an ninh mạng lan không dây -...
If you can't read please download the document
TRANSCRIPT
-
An ninh mng LAN khng dy (IEEE 802.11)
Gio vin: Nguyn Hiu Minh
9/4/2012 1
-
Cc ni dung trnh by
9/4/2012 2
1. Cng ngh WLAN
2. An ninh trong WLAN
3. Giao thc WEP
4. Giao thc WPA/WPA2
-
1. Cng ngh WLAN
9/4/2012 3
Nm 1985, y ban lin lc lin bang M FCC (Federal
Communications Commission), quyt nh m ca mt
s bng tn ca gii sng v tuyn, cho php s dng
chng m khng cn giy php ca chnh ph.
FCC ng th 3 gii sng cng nghip, khoa hc v
y t cho gii kinh doanh vin thng.
Ba gii sng ny, gi l cc bng tn rc (garbage bands
900 MHz, 2,4 GHz, 5,8 GHz), c phn b cho cc thit
b s dng vo cc mc ch ngoi lin lc.
-
Vai tr v v tr ca WLAN
9/4/2012 4
-
Cc chun WLAN
9/4/2012 5
Chun IEEE 802.11 chnh thc c ban hnh nm 1997.
IEEE 802.11 (chun WiFi) biu th mt tp hp cc chun WLAN c pht trin bi y ban chun ha IEEE LAN/MAN (IEEE 802.11).
Thut ng 802.11x c th c s dng biu th mt tp hp cc chun i vi tt c cc chun thnh phn ca n.
IEEE 802.11 c th c s dng biu th chun 802.11, i khi c gi l 802.11 gc (802.11 legacy).
-
9/4/2012 6
Sau 2 chun, IEEE 802.11a (bng tn 5,8
GHz) v IEEE 802.11b (bng tn 2,4 GHz), ln
lt c ph duyt thng 12/1999 v
thng 1/2000.
Sau khi c chun 802.11b, cc cng ty bt
u pht trin nhng thit b tng thch
vi n.
-
9/4/2012 7
C 6 cng ty bao gm Intersil, 3Com, Nokia,
Aironet, Symbol v Lucent lin kt vi nhau
to ra Lin minh tng thch Ethernet
khng dy WECA (The Wireless Ethernet
Compatibility Alliance).
Mc tiu hot ng ca t chc WECA l xc
nhn sn phm ca nhng nh cung cp
phi tng thch thc s vi nhau.
-
Quan h gia IEEE 802.11 v OSI
IEEE 802.11 l chun c t mng cc b khng dy, s dng
phng php truy nhp CSMA/CA.
9/4/2012 8
-
Cu trc WLAN
9/4/2012 9
Mt WLAN thng thng gm c 2 phn: cc thit b truy nhp khng dy (Wireless Clients), cc im truy nhp (Access Points AP).
-
Chun IEEE 802.11 v h tng
9/4/2012 10
C hai loi mng khng dy c bn:
Kiu Ad-hoc: Mi my trong mng giao tip trc tip vi nhau thng qua cc thit b khng dy m khng dng n cc thit b nh tuyn (Wireless Router) hay thu pht khng dy (Wireless Access Point).
Kiu Infrastructure: Cc my trong mng s dng mt hoc nhiu thit b nh tuyn hay thit b thu pht thc hin cc hot ng trao i d liu vi nhau.
-
Cc ch hot ng (a, Infrastructure; b, Ad-hoc)
9/4/2012 11
-
Cc chun an ninh h tr IEEE 802.11
9/4/2012 12
IEEE 802.11 (WEP)
IEEE 802.1X
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access 2 (WPA2)
-
9/4/2012 13
Chun an ninh
Cc phng php xc
thc
Cc phng php m ha
Kch thc kha m (bit)
Gii thch
IEEE 802.11 H thng m v kha chia
x
WEP 40 v 104 Xc thc v
m ha yu
IEEE 802.1x Cc phng php xc thc
EAP
N/A N/A
EAP cung cp kh nng xc thc mnh
WPAEnterprise
802.1X TKIP/AES
(Ty chn)
128 Xc thc mnh, TKIP/
AES.
WPAPersonal
PSK TKIP/AES
(Ty chn)
128
WPA2Enterprise
802.1X TKIP v AES
128
WPA2Personal
PSK TKIP v AES 128
-
2. An ninh trong WLAN
9/4/2012 14
Ti sao an ton thng tin trong WLAN li rt
quan trng?
iu ny bt ngun t tnh c hu ca mi
trng khng dy. Sng v tuyn c th xut
hin trn ng ph, t cc trm pht ca cc
mng LAN ny, v nh vy ai cng c th truy
cp nh thit b thch hp.
