An ninh mng LAN khng dy (IEEE 802.

11)

Gio vin: Nguyn Hiu Minh

9/4/2012

Cc ni dung trnh by
1. 2.

Cng ngh WLAN An ninh trong WLAN

3.
4.

Giao thc WEP

Giao thc WPA/WPA2

9/4/2012

1. Cng ngh WLAN

Nm 1985, y ban lin lc lin bang M FCC (Federal

Communications Commission), quyt nh m ca mt s bng tn ca gii sng v tuyn, cho php s dng chng m khng cn giy php ca chnh ph.

FCC ng th 3 gii sng cng nghip, khoa hc v y t cho gii kinh doanh vin thng. Ba gii sng ny, gi l cc bng tn rc (garbage bands

900 MHz, 2,4 GHz, 5,8 GHz), c phn b cho cc thit

b s dng vo cc mc ch ngoi lin lc.
3 9/4/2012

Vai tr v v tr ca WLAN

9/4/2012

Cc chun WLAN

Chun IEEE 802.11 chnh thc c ban hnh nm 1997. IEEE 802.11 (chun WiFi) biu th mt tp hp cc chun WLAN c pht trin bi y ban chun ha IEEE LAN/MAN (IEEE 802.11). Thut ng 802.11x c th c s dng biu th mt tp hp cc chun i vi tt c cc chun thnh phn ca n. IEEE 802.11 c th c s dng biu th chun 802.11, i khi c gi l 802.11 gc (802.11 legacy).
5 9/4/2012

Sau 2 chun, IEEE 802.11a (bng tn 5,8

GHz) v IEEE 802.11b (bng tn 2,4 GHz), ln lt c ph duyt thng 12/1999 v thng 1/2000.

Sau khi c chun 802.11b, cc cng ty bt

u pht trin nhng thit b tng thch

vi n.
6 9/4/2012

C 6 cng ty bao gm Intersil, 3Com, Nokia,

Aironet, Symbol v Lucent lin kt vi nhau to ra Lin minh tng thch Ethernet khng dy WECA (The Wireless Ethernet Compatibility Alliance).

Mc tiu hot ng ca t chc WECA l xc nhn sn phm ca nhng nh cung cp

phi tng thch thc s vi nhau.

7 9/4/2012

Quan h gia IEEE 802.11 v OSI

IEEE 802.11 l chun c t mng cc b khng dy, s dng phng php truy nhp CSMA/CA.

9/4/2012

Cu trc WLAN

Mt WLAN thng thng gm c 2 phn: cc thit b truy nhp khng dy (Wireless Clients), cc im truy nhp (Access Points AP).

9/4/2012

Chun IEEE 802.11 v h tng

C hai loi mng khng dy c bn: Kiu Ad-hoc: Mi my trong mng giao tip trc tip vi nhau thng qua cc thit b khng dy m khng dng n cc thit b nh tuyn (Wireless Router) hay thu pht khng dy (Wireless Access Point). Kiu Infrastructure: Cc my trong mng s dng mt hoc nhiu thit b nh tuyn hay thit b thu pht thc hin cc hot ng trao i d liu vi nhau.
10 9/4/2012

Cc ch hot ng (a, Infrastructure; b, Ad-hoc)

11

9/4/2012

Cc chun an ninh h tr IEEE 802.11

IEEE 802.11 (WEP) IEEE 802.1X

Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access 2 (WPA2)

12

9/4/2012

Chun an ninh IEEE 802.11

Cc phng php xc thc H thng m v kha chia x

Cc phng Kch thc php m ha kha m (bit) WEP 40 v 104

Gii thch

Xc thc v m ha yu

IEEE 802.1x

Cc phng php xc thc EAP

802.1X

N/A

N/A

EAP cung cp kh nng xc thc mnh

Xc thc mnh, TKIP/ AES.

WPA Enterprise WPA Personal WPA2 Enterprise

TKIP/AES (Ty chn) TKIP/AES (Ty chn) TKIP v AES

128

PSK 802.1X

128 128

13

WPA2 Personal

PSK

TKIP v AES

128
9/4/2012

2. An ninh trong WLAN

Ti sao an ton thng tin trong WLAN li rt quan trng? iu ny bt ngun t tnh c hu ca mi trng khng dy. Sng v tuyn c th xut hin trn ng ph, t cc trm pht ca cc mng LAN ny, v nh vy ai cng c th truy cp nh thit b thch hp.

