IEEE 802.11i安全分析和改进设计
|
摘要
无线局域网是无线通信领域发展最有前景的领域,但由于其使用的通信媒体具有开放性的特点,使得它更容易遭受各种攻击。建立与完善一种可靠的面向无线网的安全标准成为亟待解决的关键问题。
无线局域网的安全协议标准正从802.11向802.11i过渡。本文在简单回顾802.11协议的基础上对802.11i协议从安全能力发现、认证和访问控制、动态密钥管理和安全数据传输这几个方面进行了全面的分析和研究。研究表明,当采用CCMP协议时,数据的保密性和完整性得到了大大的加强。另外,由802.1x认证和密钥管理组合起来的认证过程对设备进行了双向认证,并产生新的会话密钥用于数据的传输。综合起来,802.11i从加密和认证等方面显著地加强了无线局域网的安全性能。
但802.11i也存在着在实用中可能产生的安全漏洞。本文主要(?)该协议未受保护的管理帧和控制帧进行研究,分析了源于该漏洞的两种攻击方法:认证阶段的中间人攻击、四步握手阶段的拒绝服务攻击。
针对认证阶段的中间人攻击本文提出新的基于隧道的改进认证方法。并在liunx环境下利用开源代码hostap、freeradius等构建了802.1x/EAP-TTLS认证服务器平台,设计了一个基于EAP-TTLS的客户请求端,验证了基于隧道认证的可行性。
针对拒绝服务攻击,本文在研究他人提出的两种改进方案的基础上,提出新的基于数字信封加密的改进方案,通过同时使用PMK加密和公钥加密来实现安全传递产生PTK的参数和身份鉴别的目的。
本课题的研究成果为802.11i安全标准的不断完善提供了理论分析的依据和有效的改进建议,可促进该协议体系的不断发展。
Wireless LAN with the best visions of the future in all developing fields of wireless communication is attacked easily, for the communication medias used with the open media. It's a key problem which needs to be solved urgently on eatablishing and perfecting a kind of reliable-orientated wireless LAN security standard.
The WLAN's security protocol standard are transiting from 802.11 to 802.11i. on the basic of looking back the 802.11 protocol simply, the paper analyed and studied completely on the security 802.11i protocol following ht aspects like this : security capbility discovery, authentication and access control, dynamic key management, data transfer. The result showed that using the CCMP protocol will enhance the data more safe and comprehensive. In addition, an authentication process, combining the 802.1X authentication and key management procedures, is performed to mutually authenticate the devices and generate a fresh session key for data transmissions. Therefor, an implementation of 802.11i protocols in a WLAN enhanced the security in the WLAN.
Unfortunately, as the 802.11i does not emphasize availability, there are several loopholes. The paper mainly studied the unprotected management frame and control frame and anallysised the two kinds attack ways from the loophole:Man-in-the-Middle attack on the authentication stage,Dos attack on the 4-way Handshaking.
The paper provided a new improved authentication methed based on the tunnel and used the source code (such as hostap,freeradius) to build a 802.1x/EAP-TTLS authentication platform and designed a client software testing the feasiability of tunnel authentication under linux system.
The paper provided a new proved plan basing on the two kinds of plan improved and provided by others.To attain the goal of transmising the parameter which produce PTK safelyand identity authentication by using PMK and public key.
What is achieved in this paper not only presents some formal analysis and effective solution to 802.11 i standard's leak, but also contributes to improvement of this standard.
