Professional Documents
Culture Documents
Bảo Mật Trong Mạng WLAN
Bảo Mật Trong Mạng WLAN
n tt nghip
MC LC
Kt lun ......115.....3
CHNG I : TNG QUAN V MNG KHNG DY.................8
1 Gii thiu v mng khng dy v lch s pht trin..................8
2. Phn loi mng khng dy..........................................................9
3. Vn k thut trong mng khng dy...................................10
4. S nt mt s mng khng dy.................................................10
4.1. WPAN................................................................................................................10
4.2. WLAN................................................................................................................13
4.3 WMAN (cng ngh WiMAX) ............................................................................13
b. M hnh ng dng WiMAX di ng............................................................16
4.
Vin i Hc M H Ni
n tt nghip
b. phng php truy nhp cm nhn sng mang c trnh xung t CSMA/CA
(Carrier Sense Multiple Access with Collision Avoidance)......................................51
5.3 Cc phng php truy nhp c iu khin..........................................................53
a. phng php truy nhp chuyn th bi.................................................................53
b. truy nhp theo th t............................................................................................57
Vin i Hc M H Ni
n tt nghip
Kt lun ......115
Vin i Hc M H Ni
n tt nghip
DANH MC HNH V
Hnh 1.1 M hnh ng dng mng Wimax c nh.15
Hnh 2.1 : Wireless NICs.24
Hnh 2.2 : wireless access point...26
Hnh 2.3: repeater.29
Hnh 2.5 : IEEE 802.11 v OSI29
Hnh 2.6 : Cc la chn chun 802.11b...31
Hnh 2.7 Bng tm tt thng s cc chun IEEE 802.11 35
Hnh 2.8: Kt ni IBSS...37
Hnh 2.9 : Kt ni BSS/ESS.40
Hnh 2.10 : a truy nhp theo tn s43
Vin i Hc M H Ni
n tt nghip
3.2
Khung
ha
WEP
..61
Hnh 3.3 : Tn cng lung m kha .64
Hnh 3.4 : Tm lung kha m..68
Hnh 3.5: Gi mo bn tin mi. 69
Hnh 3.7 : Tn cng bt lu lng p ng ARP thng qua74
Hnh 4.1: M Ha TKIP....91
Hnh 4.2 : Chc nng xo trn m kha tng gi.93
Hnh 4.3 : Khung 802.1x...96
Hnh 4.4 : Cc cng iu khin v phi iu khin....97
Hnh 4.5 : Cc thc xc thc 802.1x hot ng....98
Hnh 4.6 : Kin trc Network-to-network...106
Hnh 4.7 : Kin Trc Host-to-network.. .107
Hnh 4.8 : Kin trc host-to-host.108
Hnh 4.9 : Knowledge based IDS113
Hnh 4.10 : Anomaly based IDS...114
Vin i Hc M H Ni
n tt nghip
DANH MC CH VIT TT
AES Avanced Encrytion Standard.
ARP Address Resolution Protocol.
AH Authentication Head..
BPSK Binary Phase Shift Keying.
BSS Basic Service Set.
CSMA/CD Carrier Sense Mutiple Access/ Collision Detection.
CRC Cyclic Redundancy Check.
DSSS Direct Sequence Spread Spectrum.
DoS Denial of Service.
SV thc hin : ng Bch Thy
Vin i Hc M H Ni
n tt nghip
Vin i Hc M H Ni
n tt nghip
Vin i Hc M H Ni
n tt nghip
Vin i Hc M H Ni
n tt nghip
4. S nt mt s mng khng dy
4.1. WPAN
K t khi Bluetooth c trin khai, c rt nhiu li bn lun
v cc mng vng c nhn khng dy.Hu ht cc mi quan tm i
vi mng PAN u lien quan n vic s dng n trong cc in thoi
di ng thng minh, chng hn nh ng b ha vi phn mm my
tnh hoc s dng cc tai nghe khng dy.N cng bt u c s
dng cho cc thit b nh tai nghe c gn mirco khng dy , vi truyn
m thanh s cung cp m thanh r nt.
Vic trin khai cng ngh Bluetooth hin nay c xu hng s
dng n nh mt s thay th cp ngoi vi cho mt s lng hn ch cc
thit b, hn l mt cng ngh nhm cho php mt s lng ln cc
thit b trong nh hoc vn phng c th giao tip trc tip.
10
Vin i Hc M H Ni
n tt nghip
11
Vin i Hc M H Ni
n tt nghip
12
Vin i Hc M H Ni
n tt nghip
4.2. WLAN
Wireless LAN (Wireless Local Area Network ) s dng sng
in t (thng l sng radio hay tia hng ngoi) lin lc gia cc
thit b trong phm vi trung bnh. So vi Bluetooth , Wireless LAN c
kh nng kt ni phm vi rng ln hn vi nhiu vng ph sng khc
nhau, do cc thit b di ng c th t do di chuyn gia cc vng
vi nhau. Phm vi hot ng t 100m n 500m vi tc truyn d
liu trong khong 1Mbps 54 Mbps (100 Mbps). Wireless s c gii
thiu chi tit trong chng II v chng III
4.3 WMAN (cng ngh WiMAX)
WiMAX l t vit tt ca Worldwide interoperability for
Microwave Access c ngha l kh nng tng tc ton cu vi truy
nhp vi ba.