-
Cc dch v an ninh trong IEEE 802.11
9/4/2012 15
Ba dch v an ninh c bn:
S xc thc: Cung cp kh nng iu khin truy nhp ti mng nh ngn cm truy nhp i vi cc thit b c xc nhn khng hp l. Dch v ny hng n vn ch nhng ngi dng hp l mi c php truy nhp ti mng?
Tnh b mt (hoc tnh ring t): Mc tiu ca n nhm ngn chn vic c thng tin t cc i tng phi php. Dch v ny hng n vn ch nhng ngi dng hp l mi c php c thng tin ca mnh?
-
9/4/2012 16
Tnh ton vn: c pht trin nhm mc ch m bo cho cc bn tin khng b sa i khi truyn gia cc trm v cc im truy nhp. Dch v ny hng n vn thng tin trong mng l ng tin cy hay n b gi mo?
Cc dch v trn ch ra rng chun IEEE 802.11 khng cp n cc dch v an ninh khc nh kim ton, cp quyn, v chng t chi.
-
Cc phng php thc hin cc dch v
9/4/2012 17
SSID (Services Set Identifier): L cch thc dng phn bit
cc mng khc nhau t mt thc th. Khi im cc im truy
nhp (AP) c xc lp cc SSID mc nh bi nh sn xut.
Mc nh khi hot ng cc im truy cp s qung b cc
SSID (sau mi vi giy) trong cc Beacon Frames'.
Xc thc: Trc khi c th thc hin bt k mt phin lin lc
no gia mt trm lm vic v im truy nhp, chng phi
thc hin mt hi thoi (dialogue). Qu trnh ny c thc
hin nh mt s kt hp gia cc thc th.
WEP (Wired Equivalent Privacy): c thit k vi mc ch
bo m cho nhng ngi s dng mc an ton tng
ng vi mng khng dy.
-
Cc kiu tn cng trn WLAN
9/4/2012 18
Mt s kiu tn cng ch yu:
Tn cng b ng (nghe trm Passive attacks).
Tn cng ch ng (kt ni, d v cu hnh mng Active
attacks).
Tn cng kiu chn p (Jamming attacks).
Tn cng theo kiu thu ht (Manin-the-middle attacks).
Tn cng lp li (Replay attacks).
-
Tn cng b ng
Tn cng b ng thc hin nh mt cuc nghe trm.
Nhng thit b phn tch mng hoc nhng ng dng khc c s dng ly thng tin ca WLAN t mt khong cch vi mt anten hng tnh.
9/4/2012 19
-
Tn cng ch ng
Mt tn cng ch ng c th c dng tm cch truy nhp ti mt server ly nhng d liu quan trng, thm ch thay i cu hnh c s h tng mng.
9/4/2012 20
-
Tn cng theo kiu chn p
9/4/2012 21
-
3. Giao thc WEP
9/4/2012 22
Giao thc WEP c s dng trong cc mng
IEEE 802.11 nhm mc ch bo v d liu
trong truyn dn khng dy (mc lin kt).
Theo nh ngha, WEP c thit k m
bo tnh bo mt cho mng khng dy t
mc nh mng cp truyn thng.
-
9/4/2012 23
i vi mng LAN (chun IEEE 802.3), bo mt d liu
trn ng truyn i vi cc tn cng bn ngoi
c m bo qua bin php gii hn vt l, tc l
hacker khng th truy xut trc tip n h thng
ng truyn cp. Do chun 802.3 khng t ra
vn m ha d liu chng li cc truy cp tri
php.
i vi chun 802.11, vn m ha d liu c u
tin hng u do c tnh ca mng khng dy l
khng th gii hn v mt vt l truy cp n ng
truyn, bt c ai trong vng ph sng u c th truy
cp d liu nu khng c bo v.
-
9/4/2012 24
WEP l mt phng php m ho d liu c
thc hin ti lp iu khin truy cp (Media Access
Control MAC).
Phng php ny s dng thut ton m ho RC4
(IV, k) vi mt vc t IV c th thay i c v
mt kho k khng thay i, c gn trc trong
cc my trm v cc AP.
Phng php ny cn s dng mt tng kim tra
CRC xc thc bn tin.
-
9/4/2012 25
Trong vi nm u, thut ton ny c bo mt v
khng sn c, thng 9 nm 1994, mt vi ngi
a m ngun ca n ln mng.
Mc d by gi m ngun l sn c, nhng RC4 vn
c ng k bi RSADSI.
RC4 m ha v gii m rt nhanh, n rt d thc
hin, v n gin cc nh pht trin phn
mm c th dng n m ha cc phn mm ca
mnh.
-
S qu trnh m ha s dng WEP
9/4/2012 26
-
M t
9/4/2012 27
WEP da trn mt kha b mt k c chia x gia cc bn truyn thng bo v d liu truyn.
