Chng ta s xem ti sao 802.

11i (WPA2) an ton hn WPA, ti sao cn

mt chun mi v ti sao nn s dng n ?. Chng ta bit ti sao WPA
tt hn WEP, vy sao c chun an ton mi 802.11i ? c phi WPA khng
tt ? WPA tt, c ngng m nh mt kit tc ca k thut retro. N
ch ra cc im yu ca WEP v c tnh an ton rt cao, n tng thch
ngc vi hu ht cc thit b Wifi. WPA l gii php an ton tho ng
cho hu ht ng dng mng khng dy. Tuy nhin, WPA ang on
cui ca gii php tho hip. N vn da vo thut ton m ho RC4 v
TKIP. Mc d khng chc chn, nhng c kh nng tnti im yu mi.
Mt h thng an ninh ton vn mi nn trnh thit k chun WEP yu
km, v kh nng xm nhp vo mng LAN khng dy. y ban thng
trc WiFi Alliance quyt nh thit k mt h thng an ton mi,
chun 802.11i, cng l WPA2.
CCMP (Counter Cipher Mode with Block Chaining Message Authentication
Code Protocol)
PSK (Pre-Shared Key)
Temporal Key Integrity Protocol (TKIP: giao thc ton vn Key thi
gian)
MIC-Message Integrity Check Kim tra tnh ton vn thng tin
CCMP l giao thc an ninh c AES s dng. N tng ng TKIP
trong WPA. CCMP tnh ton MIC dng phng php ni ting CBC-
MAC (Cipher Block Chaining Message Authentication Code). Vic thay
i d ch 1 bit trn thng tin cng lm sai lch ton b.

WEP l g?
WEP (Wired Equivalent Privacy) c ngha l tng ng mng c dy b mt. Cc nh
thit k chun 802.11 c nh cung cp cho ngi dng mng khng dy vi mc an
ton tng ng vi mng c dy. Nhng khng may, WEP c qu nhiu im yu an ninh
hn d kin.

WEP lm vic nh th no ?
WEP s dng cc kho (key) b mt m ho d liu. C im truy cp (AP-Access Point)
v cc trm nhn tn hiu phi bit cc key b mt ny. WEP c hai loi key l 64bit v
128bit. Key di hn th an ton hn. Thc t key ngi s dng l 40bit v di 104bit, 24bit
cn li m nhn nhng thay i gi l Vector khi to (IV).

Khi mt gi tin c gi i v c m ho s dng kt hp (IV) v key b mt. (IV) c s

khc bit (v mt l thuyt) trong mi gi tin, khi key b mt khng thay i. Kt qu l d
liu gi tin ging nh d liu ngu nhin v do to ra mt thng ip gc khng th c
c vi nhng ngi khng bit key. Trm nhn tn hiu thc hin o ngc qu trnh m
ho nhn thng ip dng text r rng.

WEP sai g ?
Cc gi tr (IV) c th c ti s dng
Thc t chun ny khng ch nh r gi tr cn thay i tt c. Ti s dng cc key l
im yu mt m chnh trong h thng an ninh.

di (IV ) qu ngn
Key 24bit cho php 16,7 triu kh nng, nghe th nhiu, nhng trn mt h thng lm vic
lin tc con s ny c th thc hin trong vi gi. Vic ti s dng (IV) l khng th trnh.
Vi nh sn xut dng cc key ngu nhin. y l cch tt nht trnh vic ti s dng
key. Gii php tt nht l bt u mt key v gia tng thm mt key na theo sau mi key
. Nhng khng may, nhiu thit b tr v gi tr nh ban u lc khi ng v sau lin
tc cung cp nhiu gi tr tng t cho hacker.

Cc key yu d b tn cng
S kt hp gi tr cc key, s yu km gi tr (IV), khng to ra d liu ngu nhin cho
mt vi byte u tin. y l vn c bn trong cc cuc tn cng WEP c cng b
v l do cc key c th b tm ra.
Cc nh sn xut thng thn trng khng c php cc gi tr (IV) yu km. Vic ny tt v
lm gim c hi ca hacker bt cc key yu, nhng n cng tc ng lm gim key gii
hn c th thm, lm gia tng c hi ti s dng cc key.