Cng ngh WiMAX hay cn gi l chun 802.16 l cng ngh
khng dy bng thng rng ang pht trin rt nhanh vi kh nng trin
khai trn phm vi rng v c coi l c tim nng to ln tr thnh
gii php dm cui l tng nhm mang li kh nng kt ni internet
tc cao ti cc gia nh v cng s.
Trong khi cng ngh quen thuc Wi Fi (802.11a,b v g) mang
li kh nng kt ni ti cc khu vc nh nh vn phng hay cc im
13
Vin i Hc M H Ni
n tt nghip
14
Vin i Hc M H Ni
n tt nghip
15
Vin i Hc M H Ni
n tt nghip
16
Vin i Hc M H Ni
n tt nghip
1990
1994
1997
1999
2000
17
Vin i Hc M H Ni
n tt nghip
t 802.11b
Cng vi s pht trin ca cng ngh khng dy , cc thit b
khng dy ngy cng thng minh v c kh nng tin dng hn.Ngy
nay trong cc cng s, trng hc, bnh vin, n nhng ni gii tr
u c s gp mt cc h thng mng khng dy kt ni vi cc my
tnh khng dy chia s ti nguyn v s dng chng hiu qu.
Theo mt nghin cu ca IDC (international Data Coporation ) , cc
thit b mng khng dy tng 80% trong nm 2000 v d on n s
pht trin mnh m trong tng lai.
1.2 S cn thit v li ch ca mng WLAN
WLAN c rt nhiu c tnh mm do , c kh nng di ng v
d dng trong ci t. WLAN khng thay th hon ton m l phn b
sung cho mng LAN c dy. Nhng u dim ni bt ca WLAN l c
kh nng di ng v s tit kim c rt nhiu tin khi trin khai
WLAN so vi mng LAN c dy.
Kh nng di ng y c ngha l cho php ngi s dng di
chuyn trong khi s dng cc thit b khng dy. Cc user trong mt
cng ty c th di chuyn n mt cuc hp hay i n mt v tr khc
trong to nh cng ty m vn kt ni vi mng y. Dng mng
khng dy tit kim tin bc v n khng cn thit phi i dy trong to
nh v n gim thi gian khi trin khai.
Phn ln cc mng WLAN hot ng trong di tn khng ng
k s dng c cng ngh sng v tuyn v cng ngh hng ngoi. Mi
gii php c nhng c tnh ring v tha mn nhng yu cu khc
SV thc hin : ng Bch Thy
18
Vin i Hc M H Ni
n tt nghip
19
Vin i Hc M H Ni
n tt nghip
a, FHSS
FHSS tng t nh vic truyn sng FM khi tn hiu d liu
c mang bi mt sng mang bng hp c th thay i tn s. Chun
802.11 cung cp 22 mu hop chn trong tn 2,4Ghz ISM. Mi
knh l 1 MHz v tn hiu phi dch tn s (hop). K thut ny iu ch
tn hiu radio bng cch dch n t tn s ny n mt tn s khong
near- random. S iu ch ny bo v tn hiu khi nhiu tp trung
xung quanh mt tn s . gii m tn hiu , bn nhn phi bit tc
truyn v th t ca cc php dch tn s, t cung cp thm s bo
mt v m ha..
Cc sn phm FHSS c th gi cc tn hiu tc 1.2 2Mbps
v xa khong 620 dm. Tng bng thng (ln n 24Mbps) c th t
c bng cch lp thm nhiu access point trong mng. Trong Fs,
bng tng 2.4 GHz c chia ra thnh 75 knh 1MHz. ti thiu ha
kh nng 2 bn cng s dng mt knh truyn ng thi , dch tn s
cung cp mt mu hop khc nhau cho mi ln trao i d liu. Bn
nhn v bn gi cng ng mt mu hop, v d liu s c gi theo
th t ca mu. S iu khin FCC yu cu bng thng ln n 1MHz
cho mi knh con tng overhead. FHSS c xem l mt gii php
kinh t v t tn chi ph ch bng mt na so vi h thng DSSS , v c
th tng ln n 10 Mbps bng cch thm nhiu access point . Bn cnh
, n c kh nng khng b nh hng bi nhiu.
