Shulou(Shulou.com)06/01 Report--

The topic of network security basically grows with the network, and now everything related to the network will basically involve the issue of network security. WLAN (Wireless Local area Network) is no exception to many threats to network security.

Development of wireless network security:

Wireless network security has three main purposes: privacy (to prevent data from being intercepted by unauthorized third parties); integrity (to prevent data from being tampered with); and authentication (to determine the legality of data sources).

Wireless network security mainly involves two aspects, authentication and encryption. The so-called authentication means that when STA accesses the network, only the STA that is allowed to access can be accessed normally; the so-called encryption means that after STA accesses the network, all data communication adopts certain encryption technology to ensure the privacy and integrity of the data.

The development of WLAN authentication is from the initial Open System Authentication to Shared Key Authentication, and now the mainstream WPA/WPA2-PSK, WPA/WPA2-Enteriprise. Of course, there are other 802.1X-related authentication methods.

The development of WLAN encryption is from the original no encryption, WEP/RC4,TKIP/RC4, to CCMP/AES.

Here is a brief introduction to the relevant stages of development:

Authentication is one of the two steps that need to be taken before a WiFi device connects to a BSS, before the STA is associated with the AP. This step is equivalent to plugging the wired network cable into the network interface so that the network physical layer is connected. The purpose is to verify that the current device is a legitimate 802.11 wireless network device.

Open System Authentication

In this authentication mode, Client first sends out the first frame of Auth packet, and then AP replies success or failure. It is accompanied by WEP encryption (optional), which encrypts more than 3 layers of data after a successful association.

Shared Key Authentication

At first, people thought that Open System Authentication was not secure enough, so they developed Shared Key Authentication. The basic process is as follows:

STA sends Authentication Request to AP

AP sends challenge text (Challenge Text) to STA

STA encrypts Challenge Text as Plaintext by WEP and passes Ciphertext to AP

AP decrypts WEP and judges the ICV value. If it matches successfully, it returns Authentication Request (Success), otherwise it returns Deauthentication.

WPA

WEP Shared Key Authentication seems to have solved the authentication problem, but due to its use of WEP-RC4 algorithm, it has some defects (24bit IV). Using some authentication cracking tools, the encrypted password can be calculated backwards quickly, so the network security seems to be guaranteed, but it is basically not much different from Open System Authentication. Before IEEE released the updated encryption algorithm, Wi-Fi Alliance took the lead in introducing the WPA authentication encryption method. There are two main types of WPA, WPA-PSK and WPA-Enterprise, that is, individual and enterprise level.

WPA uses the same encryption algorithm RC4 for WEP, except that WPA uses more digits of IV (48bit), which greatly reduces the possibility of passwords being cracked.

The communication process is as follows:

1. Initialize WPA-PSK, using SSID and passphares to generate PSK using the following algorithm.

two。 First handshake

AP broadcast SSID,AP_MAC (AA) → STATION

On the STA side, use the accepted SSID,AP_MAC (AA) and passphares to generate PSK using the same algorithm

3. The second handshake

STA side, send a random number SNonce,STATION_MAC (SA) → AP

On the AP side, after receiving SNonce,STATION_MAC (SA), a random number ANonce; is generated and then PMK,AP_MAC (AA), STATION_MAC (SA) and SNonce,ANonce are used to generate PTK. Extract the first 16 bytes of the PTK to form a MIC KEY

4. The third handshake

AP side, send the ANonce → STATION generated above

On the STA side, the received ANonce is used to generate the PMK,SNonce,AP_MAC (AA), and the STATION_MAC (SA) uses the same algorithm to generate the PTK. Extract the first 16 bytes of the PTK to form a MICKEY using the following algorithm to generate the MIC using the MICKEY and an 802.1x data data frame using its algorithm to get the MIC.

5. The fourth handshake

On the STA side, the 802.1x data frame prepared above is finally populated with the MIC value and two bytes of 0 (hexadecimal) and then sent to the AP.

On the AP side, the MIC is extracted after receiving the data frame. And fill in the MIC part of this data frame with 0 (hexadecimal) then use this 802.1xdata data frame and use the same algorithm as the MIC KEY generated by the above AP to get the MIC'. If MIC' is equal to the MIC sent by STATION. So the fourth handshake was successful. If not, the keys of AP and STATION are different, or the data frames sent by STATION have been tampered with by the middleman. The handshake failed.

WPA2 (802.11i)

As mentioned above, WPA is only used by the Wi-Fi Alliance for a temporary transition, and IEEE introduced its security standard, later WPA2, in 2004. Compared with WPA,WPA2, there are also WPA2-PSK and WPA2-Enterprise. Unlike WPA,WPA2, CCMP/AES dynamic key is used.

After talking about encryption, let's take a look at what changes have taken place in data frames after encryption:

The most obvious thing is that the load has become larger because of encryption.

The WEP- has an extra 8 bytes:

WPA- has an extra 20 bytes:

WPA2- has an extra 16 bytes:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.