《无线网络资料》由会员分享,可在线阅读,更多相关《无线网络资料(16页珍藏版)》请在金锄头文库上搜索。
1、 SANS Institute 2002, Author retains full rights.Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 SANS Institute 2002,As part of the Information Security Reading Room.Author retains full rights.Page 1 of 16 GIAC S
2、ecurity Essentials Certification (GSEC) Practical Assignment Version 1.4 802.11, 802.1x, and Wireless Security J. Philip Craiger June 23, 2002 Abstract Wireless local area networks are increasingly deployed by businesses, government, and SOHO users because of the freedom wireless communications affo
3、rd and the decreasing costs of the underlying technology. Current security mechanisms for maintaining the confidentiality, integrity, and availability of wireless communications are problematic, however. For example, although the 1997 IEEE 802.11 wireless standard specifies both an authentication se
4、rvice and encryption protocol, sources have demonstrated these to be severely flawed, leaving wireless communications open to several types of attacks. Recent security standards, such as the IEEE 802.1x, intend to provide solutions to these security defects. However, sources have shown that even the
5、 new standards are flawed, allowing attackers to perpetrate both active as well as passive attacks. This paper focuses on a description and analysis of the security standards described in the IEEE 802.11 and 802.1x standards, as well as some of the inherent problems with the security mechanisms defi
6、ned in the standards. Recommendations for securing wireless networks are provided. SANS Institute 2002, Author retains full rights.Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 SANS Institute 2002,As part of th
7、e Information Security Reading Room.Author retains full rights.Page 2 of 16 Introduction to IEEE 802.11 Standard In 1997 the Institute of Electrical and Electronics Engineers (IEEE) Working Group for Wireless Standards passed the first standards for wireless communications in the United States. The
8、standard, IEEE 802.11 (IEEE, 1997), provides a common standard that allows vendors to create wireless technologies that are interoperable. WLANs are similar to wired LANs only communications among elements on the network is accomplished through wireless transmissions, typically radio waves, as oppos
9、ed to the more common wired, physical connections. 802.11-based WLANs may run in one of two modes. A WLAN running in infrastructure mode (or Basic Service Set; BSS) is comprised of clients or stations, i.e., computers with wireless network interface cards (NICs), and access points (APs). APs act as
10、bridges between the wired and wireless networks. The second mode is the ad-hoc mode (or Independent Basic Service Set, IBSS) where clients communicate directly with other clients without an intervening AP (Nicholls 2. Access control, through the option to discard improperly encrypted packets and thr
11、ough authentication mechanisms; and 3. Data integrity, i.e., preventing tampering with transmissions through the use of a data checksum. WEP Mechanics The original 802.11 standard stipulates a 40-bit WEP key. Cryptographically stronger 104-bit keys implementations are provided by a number of WLAN ve
12、ndors. Figure 1 graphically illustrates WEP. Figure 1. WEP Illustrated adapted from Loeb, 2001. WEP functions as follows: 1. A secret key (either 40- or 104-bits) is concatenated with a 24-bit initialization vector (IV) resulting in a 64- or 128-bit key. An IV is added to the secret key in each pack
13、et to ensure that each packet has a different RC4 key (given that the secret key doesnt change frequently) SANS Institute 2002, Author retains full rights.Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 SANS Inst
14、itute 2002,As part of the Information Security Reading Room.Author retains full rights.Page 4 of 16 2. The key from (1) is input into the RC4 PRNG (pseudorandom number generator), resulting in pseudorandom keystream of the same length as the initial key (i.e., either 64 or 128 bits). 3. The plaintex
15、t (data) is run through an integrity checking algorithm resulting in a checksum. This checksum (the CRC in Figure 1) is concatenated onto the plaintext so that the integrity of the information may be checked by the decrypting party. 4. The data vector, i.e., data + checksum vector from step (3), is
16、encrypted by doing a bitwise XOR with the keystream from step (2) above, which results in the ciphertext. 5. The IV is appended to the ciphertext and the result is transmitted via wireless. Note that the 802.11 standard does not specify any type of key management, meaning that vendors are free to implement key management as they like. In practice, key management is handled manually by systems adminis