M ha ca 1 khung (frame) d liu c thc hin nh sau:
Tnh tng kim tra: Mt tng kim tra ca bn tin cn m ho M (tng kim tra c tnh theo CRC) c tnh v k hiu l c(M). Ri kt hp c(M) v M li vi nhau to thnh bn r (k hiu l P = (M, c(M)), P c dng lm u vo cho giai on th hai. Ch rng, c(M) v P khng ph thuc vo kho k.
-
9/4/2012 28
M ha: Tip theo bn r P c m ho s dng thut
ton m ho RC4.
Mt vc t khi to (IV) v c th thay i v mt kho k
khng i c chn. Thut ton RC4 sinh ra mt kho
dng (keystream l mt chui di cc byte gi ngu nhin,
chng l hm ca v v k). Dng kho c k hiu l RC4 (v,
k) c di bng P.
Sau bn r P v dng kha RC4 (v, k) c cng m un
hai (XOR hoc ) vi nhau to nn bn m (ciphertext), k
hiu l C v
C = P RC4 (v, k).
-
9/4/2012 29
Truyn tin: Cui cng, vc t khi to v v bn m C c truyn vo mi trng v tuyn. iu ny c th c biu din nh sau:
A B: v, (P RC4 (v, k)).
Dng ca khung d liu c m ha ch ra trn hnh sau:
-
S qu trnh gii m s dng WEP
9/4/2012 30
-
9/4/2012 31
Trc tin, thc hin vic XOR dng kha RC4 (v, k)
v bn m C nhn c bn r P.
Tip theo bn r P c kim tra xem c trng vi
bn r P khng, bng cch chia P thnh dng P =
(M, c(M)) v tnh tng kim tra ca bn tin M, v so
snh n vi tng kim tra c(M). iu ny s m
bo rng ch cc khung d liu vi gi tr tng kim
tra hp l mi c chp nhn bi ngi nhn.
-
Cc ri ro v cc bin php i ph trn giao thc
WEP
9/4/2012 32
Cc nguy c ri ro:
S dng cc kha WEP tnh (static WEP keys) chia x kha nh danh trong mt thi gian di gy ra nguy c b l kha.
iu ny bi v cc giao thc WEP khng cung cp s qun l kha d phng v vy trong trng hp mt my tnh b hack (hoc mt) s gy tn hi n tt c cc my tnh khc c s dng kha ny.
Thm na, nu mi trm trong mng s dng cng kha th s lng cc gi d liu kha s tng ln rt nhanh v chnh l iu kin thun li cho php cc hacker thc hin cc tn cng trn kha.
-
9/4/2012 33
Do WEP s dng RC4, mt thut ton s dng phng thc m ha dng (stream cipher), nn cn mt c ch m bo hai d liu ging nhau s khng cho kt qu ging nhau sau khi c m ha hai ln khc nhau. y l mt yu t quan trng trong vn m ha d liu nhm hn ch kh nng suy on kha ca hacker.
t mc ch trn, mt gi tr vct khi to (Initialization Vector IV) c s dng cng thm vi kha nhm to ra kha khc nhau mi ln m ha.
IV l mt gi tr c chiu di 24 bit v c chun IEEE 802.11 ngh (khng bt buc) phi thay i theo tng gi d liu. V my gi to ra IV khng theo nh lut hay tiu chun, IV bt buc phi c gi n my nhn dng khng m ha.
Cch s dng gi tr IV l ngun gc ca a s cc vn vi WEP.
-
9/4/2012 34
Do gi tr IV c truyn i dng khng m ha v t
trong phn u (header) ca gi d liu 802.11 nn bt c
ai "tm c" d liu trn mng u c th thy c.
Vi di 24 bit, gi tr ca IV dao ng trong khong
16.777.216 trng hp.
Nhng chuyn gia bo mt ti i hc California-
Berkeley pht hin ra l khi cng gi tr IV c s dng
vi cng kha trn mt gi d liu m ha (khi nim ny
c gi nm na l va chm IV), hacker c th bt gi d
liu v tm ra c kha WEP.
-
9/4/2012 35
IV l mt phn ca kha m RC4, nn trn thc t khi
mt hacker bit c 24 bit ca mi gi d liu kha
v kt hp vi cc im yu trong thi gian biu s
dng kha s cho php thc hin cc tn cng phn
tch thnh cng ch sau khi thu v phn tch mt s
lng nh cc gi d liu thu c.
Tn cng kiu ny c cng b m trn thc t
v thc hin di dng m ngun m.
-
9/4/2012 36
WEP khng cung cp kh nng bo v tnh ton
vn bng mt m.
Tuy nhin 802.11 MAC cung cp mt c ch
(Cyclic Redundancy Check CRC) kim tra tnh
ton vn ca cc gi d liu v cc gi c xc
nhn vi tng kim tra ng.
S kt hp gia cc kim tra khng bng cc
thut ton mt m kt hp cc kha dng l mt
gii php rt khng an ton.
-
Ti sao WEP c la chn?
