Http://it.sohu.com/2003/12/11/Article216752135.SHTML
Analyze new generation WLAN security technology IEEE 802.11i, WPA and WAPI
A new generation of wireless LAN security technology provides users with comprehensive and effective protection. In the past, some analysts pointed out that the deficiencies of security will bring a lot of trouble to WLAN, but when they make an assessment of new security mechanisms, most analysts acknowledge that WLANs correctly managed Have sufficient safety.
It is well known that WEP encryption mechanisms in wireless local area networks cannot provide adequate security for wireless users. Therefore, when the commercial application is started from the wireless local area network, security issues have become the main constraints to restrict its further development. Many potential users are very interested in the flexibility brought about by WLAN technology, but because it is not possible to get reliable security, it is hesitant to use a WLAN system.
On the one hand, it is constantly growing WLAN demand. On the other hand, it is a safe defect in WLAN technology itself. Wireless LAN technology has fallen into a very embarrassing situation.
IEEE 802.11i - a new generation of WLAN security standards
In order to free WLAN technology from this passive situation, IEEE 802.11 IEE 802.11 IEE 802.11 is committed to formulating a new generation of safety standards known as IEEE 802.11i, which is defined in order to enhance WLAN data encryption and authentication performance. The concept of RSN (Robust Security Network) and various defects for WEP encryption mechanisms have made many improvements.
IEEE 802.11i provides three types of TKIP (Tempoter Key Integrity Protocol, CCMP (Wireless Robust Authenticated Protocol) using 802.1x authentication and key management. Encryption mechanism. Where Tkip uses the RC4 in the WEP mechanism as the core encryption algorithm, it can achieve the purpose of improving WLAN security by upgrading firmware and drivers in existing equipment. The CCMP mechanism is based on the ADVANCED Encryption Standard encryption algorithm and the CCM (Counter-Mode / CBC-Mac) authentication method, making WLANs greatly improved, and is a mandatory requirement for RSN. Since AES is relatively high for hardware requirements, CCMP cannot be upgraded by upgrading on an existing device. The WRAP mechanism is based on the AES encryption algorithm and OCB (Offset CodeBook), is an optional encryption mechanism.
IEEE 802.11i is currently in the draft stage, which is expected to be officially approved at the end of 2003.
WPA - Intermediate Standard to IEEE 802.11i
However, the market is very pressing for improving WLAN security, and the progress of IEEE 802.11i does not meet this needs. In this case, the Wi-Fi Alliance has developed WPA (Wi-Fi Protected Access) standards. This standard uses the draft IEEE802.11i to ensure forward compatibility with the future agreement. The relationship between WPA and IEEE 802.11i is shown in Figure 1.
Figure 1 Relationship between WPA and IEEE 802.11i
WPA uses 802.1x and tkip to implement WLAN access control, key management and data encryption. 802.1X is a port-based access control standard, and users must pass the network resources through the port after authentication and authorization. Tkip although it is equally based on the RC4 encryption algorithm with WEP, it has introduced 4 new algorithms:
● Extended 48-bit initialization vector (IV) and IV sequence rules (● per-pack key construction);
● Michael (Message Integrity Code, MIC) message integrity code;
● Key re-acquires and distribution mechanisms.
When the WPA system is working, you will publish your own support for WPA from an AP, in a packet of Beacons, ProBe Response, including the security configuration of the AP, which contains the security configuration of the AP. Information (including information such as encryption algorithm and security configuration). The STA selects the appropriate security configuration based on the received information and represents the selected security configuration in the Association Request and RE-Association Request packets thereon. WPA implements the encryption algorithm between STA and AP and negotiation of the key management method.
Support WPA's AP work needs to be associated with the AP in an open system authentication mode. If there is a RADIUS server in the network as the authentication server, then STA is certified by 802.1x; if there is no RADIUS, STA The pre-shared key (PRE-shared key) is used in a pre-shared key (PRE-Shared Key).
After the STA passed 802.1x authentication, the AP got the same session key as STA, AP and STA as PMK (Pairwise Master Key, PSK is PMK) for the way using a pre-shared key. Subsequent AP and STA perform WPA four-way handshake (4-way Handshake) process via EAPOL-KEY, as shown in Figure 2.
Figure 2 AP and STA's four handshake
Figure 3 Process of PTK
In this process, both AP and STA confirm that the other party holds PMK with their own, if inconsistent, four handshake processes will fail. In order to ensure the integrity of the transmission, the inspection code called MIC (Message Integrity Code) is used during the handshake. During four handshakes, the AP and STA have been negotiated to calculate a 512-bit PTK (PairWise Transient Key), and decompose the PTK into five different use keys, as shown in Figure 3.
The first 128 bits are used to calculate and verify the Micropol-Key packets of the Mickey key. The subsequent 128 bit is used as a key encrypted EAPOL-Key; the next 128 bit is an encryption key that communicates with the STA. The base key (ie, the key derived from the key after a certain calculation is used as a key between the two); the last two 64-bit keys are respectively used as messages between the AP and the STA, respectively. MIC calculation and inspection key.
