-
(WLAN)WLAN(Access Point)?Port-based - 802.1X 9-1 9.1.1 9.1.2 9-2
9.2.1 WEP 9.2.2 802.1X+WEP 9.2.3 WPA 9.2.4 WPA29-3 802.1X
(Port-based ) 9.3.1 9.3.2 IEEE 802.1x 9.3.3 Extensible
Authentication Protocol (EAP)
-
9.1.1 (WWAN)WWAN (Wireless Wide Area Network)(WLAN)WLAN
(Wireless Local Area Network)WLANLAN802.11(WPAN)WPAN (Wireless
Personal Area Network)(PDA)(Bluetooth)WPAN
-
9.1.1 IEEE 802.11IEEEIEEE
802.11a802.11b802.11g802.11a1999IEEE5GHz
ISM54Mbit/s802.11a128432Mbps4802.11b1999IEEE2.4GHz
ISM11Mbit/s802.11b125.511Mbps802.11g2003IEEE2.4GHz
ISM54Mbit/s802.11g
-
9.1.1 802.11 IEEE (Authentication)
(1) (Open System Authentication)SSID (Service Set ID)Windows XP
(Access Point)SSID
(2) (Closed System Authentication)SSIDSSIDSSID
(3) (Shared-Key Authentication)Shared KeyWEP (Wired Equivalent
Privacy)WEPKeyAPClient
-
9.1.1 (Confidentiality) IEEEWired Equivalent Privacy
(WEP)WEPWEPWPAWPA2
(Integrity) 802.11802CRC Checksum
-
9.1.2 802.11WEPIEEEWEPWEPWEP9.2WEP
Network Attacks
Passive Attack
Active Attack
Eavesdropping
Traffic Analysis
Masquerade
Replay
Message Modification
DoS
-
9.1.2 TelnetTelnet(Access Point)Telnet
TFTPTrivial File Transfer Protocol (TFTP):TFTPAccess
PointWEP
WWWWWWWWW
-
9.1.2 SNMPSimple Network Management Protocol (SNMP)
SNMPSNMPSNMP(SNMP Community
String)(PublicPrivate)(PublicPrivate)
(Access Point)SSID
-
9.1.2 WEPWEPWEPWEP
SSID(SSID)
(Buffer overflow)(Access Point)
-
9.1.2
Denial of Service (DoS)DeauthenticationDisassociationTCP RST
(MITM)Man-In-The-Middle ()Man-In-The-Middle
-
9.2 WEP (Wired Equivalent Privacy)802.1x EAPWPA (Wi-Fi Protected
Access)WPA2
-
9.2.1 WEPWEP(Symmetric Cryptography System)40-bits104-bitsWEPRC4
PRNG()(Key Stream)XORWEPCRC-32IV Generator24-bits IV
(Initialization
vector)IVRC41XOR()24-bitsIVWEPIVIVRC4XOR()CRC-32
IV Generator
ShareKey(40 or104 bits)
IV (24bits)
RC4Algorithm
ICV
Plaintext
CRC-32Algorithm
Plaintext
||
||
CRC-32Algorithm
RC4Algorithm
||
IV
Plaintext
Key Stream
Key Stream
ICV
ICV = ICV?
||
Seed
Seed
Air
Ciphertext || IV
ShareKey(40 or104 bits)
Ciphertext || IV
Plaintext || ICV
-
9.2.1.1 RC4 Algorithm1987RSA SecurityRon RivestRC4 (Stream
Cipher)(Secure Socket Layer)WEPRC4
RC4(Pseudo random number generator)XOR(K)0255bytes(key)(Key
Stream)(Plaintext)XOR
RC4(Key Stream)(Stream Cipher)
Plaintext
Ciphertext
Plaintext
key
key
K
K
- 9.2.1.1 RC4 Algorithm/* Initialization */1. for i=0 to 255 do2.