9/4/2012 37
Chun 802.11 a ra cc tiu chun cho mt vn c gi l bo mt, l:
C th xut khu.
mnh.
Kh nng tng thch.
Kh nng c tnh c.
Ty chn, khng bt buc.
WEP hi t cc yu t ny, khi c a vo thc hin, WEP h tr bo mt cho mc ch tin cy, iu khin truy nhp, v ton vn d liu.
-
Cc bin php i ph
9/4/2012 38
Vn ct li ca WEP l kha WEP (WEP key).
Kha WEP l mt chui k t ch ci v s,
c s dng cho hai mc ch trong WLAN:
Kha WEP c s dng xc nh s cho
php (xc thc) ca mt trm lm vic;
Kha WEP dng m ha d liu.
-
Giao din nhp kha WEP C th phn phi kha WEP bng tay hoc s dng mt phng
php tin tin khc.
H thng phn b kha WEP c th n gin nh s thc hin kha tnh, hoc tin tin s dng Server qun l kha tp trung.
9/4/2012 39
-
Qun l kha m ha tp trung
9/4/2012 40
Vi nhng mng WLAN quy m ln s dng WEP nh mt
phng php bo mt cn bn, server qun l kha m ha
tp trung nn c s dng v nhng l do sau:
Qun l sinh kha tp trung.
Qun l vic phn b kha mt cch tp trung.
Thay i kha lun phin.
Gim bt cng vic cho admin.
Thay v s dng kha WEP tnh, m c th d dng b pht
hin bi hacker. WLAN c th c bo mt hn bi vic thc
hin cc kha trn tng phin, s dng mt h thng phn
phi kha tp trung.
-
9/4/2012 41
Server qun l kha m ha tp trung cho php sinh kha trn mi gi, mi phin, hoc cc phng php khc, ph thuc vo s thc hin ca cc nh sn xut.
-
S dng nhiu kha WEP
Hu ht cc my trm v AP c th a ra ng thi
4 kha WEP, nhm h tr cho vic phn on mng.
9/4/2012 42
-
Gii php mng ring o (VPN)
Khi VPN server c tch hp vo AP, cc my trm s dng phn mm to VPN, s dng cc giao thc nh PPTP hoc IPSec hnh thnh mt ng hm kt ni trc tip ti AP.
9/4/2012 43
-
Gia tng mc bo mt cho WEP
9/4/2012 44
S dng kha WEP c di 104 bit.
Thc thi chnh sch thay i kha WEP nh k.
S dng cc cng c theo di s liu thng k d liu
trn ng truyn khng dy.
S dng cc gii php k thut tng cng.
-
Ri ro v cc bin php i ph trn SSID
9/4/2012 45
Cc nguy c ri ro:
Chun IEEE 802.11 nh r SSID nh l mt dng mt khu
i vi mt ngi dng khi kt ni vi mt mng WLAN.
802.11 yu cu ngi dng cn phi c cng SSID nh trn
AP c th truy nhp v truyn thng i vi cc thit b
khc.
Trn thc t, SSID s ch an ton khi n c s dng kt
hp vi cc dch v an ton khc.
-
Mt vi li
9/4/2012 46
S dng SSID mc nh
Lm cho SSID c g lin quan n cng ty
S dng SSID nh nhng phng tin bo mt
mng WLAN
Khng cn thit qung b cc SSID
-
Cc bin php i ph
9/4/2012 47
Xa SSID khi cc beacon frame (nu thit b cho php
thc hin iu ).
Thay i SSID so vi gi tr mc nh (hu ht cc AP u
cho php thc hin iu ny).
Lun lun s dng SSID khng lin quan n Cng ty.
Lun coi SSID ch nh mt ci tn mng.
-
Ri ro v cc bin php i ph trn MAC
Cc nguy c ri ro
WLAN c th lc da vo a ch MAC ca cc my trm.
Ngi qun tr mng c th bin tp, phn phi v bo tr
mt danh sch nhng a ch MAC c php v ghichng
vo cc AP.
Mc d Lc MAC trng c v l mt phng php bo mt
tt, chng vn cn d b nh hng bi nhng thm nhp
sau:
S n trm mt Card PC trong c mt b lc MAC ca AP.
Vic thm d WLAN v sau gi mo vi mt a ch MAC
thm nhp vo mng.
9/4/2012 48
-
Cc bin php i ph
9/4/2012 49
S dng cc RADIUS Server qun l
cc a ch MAC.
S dng kt ni VPN gia cc my trm
v AP.
-
Ri ro v cc bin php i ph vi nghe trm
9/4/2012 50
Cc nguy c ri ro
Khi s dng cc anten c nhy cao, cho php c kh nng nhn c tn hiu sng v tuyn t cc khong cch xa hn. Trn thc t, khi s dng cc anten loi ny cho php nhn c (capture) cc tn hiu t khong vi km ti cc AP.
