Professional Documents
Culture Documents
11)
9/4/2012
Cc ni dung trnh by
1. 2.
3.
4.
9/4/2012
FCC ng th 3 gii sng cng nghip, khoa hc v y t cho gii kinh doanh vin thng. Ba gii sng ny, gi l cc bng tn rc (garbage bands
Vai tr v v tr ca WLAN
9/4/2012
Cc chun WLAN
Chun IEEE 802.11 chnh thc c ban hnh nm 1997. IEEE 802.11 (chun WiFi) biu th mt tp hp cc chun WLAN c pht trin bi y ban chun ha IEEE LAN/MAN (IEEE 802.11). Thut ng 802.11x c th c s dng biu th mt tp hp cc chun i vi tt c cc chun thnh phn ca n. IEEE 802.11 c th c s dng biu th chun 802.11, i khi c gi l 802.11 gc (802.11 legacy).
5 9/4/2012
IEEE 802.11 l chun c t mng cc b khng dy, s dng phng php truy nhp CSMA/CA.
9/4/2012
Cu trc WLAN
Mt WLAN thng thng gm c 2 phn: cc thit b truy nhp khng dy (Wireless Clients), cc im truy nhp (Access Points AP).
9/4/2012
C hai loi mng khng dy c bn: Kiu Ad-hoc: Mi my trong mng giao tip trc tip vi nhau thng qua cc thit b khng dy m khng dng n cc thit b nh tuyn (Wireless Router) hay thu pht khng dy (Wireless Access Point). Kiu Infrastructure: Cc my trong mng s dng mt hoc nhiu thit b nh tuyn hay thit b thu pht thc hin cc hot ng trao i d liu vi nhau.
10 9/4/2012
11
9/4/2012
12
9/4/2012
Gii thch
Xc thc v m ha yu
IEEE 802.1x
N/A
N/A
128
PSK 802.1X
128 128
13
WPA2 Personal
PSK
TKIP v AES
128
9/4/2012
Ti sao an ton thng tin trong WLAN li rt quan trng? iu ny bt ngun t tnh c hu ca mi trng khng dy. Sng v tuyn c th xut hin trn ng ph, t cc trm pht ca cc mng LAN ny, v nh vy ai cng c th truy cp nh thit b thch hp.
14
9/4/2012
Ba dch v an ninh c bn: S xc thc: Cung cp kh nng iu khin truy nhp ti mng nh ngn cm truy nhp i vi cc thit b c xc nhn khng hp l. Dch v ny hng n vn ch nhng ngi dng hp l mi c php truy nhp ti mng? Tnh b mt (hoc tnh ring t): Mc tiu ca n nhm ngn chn vic c thng tin t cc i tng phi php. Dch v ny hng n vn ch nhng ngi dng hp l mi c php c thng tin ca mnh?
15
9/4/2012
Tnh ton vn: c pht trin nhm mc ch m bo cho cc bn tin khng b sa i khi truyn gia cc trm v cc im truy nhp. Dch v ny hng n vn thng tin trong mng l ng tin cy hay n b gi mo? Cc dch v trn ch ra rng chun IEEE 802.11 khng cp n cc dch v an ninh khc nh kim ton, cp quyn, v chng t chi.
16 9/4/2012
SSID (Services Set Identifier): L cch thc dng phn bit cc mng khc nhau t mt thc th. Khi im cc im truy nhp (AP) c xc lp cc SSID mc nh bi nh sn xut. Mc nh khi hot ng cc im truy cp s qung b cc SSID (sau mi vi giy) trong cc Beacon Frames'. Xc thc: Trc khi c th thc hin bt k mt phin lin lc no gia mt trm lm vic v im truy nhp, chng phi thc hin mt hi thoi (dialogue). Qu trnh ny c thc hin nh mt s kt hp gia cc thc th. WEP (Wired Equivalent Privacy): c thit k vi mc ch bo m cho nhng ngi s dng mc an ton tng ng vi mng khng dy.
17 9/4/2012
Tn cng b ng (nghe trm Passive attacks). Tn cng ch ng (kt ni, d v cu hnh mng Active attacks).
Tn cng kiu chn p (Jamming attacks). Tn cng theo kiu thu ht (Manin-the-middle attacks). Tn cng lp li (Replay attacks).
