Technical

 View Only

Network access control and Blast RADIUS: What you need to know

By agallnx posted Dec 11, 2024 01:19 PM

  

Network access control and Blast RADIUS: What you need to know 

By Adilson Gal and Nicholas Starke 

 

Researchers demonstrated a novel attack in the summer of 2024 against the RADIUS protocol. Being a protocol level attack, their attack affected all RADIUS implementations. The researchers dubbed this attack “Blast RADIUS. The attack works by filling specific data fields within the RADIUS UDP Packet with random data in order to force a cryptographic hash collision.  

To better understand the risk posed by this vulnerability — as well as how HPE Aruba Networking network access control (NAC) solutions can assist in mitigating the risk — let’s review some basics about RADIUS/UDP and network security. 

How does RADIUS/UDP work? 

RADIUS, short for Remote Authentication Dial-In User Service, is an industry-standard network protocol developed by a company called Livingston Enterprises in 1991, which became an IETF standard in 1997 under RFC 2058.  

In modern deployments, RADIUS is commonly used in IEEE 802.1X port-based network access control systems to manage the authentication, authorization, and accounting (AAA) of authorized wired and wireless users. These controls can be used to prevent unauthorized access to services, such as to a Local Area Network (LAN), or to restrict authorized users’ access within a network. 

The default implementation of RADIUS relies on UDP as its standard transport protocol. UDP port 1812 is the officially assigned port number for RADIUS.

What are the components of the RADIUS client/server model? 

RADIUS basically consists of three main components: 

  • Network Access Server (NAS): The entity (i.e. RADIUS client) that operates as a client to the authentication server.  
  • Supplicant: The entity (i.e., user) being authenticated by the Network Access Server.   

  • Authentication Server: The entity (i.e., RADIUS server) that provides authentication services to the Network Access Server.  

The basic flow of RADIUS over UDP is as follows: 

  1. The supplicant presents authentication information to the NAS (i.e. username/password) 

  1. The NAS creates RADIUS Access-Request, containing attributes such as NAS-Identifier, NAS-Port, User-Name and User-Password (the MD5 message-digest algorithm is used to produce a 128-bit message digest of the password), and submits it to the RADIUS server via the network. Once the RADIUS server receives the Access-Request, it validates the NAS.  

  1. The RADIUS server consults a database (local or remote) for matching the supplicant information provided by the NAS. If the provided information meets all necessary conditions (such as correct credentials), the RADIUS server will respond with an Access-Accept message, granting the user access to the network resources. If the conditions are not met, it will respond with an Access-Reject message, denying access. 

How can the RADIUS/UDP process become compromised? 

Conventional RADIUS only encrypts the user password by generating a unique hash value based on the combination of the user’s password and the shared secret between the NAS and RADIUS server. The RADIUS packet header has several fields which accept arbitrary data. An attacker who has a privileged network position can intercept the UDP. By manipulating these arbitrary data fields, an adversary can forge a valid response packet that is then returned to the RADIUS client. The RADIUS client then authorizes the host to access the network resource like it would have had the adversary known valid username/password credentials. This is the essence of the Blast RADIUS attack. 

Message-Authenticator is an HMAC-MD5 checksum of the entire Access-Request packet, helping ensure the integrity and authenticity of the message. The Message-Authenticator is used to ensure that the message has not been tampered with during transmission.  

A RADIUS client (such as a network device) sends an Access-Request containing a Message-Authenticator attribute to the RADIUS server. The server then calculates its expected value for the Message-Authenticator attribute, based on its knowledge of the shared secret (the key between the client and server) and other parts of the Access-Request message. If the calculated value does not match the Message-Authenticator attribute in the request, it may indicate either a problem with the request (such as packet corruption) or a potential security issue (such as packet tampering). In either case, the server will discard the request and will not send any response back to the client. By silently discarding mismatched requests, the server prevents any faulty or malicious data from being processed. 