14

9/4/2012

Cc dch v an ninh trong IEEE 802.11

Ba dch v an ninh c bn: S xc thc: Cung cp kh nng iu khin truy nhp ti mng nh ngn cm truy nhp i vi cc thit b c xc nhn khng hp l. Dch v ny hng n vn ch nhng ngi dng hp l mi c php truy nhp ti mng? Tnh b mt (hoc tnh ring t): Mc tiu ca n nhm ngn chn vic c thng tin t cc i tng phi php. Dch v ny hng n vn ch nhng ngi dng hp l mi c php c thng tin ca mnh?

15

9/4/2012

Tnh ton vn: c pht trin nhm mc ch m bo cho cc bn tin khng b sa i khi truyn gia cc trm v cc im truy nhp. Dch v ny hng n vn thng tin trong mng l ng tin cy hay n b gi mo? Cc dch v trn ch ra rng chun IEEE 802.11 khng cp n cc dch v an ninh khc nh kim ton, cp quyn, v chng t chi.
16 9/4/2012

Cc phng php thc hin cc dch v

SSID (Services Set Identifier): L cch thc dng phn bit cc mng khc nhau t mt thc th. Khi im cc im truy nhp (AP) c xc lp cc SSID mc nh bi nh sn xut. Mc nh khi hot ng cc im truy cp s qung b cc SSID (sau mi vi giy) trong cc Beacon Frames'. Xc thc: Trc khi c th thc hin bt k mt phin lin lc no gia mt trm lm vic v im truy nhp, chng phi thc hin mt hi thoi (dialogue). Qu trnh ny c thc hin nh mt s kt hp gia cc thc th. WEP (Wired Equivalent Privacy): c thit k vi mc ch bo m cho nhng ngi s dng mc an ton tng ng vi mng khng dy.
17 9/4/2012

Cc kiu tn cng trn WLAN

Mt s kiu tn cng ch yu:

Tn cng b ng (nghe trm Passive attacks). Tn cng ch ng (kt ni, d v cu hnh mng Active attacks).

Tn cng kiu chn p (Jamming attacks). Tn cng theo kiu thu ht (Manin-the-middle attacks). Tn cng lp li (Replay attacks).

18

9/4/2012

Tn cng b ng

Tn cng b ng thc hin nh mt cuc nghe trm. Nhng thit b phn tch mng hoc nhng ng dng khc c s dng ly thng tin ca WLAN t mt khong cch vi mt anten hng tnh.
19 9/4/2012

Tn cng ch ng

Mt tn cng ch ng c th c dng tm cch truy nhp ti mt server ly nhng d liu quan trng, thm ch thay i cu hnh c s h tng mng.

20

9/4/2012

Tn cng theo kiu chn p

21

9/4/2012

3. Giao thc WEP

Giao thc WEP c s dng trong cc mng

IEEE 802.11 nhm mc ch bo v d liu trong truyn dn khng dy (mc lin kt).

Theo nh ngha, WEP c thit k m bo tnh bo mt cho mng khng dy t

mc nh mng cp truyn thng.

22 9/4/2012

i vi mng LAN (chun IEEE 802.3), bo mt d liu trn ng truyn i vi cc tn cng bn ngoi c m bo qua bin php gii hn vt l, tc l hacker khng th truy xut trc tip n h thng ng truyn cp. Do chun 802.3 khng t ra vn m ha d liu chng li cc truy cp tri php.

i vi chun 802.11, vn m ha d liu c u tin hng u do c tnh ca mng khng dy l khng th gii hn v mt vt l truy cp n ng truyn, bt c ai trong vng ph sng u c th truy cp d liu nu khng c bo v.
9/4/2012

23

WEP l mt phng php m ho d liu c

thc hin ti lp iu khin truy cp (Media Access Control MAC). Phng php ny s dng thut ton m ho RC4 (IV, k) vi mt vc t IV c th thay i c v mt kho k khng thay i, c gn trc trong cc my trm v cc AP. Phng php ny cn s dng mt tng kim tra CRC xc thc bn tin.

24

9/4/2012

Trong vi nm u, thut ton ny c bo mt v

khng sn c, thng 9 nm 1994, mt vi ngi

a m ngun ca n ln mng.

Mc d by gi m ngun l sn c, nhng RC4 vn

c ng k bi RSADSI.

RC4 m ha v gii m rt nhanh, n rt d thc

hin, v n gin cc nh pht trin phn

mm c th dng n m ha cc phn mm ca

mnh.
25 9/4/2012

S qu trnh m ha s dng WEP

26

9/4/2012

M t

WEP da trn mt kha b mt k c chia x gia cc bn truyn thng bo v d liu truyn. M ha ca 1 khung (frame) d liu c thc hin nh sau: Tnh tng kim tra: Mt tng kim tra ca bn tin cn m ho M (tng kim tra c tnh theo CRC) c tnh v k hiu l c(M). Ri kt hp c(M) v M li vi nhau to thnh bn r (k hiu l P = (M, c(M)), P c dng lm u vo cho giai on th hai. Ch rng, c(M) v P khng ph thuc vo kho k.

