issue.

Q:        我需要升級ArubaOS?

A:         推薦升級你的ArubaOS 軟體去緩解全部的漏洞


Q:        哪一個ArubaOS的軟體版本修復此問題?

A:         此漏洞被底下釋放出來的ArubaOS patch修復,這些ArubaOS都可以被馬上下載:
·         6.3.1.25
·         6.4.4.16
·         6.5.1.9
·         6.5.3.3
·         6.5.4.2
·         8.1.0.4

Q:        ArubaOS 5.x, 6.1, 6.2,6.5.2.x又如何呢?

A:         ArubaOS 5.x reached its end-of-support date in May 2016 and is no longer supported or maintained.
Aruba 6.1 and 6.2 reached their end-of-support date in May 2015. See http://www.arubanetworks.com/support-services/end-of-life/ for more information.

ArubaOS 6.5.2.x was a “controlled release” with different support policies than standard. The differences between 6.5.3.x and 6.5.2.x were relatively minor at the time that 6.5.3 was introduced. Since that time, 6.5.2.x has not been maintained. Customers can migrate to 6.5.3.x with minimal risk.

Q:        Aruba Instant的影響是什麼?

A:         InstantOS contains both authenticator and supplicant functionality. The two are affected differently:
·         As an authenticator (standard WPA2 functionality where the AP exchanges encrypted information with a Wi-Fi client), InstantOS is not vulnerable to the key reinstallation attack in the 4-way and group key handshakes. This is because InstantOS stores the latest value of the replay counter and will reject any message that contains a different replay value.
·         As an authenticator in the 802.11r Fast BSS Transition (FT) handshake, InstantOS is vulnerable to the key reinstallation attack. This is made possible because the first two messages of the FT handshake do not contain a replay counter. Aruba has mitigated this attack through a software update. Note that 802.11r is not enabled by default in InstantOS; the majority of Aruba customers will not be affected. For customers who have enabled 802.11r, disabling it will prevent the attack. Bug 168101 is tracking this issue.
·         The “mesh” feature of InstantOS allows APs to connect to other APs over wireless links for the purpose of network extension. Mesh links are protected using WPA2, and the open-source Linux “wpa_supplicant” utility is used to provide 802.1X authentication. The research paper points out that wpa_supplicant is vulnerable to the key reinstallation attack. Mesh is not enabled by default in InstantOS 4.1 and higher – in previous versions of InstantOS, mesh was enabled by default. For customers who have enabled this feature, disabling it will prevent the attack. Bug 168100 is tracking this issue.
·         IAP contains a feature called “Wi-Fi Uplink”, which allows an IAP to connect as a Wi-Fi client to another AP. This feature uses the open-source “wpa_supplicant” utility to provide 802.1X authentication, and is vulnerable to the key reinstallation attack. Wi-Fi Uplink is not enabled by default in InstantOS. For customers who have enabled this feature, disabling it will prevent the attack. Bug 168100 is tracking this issue.


Q:        我需要升級InstantOS?

A:         推薦升級你的ArubaOS 軟體去緩解全部的漏洞

Q:        哪一個InstantOS的軟體版本修復此問題?

A:         此弱點被底下釋放出來的ArubaOS patch修復,這些ArubaOS都可以被馬上下載:
·         4.2.4.9
·         4.3.1.6
·         6.5.3.3
·         6.5.4.2

Q:        我跟Aruba 沒有support contract 我仍然可以下載新的軟體?

A:         本次事件, 不管support contract 的狀態為何,Aruba將提供軟體升級給任何需要的人,用在這網址裡的電話號碼清單聯絡Aruba Support

Q:        How is Clarity Synthetic / Clarity Engine affected?

A:         Some customers have been beta-testing a new feature called “Clarity Synthetic,” which allows an Aruba access point to act like a Wi-Fi client, connecting and authenticating to another Aruba AP for the purpose of testing network performance. Clarity Synthetic is not an ArubaOS feature in its current form
  it is a separate system. Clarity Engine contains the open-source Linux “wpa_supplicant” utility to provide 802.1X authentication. The research paper points out that wpa_supplicant is vulnerable to the key reinstallation attack. Customers participating in the Clarity Synthetic beta should not use the feature until they update the software. Clarity Engine 1.0.0.1 contains a fix for the vulnerability.

Clarity Synthetic differs from “Clarity Live” – the latter is an ArubaOS feature that uses only passive monitoring of wireless traffic to create performance statistics. Clarity Live is not affected by the key reinstallation vulnerability.

Q:        Aruba 501 Client Bridge的影響為何?

A:         The client bridge acts as a Wi-Fi supplicant and incorporates the open-source wpa_supplicant code. It is vulnerable in a similar way to other Aruba products that contain supplicant functionality. Updated software is available for this product to address the issue and may be downloaded from the HPE My Networking Portal site.

Q:        其他Hewlett Packard Enterprise (HPE)無線產品影響為何?

A:         Aruba has reached out to the teams responsible for the HP MSM series of controllers and the HPE 8xx Unified WLAN Appliance series to obtain status. A separate security advisory will be issued (https://www.hpe.com/us/en/services/security-vulnerability.html) with full details. It has been reported that these products are not vulnerable to the key reinstallation attack in the 4-way handshake or group key handshake when acting as an 802.1X authenticator. The products do not support 802.11r and are not vulnerable to the FT handshake vulnerability.


Q:        到底Aruba在新軟體裡改變了什麼?

