1

My school is requiring that I download a wifi certificate to use the school wifi on my phone but i was wondering what downloading the certificate entails since it doesn't really tell you if I download this can they see what I do on my phone at home or just on the wifi

Bm87
  • 57
  • 1
  • 1
  • 2
  • They can use a man-in-the-middle attack to decrypt your SSL sessions whenever you’re using a network that they control. If they control your home network then they can see what you do on it, if they don’t then they can’t. – Mike Scott Feb 16 '18 at 19:50
  • I think we need to know more about the certificate. Is this a full CA certificate that can sign any domain? – Steve Sether Feb 16 '18 at 20:01
  • generally just what you do on their wifi. CA certs could help a school seemingly takeover an existing site from home, but i don't think that's a realistic concern. – dandavis Feb 16 '18 at 20:21
  • When you use the internet connection of someone else they can see what pages you visit (because your device connects to IP adresses that are publicly listed for that webpage). If the page uses HTTPS then usually the exact activity cannot be eavesdropped (for example when you connect to facebook then your internet supplier (here: your school) can see that you're on facebook but they cannot see what you do there). If you would like to know more about this then please type HTTPS or SSL into your favorite search engine. – BlueWizard Feb 16 '18 at 20:35
  • You probably ask because your phone notified you about the dangers of trusting third party certificates. Your phone should give you the correct terminology and maybe even link a resource where you can further research on your own – BlueWizard Feb 16 '18 at 20:36
  • I'm voting to close this as unclear what's been asked. Also, Information Security is not your forum for all questions regarding computers. – BlueWizard Feb 16 '18 at 20:36
  • 3
    I disagree. This is about information security, although the question can be improved. The easiest way to improve it would be to link to the certificate in question so we could see what kind of certificate it was. – Out of Band Feb 17 '18 at 01:45
  • @Pascal Indeed the question does appear to be on-topic, but the problem is that the question itself is too broad (there's no specific question to answer). "What does X entail?" is difficult to work with, even if X is related to information security. – forest Feb 21 '18 at 06:26
  • This is **not** a duplicate of the indicated question. This is not about approving/accepting the server certificate presented by the RADIUS server, this is about installing a certificate on the client device. This could be closed as potentially unclear, but as a duplicate is simply wrong. – YLearn Mar 31 '18 at 07:53

2 Answers2

6

There are two likely types of certificates they may be asking you to install:

The former is more security in that individual users of WiFi can be identified, and linked to the network traffic they create. The latter is the one that permits them to observe the content of your traffic.

Your first task would be to discern whether you are being given an authentication certificate for network layer connectivity or a "trusted root" key owned by the organization for issuing SSL certificates for any site.

Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
  • 5
    DON'T accept a root CA from your school. Your school is NOT able to sufficiently secure such a certificate, and if it gets in the wrong hands, the thief can masquerade as any website on the internet without your phone or you noticing. Chances that this happens are very small, but your school should teach you about such risks, not expose you to them. – Out of Band Feb 17 '18 at 01:42
  • 1
    @pascal - that is unnecessarily pessimistic. Many schools have better security on their network than companies. – Rory Alsop Feb 17 '18 at 14:21
  • I'd also counsel against installing a root CA from a company. There are reasons why it's very hard for a new Root CA to get into all the standard browsers. One of them is that they need to prove they take the security of their signing keys very, very seriously. Admittedly a school won't be a very likely target for an attacker, it's more of a "on principle" thing for me, but I seriously doubt your average school has the technical know-how to keep root CA signing keys secure. – Out of Band Feb 17 '18 at 16:47
  • Plus having to import a root CA into your browser means that the school wants to spy on you so they can be sure you're not looking at anything you shouldn't be looking at (porn, for example). While I understand the legal arguments behind this, I don't like the approach, especially if the school doesn't explain the consequences of importing a root CA - students are told that they need to install it so the school's content filter doesn't block them when they visit "sites with the green lock icon", but most students won't understand what that implies. – Out of Band Feb 17 '18 at 16:57
  • @Pascal, not accepting a root CA from your school can make your wireless authentication less secure. While I understand the point you are trying to make, your statement is only true when they are using the root CA to do SSL interception, not wireless authentication. – YLearn Mar 01 '18 at 23:05
  • @YLearn - yes, I agree. Still think it's a bad idea, though. – Out of Band Mar 02 '18 at 19:13
3

Having worked on wireless networks at multiple schools, I can say there are two types of certificates that you may be asked to install to connect to their wireless networks:

  • A client certificate used when authenticating your device to the wireless network.
  • A trusted CA certificate use to help validate the identity of a server.