27

9/4/2012

M ha: Tip theo bn r P c m ho s dng thut ton m ho RC4. Mt vc t khi to (IV) v c th thay i v mt kho k

khng i c chn. Thut ton RC4 sinh ra mt kho

dng (keystream l mt chui di cc byte gi ngu nhin, chng l hm ca v v k). Dng kho c k hiu l RC4 (v, k) c di bng P.

Sau bn r P v dng kha RC4 (v, k) c cng m un

hai (XOR hoc ) vi nhau to nn bn m (ciphertext), k

hiu l C v C = P RC4 (v, k).
28 9/4/2012

Truyn tin: Cui cng, vc t khi to v v bn m C c truyn vo mi trng v tuyn. iu ny c th c biu din nh sau: A B: v, (P RC4 (v, k)). Dng ca khung d liu c m ha ch ra trn hnh sau:

29

9/4/2012

S qu trnh gii m s dng WEP

30

9/4/2012

Trc tin, thc hin vic XOR dng kha RC4 (v, k) v bn m C nhn c bn r P.

Tip theo bn r P c kim tra xem c trng vi bn r P khng, bng cch chia P thnh dng P = (M, c(M)) v tnh tng kim tra ca bn tin M, v so snh n vi tng kim tra c(M). iu ny s m bo rng ch cc khung d liu vi gi tr tng kim tra hp l mi c chp nhn bi ngi nhn.

31

9/4/2012

Cc ri ro v cc bin php i ph trn giao thc WEP

Cc nguy c ri ro:

S dng cc kha WEP tnh (static WEP keys) chia x kha nh danh trong mt thi gian di gy ra nguy c b l kha. iu ny bi v cc giao thc WEP khng cung cp s qun l kha d phng v vy trong trng hp mt my tnh b hack (hoc mt) s gy tn hi n tt c cc my tnh khc c s dng kha ny. Thm na, nu mi trm trong mng s dng cng kha th s lng cc gi d liu kha s tng ln rt nhanh v chnh l iu kin thun li cho php cc hacker thc hin cc tn cng trn kha.
32 9/4/2012

33

Do WEP s dng RC4, mt thut ton s dng phng thc m ha dng (stream cipher), nn cn mt c ch m bo hai d liu ging nhau s khng cho kt qu ging nhau sau khi c m ha hai ln khc nhau. y l mt yu t quan trng trong vn m ha d liu nhm hn ch kh nng suy on kha ca hacker. t mc ch trn, mt gi tr vct khi to (Initialization Vector IV) c s dng cng thm vi kha nhm to ra kha khc nhau mi ln m ha. IV l mt gi tr c chiu di 24 bit v c chun IEEE 802.11 ngh (khng bt buc) phi thay i theo tng gi d liu. V my gi to ra IV khng theo nh lut hay tiu chun, IV bt buc phi c gi n my nhn dng khng m ha. Cch s dng gi tr IV l ngun gc ca a s cc vn vi WEP.
9/4/2012

Do gi tr IV c truyn i dng khng m ha v t trong phn u (header) ca gi d liu 802.11 nn bt c ai "tm c" d liu trn mng u c th thy c. Vi di 24 bit, gi tr ca IV dao ng trong khong

16.777.216 trng hp.

Nhng chuyn gia bo mt ti i hc CaliforniaBerkeley pht hin ra l khi cng gi tr IV c s dng vi cng kha trn mt gi d liu m ha (khi nim ny c gi nm na l va chm IV), hacker c th bt gi d liu v tm ra c kha WEP.
34 9/4/2012

IV l mt phn ca kha m RC4, nn trn thc t khi mt hacker bit c 24 bit ca mi gi d liu kha v kt hp vi cc im yu trong thi gian biu s dng kha s cho php thc hin cc tn cng phn tch thnh cng ch sau khi thu v phn tch mt s lng nh cc gi d liu thu c.

Tn cng kiu ny c cng b m trn thc t v thc hin di dng m ngun m.

35

9/4/2012

WEP khng cung cp kh nng bo v tnh ton

vn bng mt m.

Tuy nhin 802.11 MAC cung cp mt c ch

(Cyclic Redundancy Check CRC) kim tra tnh

ton vn ca cc gi d liu v cc gi c xc
nhn vi tng kim tra ng.

S kt hp gia cc kim tra khng bng cc

thut ton mt m kt hp cc kha dng l mt

gii php rt khng an ton.

36 9/4/2012

Ti sao WEP c la chn?