无线局域网的安全协议标准正从802.11向802.11i过渡。本文在简单回顾802.11协议的基础上对802.11i协议从安全能力发现、认证和访问控制、动态密钥管理和安全数据传输这几个方面进行了全面的分析和研究。研究表明,当采用CCMP协议时,数据的保密性和完整性得到了大大的加强。另外,由802.1x认证和密钥管理组合起来的认证过程对设备进行了双向认证,并产生新的会话密钥用于数据的传输。综合起来,802.11i从加密和认证等方面显著地加强了无线局域网的安全性能。
但802.11i也存在着在实用中可能产生的安全漏洞。本文主要(?)该协议未受保护的管理帧和控制帧进行研究,分析了源于该漏洞的两种攻击方法:认证阶段的中间人攻击、四步握手阶段的拒绝服务攻击。
针对认证阶段的中间人攻击本文提出新的基于隧道的改进认证方法。并在liunx环境下利用开源代码hostap、freeradius等构建了802.1x/EAP-TTLS认证服务器平台,设计了一个基于EAP-TTLS的客户请求端,验证了基于隧道认证的可行性。
针对拒绝服务攻击,本文在研究他人提出的两种改进方案的基础上,提出新的基于数字信封加密的改进方案,通过同时使用PMK加密和公钥加密来实现安全传递产生PTK的参数和身份鉴别的目的。
本课题的研究成果为802.11i安全标准的不断完善提供了理论分析的依据和有效的改进建议,可促进该协议体系的不断发展。
Wireless LAN with the best visions of the future in all developing fields of wireless communication is attacked easily, for the communication medias used with the open media. It's a key problem which needs to be solved urgently on eatablishing and perfecting a kind of reliable-orientated wireless LAN security standard.
The WLAN's security protocol standard are transiting from 802.11 to 802.11i. on the basic of looking back the 802.11 protocol simply, the paper analyed and studied completely on the security 802.11i protocol following ht aspects like this : security capbility discovery, authentication and access control, dynamic key management, data transfer. The result showed that using the CCMP protocol will enhance the data more safe and comprehensive. In addition, an authentication process, combining the 802.1X authentication and key management procedures, is performed to mutually authenticate the devices and generate a fresh session key for data transmissions. Therefor, an implementation of 802.11i protocols in a WLAN enhanced the security in the WLAN.
Unfortunately, as the 802.11i does not emphasize availability, there are several loopholes. The paper mainly studied the unprotected management frame and control frame and anallysised the two kinds attack ways from the loophole:Man-in-the-Middle attack on the authentication stage,Dos attack on the 4-way Handshaking.
The paper provided a new improved authentication methed based on the tunnel and used the source code (such as hostap,freeradius) to build a 802.1x/EAP-TTLS authentication platform and designed a client software testing the feasiability of tunnel authentication under linux system.
The paper provided a new proved plan basing on the two kinds of plan improved and provided by others.To attain the goal of transmising the parameter which produce PTK safelyand identity authentication by using PMK and public key.
What is achieved in this paper not only presents some formal analysis and effective solution to 802.11 i standard's leak, but also contributes to improvement of this standard.
引文
[1]Jon Edney,William A.Arbaugh著.无线局域网安全实务-WPA与802.11i.北京:人民邮电出版社,2006
[2]曹秀英,耿嘉,沈平著.无线局域网安全系统.北京:电子工业出版社,2004
[3]Fluhrer,S.I.Mantin,and A.Shamir.Weaknesses in the key schedule algorithm of RC4.in Proc.4~(th)Annual workshop on selected Areas of Cryptography,2001
[4]IEEE 802.11i D3.0,Specification for Enhanced Security.http://www.cs.umd.edu/-mhshin/doc/802.11/802.11i-D3.0.pdf,November 2002
[5]马建峰,朱建明编著.无线局域网安全-方法与技术.北京:机械工业出版社,2005
[6]Dorothy Stanley.Compilation Of TKIP Meeting Notes IEEE802.11,Feb 6,2002
[7]James Nechvatal,Elaine Barker,Lawrence Bassham,William Burr.Advanced Encryption Standard(AES).Report on the Development of the October 2,2000
[8]IEEE Std 802.1X-2001,"Port-Based Network Access Control",IEEE-SAStandards Board 2001