b, DSSS
K thut thut iu ch tn hiu radio mt cch ngu nhin v
vy n kh gii m hn.K thut iu ch ny cung cp an ton tuy
SV thc hin : ng Bch Thy
20
Vin i Hc M H Ni
n tt nghip
21
Vin i Hc M H Ni
n tt nghip
22
Vin i Hc M H Ni
n tt nghip
23
Vin i Hc M H Ni
n tt nghip
24
Vin i Hc M H Ni
n tt nghip
25
Vin i Hc M H Ni
n tt nghip
26
Vin i Hc M H Ni
n tt nghip
27
Vin i Hc M H Ni
n tt nghip
28
Vin i Hc M H Ni
n tt nghip
29
Vin i Hc M H Ni
n tt nghip
2,4 GHz
11 (3) USA
11Mbps
~300 feet
DSSS
DBPSK (1 Mbps)
DQBSK (2 Mbps)
CCK (5.5 v 11 Mbps)
30
Vin i Hc M H Ni
n tt nghip
5 GHz
31
Vin i Hc M H Ni
S knh
Tc
Tm ph sng
Lc m ha
K thut iu bin
n tt nghip
12 USA
54 Mbps
~60 feet
OFDM
BPSK (6&9 Mbps)
QBSK (12&18 Mbps)
16-QAM (24&36 Mbps)
64QAM ( 48&54 Mbps)
32
Vin i Hc M H Ni
IEEE
ch
hn
n tt nghip
ch
tng
ng
40,200,800mW.
33
Vin i Hc M H Ni
n tt nghip
2,4 GHz
11 (3) USA
54 Mbps
~300 feet
OFDM
DBPSK (1 Mbps)
34
Vin i Hc M H Ni
n tt nghip
DQBSK (2 Mbps)
CCK (5.5 v 11 Mbps)
OFDM(6,12,18,36,48 & 54Mbps )
802.11g+ : uc ci tin t chun 802.11g, hon ton tng thch
vi 802.11g v 802.11b,
35
Vin i Hc M H Ni
n tt nghip
36
Vin i Hc M H Ni
n tt nghip
4.
37
Vin i Hc M H Ni
n tt nghip
38
Vin i Hc M H Ni
n tt nghip
39
Vin i Hc M H Ni
n tt nghip
40
Vin i Hc M H Ni
n tt nghip
41
Vin i Hc M H Ni
n tt nghip
42
Vin i Hc M H Ni
n tt nghip
Tn s
Knh N
Knh 1
Knh 0
0
Thi gian
43
Vin i Hc M H Ni
n tt nghip
Thi gian ca mt
frame
Cc bt ui
N 0 1 2 3
D liu
Cc bt ng
b
44
Cc bt bo
v
Vin i Hc M H Ni
n tt nghip
Thi gian ca mt frame
Thi gian ca mt
frame
Khe thi gian
0 1 2 3
Cc bt ui
N 0 1 2 3
D liu
Cc bt ng
b
Cc bt bo
v
45
Vin i Hc M H Ni
n tt nghip
46
Vin i Hc M H Ni
n tt nghip
47
Vin i Hc M H Ni
n tt nghip
48
Vin i Hc M H Ni
n tt nghip
49
Vin i Hc M H Ni
n tt nghip
50
Vin i Hc M H Ni
n tt nghip
frame
A
A
1 1 0 1 0
A hon tt tranh
chp v tip tc truyn
1 01 1 1
B cm nhn mt tn hiu
(t A,C) v ngng truyn
B
1 0 1 0 1
C
1 1 0 0 0 C cm nhn mt tn hiu
(t A, B) v ngng truyn
0 1 1 1 0
B, C pht tun t ngu
nhin mi v khi ng
li qu trnh tranh chp
51
Vin i Hc M H Ni
n tt nghip
A
B
A hon tt truyn
frame
B v C cng cm nhn
mi trng v thy rnh
nn c hai u pht sinh
ng thi
52
Vin i Hc M H Ni
n tt nghip
53
Vin i Hc M H Ni
n tt nghip
54
Vin i Hc M H Ni
A
n tt nghip
B
Vng logic
ng truyn vt l
55
Vin i Hc M H Ni
n tt nghip
56
Vin i Hc M H Ni
n tt nghip
57
Vin i Hc M H Ni
n tt nghip
58
Vin i Hc M H Ni
n tt nghip
59
Vin i Hc M H Ni
n tt nghip
60
Vin i Hc M H Ni
n tt nghip
61
Vin i Hc M H Ni
n tt nghip
d. B m ha lung RC4.
WEP s dng b m ha lung RC4 ca RSA. y l b m ha
ging b m ha s dng trong cc h thng bo mt khc nh SSL
( HTTPs). Vn vi WEP l mt ln na, giao thc 802.11 khng
nh ngha cch thc thi / b sung cc IV. Nh cp, kha m s
dng b m ha RC4 l t hp ca mt kha b mt chia s v mt IV.
IV l mt s nh phn 24 bit . Rt nhiu nh sn xut s dng WEP 64
hay 128 bit.
