ieee 802.1x與ieee 802.11i的 介紹
DESCRIPTION
IEEE 802.1x與IEEE 802.11i的 介紹. 指導教授:陳偉業 老師 碩專資管二甲 N9490012 林士淵 富強鑫公司 資訊工程師 2006/12/23. 參考文獻. J.-C. Chen et al.,Wireless LAN Security and IEEE 802.11i , 2004 年。 周駿呈 , WLAN 網路安全解決方案,工研院 IEK-ITIS 計畫 鄧友清,無線區域網路安全未來發展,工研院 IEK-ITIS 計畫. 一、前言. - PowerPoint PPT PresentationTRANSCRIPT
-
IEEE 802.1xIEEE 802.11i
N9490012 2006/12/23
-
J.-C. Chen et al.Wireless LAN Security and IEEE 802.11i2004
WLANIEK-ITIS
IEK-ITIS
-
IEEE 802.11(b)IEEE 802.11(b)MAC
WEP(Wired Equivalent Privacy)
-
(client)(access point, AP)clientAP
(access control)
IEEE 802.11(b)WEPRC4IEEE
-
RC4,(WLAN ClientAccess Point)Key,Key
-
,RC4,24 bitsIV(initial vector, IV),IVWEP KeyRC4,Stream CipherXOR,,IV,IVWEP Key,
-
WEP Key24 bitsIVIVIV24bitsIV2^24(16777216)WEP Key2^24IV
IV(PCMCIA)IV
WEPWEP Key
-
share keyIEEE IEEE 802.1xWLANIEEE 802.11i
802.1xMAC 802.1xIP
802.1xIEEE 802.11(b)IEEE 802.1x
-
IEEE 802.1x EAPOL(EAP Over Lan)Authentication (AAA )
-
EAPOL(EAP Over Lan)IP Layer, EAP,EAPOL,Access PointAAA (Authentication, Authorization, and Accounting) Server.
Authentication Authentication
-
AAA IETF(The Internet Engineering TaskForce)RFC 2903RFC 2904RFC 2905RFC 2906RFC 2989
AAA RADIUS(Remote Authentication Dial In User Service)Diameter3GPP2 CDMA 2000 Diameter CDMA 2000
CISCO TACACS+(TerminalAccess Controller Access Control System)
-
RADIUSRequestResponseAccept Reject
Access RequestRADIUS
-
IEEE 802.1x
1. (Password base) 2. (Certificate base) 3. SIM(SIM card base)
EAP-MD5EAP-TLSEAP-SIM1,2EAP-TTLS
-
EAP-MD5 MD5
-
EAP EAP Authenticator (Identity)AuthenticatorAuthenticator AuthenticatorAuthenticator Authenticator AP
-
EAP-TLSMicroSoftCisco(PKI,Public Key Infrastructure)PKIPKI
-
EAP EAP Authenticator Authenticator Authenticator EAP-TLS TLS TLS EAP TLS TLS EAP-TLS WAP-TLS Authenticator Authenticator Authenticator
-
IETFIEEE 802.1X RADIUS Usage Guidelines802.1x RadiusAAAWEP KeyAccess PointWEP KeyWEP Key802.1xWEP KeyEAPOL-KeyWEP KeyWEP KeyWEP Key
-
802.1xWEP KeyHandshakingWEP KeyAccess PointWEP KeyWEP KeyKeyWEP Key
-
IEEE 802.11iIEEE 802.11iWIFIWIFI Protected AccessIEEE 802.11i Draft
802.11iTKIP (Temporal Key Integrity Protocol)AESTKIPWPA 1.x (WPA/SSN)
IEEE 802.11i
-
TKIP802.11RC4Key
WEP24-bitIVTKIP48-bit IVIVWPA802.1xEAPWPA TKIPWEPWPAWPAAESWPA TKIPWEPWEP KeyWPA TKIPKey
-
TKIP Per-Packet
-
TKIPRC4KeyTKIP128-bits WEP Key KeyWEP KeyWEP KeyIV RC4 KeyTKIPTKIP KeyIV128 bitsIV128 bits Key
48 bits IV(32 bits16 bits)Phase 1Phase 2Key
-
802.11i WPA
-
MIC
-
KeyWPAMIC(MessageIntegrity Code) MICCRC
MICMichael64 bitsMICMichaelMIC
-
IEEE 802.11iIEEE 802.1xTKIPAESTKIPRC4AESReal-Time
2002Wi-FiWPA(Wi-Fi Protected Access)WPATKIPWPAWPAIntersilAtherosAtmelAgereEnvaraIEEE 802.11iTKIPAES