1 / 24

無線區域網路網路安全現況

無線區域網路網路安全現況. 報告人 : 黃上峰. 報告內容. Wireless Service Category WLAN Security History WLAN Attack conclusion. Wireless Service Category. WPAN : < 10m, such as hands-free cell phone WLAN : < 100m, such as laptop to broadband access WMAN : < xx km, such as building-to-building

holmes-meyer
Download Presentation

無線區域網路網路安全現況

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 無線區域網路網路安全現況 報告人: 黃上峰

  2. 報告內容 • Wireless Service Category • WLAN Security History • WLAN Attack • conclusion

  3. Wireless Service Category • WPAN : < 10m, such as hands-free cell phone • WLAN : < 100m, such as laptop to broadband access • WMAN : < xx km, such as building-to-building • WWAN : cell phones

  4. 802.11 Header • 802.11 header : AP -> STA : DA AP SA STA -> AP : AP SA DA

  5. WLAN Security History (1/3) • No Security : • WLAN access control by MAC address • WEP : only one 64/128 bit WEP key • WLAN access control by MAC address. • All STA in the same WLAN use the same key. • All STA in the same WLAN can capture each other packets. • 802.1x : • WLAN access control by RADIUS server.

  6. WEP & 802.1x Security Header

  7. WLAN Security History (2/3) • All STA in the same WLAN use the same group and uni-cast key. • AP can change WEP key random or periodically. • All STA in the same WLAN can capture each other packets if user can show WEP key real time. • IPSec VPN : transport mode • It is stronger than RC4 algorithm, but it is not popular. • IPSec VPN tunnel is used for layer 3.

  8. WLAN Security History (3/3) • WPA 1.0 : WPA or WPA-PSK • TKIP + MIC algorithm • All STA in the same WLAN use the same group key and different uni-cast key. • AP can change group and uni-cast key random or periodically. • TKIP security is still based on RC4 algorithm. • WPA 2.0 (802.11i) : • CCMP + MIC algorithm

  9. WPA 1.0 Security Header

  10. WPA 2.0 Security Header

  11. WLAN Attack • 網卡位址偽裝(MAC Spoofing) • 無線訊號干擾(RF Jamming) • 中斷訊框攻擊(De-authentication) • 雙面攻擊(Evil Twin Attack) • 網卡或基地台弱點攻擊(Wireless Device Vulnerability)

  12. MAC Spoofing (1/2) 未加密連線 • 收集資訊 • 改變MAC address

  13. MAC Spoofing (2/2) • 困難點: • AP無法主動判別此使用者此刻是否為合法者? • AP無法主動判別合法者與駭客是否同時存在? • 預防: • 使用login認證機制,例如:RADIUS server • WLAN採用加密模式保護 • 設定每個使用者存取權限,例如:使用時間限制、與頻寬限制

  14. RF Jamming (1/3) 特定無線設備攻擊: 無線訊號干擾

  15. RF Jamming (2/3) 全頻帶攻擊: • 802.11b/g可以用11/13頻道,每個頻道佔5 MHz • 802.11b/g訊號使用20 MHz,所以相鄰2個頻道到會被影響 頻道1 ~ 3受影響 頻道4 ~ 8受影響 頻道9 ~ 13受影響 無線訊號干擾頻道1 無線訊號干擾頻道6 無線訊號干擾頻道11

  16. RF Jamming (3/3) • 困難點: • 此種無線網路阻斷式攻擊,須配合無線訊號偵測器來確定干擾源位置 • 此類攻擊程式可隨時隨地發動干擾,受影響範圍取決於發射功率 • 2.4GHz有許多干擾源,例如:無線電話、藍芽、微波爐等,都容易相互干擾

  17. De-authentication • 困難點: • 此種無線網路阻斷式攻擊,STA無法偵測出來 De-auth Dis-assoc

  18. Evil Twin Attack (1/2) 冒充合法SSID引誘上網

  19. Evil Twin Attack (1/2) • 困難點: • 駭客可以偽造SSID、BSSID(MAC address) • 此類攻擊可隨時隨地發動,受影響範圍取決於發射功率 • 駭客主要目的騙取login無線網路資訊 • 無法區分是否屬於無線漫遊當中一環

  20. Wireless Device Vulnerabilities (1/2) • 確認無線基地台廠商型號,例如透過BSSID • 查詢該無線基地台弱點 • 開始攻擊

  21. Wireless Device Vulnerabilities (2/2) • 困難點: • 採用開放原始碼(Open Source code)的設備 • 802.11i協定的限制,一分鐘內若超過1次以上EAPoL或MIC錯誤,要停止服務一分鐘 • 預防: • 架設無線網路時,要修改出場預設值 • 要對無線設備進行必要的程式更新

  22. Conclusion • 基本: • 無線溢波問題 • 不當的無線網路設定 • 進階: • 搭配使用者認證機制,並制定管理政策 • 固定式或行動式監控 • 搭配加密應用工具程式

  23. Q & A

  24. DH (Diffie-Hellman) Algorithm • Goal : product public key and private key Let g : fixed constant prime (huge prime) x : private key (huge prime) y : peer private key (huge prime) X : public key; X = gx Y : peer public key; Y =* gy • Xy=(gx)y=gxy=(gy)x=Yx • Send : T*Y = T*gy • Peer receiver : (T*Y)*g-y=T*gy*g-y =T*gy-y=T*g0=T

More Related