Chun 802.11 a ra cc tiu chun cho mt vn c gi l bo mt, l: C th xut khu. mnh. Kh nng tng thch. Kh nng c tnh c. Ty chn, khng bt buc. WEP hi t cc yu t ny, khi c a vo thc hin, WEP h tr bo mt cho mc ch tin cy, iu khin truy nhp, v ton vn d liu.

37 9/4/2012

Cc bin php i ph

Vn ct li ca WEP l kha WEP (WEP key). Kha WEP l mt chui k t ch ci v s, c s dng cho hai mc ch trong WLAN: Kha WEP c s dng xc nh s cho

php (xc thc) ca mt trm lm vic;

Kha WEP dng m ha d liu.
38 9/4/2012

Giao din nhp kha WEP

C th phn phi kha WEP bng tay hoc s dng mt phng php tin tin khc. H thng phn b kha WEP c th n gin nh s thc hin kha tnh, hoc tin tin s dng Server qun l kha tp trung.

39

9/4/2012

Qun l kha m ha tp trung

Vi nhng mng WLAN quy m ln s dng WEP nh mt phng php bo mt cn bn, server qun l kha m ha tp trung nn c s dng v nhng l do sau: Qun l sinh kha tp trung.

Qun l vic phn b kha mt cch tp trung.

Thay i kha lun phin. Gim bt cng vic cho admin. Thay v s dng kha WEP tnh, m c th d dng b pht hin bi hacker. WLAN c th c bo mt hn bi vic thc hin cc kha trn tng phin, s dng mt h thng phn phi kha tp trung.

40

9/4/2012

Server qun l kha m ha tp trung cho php sinh kha trn mi gi, mi phin, hoc cc phng php khc, ph thuc vo s thc hin ca cc nh sn xut.

41

9/4/2012

S dng nhiu kha WEP

Hu ht cc my trm v AP c th a ra ng thi 4 kha WEP, nhm h tr cho vic phn on mng.

42

9/4/2012

Gii php mng ring o (VPN)

Khi VPN server c tch hp vo AP, cc my trm s dng phn mm to VPN, s dng cc giao thc nh PPTP hoc IPSec hnh thnh mt ng hm kt ni trc tip ti AP.

43

9/4/2012

Gia tng mc bo mt cho WEP

S dng kha WEP c di 104 bit. Thc thi chnh sch thay i kha WEP nh k. S dng cc cng c theo di s liu thng k d liu trn ng truyn khng dy.

S dng cc gii php k thut tng cng.

44

9/4/2012

Ri ro v cc bin php i ph trn SSID

Cc nguy c ri ro: Chun IEEE 802.11 nh r SSID nh l mt dng mt khu i vi mt ngi dng khi kt ni vi mt mng WLAN.

802.11 yu cu ngi dng cn phi c cng SSID nh trn

AP c th truy nhp v truyn thng i vi cc thit b

khc.
Trn thc t, SSID s ch an ton khi n c s dng kt

hp vi cc dch v an ton khc.

45 9/4/2012

Mt vi li

S dng SSID mc nh Lm cho SSID c g lin quan n cng ty

S dng SSID nh nhng phng tin bo mt

mng WLAN

Khng cn thit qung b cc SSID

46

9/4/2012

Cc bin php i ph

Xa SSID khi cc beacon frame (nu thit b cho php thc hin iu ).

Thay i SSID so vi gi tr mc nh (hu ht cc AP u cho php thc hin iu ny).

Lun lun s dng SSID khng lin quan n Cng ty. Lun coi SSID ch nh mt ci tn mng.

47

9/4/2012

Ri ro v cc bin php i ph trn MAC

Cc nguy c ri ro

WLAN c th lc da vo a ch MAC ca cc my trm.

Ngi qun tr mng c th bin tp, phn phi v bo tr mt danh sch nhng a ch MAC c php v ghichng vo cc AP. Mc d Lc MAC trng c v l mt phng php bo mt tt, chng vn cn d b nh hng bi nhng thm nhp sau: S n trm mt Card PC trong c mt b lc MAC ca AP. Vic thm d WLAN v sau gi mo vi mt a ch MAC thm nhp vo mng.
48 9/4/2012

Cc bin php i ph
S

dng cc RADIUS Server qun l

cc a ch MAC.
S

dng kt ni VPN gia cc my trm

v AP.