62
Vin i Hc M H Ni
n tt nghip
2.2 Cc vn ca WEP.
a. Vn qun l kha m.
WEP s dng mt c ch m kha i xng, tc l s dng cng
m kha b mt chia s c m ha v gii m. Kha m phi c
chia s gia bn gi v bn nhn . Mt vn vi giao thc 802.11 l
n khng hng dn v cc vn qun l kha m : lm th no
phn phi kha m gia nhng ngi dng ? iu ny dng nh
khng phi l mt vn khi chng ta s dng WEP trong mt mi
trng vi ba laptop , nhng thc s kh khn khi chng ta c gng
trin khai WEP cho mt khu vc khong 5000 client . Mi ngi s
dng phi bit kha m v gi b mt v n. iu g xy ra khi mt
ngi no chy khi cng ty hay mt laptop b nh cp . Mt m
kha mi phi c a ti tt c nhng ngi dng n l v phi
thit lp li cu hnh ca client. Hn na , khi mt k tn cng xm hi
kha m trong mt phin , kha m ging nh vy c th c s dng
gii m trong mt phin khc, bi v mi ngi u s dng cng
mt kha m.
b. Xung t IV.
Khi mt IV c dng li, chng ta gi l xung t. Khi xung
t xy ra , t hp ca kha b mt chia s v IV lp li nn lung kha
m ging nh lung kha m c s dng trc . Do IV c
gi theo khun dng khng m ha , k tn cng , ngi ang gi theo
di tt c cc lu lng c th xc nh khi xy ra xung t. Phn ln
cc tn cng da trn cc pht hin cc xung t IV.
SV thc hin : ng Bch Thy
63
Vin i Hc M H Ni
n tt nghip
64
Vin i Hc M H Ni
n tt nghip
65
Vin i Hc M H Ni
n tt nghip
b. Gi mo xc thc.
66
Vin i Hc M H Ni
n tt nghip
67
Vin i Hc M H Ni
n tt nghip
68
Vin i Hc M H Ni
n tt nghip
d. Tn cng FMS.
Tn cng FMS, da trn mt cch khc, da vo vic bt mt
lng khng l lu lng m ha , sau s dng cng sut rt nh
CPU dng thut ton XS crack kha m. Trong thc t crack
FMS gn nh ngang bng , c ngha l vic crack kha m 128-bit ch
di hn khng ng k so vi crack kha m 64 bit, khi chng ta bt
kha m yu. Vn i vi FMS l bt d liu m ha crack
kha m. Trong mt mng lu lng cao, iu ny c th hon thnh
sau khong vi gi. Tuy nhin , trong mt mi trng lu lng thp ,
tin trnh ny c th mt vi ngy hoc vi tun . crack kha m
WEP s dng FMS , mt s k tn cng kin nhn v m thm thng
xuyn s dng cc cng c nh AirSnort trn PDA v t n trong
nhng bi cy gn AP vi ngy. Nhng k tn cng khc pht trin
nhng k thut khn ngoan hn gi to lu lng mng pht ra
nhm thu c bn m crack kha m.
SV thc hin : ng Bch Thy
69
Vin i Hc M H Ni
n tt nghip
70
Vin i Hc M H Ni
n tt nghip
3.1 Tn cng th ng .
Nguy c tn cng th ng l trng thi khi k tn cong khng tn
cng trc tip vo mng hay lu lng m ly nhng thng tin cho li
ch c nhn hoc mc tiu tn cng trong tng lai. C mt s nguy c
tn cng th ng c m t di y.
71
Vin i Hc M H Ni
n tt nghip
a. Nghe ln .
y l mt nguy c tn cng bo mt thng thng gp phi.
Trong tn cng ny, k tn cng lng nghe nhng thng tin khng c
php. Nhng thng tin ny c th bao gm kha m trong phin c
s dng m ha d liu hay thng tin trong ton b phin. Nh
bit khong cch truyn dn ca cc mng WLAN thng gii hn vi
trm mt, gii hn ny da trn vic s dng cc anten nh c trong
cc PC card v cc anten ca cc AP trong mng. Khi cc anten c i
nhy cao hn c s dng, kh nng thu c truyn pht tn s radio
ca WLAN t khong cch ng k. Trong thc t, mt s loi anten
c nhy ng hng cao c th thu c tn hiu cch vi dm. Do
s r r RF ny mt s k tn cng c th theo di truyn pht mng
khng dy thng qua anten nghe ln t ngoi. C th thng qua vic bt
lu lng ph kha bo mt v thm nhp h thng.
72
Vin i Hc M H Ni
n tt nghip
a. Gi mo ngi dng.
y l tn cng trong k tn cng gi mo thnh ngi dng
tin cy. Khi nghe ln c truyn dn WLAN , k tn cng c kh
nng tr thnh ngi dng hp php mng. Vic gi mo v cng nguy
him vi mng khi to ra mt l hng vi ti nguyn mng.