In the first case, this may be a certificate tied to you as a user, to your device individually or to both. The certificate alone may provide your authentication or you may also be required to provide a username/password. Since this is generally considered one of the more secure forms wireless authentication can take, you have no reason to be concerned about this type of certificate.

The second case is where you may want to question further, but is also likely nothing too concerning. The big distinction here is if the CA certificate is being used during the authentication process to the wireless network (good use) or if it is being used to access the Internet (questionable use). I am going to skip discussing the latter as this topic has been covered by a number of question/answers on this site (I don't have time to look up examples at present, so anyone feel free to edit some in if you like).

Most often this CA certificate is being used to validate the identity of the RADIUS authentication server to which your EAP supplicant is authenticating. Generally speaking, the EAP supplicant must make a decision on whether it will send your username/password to the authentication server without being connected to the network. This means it is only able to work with information it has and information it is given by the authentication server, it can't go out on the Internet to check another source until after it has authenticated and it is too late to withhold your username/password.

The EAP supplicant does this primarily by checking two things (with a couple options present in many EAP supplicants like Windows and OSX, but often not on mobile devices like tablets and phones):

  1. Is the certificate provided by the authentication server a valid certificate issued from a CA trusted by the client device?
  2. (Optional) Is the certificate issued from the designated CA(s) in the EAP supplicant?
  3. Does the hostname listed on the certificate match the hostname given by the authentication server?
  4. (Optional) Is the hostname given by the authentication server one of the hostnames allowed in the configuration of the EAP supplicant?

The other options for the EAP supplicant are to either have the OS prompt the user to "check and approve" the certificate (bad idea) or to not validate the certificate at all (worse idea) before sending your username/password.

So why would a school choose to setup their own CA and issue certificates for the authentication servers? Several reasons:

  • Cost - it used to be there were a small number of CAs that could be expected to be installed on almost all operating systems. Getting certificates that provide for authentication service (not just HTTPS web traffic) from these could be expensive, especially if the school runs a large number of authentication servers (as generally you need a certificate per server).
  • Reduced end user impact - most CAs will only issue certificates for a maximum of three years. When the certificate on a wireless authentication server changes, at the very least the end user will be notified of the change and prompted to accept the new certificate. In some cases, the EAP supplicant will simply fail to connect to the wireless network until reconfigured. Schools that run their own CA can choose to issue certificates with expirations further out than 3 years, reducing the number of times their end users are impacted by a certificate change.
  • Increased security - if the school uses a public CA to issue their authentication certificates, then an "attacker" will find it easier to "impersonate" the school network.

Let me discuss this last point a bit more as it is the key reason to do so (at least in my mind). I apologize for being redundant, but this is the key point. Since the EAP supplicant isn't connected to a network before deciding to pass along your username/password, it is limited in the information it can use to make this decision. As such, it can be easily "tricked" into doing so by an attacker.

It is trivial (and in some cases entirely free) for an attacker to get a valid certificate from a public CA that can match the hostname of the attacker's own "authentication server." If specific hostnames for the authentication servers are not configured in the EAP supplicant (and they often are not or can't be), then even if the designated CA is configured and is a public CA, the attack just needs to get their certificate from the same public CA. End result is compromised user credentials.

An attacker will have a much more difficult time getting a valid certificate issued from the private CA of the school and if that private CA is the only designated CA in the EAP supplicant, then it makes it very difficult for an attacker to pretend to be the real wireless network and capture credentials for those clients.

YLearn
  • 3,967
  • 1
  • 17
  • 34