49

9/4/2012

Ri ro v cc bin php i ph vi nghe trm

Cc nguy c ri ro Khi s dng cc anten c nhy cao, cho php c kh nng nhn c tn hiu sng v tuyn t cc khong cch xa hn. Trn thc t, khi s dng cc anten loi ny cho php nhn c (capture) cc tn hiu t khong vi km ti cc AP. Trn thc t c rt nhiu cc phn mm (trn Internet nh AirSnort, Network Stumbler) cho php b kha WEP khi thu nhn s lng cc gi d liu truyn.
50 9/4/2012

Cc bin php i ph

Chn v tr t an ten thch hp (ti v tr cc trm trong mng u c kh nng thu c thng tin, nhng tn hiu khng pht x i qu xa) v c th s dng cc tm che gim bt vic bc x cc tn hiu RF i qu xa. iu chnh mc ngng pht v thu thng qua cc phn mm iu khin.

51

9/4/2012

Ri ro v cc bin php i ph vi s gi dng

Cc nguy c ri ro: Nu mt bn th ba c kh nng nghe trm trn mng WLAN th n c kh nng gi dng tr thnh mt thnh vin chnh thc ca mng.

y l mt nguy c mt an ton rt nguy him v kh nng

thc hin gi dng ph thuc vo mc bo mt ca cng ty.
52 9/4/2012

Cc bin php i ph

C mt s bin php cho php lm gim kh nng mt ngui dng khng cp php truy nhp vo mng nh mt ngi dng hp l.

Cc bin php ny c thc hin thng qua cc chnh sch xc thc, cp quyn v kim ton (AAA authentication, authorization and accounting).

53

9/4/2012

Vi chun IEEE 802.11, xc thc c th thc hin bng cch m hoc chia x kha.
Vi phng thc xc thc u tin (h thng m) khng cung cp kh nng xc thc. Phng thc xc thc thng qua chia x kha cng khng an ton. C th thc hin mt s bin php lm cho vic xc thc tr nn an ton hn. Hai trong s cc bin php l s dng xc thc theo a ch MAC v EAP.

54

9/4/2012

Trong chun IEEE 802.11 khng cung cp dch v cp quyn. thay th, cp quyn thng c thc hin theo cch gn cc nh danh ca ngi dng (UserID)

v mt khu ti cc ti nguyn mng khc nhau.

Nh cu hnh cc tham s cp quyn hp l c th ti

thiu ha kh nng mt bn th ba truy nhp ti ti

nguyn mng.

Dch v cp quyn rt quan trng, nhng n c th b tn thng nu s dng kha WEP tnh hoc khng s dng.

55

9/4/2012

 Vi

dch v kim ton, nh ghi li cc phin truy nhp ti cc ti nguyn mng khc nhau, mt c s d liu s c to ra. trn c s d liu ny c th thc hin cc phn tch v nh gi cc kt qu nhn c

Da

56

9/4/2012

Ri ro v cc bin php i ph vi cc im truy nhp gi (rogue AP)

Cc nguy c ri ro y l kiu nguy c m hacker ng gia v trm lu lng truyn gia 2 nt. Nguy c ny rt mnh v hacker c th trm tt c lu lng i qua mng. thc hin, hacker cn phi to ra mt AP thu ht nhiu s la chn hn AP chnh thng. AP gi ny c th c thit lp bng cch sao chp tt c cc cu hnh ca AP chnh thng l: SSID, a ch MAC, ...

57

9/4/2012

Cc bin php i ph

S dng cc cng c kim sot c bit pht hin cc v tr t AP gi.

S dng cc gii php bo mt mnh trnh

vic phn tch thng tin v thu c tham s

cn thit.

58

9/4/2012

4. Wi-Fi Protected Access WPA/WPA2

Wi-fi allience cng vi IEEE cng nhau xy dng mt gii php bo mt mnh hn. Vo thng 10/2002, WPA ra i nh mt gii php bo mt tng cng cho WLAN.

59

9/4/2012

WPA lm tng rt nhiu mc bo v d liu v

iu khin truy nhp cho cc mng WLAN ang tn ti, n gii quyt tt c cc vn v cc nguy c tn thng trong gii php WLAN trc . V n c dng thay th hon ton WEP trong m bo an

ton WLAN.

WPA cung cp bo mt cho tt c cc phin bn tn

ti ca cc thit b WLAN 802.11: a, b, n cng c

thit k ti thiu ha s nh hng n hiu nng

hot ng ca mng.
60 9/4/2012

N chy nh phn mm nng cp trong cc thit b bn trn th trng (AP, NIC).

Cc cng ty s c yu cu s dng cc server xc thc nh RADIUS, nhng WPA cho php nhng vn phng nh/ngi s dng c nhn hot ng mt ch c bit khng cn chng (s dng c ch mt khu chia x thc hin kch hot bo v WPA).