This group (five) keys decomposed by PTK are the keys used between the AP and the STA (so each user key is called for the encryption of unicast messages between the AP and STA), these The key will never appear on the wireless network in any form. After confirming the PMK held by both parties, the AP indicates whether the STA is installed and used according to the ability to support each user key.
In order to enable the existing device to implement the WPA through the software / firmware upgrade, the protocol specifies that the AP may not adopt a PTK mode, but utilizes the key to send a single broadcast file to the STA as the GTK will be transmitted to the STA. If the AP notifies the STA installation and uses PTK, then the STA is installed in the wireless network card after sending an EAPOL-KEY corresponding to the AP. After the four handshakes successfully, the AP is to generate a 256-bit GTK (Group Transient Key), GTK is a set of global encryption keys, all of which use the same GTK, AP to encrypt all with this GTK. Communication packets associated with it are associated, STA uses this GTK to decrypt the packets sent by the AP and verify their MIC. This key can be broken down into three different use keys, the front 128 bit as the basic key (Base Key) of the "Per-Packet Encryption Key), two 64 The bit key is used as a key to the MIC of the WPA data message, respectively. The AP uses the EAPOL-KEY encryption key to encrypt the GTK and sent to STA, indicating whether the GTK allows STA to be used as sending packets, STA successfully received the message, decrypt GTK, send answers to the AP message And install the corresponding position of the wireless network card according to the key index indicated by the AP, if the AP uses GTK as a key transmitted to a STA, the STA also needs to use GTK as an AP to send a single broadcast. key.
Tkip does not directly use the key to decompose by PTK / GTK as a key to encrypted packets, but the key is used as a base key, after two phases of key mixing processes, thereby generating one The newly transmitted key is different, which is the key to directly encrypt. In this way, the security of WLAN can be further enhanced. The method of generating the key is shown in Figure 4.
Figure 4 Final key generation form
In WPA, the AP supports hybrid access from WPA and WEP wireless clients. When the STA is associated with the AP, the AP can determine which client supports use WPA according to whether the WPA information referms are included in the ASSociation Request in STA. However, when mixing access, all encryption algorithms used by all WPA clients have to use WEP, which reduces the overall security of the wireless local area network.
Although WPA has great improvement and strengthening in terms of security, Wi-Fi Alliance acknowledges that WPA currently using TKIP is just a temporary transitional program. According to news from Wi-Fi Alliance, the WPA V2 launched in the fourth quarter of 2004 will be fully adopted AES mechanism in the fourth quarter of 2004.
WAPI - China proposed WLAN safety standards
In addition to the international IEEE 802.11i and WPA safety standards, my country has also proposed Wireless LAN National Standard GB15629.11 in May this year, which is currently the only approval agreement in this area. The standard contains a new WLAN Authentication and Privacy Infrastructure security mechanism, which consists of Wai (WLAN Authentication Infrastructure) and WLAN Authentication Infrastructure and WLAN Privacy Infrastructure, and WAI and WPI respectively realize identification of user identity. Encrypt the transmitted data. WAPI can provide comprehensive security for users' WLAN systems. The WAPI security mechanism includes two components.
WAI uses a public key cryptosystem to authenticate STA and AP in the WLAN system using certificates. WAI defines an entity called ASU (Authentication Service Unit) to manage the certificates required to participate in information exchange (including the production, issuance, revoke and update of the certificate). The certificate includes the public key and signature of the certificate issuer (ASU), and the public key and signature of the certificate holder (the signature of the WAPI is a digital authentication algorithm for the network device. In the specific implementation, after the STA is associated with the AP, it must be identified with each other. First submit your own certificate and the current time to the AP, then AP's certificate, submission time, and your own certificate form a signature, and send this signature along with these three parts to ASU.
All certificate authentication is completed by ASU. After it receives the authentication request submitted by the AP, the AP's signature and certificate will be verified first. After the identification is successful, the STA certificate is further verified. Finally, the ASU signs the identification result information of the STA's identification information and the AP's identification result information, and sends this signature to the AP along with the two results.
The AP signs the result of the received results and obtains the identification result of the STA, and determines whether the STA is allowed to access according to this result. At the same time, the AP needs to forward the authentication result of the ASU to STA, and STA also verifies the ASU's signature and obtains the authentication result of the AP, and determines whether to access the AP according to this result.
From the above description we can see that the STA and APs are two-way authentication in WAI, so there is a strong resistance to the "false" AP.
After the Certificates of STA and APs have been identified, the two sides will perform key negotiations. First, the two sides conduct a key algorithm negotiation. Subsequently, the STA and APs each generate a random number and transferred to each other after encryption with their own private key. The end of the last communication will use the other party to restore the random number generated by the other party, and then the result of the two random digital model 2 as the session key, and use this key to communicate with the previous negotiated algorithm. data encryption.
Since the session key is not transmitted on the channel, its security is enhanced. In order to further improve the confidentiality of communication, WAPI also stipulates that STA and AP can re-negotiate the session key after a certain amount of data in communication or exchange a certain amount of data.
The WPI uses a symmetric cryptographic algorithm to add, decrypt the MSDU to the MAC layer MSDU.
