WEP - Bo mt cho mng khng dy

Trong nhng nm gn y, gii cng ngh thng tin chng kin s bng n ca nn cng nghip mng khng dy. Kh nng lin lc khng dy gn nh tt yu trong cc thit b cm tay (PDA), my tnh xch tay, in thoi di ng v cc thit b s khc. Vi cc tnh nng u vit v vng phc v kt ni linh ng, kh nng trin khai nhanh chng, gi thnh ngy cng gim, mng khng dy tr thnh mt trong nhng gii php cnh tranh c th thay th mng Ethernet LAN truyn thng. Tuy nhin, s tin li ca mng khng dy cng t ra mt th thch ln v bo mt ng truyn cho cc nh qun tr mng. u th v s tin li ca kt ni khng dy c th b gim st do nhng kh khn ny sinh trong bo mt mng. Khi thit k cc yu cu k thut cho mng khng dy, chun 802.11 ca IEEE tnh n vn bo mt d liu ng truyn qua phng thc m ha WEP. Phng thc ny c a s cc nh sn xut thit b khng dy h tr nh mt phng thc bo mt mc nh. Tuy nhin, nhng pht hin gn y v im yu ca chun 802.11 WEP gia tng s nghi ng v mc an ton ca WEP v thc y s pht trin ca chun 802.11i. Tuy vy, a phn cc thit b khng dy hin ti v ang s dng WEP v n s cn tn ti kh lu trc khi chun 802.11i c chp nhn v trin khai rng ri. Trong phm vi bi vit ny, tc gi mun trnh by s lc v khi nim v phng thc hot ng ca giao thc WEP, cc im yu v cch phng chng, ng thi a ra mt phng php cu hnh WEP ti u cho h thng mng va v nh. Giao thc WEP WEP (Wired Equivalent Privacy) ngha l bo mt tng ng vi mng c dy (Wired LAN). Khi nim ny l mt phn trong chun IEEE 802.11. Theo nh ngha, WEP c thit k m bo tnh bo mt cho mng khng dy t mc nh mng ni cp truyn thng. i vi mng LAN (nh ngha theo chun IEEE 802.3), bo mt d liu trn ng truyn i vi cc tn cng bn ngoi c m bo qua bin php gii hn vt l, tc l hacker khng th truy xut trc tip n h thng ng truyn cp. Do chun 802.3 khng t ra vn m ha d liu chng li cc truy cp tri php. i vi chun 802.11, vn m ha d liu c u tin hng u do c tnh ca mng khng dy l khng th gii hn v mt vt l truy cp n ng truyn, bt c ai trong vng ph sng u c th truy cp d liu nu khng c bo v. THUT NG Phng thc m ha dng (stream cipher): Phng thc m ha d liu theo tng bit. i nghch vi phng thc m ha khi (block cipher), m ha d liu theo tng khi d liu (thng thng l 64 bit). Nh vy, WEP cung cp bo mt cho d liu trn mng khng dy qua phng thc m ha s dng thut ton i xng RC4, c Ron Rivest - thuc hng RSA Security Inc ni ting - pht trin. Thut ton RC4 cho php chiu di ca kha thay i v c th ln n 256 bit. Chun 802.11 i hi bt buc cc thit b WEP phi h tr chiu di kha ti thiu l 40 bit, ng thi m bo ty chn h tr cho cc kha di hn. Hin nay, a s cc thit b khng dy h tr WEP vi ba chiu di kha: 40 bit, 64 bit v 128 bit.

Vi phng thc m ha RC4, WEP cung cp tnh bo mt v ton vn ca thng tin trn mng khng dy, ng thi c xem nh mt phng thc kim sot truy cp. Mt my ni mng khng dy khng c kha WEP chnh xc s khng th truy cp n Access Point (AP) v cng khng th gii m cng nh thay i d liu trn ng truyn. Tuy nhin, gn y c nhng pht hin ca gii phn tch an ninh cho thy nu bt c mt s lng ln nht, nh d liu m ha s dng WEP v s dng cng c thch hp, c th d tm c chnh xc kha WEP trong thi gian ngn. im yu ny l do l hng trong cch thc WEP s dng phng php m ha RC4. Hn Ch ca WEP Do WEP s dng RC4, mt thut ton s dng phng thc m ha dng (stream cipher), nn cn mt c