WPA cung cp vic bo mt d liu mc cao v ch nhng ngi dng c quyn mi c th truy nhp mng nh mt thut ton m ha mnh v kh nng xc thc mnh.
9/4/2012

61

WPA hot ng nh th no

S dng TKIP m ha (Temporary Key Integrity Protocol), s dng xc thc 802.1x vi giao thc xc thc m rng EAP. TKIP s dng thut ton RC4 i vi thit k chun, mt s nh cung cp c th cung cp AES nh l mt la chn trong cc sn phm WPA ca h. WPA s dng 48 bit IV thay cho 24 bit IV, n lm tng ng k mc an ton. WPA c th s dng kha mi cho mi 802.11 frame, hoc c th da trn mt thi khong c xc nh trc trn AP.
62 9/4/2012

S dng 8 byte MIC (Michael Message Integrity Check) kim tra tnh ton vn bn tin.

WPA s dng chui IV bo v tn cng lp li.

Gii php xc thc da trn 802.1X c tch

hp trong mi sn phm.

WPA h tr s dng phng n EAP hoc PSK

xc thc ngi dng trong mng.

63

9/4/2012

So snh cc tnh nng ca WPA v WEP

64

9/4/2012

Cc tnh nng ca WPA

65

9/4/2012

IEEE 802.11i

Thng 1/2001, nhm i c thnh lp trong IEEE nhm thc hin nhim v nng cao tnh an ton ca vn bo mt v xc thc trong 802.11. IEEE 802.11i (WPA2), c ph chun vo 24/6/2004, c thit k tng cng tnh an ninh trong lp MAC trong IEEE 802.11. Chun 802.11i c gii thiu nh l mt s thay i nn tng ca cc vn xc thc, bo mt v ton vn, v th n cung cp mt kin trc mi v an ton mng. Kin trc mi cho cc mng khng dy c gi l mng an ninh mnh (Robust Security Network - RSN) v s dng xc thc 802.1X, c ch phn phi kha mnh v cc c ch kim tra ton vn v bo mt mi.
66 9/4/2012

67

9/4/2012

Nguyn tc hot ng

802.11 qung b, xc thc v kt hp: Khi mt trm (STA) bt u hot ng, n s d tm cc AP trong khong cch cho php s dng cc frame yu cu tm

kim.

Cc frame yu cu tm kim c gi trn mi knh

STA h tr, trong mt c gng tm kim tt c cc AP

c SSID ph hp v c tc d liu p ng yu

cu.
68 9/4/2012

Tt c cc AP trong phm vi tm kim v ph hp

vi cc yu cu qut tm kim ca STA s p li

vi mt frame p tr tm kim bao gm cc thng

tin ng b, ti ca AP v cc thng s bo mt.

STA s xc nh kt ni vo AP no thng qua vic

xem xt cc thng tin nhn c.

Sau khi STA xc nh c AP ti u kt ni ti

chng, khi WPA c h tr.

69

9/4/2012

Giao thc xc thc IEEE 802.1X

IEEE 802.1X (iu khin truy nhp mng da trn cng - Port-Based Network Access Control) c pht trin dnh cho cc mng khng dy, cung cp cc c ch xc thc, cp quyn v phn phi kha, v thc hin iu khin truy nhp i vi user truy nhp mng. Cu trc IEEE 802.1X bao gm 3 thnh phn chnh: User truy nhp mng. Xc thc cung cp iu khin truy nhp mng. Server xc thc.
70 9/4/2012

Trong cc mng khng dy, AP hot ng nh xc thc cung cp iu khin truy nhp mng. Mi cng vt l (cng o trong WLAN) c chia thnh 2 cng logic to nn thc th truy nhp mng - PAE (Port Access Entity). Authenticator PAE lun lun m cho php cc frame xc thc i qua, trong khi cc dch v PAE ch c m khi xc thc thnh cng. Quyt nh cho php truy nhp thng c thc hin bi thnh phn th ba, c gi l server xc thc (n c th l mt server Radius dnh ring hoc ch l mt phn mm chy trn AP).
9/4/2012

71

Chun 802.11i thc hin mt s thay i nh i vi 802.1X cc mng khng dy kim ton kh nng n trm ID. Bn tin xc thc c kt hp cht ch m bo rng c user v AP tnh ton kha b mt v cho php m ha trc khi truy nhp vo mng. User v authenticator lin lc vi nhau s dng giao thc da trn EAP. Ch rng vai tr ca authenticator ch yu l th ng n ch n gin chuyn tip tt c cc bn tin n server xc thc.

72

9/4/2012

73

9/4/2012

EAP l mt khung cho s dng cc phng php xc thc khc nhau (cho php ch mt s gii hn cc loi message Request, Respond, Succcess, Failure) v da trn vic la chn cc phng php xc thc: EAP-TLS, EAP-TTLS, PEAP, Kerberos v5, EAPSIM, ... Khi qu trnh ny hon thnh, c hai thc th c mt kha b mt ch (Master key). Truyn thng gia authenticator v server xc thc s dng giao thc EAPOL (EAP Over LAN), c s dng trong cc mng khng dy chuyn tip cc d liu EAP s dng cc giao thc lp cao nh Radius.

