分类: Android平台
2015-12-16 16:14:34
Wired Equivalency Protection,一种Wi-Fi连接的安全标准,类似的安全标准还包括下面的WPA,WPA2。它可以使用64/128bit的ASCII/HEX(0-9,A-F)的Password,它的密钥是由Password和一个IV(初始化向量)组成,加密算法是stream cipher RC4,并使用 CRC-32校验和确保完整性。加密解密过程如下:AP发送的数据包(包括IV和加密过的数据)–>无线客户端收到此数据包–>提取其中的IV,用于和本地的Password形成密钥–>解密数据包。它有两种鉴权方式:Open System, Shared Key.
这种鉴权方式不需要客户端提供任何credentials,因此,实际上任何客户端都可以尝试与AP进行鉴权和连接,这其中并不存在实际意义上的鉴权。鉴权连接结束,AP用WEP密钥加密数据,这时,客户端就需要正确的Password形成密钥来解密
通过四次握手并使用WEP加密来完成鉴权。详细区别请参阅:opensystem_vs_sharedkey.txt
Wi-Fi Protected Access,实现了802.11i的大部分标准,它和下面的WPA2有两种鉴权方式,一是使用802.1x,一种是使用Pre-Shared Key
Wi-Fi Protected Access,完全实现802.11i标准
使用Pre-Shared Key鉴权方式的WPA,设计给负担不起 802.1X 验证服务器的成本和复杂度的家庭和小型公司网络使用。同WPA2个人版/WPA2-PSK
使用802.1x鉴权方式给WPA。同WPA2企业版
802.1协议族中的一部分,它是一种基于端口的网络接入控制机制,它给希望接入LAN的设备提供了一种鉴权机制,它是基于EAP的.扩展阅读:
Extensible Authentication Protocol,一种普遍使用的认证机制,它是一个认证框架,并不是一种特殊的认证机制。EAP提供一些公共的功能,并且允许协商所希望的认证机制。这些机制被叫做EAP方法,现在大约有40种不同的方法。当EAP被基于802.1x的网络接入设备(诸如802.11a/b/g ,无线接入点)调用时,现代的EAP方法可以提供一个安全认证机制,并且在用户和网络接入服务器之间协商一个安全的PMK(Pairwise Master Key)。该PMK可以用于使用TKIP和AES加密的无线会话。在Pre-Shared Key验证方式中,PMK=PSK。
PMK Security Association,参考:pmksa.txt
Temporal Key Integrity Protocol,数据传输加密算法(类似于WEP加密的 RC4 算法)
Advanced Encryption Standard,数据传输加密算法(类似于WEP加密的 RC4 算法)
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol,数据完整性编码校验算法(类似于WEP中 CRC32 算法)
数据完整性编码校验算法(类似于WEP中 CRC32 算法)
客户端与AP的鉴权,与AP建立连接,若使用加密,AP发送并加密数据包,无线客户端接收并解密数据包。密码学中有两个概念:加密算法和密钥,通过这两个东西来解加密过的数据包。 密钥,对于WEP,WPA/WPA2个人版来说,总是由一个Pre-Shared Key,加上其他元素,经过一系列过程产生而来,这个Pre-shared Key就是我们平时接入Wi-Fi时需要输入的密码。对于WPA/WPA2企业版,这个Pre-Shared Key叫做PMK,形成密钥的过程原理相似。 目前,EAP方法基本上是与802.1x一起使用
PMKSA
PMKSA derivation and storage in 802.11i In 802.11i, a Pairwise Master Key (PMK) is the key that results from a successful authentication between a wireless station and an access point. The PMK is generally derived by the wireless station and the back-end EAP/AAA authentication server after a successful EAP authentication and sent to the wireless access point in a AAA message (In the context of EAP/AAA, the PMK is called Master Session Key 'MSK') secured using long-term security association between the authentications server and the access point. The PMK is stored in the station and the access point with associated context information such as the access point's MAC addresses, the lifetime of the PMK and a unique identifier called PMKID. The collection of this information is called PMK Security Association (PMKSA). The PMKID is computed by applying a hash function (HMAC-SHA1-128) to the concatenation of the PMK, the label `PMK Name', the access point's MAC address (MAC_AP) and the station's MAC address (MAC_STA). PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
When associating with an access point, the station determines if it has a valid PMK with the target access point by checking if it has a PMKSA that matches the target access point's MAC address. If such PMK does not exist, the station and the access point perform authentication using EAP. If the station determines that it shares a PMK with the target AP, then the station proposes the use of the PMK by including the PMKID in the RSN Information Element of the (Re)Association Request message. Upon reciept of a (Re)Assiciation Request with a PMKID, the access point checks whether is has a valid PMKSA with the same PMKID. If so, it begins the four-way handshake exchange using the negotiated PMKSA.
opensystem_vs_sharedkey
Two methods of authentication can be used with WEP: Open System authentication and Shared Key authentication. For the sake of clarity, we discuss WEP authentication in the Infrastructure mode (that is, between a WLAN client and an Access Point), but the discussion applies to the Ad-Hoc mode as well. In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Thus, any client, regardless of its WEP keys, can authenticate itself with the Access Point and then attempt to associate. In effect, no authentication (in the true sense of the term) occurs. After the authentication and association, WEP can be used for encrypting the data frames. At this point, the client needs to have the right keys. In Shared Key authentication, WEP is used for authentication. A four-way challenge-response handshake is used: The client station sends an authentication request to the Access Point. The Access Point sends back a clear-text challenge. The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request. The Access Point decrypts the material, and compares it with the clear-text it had sent. Depending on the success of this comparison, the Access Point sends back a positive or negative response. After the authentication and association, WEP can be used for encrypting the data frames. At first glance, it might seem as though Shared Key authentication is more secure than Open System authentication, since the latter offers no real authentication. However, it is quite the reverse. It is possible to derive the keystream used for the handshake by capturing the challenge frames in Shared Key authentication. Hence, it is advisable to use Open System authentication for WEP authentication, rather than Shared Key authentication. (Note that both authentication mechanisms are weak.) The difference is really pretty trivial. In shared-key authentication, the AP sends out a pseudo-random sequence of bytes, unencrypted. The station trying to associate must encrypt the string and send it back. The AP doesn't allow the association process to complete unless it recovers the original string by decrypting (which "proves" that the client is using the same WEP key). In open authentication, any station is allowed to associate. But if WEP is used, association is useless. You still have to encrypt correctly in order to exchange any IP packets. All you've really done is push authentication up to layer 3. The main problem with shared-key authentication is that it gives a hacker monitoring the network a free sample of a matched plaintext/codetext pair. At the very least it allows the hacker to recover the exact keystream used to encrypt that frame, which can then be directly used to decrypt the first several bytes of any subsequent frame using the same IV value. It is also a freebie first entry in a database that could eventually be used to recover the shared key. Also, the plaintext may give some insight into the pseudorandom algorithm used by the AP, which might also be used in encryption.