Kh nng mt ngi dng tri php gi mo ngi dng hp
php trong mng khng dy c th rt ln n gin hoc phc tp ty
vo mc bo mt ca h thng. Nu WLAN khng thc hin
phng thc bo mt no, rt n gin cho k tn cng cng xc nh
SSID c s dng bi AP v xm nhp vo mng. Nu mng c kch
hot WEP vn tr nn phc tp hn, nhng nh ni trn, WEP
d dng b ph kha m thng qua vic theo di v nm bt lu lng .
Mc bo mt cng cao th cng kh khn cho k tn cng gi mo.
Do , i vi mng cn s dng cc c ch xc thc v cp quyn.
b. Thay i d liu.
Tn cng thay i d liu l mt trong nhng tn cng nguy him
nht i vi WLAN. Vn nghim trng xy ra khi ngi nhn
khng pht hin c cc d liu nhn c b thay i. iu ny
dn ti kh nng k tn cng c th gy tn hi thit b ngi dng
SV thc hin : ng Bch Thy
73
Vin i Hc M H Ni
n tt nghip
74
Vin i Hc M H Ni
n tt nghip
d. Tn cng ARP.
Giao thc gii php a ch ARP cho php cc i tng Ethernet
s dng TCP/IP nh l giao thc truyn thng ca chng phn bit
vi cc i tng khc trn mng c a ch IP. Ging nh NetBIOS,
n l phng thc cho php qung b lu lng gia tt c cc host khi
mt gi ring bit ch c ngha vi host trong mng, ARP qung b yu
cu xc nh host ring bit ny bng cch s dng a ch IP. Host
nhn bn tin v bo nhn , v my khi u lu gi a ch MAC ca
my p ng trong cache ca n, cc truyn dn trong tng lai ti host
ny khng cn yu cu kim a ch IP no na.
Vn l cc h iu hnh khng hon ton chp nhn qung b
ARP v nhn ra n. Khi mt my pht hin mt gi gi t mt my
ring bit trong mng, n gi thit rng a ch MAC ca my ny
tng ng chnh xc vi a ch IP t my gi l t pht. Tt c truyn
pht trong tng lai s dng IP ny .
Khi k tn cng to nhng gi khng hp php vi a ch IP gi
mo, khi IP ny thuc v MAC ca chnh hn. Sau tt c cc
truyn dn t cc host s s dng ng dn tt ca t hp a ch
MAC/IP trc tip ti my ca k tn cng m khng ti host mong i.
Qua cho php k tn cng nm bt c cc thng tin truyn dn v
c th thc hin cc tn cng. iu ny v cng nghim trng.
75
Vin i Hc M H Ni
n tt nghip
76
Vin i Hc M H Ni
n tt nghip
77
Vin i Hc M H Ni
n tt nghip
78
Vin i Hc M H Ni
n tt nghip
79
Vin i Hc M H Ni
n tt nghip
80
Vin i Hc M H Ni
n tt nghip
81
Vin i Hc M H Ni
n tt nghip
2.1. S tin cy .
S tin cy l vic bo v d liu khi b l ra ngoi i vi nhng
ngi khng c php. M ho c s dng thc hin mc ch
ny. Vi tn cng ch ng, k tn cng c kh nng gii m khun
dng bt k ca d liu m ho (da trn thut ton hay mt gin
no vi mt my tnh mnh v khng gii hn v thi gian). Do
s tin cy l mt yu cu quan trng cho vic bo v chng li tn
cng.
82
Vin i Hc M H Ni
n tt nghip
2.2. S xc thc.
Dch v xc thc lin quan ti vic bo m truyn thng c
xc thc. Trong trng hp ca cc bn tin n nh bo hiu hay cnh
bo, chc nng ca dch v xc thc l bo m rng bn nhn bn tin
t bn pht c khng nh. Trong trng hp tng tc lin tc nh
kt ni ca mt kt cui vi host, i hi xc thc c hai hng. Trc
tin, ti thi im khi to kt ni, dch v m bo rng c hai thc
th c xc thc (mi thc th c mt yu cu xc thc). Th hai,
dch v phi m bo rng lin kt khng b cn tr bi mt cch no
nh bn th ba c th gi mo mt trong hai bn hp php thc
hin nhng mc ch truyn dn tri php hoc thu nhn thng tin.
83
Vin i Hc M H Ni
n tt nghip
84
Vin i Hc M H Ni
n tt nghip
85
Vin i Hc M H Ni
n tt nghip
5. Cc thit lp bo mt c bn.
86
Vin i Hc M H Ni
n tt nghip
87
Vin i Hc M H Ni
n tt nghip
6.1 TKIP.
khc phc cc im yu ca m ho WEP sn c tng ci m
ho bo mt WEP bng s dng TKIP. V c bn, TKIP l mt chuyn
tip tm thi khc phc WEP, thc hin nh update phn mm,
firmware. Mt s tho hip thit k c xy dng tng thch
ngc vi h thng c s ang tn ti. Tuy nhin, TKIP hin ti
khc phc c tt c cc im yu lin quan v WEP:
- Tn cng lp : IV c th c s dng khng theo th t.