74

9/4/2012

Mt RSN c th s ch chp nhn cc thit b c kh nng RSN, nhng IEEE 802.1i cng h tr mt kin trc mng an ton chuyn tip (Transitional Security Network - TSN) c hai h thng RSN v WEP cng tham gia, cho php cc user nng cp cc thit b ca

h theo thi gian.

Cc th tc xc thc v kt hp s dng c ch bt

tay 4 bc, kt hp c gi l kt hp mng an ton

mnh (Robust Security Network Association - RSNA).
75 9/4/2012

Thit lp mt phin truyn thng bao gm 4

giai on: Tn thnh cc chnh sch bo mt. Xc thc 802.1X. Nhn c kha ngun v phn phi.

Bo mt v ton vn d liu RSNA.

76

9/4/2012

Thit lp mt phin truyn thng

77

9/4/2012

Giai on 1 - tn thnh cc chnh sch bo mt:

giai on ny yu cu cc bn truyn thng tha thun cc chnh sch bo mt s dng. Cc chnh sch bo mt c h tr bi AP c pht qung b trn cc beacon hoc trong cc bn tin Probe Respond (tip sau mt Probe Respond t client).
Tip theo l cc xc thc m (ging nh trong cc mng TSN, xc thc l lun lun thnh cng).

78

9/4/2012

79

9/4/2012

Client phn ng a ra cc yu cu trong Associaton Request v c ph chun bi Associaton Respond t AP. Cc thng tin chnh sch an ton c gi trong trng RSN IE, bao gm: Cc phng php xc thc c h tr (802.1X, PSK). Cc giao thc an ton cho truyn thng unicast (CCMP, TKIP, ...) cp kha m ha. Cc giao thc an ton cho truyn thng multicast (CCMP, TKIP, ...) - nhm kha m ha. H tr tin xc thc, cho php cc user tin xc thc trc khi c chuyn ti truy nhp mng.
9/4/2012

80

Giai on 2 xc thc 802.1X

Da trn EAP v cc phng php xc thc c tha thun giai on 1 (EAP-TLS cho client v cc chng ch server (yu cu s dng PKI);, ...). 802.1X c bt u khi AP yu cu nh danh client, cc thng tin p tr t client bao gm cc thng tin v phng thc xc thc. Cc bn tin hp l sau c trao i gia client v AS sinh ra mt kha ch (Master Key - MK). Ti im cui ca th tc mt bn tin chp nhn Radius c gi t AP ti client bao gm MK v bn tin thnh cng EAP.
81 9/4/2012

82

9/4/2012

Giai on 3 cy kha v phn phi

Kt ni an ton da trn cc kha b mt. Trong RSN, mi kha c mt thi gian sng gii hn v bo mt tng th c m bo nh s dng mt tp hp cc kha khc nhau, c t chc thnh cy. Khi mt phin bo mt c thit lp sau khi xc thc thnh cng, cc kha tm thi (kha phin) c to v thng xuyn cp nht cho n khi phin bo mt kt thc. C 2 bc bt tay trong khi sinh kha. 4-way Handshake sinh ra PTK (Pair-wire Transient Key) v GTK (Group Transient Key). Group Handshake Key: to mi cho GTK.
83 9/4/2012

84

9/4/2012

PMK (Pairwire Master Key) nhn c da trn phng php xc thc c s dng: Nu s dng PSK, PMK = PSK. PSK c sinh ra t mt khu thng thng (t 8-63 k t) hoc l mt chui 256 bit, cung cp cc gii php bo mt cho c nhn hoc vn phng nh (khng cn server xc thc). Nu mt AS c s dng, PMK nhn c t MK ca xc thc 802.11 X.

85

9/4/2012

86

9/4/2012

PMK bn thn khng bao gi c s dng cho m ha v kim tra ton vn. n c s dng sinh ra mt kha m ha tm thi PTK. di ca PTK ph thuc vo giao thc m ha: 512 bit cho TKIP v 384 cho CCMP. PTK bao gm cc phn sau: KCK 128 bit: kha dnh cho xc thc cc bn tin (MIC) trong qu trnh 4-way handshake v group handshake key. KEK - 128 bit: kha m bo bo mt d liu trong qu trnh 4-way handshake v group handshake key. TK 128 bit: kha cho m ha d liu (c s dng bi TKIP hoc CCMP). TMK 2x64 bit: kha dnh cho xac thc d liu (c s dng ch vi MIC). Mt kha dnh ring cho mi knh lin lc.
9/4/2012

87

88

9/4/2012

4-way handshake: c khi ngun t AP, to cho n c cc kh nng:

Xc nhn s

nhn bit ca client vi PTK.