18
9/4/2012
Tn cng b ng
Tn cng b ng thc hin nh mt cuc nghe trm. Nhng thit b phn tch mng hoc nhng ng dng khc c s dng ly thng tin ca WLAN t mt khong cch vi mt anten hng tnh.
19 9/4/2012
Tn cng ch ng
Mt tn cng ch ng c th c dng tm cch truy nhp ti mt server ly nhng d liu quan trng, thm ch thay i cu hnh c s h tng mng.
20
9/4/2012
21
9/4/2012
i vi mng LAN (chun IEEE 802.3), bo mt d liu trn ng truyn i vi cc tn cng bn ngoi c m bo qua bin php gii hn vt l, tc l hacker khng th truy xut trc tip n h thng ng truyn cp. Do chun 802.3 khng t ra vn m ha d liu chng li cc truy cp tri php.
i vi chun 802.11, vn m ha d liu c u tin hng u do c tnh ca mng khng dy l khng th gii hn v mt vt l truy cp n ng truyn, bt c ai trong vng ph sng u c th truy cp d liu nu khng c bo v.
9/4/2012
23
24
9/4/2012
a m ngun ca n ln mng.
c ng k bi RSADSI.
mnh.
25 9/4/2012
26
9/4/2012
M t
WEP da trn mt kha b mt k c chia x gia cc bn truyn thng bo v d liu truyn. M ha ca 1 khung (frame) d liu c thc hin nh sau: Tnh tng kim tra: Mt tng kim tra ca bn tin cn m ho M (tng kim tra c tnh theo CRC) c tnh v k hiu l c(M). Ri kt hp c(M) v M li vi nhau to thnh bn r (k hiu l P = (M, c(M)), P c dng lm u vo cho giai on th hai. Ch rng, c(M) v P khng ph thuc vo kho k.
27
9/4/2012
M ha: Tip theo bn r P c m ho s dng thut ton m ho RC4. Mt vc t khi to (IV) v c th thay i v mt kho k
Truyn tin: Cui cng, vc t khi to v v bn m C c truyn vo mi trng v tuyn. iu ny c th c biu din nh sau: A B: v, (P RC4 (v, k)). Dng ca khung d liu c m ha ch ra trn hnh sau:
29
9/4/2012
30
9/4/2012
Trc tin, thc hin vic XOR dng kha RC4 (v, k) v bn m C nhn c bn r P.
Tip theo bn r P c kim tra xem c trng vi bn r P khng, bng cch chia P thnh dng P = (M, c(M)) v tnh tng kim tra ca bn tin M, v so snh n vi tng kim tra c(M). iu ny s m bo rng ch cc khung d liu vi gi tr tng kim tra hp l mi c chp nhn bi ngi nhn.
31
9/4/2012
Cc nguy c ri ro:
S dng cc kha WEP tnh (static WEP keys) chia x kha nh danh trong mt thi gian di gy ra nguy c b l kha. iu ny bi v cc giao thc WEP khng cung cp s qun l kha d phng v vy trong trng hp mt my tnh b hack (hoc mt) s gy tn hi n tt c cc my tnh khc c s dng kha ny. Thm na, nu mi trm trong mng s dng cng kha th s lng cc gi d liu kha s tng ln rt nhanh v chnh l iu kin thun li cho php cc hacker thc hin cc tn cng trn kha.
32 9/4/2012
33
Do WEP s dng RC4, mt thut ton s dng phng thc m ha dng (stream cipher), nn cn mt c ch m bo hai d liu ging nhau s khng cho kt qu ging nhau sau khi c m ha hai ln khc nhau. y l mt yu t quan trng trong vn m ha d liu nhm hn ch kh nng suy on kha ca hacker. t mc ch trn, mt gi tr vct khi to (Initialization Vector IV) c s dng cng thm vi kha nhm to ra kha khc nhau mi ln m ha. IV l mt gi tr c chiu di 24 bit v c chun IEEE 802.11 ngh (khng bt buc) phi thay i theo tng gi d liu. V my gi to ra IV khng theo nh lut hay tiu chun, IV bt buc phi c gi n my nhn dng khng m ha. Cch s dng gi tr IV l ngun gc ca a s cc vn vi WEP.