Trn thc t c rt nhiu cc phn mm (trn Internet nh AirSnort, Network Stumbler) cho php b kha WEP khi thu nhn s lng cc gi d liu truyn.
-
Cc bin php i ph Chn v tr t an ten thch hp (ti v tr cc trm trong mng u c kh
nng thu c thng tin, nhng tn hiu khng pht x i qu xa) v c th s dng cc tm che gim bt vic bc x cc tn hiu RF i qu xa.
iu chnh mc ngng pht v thu thng qua cc phn mm iu khin.
9/4/2012 51
-
Ri ro v cc bin php i ph vi s gi dng
9/4/2012 52
Cc nguy c ri ro:
Nu mt bn th ba c kh nng nghe trm trn mng WLAN
th n c kh nng gi dng tr thnh mt thnh vin chnh
thc ca mng.
y l mt nguy c mt an ton rt nguy him v kh nng
thc hin gi dng ph thuc vo mc bo mt ca cng ty.
-
Cc bin php i ph
9/4/2012 53
C mt s bin php cho php lm gim kh nng
mt ngui dng khng cp php truy nhp vo mng
nh mt ngi dng hp l.
Cc bin php ny c thc hin thng qua cc
chnh sch xc thc, cp quyn v kim ton (AAA
authentication, authorization and accounting).
-
9/4/2012 54
Vi chun IEEE 802.11, xc thc c th thc hin
bng cch m hoc chia x kha.
Vi phng thc xc thc u tin (h thng m)
khng cung cp kh nng xc thc.
Phng thc xc thc thng qua chia x kha
cng khng an ton.
C th thc hin mt s bin php lm cho vic
xc thc tr nn an ton hn.
Hai trong s cc bin php l s dng xc thc
theo a ch MAC v EAP.
-
9/4/2012 55
Trong chun IEEE 802.11 khng cung cp dch v cp
quyn. thay th, cp quyn thng c thc hin
theo cch gn cc nh danh ca ngi dng (UserID)
v mt khu ti cc ti nguyn mng khc nhau.
Nh cu hnh cc tham s cp quyn hp l c th ti
thiu ha kh nng mt bn th ba truy nhp ti ti
nguyn mng.
Dch v cp quyn rt quan trng, nhng n c th b
tn thng nu s dng kha WEP tnh hoc khng
s dng.
-
9/4/2012 56
Vi dch v kim ton, nh ghi li cc
phin truy nhp ti cc ti nguyn
mng khc nhau, mt c s d liu s
c to ra.
Da trn c s d liu ny c th thc
hin cc phn tch v nh gi cc kt
qu nhn c
-
Ri ro v cc bin php i ph vi cc im truy nhp gi (rogue AP)
9/4/2012 57
Cc nguy c ri ro
y l kiu nguy c m hacker ng gia v trm lu lng truyn gia 2 nt.
Nguy c ny rt mnh v hacker c th trm tt c lu lng i qua mng.
thc hin, hacker cn phi to ra mt AP thu ht nhiu s la chn hn AP chnh thng. AP gi ny c th c thit lp bng cch sao chp tt c cc cu hnh ca AP chnh thng l: SSID, a ch MAC, ...
-
Cc bin php i ph
9/4/2012 58
S dng cc cng c kim sot c bit
pht hin cc v tr t AP gi.
S dng cc gii php bo mt mnh trnh
vic phn tch thng tin v thu c tham s
cn thit.
-
4. Wi-Fi Protected Access WPA/WPA2
Wi-fi allience cng vi IEEE cng nhau xy dng mt gii php bo mt mnh hn.
Vo thng 10/2002, WPA ra i nh mt gii php bo mt tng cng cho WLAN.
9/4/2012 59
-
9/4/2012 60
WPA lm tng rt nhiu mc bo v d liu v
iu khin truy nhp cho cc mng WLAN ang tn ti,
n gii quyt tt c cc vn v cc nguy c tn
thng trong gii php WLAN trc . V n c
dng thay th hon ton WEP trong m bo an
ton WLAN.
WPA cung cp bo mt cho tt c cc phin bn tn
ti ca cc thit b WLAN 802.11: a, b, n cng c
thit k ti thiu ha s nh hng n hiu nng
hot ng ca mng.
-
9/4/2012 61
N chy nh phn mm nng cp trong cc thit b
bn trn th trng (AP, NIC).
Cc cng ty s c yu cu s dng cc server xc
thc nh RADIUS, nhng WPA cho php nhng vn
phng nh/ngi s dng c nhn hot ng mt
ch c bit khng cn chng (s dng c ch
mt khu chia x thc hin kch hot bo v
WPA).
WPA cung cp vic bo mt d liu mc cao v
ch nhng ngi dng c quyn mi c th truy
nhp mng nh mt thut ton m ha mnh v kh
nng xc thc mnh.