Sinh ra PTK mi.

Ci t cc kha m ha v ton vn.

Xc nhn b m ha

c chn.

89

9/4/2012

90

9/4/2012

91

9/4/2012

Giai on 4 RSNA bo mt v ton vn d liu

Tt c cc kha sinh ra cc giai on trn c s dng trong cc giao thc h tr RSNA bo mt v ton vn. TKIP (Temporal Key Hash). CCMP (Counter-Mode/ Cipher Bock Chaining Message Authentication Code Protocol). WRAP (Wireless Robust Authenticated Protocol).

92

9/4/2012

TKIP

WPA c xy dng tng thch hon ton vi cc thit b WLAN ang tn ti. TKIP tng nng cao kh nng bo mt v phi tun theo cc yu cu tng thch, v vy n cng s dng thut ton mt m dng RC4. V vy s dng TKIP ch cn nng cp phn mm. Trong thc t hu ht cc chuyn gia tin rng TKIP l mt gii php m ha mnh hn WEP. Tuy nhin h cng ng rng TKIP ch l mt gii php tm thi v n s dng RC4.

93

9/4/2012

u im chnh ca TKIP so vi WEP l s lun phin kha. TKIP s dng thay i thng xuyn cc kha m cho RC4 (khong 10000 packet), v vc t khi ti IV c to khc. TKIP c bao gm trong 802.11i nh l mt la chn.

94

9/4/2012

Trn thc t, TKIP bao gm 4 thut ton thc hin

tt nht cc kh nng an ton:

M kim tra tnh ton vn bn tin (MIC): c th thc

hin trn phn mm chy trn cc CPU tc thp.

Nguyn tc chui IV mi.

Chc nng trn kha trn mi gi.

Phn phi kha: mt phng php mi phn phi

kha.
95 9/4/2012

Chc nng trn kha trn mi gi

96

9/4/2012

Gi tr MIC c tnh

97

9/4/2012

CCMP

Khng ging nh TKIP bt buc phi c xy dng tng thch vi cc phn cng WEP c. CCMP l mt giao thc c thit k mi. CCMP s dng ch m (Counter mode) kt hp vi mt phng thc xc thc bn tin c gi l CBC-MAC to MIC. Mt s tnh nng mi cng c pht trin thm nh s dng mt kha n cho m ha v xc thc (vi cc IV khc nhau) hoc bao ph phn d liu khng c m ha bi xc thc.
98 9/4/2012

99

9/4/2012

Cc im yu trong WPA/WPA2

Ch mt t cc im yu nh c pht hin trn WPA/WPA2 t khi chng c ph chun, khng c im yu l l qu nguy him. Hu ht cc im yu thc t l tn cng chng li kha PSK ca WPA/WPA2. Nh bit PSK l phng n thay th ca 802.1x PMK sinh ra bi AS. N l mt chui 256 bit hoc mt mt khu t 8-63 k t, c s dng sinh ra s dng thut ton: PSK = PMK = PBKDF2 (pass, SSID, SSID length, 4096, 256), y PBKDF2 l mt phng php c s dng trng PKCS #5, 4096 l s lng ca cc hm hash v 256 l gi tr li ra. PTK c sinh ra t PMK s dng 4-way handshake v tt c thng tin c s dng tnh ton gi tr ca n c truyn dng plaintext.
100 9/4/2012

Sc mnh ca PTK v th da trn cc gi tr ca

PMK, PSK hiu qu bng cch s dng cc mt

khu mnh. Nh c ch ra bi Robert

Moskiwitz, bn tin th hai ca 4-way handshake

phi chu c cc tn cng s dng t in v

brute force.

C mt s tin ch c to ra li dng im yu ny, aicrack c s dng tn cng PSK trong WPA.

101

9/4/2012

Giao thc thit k (4096 hm hash cho mi pass)

ngha l mt tn cng brute force s rt chm.

Mt bin php chng li tn cng mt khu l s dng

t nht mt khu 20 k t.

thc hin tn cng ny attacker phi bt c cc

bn tin trong qu trnh 4-way handshake nh ch

gim st th ng mng khng dy hoc s dng tn cng khng xc thc.

102

9/4/2012

Cc bc tn cng
Bc 1: kch hot ch quan st. # airmon.sh start ath0 Bc tip theo s tm kim cc mng v cc client kt ni ti n. Bc cui l thc hin mt tn cng s dng t in

103

9/4/2012

104

9/4/2012

105

9/4/2012