9/4/2012
Do gi tr IV c truyn i dng khng m ha v t trong phn u (header) ca gi d liu 802.11 nn bt c ai "tm c" d liu trn mng u c th thy c. Vi di 24 bit, gi tr ca IV dao ng trong khong
IV l mt phn ca kha m RC4, nn trn thc t khi mt hacker bit c 24 bit ca mi gi d liu kha v kt hp vi cc im yu trong thi gian biu s dng kha s cho php thc hin cc tn cng phn tch thnh cng ch sau khi thu v phn tch mt s lng nh cc gi d liu thu c.
35
9/4/2012
ton vn ca cc gi d liu v cc gi c xc
nhn vi tng kim tra ng.
37 9/4/2012
Cc bin php i ph
Vn ct li ca WEP l kha WEP (WEP key). Kha WEP l mt chui k t ch ci v s, c s dng cho hai mc ch trong WLAN: Kha WEP c s dng xc nh s cho
C th phn phi kha WEP bng tay hoc s dng mt phng php tin tin khc. H thng phn b kha WEP c th n gin nh s thc hin kha tnh, hoc tin tin s dng Server qun l kha tp trung.
39
9/4/2012
Vi nhng mng WLAN quy m ln s dng WEP nh mt phng php bo mt cn bn, server qun l kha m ha tp trung nn c s dng v nhng l do sau: Qun l sinh kha tp trung.
40
9/4/2012
Server qun l kha m ha tp trung cho php sinh kha trn mi gi, mi phin, hoc cc phng php khc, ph thuc vo s thc hin ca cc nh sn xut.
41
9/4/2012
42
9/4/2012
Khi VPN server c tch hp vo AP, cc my trm s dng phn mm to VPN, s dng cc giao thc nh PPTP hoc IPSec hnh thnh mt ng hm kt ni trc tip ti AP.
43
9/4/2012
S dng kha WEP c di 104 bit. Thc thi chnh sch thay i kha WEP nh k. S dng cc cng c theo di s liu thng k d liu trn ng truyn khng dy.
44
9/4/2012
Cc nguy c ri ro: Chun IEEE 802.11 nh r SSID nh l mt dng mt khu i vi mt ngi dng khi kt ni vi mt mng WLAN.
khc.
Trn thc t, SSID s ch an ton khi n c s dng kt
Mt vi li
46
9/4/2012
Cc bin php i ph
Xa SSID khi cc beacon frame (nu thit b cho php thc hin iu ).
Lun lun s dng SSID khng lin quan n Cng ty. Lun coi SSID ch nh mt ci tn mng.
47
9/4/2012
Cc nguy c ri ro
Cc bin php i ph
S
cc a ch MAC.
S
v AP.
49
9/4/2012
Cc nguy c ri ro Khi s dng cc anten c nhy cao, cho php c kh nng nhn c tn hiu sng v tuyn t cc khong cch xa hn. Trn thc t, khi s dng cc anten loi ny cho php nhn c (capture) cc tn hiu t khong vi km ti cc AP. Trn thc t c rt nhiu cc phn mm (trn Internet nh AirSnort, Network Stumbler) cho php b kha WEP khi thu nhn s lng cc gi d liu truyn.
50 9/4/2012
Cc bin php i ph
Chn v tr t an ten thch hp (ti v tr cc trm trong mng u c kh nng thu c thng tin, nhng tn hiu khng pht x i qu xa) v c th s dng cc tm che gim bt vic bc x cc tn hiu RF i qu xa. iu chnh mc ngng pht v thu thng qua cc phn mm iu khin.
51
9/4/2012
Cc nguy c ri ro: Nu mt bn th ba c kh nng nghe trm trn mng WLAN th n c kh nng gi dng tr thnh mt thnh vin chnh thc ca mng.
Cc bin php i ph
C mt s bin php cho php lm gim kh nng mt ngui dng khng cp php truy nhp vo mng nh mt ngi dng hp l.
Cc bin php ny c thc hin thng qua cc chnh sch xc thc, cp quyn v kim ton (AAA authentication, authorization and accounting).
53
9/4/2012
Vi chun IEEE 802.11, xc thc c th thc hin bng cch m hoc chia x kha.
Vi phng thc xc thc u tin (h thng m) khng cung cp kh nng xc thc. Phng thc xc thc thng qua chia x kha cng khng an ton. C th thc hin mt s bin php lm cho vic xc thc tr nn an ton hn. Hai trong s cc bin php l s dng xc thc theo a ch MAC v EAP.