-
WPA hot ng nh th no
9/4/2012 62
S dng TKIP m ha (Temporary Key Integrity Protocol), s dng xc thc 802.1x vi giao thc xc thc m rng EAP.
TKIP s dng thut ton RC4 i vi thit k chun, mt s nh cung cp c th cung cp AES nh l mt la chn trong cc sn phm WPA ca h.
WPA s dng 48 bit IV thay cho 24 bit IV, n lm tng ng k mc an ton.
WPA c th s dng kha mi cho mi 802.11 frame, hoc c th da trn mt thi khong c xc nh trc trn AP.
-
9/4/2012 63
S dng 8 byte MIC (Michael Message Integrity
Check) kim tra tnh ton vn bn tin.
WPA s dng chui IV bo v tn cng lp li.
Gii php xc thc da trn 802.1X c tch
hp trong mi sn phm.
WPA h tr s dng phng n EAP hoc PSK
xc thc ngi dng trong mng.
-
So snh cc tnh nng ca WPA v WEP
9/4/2012 64
-
Cc tnh nng ca WPA
9/4/2012 65
-
IEEE 802.11i
9/4/2012 66
Thng 1/2001, nhm i c thnh lp trong IEEE nhm thc hin nhim v nng cao tnh an ton ca vn bo mt v xc thc trong 802.11. IEEE 802.11i (WPA2), c ph chun vo 24/6/2004, c thit k tng cng tnh an ninh trong lp MAC trong IEEE 802.11.
Chun 802.11i c gii thiu nh l mt s thay i nn tng ca cc vn xc thc, bo mt v ton vn, v th n cung cp mt kin trc mi v an ton mng.
Kin trc mi cho cc mng khng dy c gi l mng an ninh mnh (Robust Security Network - RSN) v s dng xc thc 802.1X, c ch phn phi kha mnh v cc c ch kim
tra ton vn v bo mt mi.
-
9/4/2012 67
-
Nguyn tc hot ng
9/4/2012 68
802.11 qung b, xc thc v kt hp: Khi mt trm
(STA) bt u hot ng, n s d tm cc AP trong
khong cch cho php s dng cc frame yu cu tm
kim.
Cc frame yu cu tm kim c gi trn mi knh
STA h tr, trong mt c gng tm kim tt c cc AP
c SSID ph hp v c tc d liu p ng yu
cu.
-
9/4/2012 69
Tt c cc AP trong phm vi tm kim v ph hp
vi cc yu cu qut tm kim ca STA s p li
vi mt frame p tr tm kim bao gm cc thng
tin ng b, ti ca AP v cc thng s bo mt.
STA s xc nh kt ni vo AP no thng qua vic
xem xt cc thng tin nhn c.
Sau khi STA xc nh c AP ti u kt ni ti
chng, khi WPA c h tr.
-
Giao thc xc thc IEEE 802.1X
9/4/2012 70
IEEE 802.1X (iu khin truy nhp mng da trn cng - Port-Based Network Access Control) c pht trin dnh cho cc mng khng dy, cung cp cc c ch xc thc, cp quyn v phn phi kha, v thc hin iu khin truy nhp i vi user truy nhp mng.
Cu trc IEEE 802.1X bao gm 3 thnh phn chnh:
User truy nhp mng.
Xc thc cung cp iu khin truy nhp mng.
Server xc thc.
-
9/4/2012 71
Trong cc mng khng dy, AP hot ng nh xc thc cung cp iu khin truy nhp mng.
Mi cng vt l (cng o trong WLAN) c chia thnh 2 cng logic to nn thc th truy nhp mng - PAE (Port Access Entity).
Authenticator PAE lun lun m cho php cc frame xc thc i qua, trong khi cc dch v PAE ch c m khi xc thc thnh cng. Quyt nh cho php truy nhp thng c thc hin bi thnh phn th ba, c gi l server xc thc (n c th l mt server Radius dnh ring hoc ch l mt phn mm chy trn AP).
-
9/4/2012 72
Chun 802.11i thc hin mt s thay i nh i vi 802.1X cc mng khng dy kim ton kh nng n trm ID.
Bn tin xc thc c kt hp cht ch m bo rng c user v AP tnh ton kha b mt v cho php m ha trc khi truy nhp vo mng.
User v authenticator lin lc vi nhau s dng giao thc da trn EAP. Ch rng vai tr ca authenticator ch yu l th ng n ch n gin chuyn tip tt c cc bn tin n server xc thc.
-
9/4/2012 73
-
9/4/2012 74
EAP l mt khung cho s dng cc phng php xc thc khc nhau (cho php ch mt s gii hn cc loi message Request, Respond, Succcess, Failure) v da trn vic la chn cc phng php xc thc: EAP-TLS, EAP-TTLS, PEAP, Kerberos v5, EAP-SIM, ... Khi qu trnh ny hon thnh, c hai thc th c mt kha b mt ch (Master key).