What are some NAC-based defenses against the Blast RADIUS attack? 

The HPE Aruba Networking ClearPass NAC solution versions 6.12.2 and 6.11.9 have introduced configuration options to require the inclusion of the Message-Authenticator attribute as the first RADIUS attribute. When enabled, ClearPass will reject any request or Dynamic Authorization transaction (such as Disconnect Message or Change of Authorization) that does not include the Message-Authenticator attribute as the first attribute. 

The entire Blast RADIUS attack hinges upon sending RADIUS packets over UDP. It is possible, and recommended, to configure RADIUS to work over TCP with TLS encrypting the data in transit. When RADIUS works over TCP with TLS, this is known as RadSec. Using RadFSec mitigates the risk posed by this vulnerability by preventing the attacker from performing a machine-in-the-middle attack against the stateless UDP packets. If an attacker attempts to mount a machine-in-the-middle attack against a RadSec TCP stream, the connection will fail due to the cryptographic protections provided by TLS. 

As another layer of defense, it is also important to isolate network management services onto their own “management VLAN Access to this VLAN should be tightly controlled, and all authorization attempts should be logged to a central logging service. 

Blast RADIUS targets cryptographic elements to create a hash collision that allows unauthorized access. This vulnerability underscores the critical need for heightened security measures, particularly for network management and authentication services. Enhanced security configurations within the HPE Aruba Networking ClearPass NAC solution mandate the Message-Authenticator attribute, which adds a layer of validation for all incoming requests. 

Implementing RADIUS over TLS is a pivotal strategy for organizations, especially in high-risk or roaming environments. By wrapping RADIUS packets in TLS, organizations can mitigate attacks on MD5-based authentications, moving toward a modernized, certificate-based trust model. This approach, along with network segmentation practices like isolating management VLANs, provides a robust defense against such protocol-level attacks, reinforcing the security and integrity of network access control frameworks. 

The main advantage of RADIUS over TLS is to provide a means to secure communication between peers using TLS. 

The most important use of this specification lies in roaming environments where RADIUS packets need to be transferred through different administrative domains and untrusted, potentially hostile networks. 

RADIUS over TLS wraps the entire RADIUS packet payload into a TLS stream and thus mitigates the risk of attacks on MD5. 

The new features in RADIUS over TLS obsolete the use of IP addresses and shared MD5 secrets to identify other peers and thus allow the use of more contemporary trust models, e.g., checking a certificate by inspecting the issuer and other certificate properties. 

Use network access control to protect against Blast RADIUS attacks 

The Blast RADIUS" attack represents a significant vulnerability within the RADIUS protocol, targeting its cryptographic elements to create a hash collision that allows unauthorized access. This vulnerability underscores the critical need for heightened security measures, particularly for network management and authentication services. With the enhanced security configurations in HPE Aruba Networking ClearPass NAC solution to mandate the Message-Authenticator attribute, you can add a layer of validation for all incoming requests that can help protect against this type of vulnerability. 

In addition, implementing RADIUS over TLS is a pivotal strategy for organizations, especially in high-risk or roaming environments. By wrapping RADIUS packets in TLS, organizations can mitigate attacks on MD5-based authentications, moving toward a modernized, certificate-based trust model. This approach, along with network segmentation practices like isolating management VLANs, provides a robust defense against such protocol-level attacks, reinforcing the security and integrity of network access control frameworks. 

Explore network access control in depth 

Author Bios: 

Adilson Gal is a CISSP and CC certified security professional with a focus on product security engineering. Since joining HPE Aruba Networking in 2022, he has been dedicated to strengthening the security of HPE Aruba Networking solutions.  

Nicholas Starke – Nick is an experienced security researcher specializing in firmware securityHe is passionate about low level reverse engineering and software developmentHe has been with Aruba since 2018 in his position as Threat Researcher. 

0 comments
37 views

Permalink