54
9/4/2012
Trong chun IEEE 802.11 khng cung cp dch v cp quyn. thay th, cp quyn thng c thc hin theo cch gn cc nh danh ca ngi dng (UserID)
Dch v cp quyn rt quan trng, nhng n c th b tn thng nu s dng kha WEP tnh hoc khng s dng.
55
9/4/2012
Vi
dch v kim ton, nh ghi li cc phin truy nhp ti cc ti nguyn mng khc nhau, mt c s d liu s c to ra. trn c s d liu ny c th thc hin cc phn tch v nh gi cc kt qu nhn c
Da
56
9/4/2012
Cc nguy c ri ro y l kiu nguy c m hacker ng gia v trm lu lng truyn gia 2 nt. Nguy c ny rt mnh v hacker c th trm tt c lu lng i qua mng. thc hin, hacker cn phi to ra mt AP thu ht nhiu s la chn hn AP chnh thng. AP gi ny c th c thit lp bng cch sao chp tt c cc cu hnh ca AP chnh thng l: SSID, a ch MAC, ...
57
9/4/2012
Cc bin php i ph
cn thit.
58
9/4/2012
Wi-fi allience cng vi IEEE cng nhau xy dng mt gii php bo mt mnh hn. Vo thng 10/2002, WPA ra i nh mt gii php bo mt tng cng cho WLAN.
59
9/4/2012
ton WLAN.
hot ng ca mng.
60 9/4/2012
WPA cung cp vic bo mt d liu mc cao v ch nhng ngi dng c quyn mi c th truy nhp mng nh mt thut ton m ha mnh v kh nng xc thc mnh.
9/4/2012
61
WPA hot ng nh th no
S dng TKIP m ha (Temporary Key Integrity Protocol), s dng xc thc 802.1x vi giao thc xc thc m rng EAP. TKIP s dng thut ton RC4 i vi thit k chun, mt s nh cung cp c th cung cp AES nh l mt la chn trong cc sn phm WPA ca h. WPA s dng 48 bit IV thay cho 24 bit IV, n lm tng ng k mc an ton. WPA c th s dng kha mi cho mi 802.11 frame, hoc c th da trn mt thi khong c xc nh trc trn AP.
62 9/4/2012
S dng 8 byte MIC (Michael Message Integrity Check) kim tra tnh ton vn bn tin.
63
9/4/2012
64
9/4/2012
65
9/4/2012
IEEE 802.11i
Thng 1/2001, nhm i c thnh lp trong IEEE nhm thc hin nhim v nng cao tnh an ton ca vn bo mt v xc thc trong 802.11. IEEE 802.11i (WPA2), c ph chun vo 24/6/2004, c thit k tng cng tnh an ninh trong lp MAC trong IEEE 802.11. Chun 802.11i c gii thiu nh l mt s thay i nn tng ca cc vn xc thc, bo mt v ton vn, v th n cung cp mt kin trc mi v an ton mng. Kin trc mi cho cc mng khng dy c gi l mng an ninh mnh (Robust Security Network - RSN) v s dng xc thc 802.1X, c ch phn phi kha mnh v cc c ch kim tra ton vn v bo mt mi.
66 9/4/2012
67
9/4/2012
Nguyn tc hot ng
802.11 qung b, xc thc v kt hp: Khi mt trm (STA) bt u hot ng, n s d tm cc AP trong khong cch cho php s dng cc frame yu cu tm
kim.
cu.
68 9/4/2012
69
9/4/2012
IEEE 802.1X (iu khin truy nhp mng da trn cng - Port-Based Network Access Control) c pht trin dnh cho cc mng khng dy, cung cp cc c ch xc thc, cp quyn v phn phi kha, v thc hin iu khin truy nhp i vi user truy nhp mng. Cu trc IEEE 802.1X bao gm 3 thnh phn chnh: User truy nhp mng. Xc thc cung cp iu khin truy nhp mng. Server xc thc.