A:         大部份的Aruba特定漏洞來自於為了提供Wi-Fi client的某些功能而使用open-sourcewpa_supplicant 軟體。 經過了與其他wpa_supplicantICASI合作,Aruba 提供patches去對付這些漏洞。 除此之外, Aruba確定nonce/PTK combination只能被使用一次,用於對付FT handshake漏洞。如果一個key必須被重安裝,一個新的nonce會被創造。

Q:        這個修復會導致任何的互動性問題嗎? 效能會降低嗎?

A:            此修復應該不會導致互動性問題。 Wi-Fi 聯盟新增了關於修復此漏洞之後與成員公司互動性的特定測試。Aruba參與了這個程序。這個修復應該也不會導致任何的效能下降或是漫遊時的延遲。

Q:        我沒辦法馬上升級軟體。有workarounds的方式嗎?

A:         有的。檢視上面關於ArubaOS InstantOS的解釋去確定workarounds的方式
            停用漏洞功能將有效的緩解那些攻擊。

Q:        workarounds對我來說不實際。如果我不升級會有什麼風險?

A:         Risk will depend on individual circumstances. For example, if all critical enterprise data is protected in transit using HTTPS/TLS in addition to WPA2, then a partial loss of WPA2 security may not be viewed as critical. In general, Aruba believes this is an important update, but not an emergency update. It will take time before attack tools become widely available. Once tools do become available, the risk of decryption and replay appears to be limited to uni-directional traffic from the client to the AP.

Q:        The research paper mentions that it is easier to attack the group key handshake on clients if the AP immediately installs a new group key. What does Aruba do?

A:         Aruba immediately installs the group key after sending Group Message 1, and does not wait until all stations reply with Group Message 2. Aruba found through trial and error that waiting for all stations to respond led to network instability in enterprise networks. The problem in enterprise networks is that typically an AP is dealing with a large number of clients. Clients may go into power-save mode, may go to sleep, may roam out of Wi-Fi coverage, or disappear for a number of other reasons. If the AP waits for all stations to acknowledge a group key message, it may be left waiting forever – leaving the AP and stations unable to send broadcast and multicast traffic in the interim. Therefore, the decision was made to immediately install and begin using the new group key. Unfortunately, this behavior does make attacking the group key easier when using an unpatched client device.

Q:        如果我升級Aruba軟體,會解決所有問題嗎?

A:         不一定。 Aruba只提供了Wi-Fi 網路的infrastructure side Client side也必需被考慮。你必須要確定是否有在網路中使用了有漏洞的裝置,像是筆電、平板、手機、或物聯網裝置。所有主要廠牌的Wi-Fi client 裝置都已經被通知有這樣的漏洞,而且大部份應該都有受到衝擊的情況與有可獲得的資訊。

另外,新資訊的獲得而迫使軟體的升級是可能的。如果Aruba知道額外的漏洞,這樣的的資訊將會經由Aruba的標準漏洞揭露程序傳達。


Q:        這意味著為了完整的防護,我必須升級infrastructureclients?

A:         Updating just one half of the solution does not effectively solve the problem. However, an effective mitigation would be disabling 802.11r on the Aruba infrastructure while updating clients that are vulnerable to the 4-way handshake vulnerability.

Q:        如果我在AP/controller上停用802.11r clients仍然有FT handshake的弱點嗎?

A:         如果802.11r沒有在infrastructure上被啟用。 Clients將不會試圖使用FT handshake重新連繫。攻擊者將無法在這種情況下利用 FT handshake vulnerability漏洞。

Q:        我可以偵測是否有人攻擊我的網路或是裝置嗎?

A:         Aruba軟體會在per-client basis 上檢查replay counter mismatches。 如果偵測被觸發,將會產生log message Log訊息以Replay Counter Mismatches開頭,後面跟隨額外的細節。
Aruba已經釋放出新的 RFProtect (WIDS) 功能並且可以幫助偵測攻擊。這功能會在底下的ArubaOS被釋出:
·         6.4.4.16
·         6.5.1.9
·         6.5.3.3
·         6.5.4.2
·         8.2.0.0

Q:        Aruba什麼時候發現這個的?

A:         ArubaJuly 15, 2017藉由其他的研究與在August 28, 2017CERT Coordination Center發現了這個問題。Aruba也在September 12, 2017ICASI通知。Aruba為了參與更多工業等級的討論而跟ICASI簽屬NDA

Q:        為什麼Aruba現在公開這個?

A:         一個這樣等級的漏洞需要多家廠商與其他團體的合作,所以回應與patches會被準備等到漏洞變得廣為人知。 The vendor community (represented by ICASI), in cooperation with the author, CERT, and the Wi-Fi Alliance jointly agreed on October 16 as the disclosure date for this vulnerability.

Q:        Aruba會提供特別的進階通知給任何客戶或是夥伴嗎?

A:         不會,Aruba不會從事選擇性的漏洞揭露。

Q:        有多少其他的廠商被影響?

A:         所有有Wi-Fi設備或clients的廠商多少都有被影響。

.



7
 




Q:        我可以在哪裡閱讀這次攻擊與弱點的細節?

A:         原始研究文件的標題是“Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” 。出自Mathy Vanhoef 並被提交給在Computer and Communications Security 舉辦的第24Association for Computing Machinery (ACM)研討會。
           可以從此下載: https://papers.mathyvanhoef.com/ccs2017.pdf.

Q:        我可以在哪裡問問題?

A:         造訪https://community.arubanetworks.com.

沒有留言:

張貼留言