ch m bo hai d liu ging nhau s khng cho kt qu ging nhau sau khi c m ha hai ln khc nhau. y l mt yu t quan trng trong vn m ha d liu nhm hn ch kh nng suy on kha ca hacker. t mc ch trn, mt gi tr c tn Initialization Vector (IV) c s dng cng thm vi kha nhm to ra kha khc nhau mi ln m ha. IV l mt gi tr c chiu di 24 bit v c chun IEEE 802.11 ngh (khng bt buc) phi thay i theo tng gi d liu. V my gi to ra IV khng theo nh lut hay tiu chun, IV bt buc phi c gi n my nhn dng khng m ha. My nhn s s dng gi tr IV v kha gii m gi d liu. Cch s dng gi tr IV l ngun gc ca a s cc vn vi WEP. Do gi tr IV c truyn i dng khng m ha v t trong header ca gi d liu 802.11 nn bt c ai "tm c" d liu trn mng u c th thy c. Vi di 24 bit, gi tr ca IV dao ng trong khong 16.777.216 trng hp. Nhng chuyn gia bo mt ti i hc California-Berkeley pht hin ra l khi cng gi tr IV c s dng vi cng kha trn mt gi d liu m ha (khi nim ny c gi nm na l va chm IV), hacker c th bt gi d liu v tm ra c kha WEP. Thm vo , ba nh phn tch m ha Fluhrer, Mantin v Shamir (FMS) pht hin thm nhng im yu ca thut ton to IV cho RC4. FMS vch ra mt phng php pht hin v s dng nhng IV li nhm tm ra kha WEP. Thm vo , mt trong nhng mi nguy him ln nht l nhng cch tn cng dng hai phng php nu trn u mang tnh cht th ng. C ngha l k tn cng ch cn thu nhn cc gi d liu trn ng truyn m khng cn lin lc vi Access Point. iu ny khin kh nng pht hin cc tn cng tm kha WEP y kh khn v gn nh khng th pht hin c. Hin nay, trn Internet sn c nhng cng c c kh nng tm kha WEP nh AirCrack (hnh 1), AirSnort, dWepCrack, WepAttack, WepCrack, WepLab. Tuy nhin, s dng nhng cng c ny i hi nhiu kin thc chuyn su v chng cn c hn ch v s lng gi d liu cn bt c. Gii php WEP ti u Vi nhng im yu nghim trng ca WEP v s pht tn rng ri ca cc cng c d tm kha WEP trn Internet, giao thc ny khng cn l gii php bo mt c chn cho cc mng c mc nhy cm thng tin cao. Tuy nhin, trong rt nhiu cc thit b mng khng dy hin nay, gii php bo mt d liu c h tr ph bin vn l WEP. D sao i na, cc l hng ca WEP vn c th c gim thiu nu c cu hnh ng, ng thi s dng cc bin php an ninh khc mang tnh cht h tr. gia tng mc bo mt cho WEP v gy kh khn cho hacker, cc bin php sau c ngh: S dng kha WEP c di 128 bit: Thng cc thit b WEP cho php cu hnh kha ba di: 40 bit, 64 bit, 128 bit. S dng kha vi di 128 bit gia tng s lng gi d liu hacker cn phi c phn tch IV, gy kh khn v ko di thi gian gii m kha WEP. Nu thit b khng dy ca bn ch h tr WEP mc 40 bit (thng gp cc thit b khng dy c), bn cn lin lc vi nh sn xut ti v phin bn cp nht firmware mi nht. Thc thi chnh sch thay i kha WEP nh k: Do WEP khng h tr phng thc thay i kha t ng nn s thay i kha nh k s gy kh khn cho ngi s dng. Tuy nhin, nu khng i kha WEP thng xuyn th cng nn thc hin t nht mt ln trong thng hoc khi nghi ng c kh nng b l kha. S dng cc cng c theo di s liu thng k d liu trn ng truyn khng dy: Do cc cng c d kha WEP cn bt c s lng ln gi d liu v hacker c th phi s dng cc cng c pht sinh d liu nn s t bin v lu lng d liu c th l du hiu ca mt cuc tn cng WEP, nh ng ngi

qun tr mng pht hin v p dng cc bin php phng chng kp thi. Tng lai ca WEP Nh c cp trong cc phn trn, WEP (802.11) khng cung cp bo mt cn thit cho a s cc ng dng khng dy cn an ton cao. Do s dng kha c nh, WEP c th c b kha d dng bng cc cng c sn c. iu ny thc y cc nh qun tr mng tm cc gii php WEP khng chun t cc nh sn xut. Tuy nhin, do nhng gii php ny khng c chun ha nn li gy kh khn cho vic tch hp cc thit b gia cc hng sn xut khc nhau. Hin nay, chun 802.11i ang c pht trin bi IEEE vi mc ch khc phc cc im yu ca WEP v tr thnh chun thay th hon ton cho WEP khi c chp thun v trin khai rng ri. Nhng thi im chun 802.11i c thng qua chnh thc vn cha c cng b. Do vy, hip hi WiFi ca cc nh sn xut khng dy xut v ph bin rng ri chun WPA (WiFi Protected Access) nh mt bc m trc khi chnh thc trin khai 802.11i. V phng din k thut, chun WPA l bn sao mi nht ca 802.11i v m bo tnh tng thch gia cc thit b t cc nh sn xut khc nhau. Ti thi im hin nay, mt s cc thit b WiFi mi h tr WPA, WPA2 gii quyt c vn bo mt ca WEP. Kt lun Mc d c nhng nhc im nghim trng, bo mt WEP vn tt hn l khng dng c ch m ha no cho mng khng dy! WEP c th c xem nh mt c ch bo mt mc thp nht, cn thit c trin khai khi khng th s dng cc bin php khc tt hn. iu ny ph hp cho cc tnh hung s dng cc thit b khng dy c cha c h tr WPA, hoc cc tnh hung c yu cu v bo mt thp nh mng khng dy gia nh, mng khng dy cng ng...