70 9/4/2012
Trong cc mng khng dy, AP hot ng nh xc thc cung cp iu khin truy nhp mng. Mi cng vt l (cng o trong WLAN) c chia thnh 2 cng logic to nn thc th truy nhp mng - PAE (Port Access Entity). Authenticator PAE lun lun m cho php cc frame xc thc i qua, trong khi cc dch v PAE ch c m khi xc thc thnh cng. Quyt nh cho php truy nhp thng c thc hin bi thnh phn th ba, c gi l server xc thc (n c th l mt server Radius dnh ring hoc ch l mt phn mm chy trn AP).
9/4/2012
71
Chun 802.11i thc hin mt s thay i nh i vi 802.1X cc mng khng dy kim ton kh nng n trm ID. Bn tin xc thc c kt hp cht ch m bo rng c user v AP tnh ton kha b mt v cho php m ha trc khi truy nhp vo mng. User v authenticator lin lc vi nhau s dng giao thc da trn EAP. Ch rng vai tr ca authenticator ch yu l th ng n ch n gin chuyn tip tt c cc bn tin n server xc thc.
72
9/4/2012
73
9/4/2012
EAP l mt khung cho s dng cc phng php xc thc khc nhau (cho php ch mt s gii hn cc loi message Request, Respond, Succcess, Failure) v da trn vic la chn cc phng php xc thc: EAP-TLS, EAP-TTLS, PEAP, Kerberos v5, EAPSIM, ... Khi qu trnh ny hon thnh, c hai thc th c mt kha b mt ch (Master key). Truyn thng gia authenticator v server xc thc s dng giao thc EAPOL (EAP Over LAN), c s dng trong cc mng khng dy chuyn tip cc d liu EAP s dng cc giao thc lp cao nh Radius.
74
9/4/2012
Mt RSN c th s ch chp nhn cc thit b c kh nng RSN, nhng IEEE 802.1i cng h tr mt kin trc mng an ton chuyn tip (Transitional Security Network - TSN) c hai h thng RSN v WEP cng tham gia, cho php cc user nng cp cc thit b ca
Cc th tc xc thc v kt hp s dng c ch bt
76
9/4/2012
77
9/4/2012
giai on ny yu cu cc bn truyn thng tha thun cc chnh sch bo mt s dng. Cc chnh sch bo mt c h tr bi AP c pht qung b trn cc beacon hoc trong cc bn tin Probe Respond (tip sau mt Probe Respond t client).
Tip theo l cc xc thc m (ging nh trong cc mng TSN, xc thc l lun lun thnh cng).
78
9/4/2012
79
9/4/2012
Client phn ng a ra cc yu cu trong Associaton Request v c ph chun bi Associaton Respond t AP. Cc thng tin chnh sch an ton c gi trong trng RSN IE, bao gm: Cc phng php xc thc c h tr (802.1X, PSK). Cc giao thc an ton cho truyn thng unicast (CCMP, TKIP, ...) cp kha m ha. Cc giao thc an ton cho truyn thng multicast (CCMP, TKIP, ...) - nhm kha m ha. H tr tin xc thc, cho php cc user tin xc thc trc khi c chuyn ti truy nhp mng.
9/4/2012
80
Da trn EAP v cc phng php xc thc c tha thun giai on 1 (EAP-TLS cho client v cc chng ch server (yu cu s dng PKI);, ...). 802.1X c bt u khi AP yu cu nh danh client, cc thng tin p tr t client bao gm cc thng tin v phng thc xc thc. Cc bn tin hp l sau c trao i gia client v AS sinh ra mt kha ch (Master Key - MK). Ti im cui ca th tc mt bn tin chp nhn Radius c gi t AP ti client bao gm MK v bn tin thnh cng EAP.
81 9/4/2012
82
9/4/2012
Kt ni an ton da trn cc kha b mt. Trong RSN, mi kha c mt thi gian sng gii hn v bo mt tng th c m bo nh s dng mt tp hp cc kha khc nhau, c t chc thnh cy. Khi mt phin bo mt c thit lp sau khi xc thc thnh cng, cc kha tm thi (kha phin) c to v thng xuyn cp nht cho n khi phin bo mt kt thc. C 2 bc bt tay trong khi sinh kha. 4-way Handshake sinh ra PTK (Pair-wire Transient Key) v GTK (Group Transient Key). Group Handshake Key: to mi cho GTK.