Truyn thng gia authenticator v server xc thc s dng giao thc EAPOL (EAP Over LAN), c s dng trong cc mng khng dy chuyn tip cc d liu EAP s dng cc giao thc lp cao nh Radius.
-
9/4/2012 75
Mt RSN c th s ch chp nhn cc thit b c kh
nng RSN, nhng IEEE 802.1i cng h tr mt kin
trc mng an ton chuyn tip (Transitional Security
Network - TSN) c hai h thng RSN v WEP cng
tham gia, cho php cc user nng cp cc thit b ca
h theo thi gian.
Cc th tc xc thc v kt hp s dng c ch bt
tay 4 bc, kt hp c gi l kt hp mng an ton
mnh (Robust Security Network Association - RSNA).
-
9/4/2012 76
Thit lp mt phin truyn thng bao gm 4
giai on:
Tn thnh cc chnh sch bo mt.
Xc thc 802.1X.
Nhn c kha ngun v phn phi.
Bo mt v ton vn d liu RSNA.
-
Thit lp mt phin truyn thng
9/4/2012 77
-
9/4/2012 78
Giai on 1 - tn thnh cc chnh sch bo mt:
giai on ny yu cu cc bn truyn thng tha
thun cc chnh sch bo mt s dng.
Cc chnh sch bo mt c h tr bi AP c
pht qung b trn cc beacon hoc trong cc bn
tin Probe Respond (tip sau mt Probe Respond t
client).
Tip theo l cc xc thc m (ging nh trong cc
mng TSN, xc thc l lun lun thnh cng).
-
9/4/2012 79
-
9/4/2012 80
Client phn ng a ra cc yu cu trong Associaton Request v c ph chun bi Associaton Respond t AP. Cc thng tin chnh sch an ton c gi trong trng RSN IE, bao gm:
Cc phng php xc thc c h tr (802.1X, PSK).
Cc giao thc an ton cho truyn thng unicast (CCMP, TKIP, ...) cp kha m ha.
Cc giao thc an ton cho truyn thng multicast (CCMP, TKIP, ...) - nhm kha m ha.
H tr tin xc thc, cho php cc user tin xc thc trc khi c chuyn ti truy nhp mng.
-
Giai on 2 xc thc 802.1X
9/4/2012 81
Da trn EAP v cc phng php xc thc c tha thun giai on 1 (EAP-TLS cho client v cc chng ch server (yu cu s dng PKI);, ...).
802.1X c bt u khi AP yu cu nh danh client, cc thng tin p tr t client bao gm cc thng tin v phng thc xc thc. Cc bn tin hp l sau c trao i gia client v AS sinh ra mt kha ch (Master Key - MK).
Ti im cui ca th tc mt bn tin chp nhn Radius c gi t AP ti client bao gm MK v bn tin thnh cng EAP.
-
9/4/2012 82
-
Giai on 3 cy kha v phn phi
9/4/2012 83
Kt ni an ton da trn cc kha b mt. Trong RSN, mi kha c mt thi gian sng gii hn v bo mt tng th c m bo nh s dng mt tp hp cc kha khc nhau, c t chc thnh cy. Khi mt phin bo mt c thit lp sau khi xc thc thnh cng, cc kha tm thi (kha phin) c to v thng xuyn cp nht cho n khi phin bo mt kt thc.
C 2 bc bt tay trong khi sinh kha.
4-way Handshake sinh ra PTK (Pair-wire Transient Key) v GTK (Group Transient Key).
Group Handshake Key: to mi cho GTK.
-
9/4/2012 84
-
9/4/2012 85
PMK (Pairwire Master Key) nhn c da trn
phng php xc thc c s dng:
Nu s dng PSK, PMK = PSK. PSK c sinh ra t
mt khu thng thng (t 8-63 k t) hoc l
mt chui 256 bit, cung cp cc gii php bo mt
cho c nhn hoc vn phng nh (khng cn
server xc thc).
Nu mt AS c s dng, PMK nhn c t MK
ca xc thc 802.11 X.
-
9/4/2012 86
-
9/4/2012 87
PMK bn thn khng bao gi c s dng cho m ha v kim tra ton vn. n c s dng sinh ra mt kha m ha tm thi PTK. di ca PTK ph thuc vo giao thc m ha: 512 bit cho TKIP v 384 cho CCMP.
PTK bao gm cc phn sau: KCK 128 bit: kha dnh cho xc thc cc bn tin (MIC) trong qu trnh 4-way handshake v group handshake key. KEK - 128 bit: kha m bo bo mt d liu trong qu trnh 4-way handshake v group handshake key. TK 128 bit: kha cho m ha d liu (c s dng bi TKIP hoc CCMP). TMK 2x64 bit: kha dnh cho xac thc d liu (c s dng ch vi MIC). Mt kha dnh ring cho mi knh lin lc.