- Tn cng gi mo : IV s dng CRC32 bit tuyn tnh v c th b
thao tng.
- Tn cng xung t kho m : xung t IV.
- Tn cng kho m yu : m ho lung RC4 l d b tn cng
FMS (Airsnort, WEP crack, dweputil)
4.1 M Ha TKIP
88
Vin i Hc M H Ni
n tt nghip
89
Vin i Hc M H Ni
n tt nghip
90
Vin i Hc M H Ni
n tt nghip
6.2 AES.
AES l b m ho thuc chun 802.11 i mi c a ra khc
phc nhng nhc im ca m ho bo mt khng dy. Tuy nhin ,
trong c t 802.11i AES c tnh bt buc khng ging TKIP mang
tnh la chn.
AES l c ch m ho theo FIPS_ferderal information Processing
Standards. Tiu chun x l thng tin lin bang c a ra nhm thay
th RC4. AES c phng thc a dng, nhng c t 802.11i la chn
phng thc b m vi giao thc CBC_MAC (CCM), thng c
SV thc hin : ng Bch Thy
91
Vin i Hc M H Ni
n tt nghip
92
Vin i Hc M H Ni
n tt nghip
7.1 EAP.
EAP c to ra ban u nh mt phn m rng cho PPP.
tng l thit lp mt khung tng qut cho cc phng thc xc thc.
Ni cc khc , PPP ci thm cc module xc thc. Theo cch ny,
chng ta c th xc thc ngun dng ca mnh theo cch chng ta
mun. V d, c th s dng , nhng th nh password, certificates,
tokens, PKI, Smartcards kerberos, biometrics (sinh trc hc) hoc a
chun xc thc ca chng ta vo. C mt chun m ngha l chng ta
c th kim sot c s pht trin khai trong tng lai bi v cc
phng thc tng li hin cha c pht minh lun lun c th c
thm vo EAP.
7.2 Khung 802.1x.
802.1x n gin l mt giao thc EAP hot ng mng c
dy v khng dy. 802.1x c 3 thnh phn c bn ca n:
- Supplicant : ngi s dng hoc client yu cu truy cp mng.
93
Vin i Hc M H Ni
n tt nghip
7.3 C ch xc thc.
Authenticators kim sot lu lng, thc t, chng ta hot ng
ging nh cc ca mt firewall ng. Nu chng ta khng c xc
thc, chng khng cho php bt k mt lu lng no ca chng ta i
qua ngoi tr cc bn tin 802.1x. Sau khi chng ta xc thc, lu lng
ca chng ta mi c cho php. Tt c iu ny c thc hin s
dng 2 cng o : 1 cng c iu khin v mt cng phi iu khin.
Cng phi iu khin ch c s dng bi authenticator giao tip
vi server xc thc. Cng c iu khin bt u vi trng thi khng
xc thc, ngn tt c cc lu lng. Sau khi client c xc thc, cng
SV thc hin : ng Bch Thy
94
Vin i Hc M H Ni
n tt nghip
95
Vin i Hc M H Ni
n tt nghip
96
Vin i Hc M H Ni
n tt nghip
97
Vin i Hc M H Ni
n tt nghip
98
Vin i Hc M H Ni
n tt nghip
a. MD5.
Phng thc EAP MD5, cung cp mc bo mt thp nht c th
v n l d nht thc thi. Phng thc ny, thng c gi l
CHAP trong cc ng dng PPP truyn thng l d b tn cng i vi
mt s loi tn cng bao gm tn cng t in kh n gin. Thm
na, cc password phi c lu gi trong mt biu r bi server.
Vn khc l n khng yu cu xc thc ln nhau, l im
yu cho nhng tn cng gia. Vic s dng xc thc mt chiu, AP
xc thc client, nhng client khng xc thc AP.
Trong bi cnh PPP truyn thng , iu ny c th c, mang li
quan h phc tp i vi vai tr ca mt server dial _up. Ni cch
khc, trong ng cnh dial_up, mt lng xc nh xc nhn tin cy l
mc nhin bi v client quay s tin chc rng server trn mt u cui
khc ca ng dy chnh l server h mun giao kt, bi v chng ta
l mt ngi quay s vo server.
99
Vin i Hc M H Ni
n tt nghip
b. LEAP.