83 9/4/2012
84
9/4/2012
PMK (Pairwire Master Key) nhn c da trn phng php xc thc c s dng: Nu s dng PSK, PMK = PSK. PSK c sinh ra t mt khu thng thng (t 8-63 k t) hoc l mt chui 256 bit, cung cp cc gii php bo mt cho c nhn hoc vn phng nh (khng cn server xc thc). Nu mt AS c s dng, PMK nhn c t MK ca xc thc 802.11 X.
85
9/4/2012
86
9/4/2012
PMK bn thn khng bao gi c s dng cho m ha v kim tra ton vn. n c s dng sinh ra mt kha m ha tm thi PTK. di ca PTK ph thuc vo giao thc m ha: 512 bit cho TKIP v 384 cho CCMP. PTK bao gm cc phn sau: KCK 128 bit: kha dnh cho xc thc cc bn tin (MIC) trong qu trnh 4-way handshake v group handshake key. KEK - 128 bit: kha m bo bo mt d liu trong qu trnh 4-way handshake v group handshake key. TK 128 bit: kha cho m ha d liu (c s dng bi TKIP hoc CCMP). TMK 2x64 bit: kha dnh cho xac thc d liu (c s dng ch vi MIC). Mt kha dnh ring cho mi knh lin lc.
9/4/2012
87
88
9/4/2012
c chn.
89
9/4/2012
90
9/4/2012
91
9/4/2012
Tt c cc kha sinh ra cc giai on trn c s dng trong cc giao thc h tr RSNA bo mt v ton vn. TKIP (Temporal Key Hash). CCMP (Counter-Mode/ Cipher Bock Chaining Message Authentication Code Protocol). WRAP (Wireless Robust Authenticated Protocol).
92
9/4/2012
TKIP
WPA c xy dng tng thch hon ton vi cc thit b WLAN ang tn ti. TKIP tng nng cao kh nng bo mt v phi tun theo cc yu cu tng thch, v vy n cng s dng thut ton mt m dng RC4. V vy s dng TKIP ch cn nng cp phn mm. Trong thc t hu ht cc chuyn gia tin rng TKIP l mt gii php m ha mnh hn WEP. Tuy nhin h cng ng rng TKIP ch l mt gii php tm thi v n s dng RC4.
93
9/4/2012
u im chnh ca TKIP so vi WEP l s lun phin kha. TKIP s dng thay i thng xuyn cc kha m cho RC4 (khong 10000 packet), v vc t khi ti IV c to khc. TKIP c bao gm trong 802.11i nh l mt la chn.
94
9/4/2012
kha.
95 9/4/2012
96
9/4/2012
Gi tr MIC c tnh
97
9/4/2012
CCMP
Khng ging nh TKIP bt buc phi c xy dng tng thch vi cc phn cng WEP c. CCMP l mt giao thc c thit k mi. CCMP s dng ch m (Counter mode) kt hp vi mt phng thc xc thc bn tin c gi l CBC-MAC to MIC. Mt s tnh nng mi cng c pht trin thm nh s dng mt kha n cho m ha v xc thc (vi cc IV khc nhau) hoc bao ph phn d liu khng c m ha bi xc thc.
98 9/4/2012
99
9/4/2012
Cc im yu trong WPA/WPA2
Ch mt t cc im yu nh c pht hin trn WPA/WPA2 t khi chng c ph chun, khng c im yu l l qu nguy him. Hu ht cc im yu thc t l tn cng chng li kha PSK ca WPA/WPA2. Nh bit PSK l phng n thay th ca 802.1x PMK sinh ra bi AS. N l mt chui 256 bit hoc mt mt khu t 8-63 k t, c s dng sinh ra s dng thut ton: PSK = PMK = PBKDF2 (pass, SSID, SSID length, 4096, 256), y PBKDF2 l mt phng php c s dng trng PKCS #5, 4096 l s lng ca cc hm hash v 256 l gi tr li ra. PTK c sinh ra t PMK s dng 4-way handshake v tt c thng tin c s dng tnh ton gi tr ca n c truyn dng plaintext.
100 9/4/2012
101
9/4/2012
t nht mt khu 20 k t.
102
9/4/2012
Cc bc tn cng
Bc 1: kch hot ch quan st. # airmon.sh start ath0 Bc tip theo s tm kim cc mng v cc client kt ni ti n. Bc cui l thc hin mt tn cng s dng t in
103
9/4/2012
104
9/4/2012
105
9/4/2012