S[i] = i/* Permutation of S */1. j=0;2. for i=0 to 255 do3. j= (j +
S[i] + K[ i mod keylen]) mod 256;4. swap(S[i], S[j]);/* Stream
generation */1. i, j=0;2. while (true)3. i= ( i + 1) mod 256;4. j=
( j + S[i] ) mod 256;5. swap( S[i], S[j] );6. key= S[ S[i] + S[j]
mod 256];/* (Initialization & Permutation of S)*//* (Stream
generation) */Vector S[256]: 0~255Variable keylen: (0
- 9.2.1.2 WEP(IV) IVWEP24bitsIV224IV(
-
9.2.2 WEP+802.1XWEPWEP KeyWEP KeyIETF802.1XRADIUS ServerWEP
KeyWEP KeyWEP KeyWEP KeyWEP KeyWEP KeyWEP802.1XWEP keyWEP KeyWEP
KeyWEP KeyWEP Key
-
9.2.3 WPAIEEE 802.11i(WPA2)WEPIEEE 802.11iWIFIWIFI Protected
Access (WPA)IEEE 802.11i DraftIEEE 802.11iWEPWPAWPA2(RADIUS)Access
Point(Presharekey)WPATKIP (Temporal Key Integrity
Protocol)WEP24-bitIV24bits48-bit IVIV WPA2AESAESAESWPA2WPAMIC
(Message Integrity Code/Michael)WPA2CCM (Counter with CBC-MAC, IETF
RFC 3610)WikiPedia
-
9.2.3.1 TKIP WPAWEP48bitsIVTKIPWEP128bitsWEPWEP KeyIVRC4TKIP
Sequence CounterTransmitter
AddressTemporalPhase1Phase2MichaelMichaelMICMICMICCRC-32ICVTTAK :=
Phase1(TSC, TA, TK)WEP Seed := Phase2(TTAK, TSC, TK)TTAK :=
Phase1(TSC, TA, TK)WEP Seed := Phase2(TTAK, TSC, TK)
CRC
Payload
IV
ICV
48Bits
Ciphertext
16Bits
RC4
Keystream
Phase 1KeyMixing
Michael
Phase 2KeyMixing
Payload|| MIC || ICV
MIC
128Bits WEP Key
Temporal Key (128 Bits)
32Bits
Transmitter Address (48 Bits)
First 80Bits
TKIP Sequence Counter (48bit)
80Bits
Last 24Bits
DA||SA||Payload
MIC Key(64bits)
||
Phase 1KeyMixing
Payload
ICV= ICV?
Phase 2KeyMixing
RC4
Temporal Key (128 Bits)
32Bits
Transmitter Address (48 Bits)
First 80Bits
TKIP Sequence Counter (48bit)
80Bits
Last 24Bits
MIC Key(64 bits)
DA||SA||Payload
Michael
Payload|| MIC || ICV
MIC= MIC?
128Bits WEP Key
CRC
16Bits
Ciphertext
-
9.2.4 WPA2: CCMPCounter Mode with Cipher Block Chaining MAC
Protocol (CCMP)802.1i128CCMAESRFC 3610Computation of some
cryptographic parameters prior to the receipt of packets to enable
fast comparisons when they arrive, which reduces latency Small
security-related packet overhead()Counter ModeCounterMX=(CX)
DK(Counter+X)CBC ModeBlockX=DK(CX) CX-1, C0=IV1()
Counter
Counter+1
AES
AES
M1
XOR
XOR
K
K
C0
C1
M0
Block1
Block2
IV
Encryption
Enryption
XOR
XOR
C1
C2
-
9.2.4.1 CCMP(PN, Packet Number)PNnonceTemporal
Key(TK)KeyIDPNCCMAdditional Authentication
Data(AAD)22bytes28bytesQoSAADnonceCCMTemporal
Key(TK)CCMAADnoncePNA2(Transmit address)PrioritynonceCCMTemporal
Key(TK)AADnonceMICMICPNPNPN
MAC header
Data
Plaintext MPDU
Increment PN
Construct CCMP Header
Construct Nonce
Construct AAD
CCM Encryption
AES
MAC header
CCM header
Ciphertext MPDU
Encrypted Data
MIC
PN(48 bits)
KeyID(48 bits)
A2Priority
TK(128bits)
nonce
AAD
Key=16 octer, MIC= 8 octer, Length=2 octer
MAC header