Giao thc xc thc m rng hng nh LEAP cung cp c xc thc
ln nhau v to li kho m WEP ng. LEAP c thit k nh mt
gii php chuyn tip tin 802.1x bi Cisco trong nm 2000. thi
gian u trc khi WPA c thc thi rng ri, Cisco sm tp trung
vo vic to nn mt gii php bo mt mnh m, mm do thay th
WEP v cc yu im ca n.
Tht ng tic , giao thc ny khng phi l mt chun v thuc
s hu ring. Do , n ch c h tr trong thit b Cisco v khng
c chp nhn rng ri trong gii cng nghip. y thc s va l tin
SV thc hin : ng Bch Thy
100
Vin i Hc M H Ni
n tt nghip
c. TLS.
Bo mt lp chuyn ti i din cho kh nng bo mt mnh m
nht v kh khn nht trong trin khai. TLS cung cp xc thc ln
nhau, cng nh to li kho m WEP t ng. Giao thc thit lp mt
ng ng m ho / lung t u cui ti u cui cho vic truyn dn
tin cy ca ngi dng s dng PKI. Ni cch khc c client v server
phi s dng chng ch s to mt ng ng bo mt. Thm na,
c mt tin tt v xu . Khi gii php PKI cung cp mc bo mt cao
nht, vic trin khai mt h tng h tr y PKI l mt nhim v
cc k phc tp.
101
Vin i Hc M H Ni
n tt nghip
d. TTLS v PEAP.
TTLS v PEAP l m rng ca TLS. Vi cc phng thc ny,
AP c xc thc bi TLS, sau khi ngi dng c xc thc bi mt
ngi dng khc giao thc ng hm c thit lp. Ni cch khc,
TLS c s dng thit lp mt knh bo mt ( s dng chng ch
pha server), sau giao kt EAP khc c thit lp thng qua knh
bo mt xc thc ngi dng.
- TTLS :
Bo mt lp truyn s dng ng hm h tr xc thc ln nhau
v to li kho m WEP ng. Tuy nhin, khng ging TLS, TTLS ch
yu cu chng ch pha trn server m khng yu cu pha client.
Client c th c xc thc sau bng password. Do , TTLS gn
nh t c mc bo mt ca TLS, nhng n gin hn nhiu trong
trin khai.
- PEAP :
PEAP h tr xc thc ln nhau v to li kho m WEP ng v
ch yu cu chng ch pha server. Bi v vic xc thc client c thc
hin thng qua mt knh bo mt, n c th s dng phng thc t
bo mt hn xc thc client. Chng ta s dng mt chng ch server
xc thc server v sau chng ta c th dng phng thc EAP
khc xc thc client. Do , chng ta c th, trn l thuyt s dng
PEAP vi MS CHAP ver 2.0 v n s c bo mt v MS CHAP
c xy ra bn trong ng hm bo mt PEAP.
102
Vin i Hc M H Ni
n tt nghip
Phng
Hng xc
M Ho
phc
Bo mt
thc
WEP
tp trin
khng
dy
Km
thc
Da trn password
Xc thc mt
khng
khai
D dng
TLS
Xc thc da trn
chiu
Xc thc ln
Phc tp
Tt nht
TTLS/P
chng ch
Xc thc server
va phi
tt
EAP
MD5
103
Vin i Hc M H Ni
n tt nghip
104
Vin i Hc M H Ni
n tt nghip
105
Vin i Hc M H Ni
n tt nghip
106
Vin i Hc M H Ni
n tt nghip
b. Host-to-network.
Lc host to network xy ra khi ngi dng t xa truy cp
ti mng cng ty thng qua internet. Client di ng trc tin thit lp
kt ni Internet v sau khi to yu cu cho vic thit lp ng
hm bo mt vi gateway VPN ca cng ty. Khi vic xc thc c
hon tt, mt ng hm c thit lp thng qua mng cng cng v
SV thc hin : ng Bch Thy
107
Vin i Hc M H Ni
n tt nghip
108
Vin i Hc M H Ni
n tt nghip
c. Host to host.
Host to host l mt kin thc t thng dng nht , ch gm 2
host c truyn thng v m ha v khng m ha. Trong cu hnh
ng hm c thit lp gia 2 host tt c truyn thng gia chng
c m bo thng qua VPN. Mt v d thc t l mt server lu tr
sao lu t xa. C hai host c kt ni thng qua internet v d liu t
server trung tm c to nh ti server lu tr sao lu. Trong mng
khng dy , kin trc VPN host-to-host c p dng bo v cho
cc WLAN ad-hoc.
Hnh 4.8 : Kin trc host-to-host.
109
Vin i Hc M H Ni
n tt nghip
110
Vin i Hc M H Ni
n tt nghip
b. PPTP v L2TP.
Ngoi giao thc IPSEC cung cp cc dch v VPN , cn c s
dng 2 giao thc khc l PPTP (point to point Tunneling protocol)
v L2TP ( Layer 2 tunneling protocol). C hai giao thc ny c
tch hp sn trong Windows.