-
9/4/2012 88
-
4-way handshake: c khi ngun t AP, to cho n c cc kh nng:
9/4/2012 89
Xc nhn s nhn bit ca client vi PTK.
Sinh ra PTK mi.
Ci t cc kha m ha v ton vn.
Xc nhn b m ha c chn.
-
9/4/2012 90
-
9/4/2012 91
-
Giai on 4 RSNA bo mt v ton vn d liu
9/4/2012 92
Tt c cc kha sinh ra cc giai on trn c s dng
trong cc giao thc h tr RSNA bo mt v ton vn.
TKIP (Temporal Key Hash).
CCMP (Counter-Mode/ Cipher Bock Chaining Message
Authentication Code Protocol).
WRAP (Wireless Robust Authenticated Protocol).
-
TKIP
9/4/2012 93
WPA c xy dng tng thch hon ton vi cc thit b WLAN ang tn ti. TKIP tng nng cao kh nng bo mt v phi tun theo cc yu cu tng thch, v vy n cng s dng thut ton mt m dng RC4. V vy s dng TKIP ch cn nng cp phn mm.
Trong thc t hu ht cc chuyn gia tin rng TKIP l mt gii php m ha mnh hn WEP. Tuy nhin h cng ng rng TKIP ch l mt gii php tm thi v n s dng RC4.
-
9/4/2012 94
u im chnh ca TKIP so vi WEP l s
lun phin kha.
TKIP s dng thay i thng xuyn cc
kha m cho RC4 (khong 10000 packet),
v vc t khi ti IV c to khc.
TKIP c bao gm trong 802.11i nh l
mt la chn.
-
9/4/2012 95
Trn thc t, TKIP bao gm 4 thut ton thc hin
tt nht cc kh nng an ton:
M kim tra tnh ton vn bn tin (MIC): c th thc
hin trn phn mm chy trn cc CPU tc thp.
Nguyn tc chui IV mi.
Chc nng trn kha trn mi gi.
Phn phi kha: mt phng php mi phn phi
kha.
-
Chc nng trn kha trn mi gi
9/4/2012 96
-
Gi tr MIC c tnh
9/4/2012 97
-
CCMP
9/4/2012 98
Khng ging nh TKIP bt buc phi c xy dng tng thch vi cc phn cng WEP c. CCMP l mt giao thc c thit k mi.
CCMP s dng ch m (Counter mode) kt hp vi mt phng thc xc thc bn tin c gi l CBC-MAC to MIC.
Mt s tnh nng mi cng c pht trin thm nh s dng mt kha n cho m ha v xc thc (vi cc IV khc nhau) hoc bao ph phn d liu khng c m ha bi xc thc.
-
9/4/2012 99
-
Cc im yu trong WPA/WPA2
9/4/2012 100
Ch mt t cc im yu nh c pht hin trn WPA/WPA2 t khi chng c ph chun, khng c im yu l l qu nguy him.
Hu ht cc im yu thc t l tn cng chng li kha PSK ca WPA/WPA2.
Nh bit PSK l phng n thay th ca 802.1x PMK sinh ra bi AS. N l mt chui 256 bit hoc mt mt khu t 8-63 k t, c s dng sinh ra s dng thut ton: PSK = PMK = PBKDF2 (pass, SSID, SSID length, 4096, 256), y PBKDF2 l mt phng php c s dng trng PKCS #5, 4096 l s lng ca cc hm hash v 256 l gi tr li ra. PTK c sinh ra t PMK s dng 4-way handshake v tt c thng tin c s dng tnh ton gi tr ca n c truyn dng plaintext.
-
9/4/2012 101
Sc mnh ca PTK v th da trn cc gi tr ca
PMK, PSK hiu qu bng cch s dng cc mt
khu mnh. Nh c ch ra bi Robert
Moskiwitz, bn tin th hai ca 4-way handshake
phi chu c cc tn cng s dng t in v
brute force.
C mt s tin ch c to ra li dng im
yu ny, aicrack c s dng tn cng PSK
trong WPA.
-
9/4/2012 102
Giao thc thit k (4096 hm hash cho mi pass)
ngha l mt tn cng brute force s rt chm.
Mt bin php chng li tn cng mt khu l s dng
t nht mt khu 20 k t.
thc hin tn cng ny attacker phi bt c cc
bn tin trong qu trnh 4-way handshake nh ch
gim st th ng mng khng dy hoc s dng tn
cng khng xc thc.
-
Cc bc tn cng
9/4/2012 103
Bc 1: kch hot ch quan st.
# airmon.sh start ath0
Bc tip theo s tm kim cc mng v cc client kt ni ti n.
Bc cui l thc hin mt tn cng s dng t in
-
9/4/2012 104
-
9/4/2012 105