CCM header
MAC header
Data
Plaintext MPDU
PN(48bits)
Construct Nonce
Construct AAD
CCM Encryption
AES
Ciphertext MPDU
Encrypted Data
MIC
PN(48 bits)
A2, Priority
TK(128bits)
MPDUOK
nonce
AAD
Key=16 octer, MIC= 8 octer, Length=2 octer
PN Check
-
9.2.4.2 WPAPairwise Keys Group Keys
-
9.2.4.2.1 Pairwise Key Policy Decision
PointSupplicantAuthentication Server (AS)Policy Enforcement
PointPolicy Enforcement PointAccess Point (AP)Policy Decision
PointSupplicantMK (Master Key)SupplicantAS(Session key)PMK
(Pairwise Master
Key)SupplicantASMKASAPMKAPASSupplicantPMK=PreShareKeySupplicantAP802.11SessionPTK
( Pairwise Transient Key)SupplicantAPPMKKCKKEKTK
Supplicant
AuthenticationServer
Authenticator
Pairwise Transient Key(PTK)
Pairwise Master Key(PMK)
TLS-PRF(MK, Client EAP encryption|| STAHello.random ||
ASHello.random)
TLS-PRF(PreMasterKey, master secret|| STAHello.random
||ASHello.random)
PersonalMode
Master Key (MK)
PRF-X(PMK, Pairwise Key expansion|| Min(AP MAC Addr., STA MAC
Addr.) || Max(AP MAC Addr., STA MAC Addr.) || Min(Anonce, Snonce)
|| Max(Anonce, Snonce)
PreShareKey
-
9.2.4.2.1 PTK4-WaySupplicantASPMKAuthenticatorPairwise Transient
Key4-Way(TK)4-WayAuthenticatorAnonceSupplicantSupplicantReplay
Counter(Sequence number)EAPoL-KeySnoncePMKAnonceAPMAC PTK
SupplicantSnonceMIC(2)RSN IE( Robust Security Network Information
Element)AuthenticatorAuthenticator3Replay
CounterEAPoL-KeyPTKAuthenticator: PTKPTKKCK()MICReplay
RequiredMICRSN IE( Robust Security Network Information
Element)Supplicant Supplicant5Replay
CounterEAPoL-KeyAuthenticatorRSN IEMICSupplicant6Authenticator TK(
Temporal Key)
-
9.2.4.2.1
PTK4-Way4-WayPMKSupplicantAuthenticator802.1XASPMKAuthentication
Server4-WaySupplicantAuthenticator:SupplicantPTK4-WayAuthenticatorSupplicant:
AuthenticatorPTK
-
9.2.4.2.1 PTK ( Pairwise Transient Key)KCK (Key Confirmation
Key) 128BitsIEEE 802.1X4-WayKEK (Key Encryption Key)
128BitsEAPOL-Key() 4-WayTK (Temporal Key) 128Bits or
256BitsSupplicantAP256Bits for TKIP (PTK bits 256~511)128 bitsTKIP
TKPhase1Phase2128 bitsTKIP MIC KeyMichaelSupplicantAuthenticator(64
bits)128Bits for CCMP (PTK bits 256~383)128 bitsCCM
802.11iPTK
Pairwise Transient Key (PTK)
KCK
KCK
KEK
CCMP TK
KEK
TKIP TK
TKIPMIC Key
TKIP
CCMP
128 bits
128 bits
128 bits
128 bits
128 bits
128 bits
128 bits
-
9.2.4.2.2 Group-KeySupplicantAS4-WayPTKGroup Key2-WayGroup
KeyMulticastBroadcast2-WayAuthenticatorGnonceGTKGTKPTKKEK{MICGnonceKey
RSC(Sequence Number)(GTKKey ID)}SupplicantSupplicantKey
RSCEAPoL-KeyMICGTKSupplicantMICAuthenticatorAuthenticatorKey Replay
CounterMIC
-
9.2.4.2.2 GTK Key GTK (Group Transient Key) 128Bits or
256BitsSupplicantAPMulticastBroadcast256Bits for TKIP128 bitsTKIP
TKPhase1Phase2128 bitsTKIP MIC