- PPTP
xc thc, PPTP h tr MS- CHAP, MS CHAP V2 v
EAP_TLS. Cc giao thc MS-CHAP va MS-CHAP V2 thc hin s
dng cc username v password. Giao thc EAP_TLS s dng
chng ch server v client, yu cu mt h tng PKI. MS CHAP v2
mnh hn nhiu MS_CHAP v cng cung cp xc thc ln nhau.
Khi uc s dng vi password mnh, MS-CHAP v2 thng c
xem nh mt la chn c th chp nhn c khi bn khng th
trin khai mt gii php bo mt no na nh IPSec. Khi bn s
MS- CHAP v2 im ct yu l i hi lut password mnh ( v d, 8
hay nhiu k t v hn hp c k t cao v thp, cc du, s v cc
k t c bit). EAP_TLS da trn cc chng ch xc thc, cung
cp phng thc mnh nht xc thc.
V pha client EAP_TLS ch c h tr bi Windows XP v
2000. MS-CHAP v2 c h tr bi Windows 95, 98, ME, NT4.0,
2000, XP v CE3.0 (poket PC2002) . Ch rng cc client windows
NT4 yu cu t nht l service pack 4 v cc client windows 95 yu
cu dial up networking 1.3 hoc hn v update bo mt.
111
Vin i Hc M H Ni
n tt nghip
- L2TP.
L2TP s dng PPP xc thc ngi dng phi hp vi IPSec
m ha d liu. Phng thc ny da trn h tng PKI, nh yu
cu c cc chng ch server v client, thm na l cc y nhim
username/password. ng thi L2TP v IPSec (thng c xem
nh L2TP/ IPSec) cung cp ton vn d liu v xc nhn trn tng
gi c bn. Cc client h tr sn l Windows XP v 2000. Vi
Window98 , ME , v NT4.0 Worrk status phi update patch.
L2PT thc hin u tin l vic xc lp tha thun IKE to
mt giao kt bo mt IPSec. Trong sut tha thun IKE, client v
server trao i cc chng ch v thit lp cc tham s bo mt, bao
gm phng thc xc thc v cc kha c s dng trong phin.
M ha d liu c cung cp bi b m ha khi d liu c
cung cp bi b m ha khi DES ( hay 3DES) vi kha 56 bit
(hoc 168bit vi 3DES).
112
Vin i Hc M H Ni
9.
n tt nghip
113
Vin i Hc M H Ni
n tt nghip
114
Vin i Hc M H Ni
n tt nghip
115
Vin i Hc M H Ni
n tt nghip
116
Vin i Hc M H Ni
n tt nghip
117
Vin i Hc M H Ni
n tt nghip
118
Vin i Hc M H Ni
n tt nghip
KT LUN
WLAN ngy cng pht trin v ng vai tr quan trng trong
cuc sng v cng vic do nhng c tnh m n em li.Chnh v s
tin li ca mng khng dy, nn n ang dn thay th cho cc h
thng mng c dy truyn thng. Tuy nhin WLAN do mi ra i nn
cn cha c th thch v cn cha ng nhiu vn trong n
nhng vn bo mt.
gp phn vo vic xy dng gii php bo mt mng khng
dy cho nhu cu pht trin mnh m ca mng khng dy, hin nay v
trong tng lai, ti Bo mt trong mng WLAN i vo nghin
cu vo mt s vn sau:
- Nghin cu l thuyt mng khng dy , phn tch cc c trng
ca mng khng dy, phng thc truyn dn, cc giao thc
mng, cc phng thc m ha bo mt sn c.
- Phn tch tnh d tn cng ca mng khng dy, cc im yu ca
mng v truyn dn cng nh m ha bo mt, phn tch v ch ra
cc nguy c v cc phng thc tn cng.
- a ra , phn tch cc phng thc khc phc im yu v m
ha bo mt, cc phng thc xc thc cho mng khng dy, h
thng VPN cho mng khng dy.
Mc d cc gii php bo mt a ra cn tnh khi qut, cha i
vo chi tit trin khai thc hin nhng n s gp phn cho vic la
chn gii php khi xy dng nn h thng mng khng dy mi hay
SV thc hin : ng Bch Thy
119
Vin i Hc M H Ni
n tt nghip
ng Bch Thy
120
Vin i Hc M H Ni
n tt nghip
02) Mng my tnh Lc dch v bin son : H Anh Phong, NXB Thng k
03) Frank
CRC Press,2003
10) Nathan J. Muller, Wireless A to Z, McGraw-Hill, 2003
11) Ramjee Prasad and Luis Muoz, WLANs And WPANs Towards 4G
Wireless, Artech House, 2003
12) Russell Dean Vines, Wireless Security Essentials, Wiley, 2002
13) Stewart S. Miller, Wi-Fi Security, McGraw-Hill, 2003
121
Vin i Hc M H Ni
n tt nghip
122