[9]C.Rigney,S.Willens,A.Rubens,W.Simpson."Remote Authentication Dial In User Services(RADIUS)",RFC2865,June 2000
[10]Aboba,B.and Simon,D.IETF RFC 2716,PPP EAP TLS Authentication Protocol.October.IETF.1999
[11]江林.无线局域网安全与认证的研究和公用WLAN应用.西安:西安电子科技出版社,2003
[12]N.Asokan.Man-in-the-Middle in Tunneled Authentication Protocols.http://eprint.iacr.org
[13]Paul.draft-ietf-pppext-eap-ttls-05.Funk.july 2004
[14]张志峰.EAP-TTLs认证方式在WLAN中的应用研究:[武汉理工大学硕士论文].2006
[15]高晓琦.802.1x协议分析及windows平台下客户端设计:[武汉大学硕士论文].2004
[16]hostap project.http://hostap.epitest.fi/
[17]OpenSSL project.http://www.openssl.org
[18]FreeRadius project.http://www.freeradius.org
[19]C.Rigney,S.Willens,A.Rubens,W.Simpson.“Remote Authentication Dial In User Services(RADIUS)”,RFC2865,June 2000
[20]李善平,陈文智.边干边学-Linux内核指导.浙江大学出版社.2002
[21]J.Bellardo,S.Savage.802.11Denial-of-Service Attacks:Real Vulnerabilities and Practical Solutions.In Proceedings of the USENIX Security Symposium:15-28,2003-8
[22]Changhua He,John C Mitchell.Analysis of the 802.11i 4-Way Handshake.In Proceedings of the Third ACM International Workshop on Wireless Security:43-51,2004-10
[23]Hayriye Altunbasak,Henry Owen.Alternative Pair-wise Key Exchange Protocols for Robust Security Networks(802.11i)in Wireless LANs.In Proceedings of IEEE SoutheastCon 2004:3-9,2004-5
[24]Bruce Schneier著,吴世忠等译.应用密码学-协议、算法与C源程序(第二版).北京:机械工业出版社.2005-11
[2]曹秀英,耿嘉,沈平著.无线局域网安全系统.北京:电子工业出版社,2004
[3]Fluhrer,S.I.Mantin,and A.Shamir.Weaknesses in the key schedule algorithm of RC4.in Proc.4~(th)Annual workshop on selected Areas of Cryptography,2001
[4]IEEE 802.11i D3.0,Specification for Enhanced Security.http://www.cs.umd.edu/-mhshin/doc/802.11/802.11i-D3.0.pdf,November 2002
[5]马建峰,朱建明编著.无线局域网安全-方法与技术.北京:机械工业出版社,2005
[6]Dorothy Stanley.Compilation Of TKIP Meeting Notes IEEE802.11,Feb 6,2002
[7]James Nechvatal,Elaine Barker,Lawrence Bassham,William Burr.Advanced Encryption Standard(AES).Report on the Development of the October 2,2000
[8]IEEE Std 802.1X-2001,"Port-Based Network Access Control",IEEE-SAStandards Board 2001
[9]C.Rigney,S.Willens,A.Rubens,W.Simpson."Remote Authentication Dial In User Services(RADIUS)",RFC2865,June 2000
[10]Aboba,B.and Simon,D.IETF RFC 2716,PPP EAP TLS Authentication Protocol.October.IETF.1999
[11]江林.无线局域网安全与认证的研究和公用WLAN应用.西安:西安电子科技出版社,2003
[12]N.Asokan.Man-in-the-Middle in Tunneled Authentication Protocols.http://eprint.iacr.org
[13]Paul.draft-ietf-pppext-eap-ttls-05.Funk.july 2004
[14]张志峰.EAP-TTLs认证方式在WLAN中的应用研究:[武汉理工大学硕士论文].2006
[15]高晓琦.802.1x协议分析及windows平台下客户端设计:[武汉大学硕士论文].2004
[16]hostap project.http://hostap.epitest.fi/
[17]OpenSSL project.http://www.openssl.org
[18]FreeRadius project.http://www.freeradius.org
[19]C.Rigney,S.Willens,A.Rubens,W.Simpson.“Remote Authentication Dial In User Services(RADIUS)”,RFC2865,June 2000
[20]李善平,陈文智.边干边学-Linux内核指导.浙江大学出版社.2002
[21]J.Bellardo,S.Savage.802.11Denial-of-Service Attacks:Real Vulnerabilities and Practical Solutions.In Proceedings of the USENIX Security Symposium:15-28,2003-8
[22]Changhua He,John C Mitchell.Analysis of the 802.11i 4-Way Handshake.In Proceedings of the Third ACM International Workshop on Wireless Security:43-51,2004-10
[23]Hayriye Altunbasak,Henry Owen.Alternative Pair-wise Key Exchange Protocols for Robust Security Networks(802.11i)in Wireless LANs.In Proceedings of IEEE SoutheastCon 2004:3-9,2004-5
[24]Bruce Schneier著,吴世忠等译.应用密码学-协议、算法与C源程序(第二版).北京:机械工业出版社.2005-11