KeyMichaelSupplicantAuthentication(64 bits)128Bits for CCMP128
bitsCCM
Group Transient Key (GTK)
Group Master Key (GMK)
PRF-X(GMK, Group Key expansion || AP MAC Addr|| Gnonce )
CCMP TK
TKIP TK
TKIPMIC Key
TKIP
CCMP
128 bits
128 bits
128 bits
-
9.3 802.1x
Port-based802.1x(1)(Supplicant)(2)(Authenticator)(Port
Authentication Entities, PAE)(3)
802.1x
IEEE 802.1xExtensible Authentication Protocol
(EAP)EAP-MD5EAP-TLSEAP-TTLSPEAPLEAP
SupplicantPAE
Service OfferedBy Authenticator
AuthenticationPAE
AuthenticationServer
Authentication Server
Authenticator
Supplicant
Controlled Port
Uncontrolled Port
MAC Enable
LAN
-
9.3.1 SupplicantAP
?SupplicantAPAPAP(RADIUS)
?Supplicant SupplicantAPSupplicantAP
SupplicantAP802.1xAuthentication Server
IEEE 802.11i
State 1:802.11 Unauthenticated, Unassociated
State 2:802.11 Authenticated, Unassociated
State 3:802.11 Authenticated, Associated
State 4:802.11 Authenticated, Associated802.1X Authenticated
SuccessfulAuthentication
DisassociationNotification
SuccessfulAuthenticationOrReassociation
Successful802.1X Authentication
EAPoL-Logoff
DeauthenticationNotification
Deauthentication Notification
802.11 / 802.1X State Machine
-
9.3.2 IEEE 802.1x802.1X? 802.1XRADIUS
802.1X/EAPRADIUSRADIUS
802.1X/EAPPer-User() Per-Session()
802.1X/EAP Wikipedia
-
9.3.3 Extensible Authentication Protocol
(EAP)1998802.1X802.1XIEEE19991802.1x20016
EAP(Extended Authentication Protocol)PPP(Point-to-Point
Protocol)PPPRADIIUSUsernamePasswordRFC2284EAP
802.1xEAPRADIUS
EAPEAP-MD5EAP-TLSEAP-TTLSEAP-PEAPEAP-LEAP
IP
IP
UDP
UDP
RADIUS
RADIUS
EAP-MD5PEAPLEAP..EAP-TTLSEAP-TLS
-
9.3.3.1
EAP-MD5MD5(RFC-2284)EAP-MD5()MD5IDMD5AuthenticatorSupplicantSupplicantAuthenticator
RFC 1994RFC 2284
-
9.3.3.2 EAP-TLSEAP-TLS()EAPTLS
EAP-TLS(AESTKIPWEP)
EAP-TLSMAC OS 10.310.3, Windows 2000 SP4, Windows XP, Windows
Mobile 20032003, Windows CE 4.2
EAP-TLSPKI
Port Unauthorized
Port Authorized
EAP-Logoff
Port Unauthorized
Radius-Response/TLS Client_Hello
-
9.3.3.3 EAP-TTLSEAP-TTLS()Funk
SoftwareCerticomEAP-TLSEAP-TLSPAP, CHAP, MSCHAP, MSCHAPV2
EAP-TTLSIDIDIDID
draft-ietf-pppext-eap-ttls-05
-
9.3.3.4 PEAPEAP(Request/Response)USEREAP(Fragmentation)
(Reassembly)EAP-TLSPEAP
PEAP (Protected EAP)CiscoMicrosoftTLS TunnelEAP-TTLS
draft-josefsson-pppext-eap-tls-eap-03
-
9.3.3.5 LEAPLightweight EAP()Cisco Aironet WLANEAPWEPLEAPCisco
(Cisco Compatible Extensions, CCX)CCXCiscoCisco APLEAP
LEAPCisco
-
802.1XIPSec
-
, IEEE 802.11i Overview v0.1 Nancy Cam-Winget, Tim Moore,
Dorothy Stanley, Jesse Walker WPAHungLin Chou802.11 802.11Matthew
S. Gast, 802.11IEEE 802.11i
Standard2004draft-josefsson-pppext-eap-tls-eap-03.txtEstablishing
Wireless Robust Security Networks: A Guide to IEEE 802.11i, Sheila
Frankel, Bernard Eydt Les Owens, Karen Scarfone