Cc key chnh c dng trc tip

T quan im mt m vic s dng key trc tip khng c khuyn khch. Key chnh ch
nn s dng to ra key tm thi. WEP c l hng an ninh nghim trng trong vn ny.
S qun l, cp nht key ca cc nh qun tr khng c thit k tt v kh thc hin trong
cc mng ln. Ngi dng thay i key thng xuyn to c hi cho hacker c nhiu thi
gian thu thp gi tin thc hin vic tn cng.

Kim tra tnh ton vn ca thng tin khng hiu qu

WEP c s kim tra tnh ton vn ca thng tin nhng hacker c th thay i thng tin v
tnh ton li mt gi tr mi ph hp. Vic ny to nn mt s kim tra khng hiu qu theo
thng tin gi mo.

Kt lun
Mc d WEP khng cn l gii php an ninh l tng. Nhng c vi bin php an ninh cn
tt hn l khng c g. K tn cng nht nh c th tm ra key ca bn vi thi gian v gi
tr (IV) yu km.

Kim tra thit b v cp nht driver trnh gi i cc gi tr (IV) yu km. Dng mt m

128bit nu thit b h tr. Thay i key nu nghi ng b tn cng. L tng l ci t IDS
-Intruder Detection System: H thng pht hin k xm phm gim st cc cuc tn
cng.

Ch nhng s phng nga ny h thng mng khng y ca bn an ton hn. Xem xt

bin php an ton hn bng cch s dng WPA-WiFi Protected Access.

WEP vs WPA
Trch:

WPA l g ?
WiFi Protected Access (WPA: bo v truy cp wifi) l chun an ninh mi, c tp on
WiFi Alliance la chn, n m bo s tng tc cc thit b ca nhng nh sn xut khc
nhau. Chun WPA cung cp mc an ton hn chun WEP, l cu ni gia chun WEP v
chun 802.11i, n c u im l phn sn (firmware) trong cc thit b c c th nng cp
c.

WPA lm vic nh th no ?
WPA dng Temporal Key Integrity Protocol (TKIP: giao thc ton vn Key thi gian). TKIP
c thit k cho php WEP c th nng cp c. iu ny c ngha l tt c nhng
khi kin trc ca WEP u hin hu nhng c hiu chnh nhng vn v an ninh.

WPA ci tin trn WEP nh th no ?

Cc im im yu trn WEP c cng b. S ci tin TKIP c m t bn di. Gi
tr (IV) c th c ti s dng/chiu di (IV) qu ngn. Chiu di ca (IV) c th c gia
tng t 24bit ln 48bit. S lun chuyn cc bin m c c tnh. Ti s dng cc key t
ph hp. B sung gi tr (IV) c dng nh l mt chui bin m, TSC (TKIP Sequence
Counter: chui bin m TKIP), bo v chng li vic s dng li d liu - im yu chnh
ca WEP.
Gi tr (IV) yu km l s nhy cm trong tn cng WPA, nn trnh dng cc gi tr (IV)
yu km. Cc key b mt khc nhau c s dng trong mi gi tin, v cch ly c
key vi key b mt s phc tp hn. Key chnh c dng trc tip trong WEP khng bao
gi c s dng trc tip trong WPA. Mt s phn cp key c ly t key chnh. Mt m
c thc hin an ton hn nhiu.

S qun l v cp nht ngho nn trong WEP c trong WPA nhng khng phi vn ca
WPA. Vic kim tra tnh ton vn thng tin khng hiu qu trn WEP nhng WPA s dng
MIC-Message Integrity Check : kim tra tnh ton vn thng tin. Do phn cng rng buc
nn vic kim tra tng i n gin. Theo l thuyt, c 1 triu c hi on chnh xc MIC.
Vic cn u tin l thay i cu trc vt qua TSC v c gi tin key m ho thm ch
chm n im MIC hot ng. An ninh ca MIC c th pht hin tn cng v thc hin o
c ngn chn cc cuc tn cng mi.

Kt lun:
WPA (TKIP) l gii php tt, an ton hn nhiu so vi WEP, nh v tt c nhng im yu
v cho php tng thch, nng cp trn cc thit b c.
WPA vs WPA2

Trch:

Chng ta s xem ti sao 802.11i (WPA2) an ton hn WPA, ti sao cn mt chun mi v ti

sao nn s dng n ?.
Chng ta bit ti sao WPA tt hn WEP, vy sao c chun an ton mi 802.11i ? c phi
WPA khng tt ?
WPA tt, c ngng m nh mt kit tc ca k thut retro. N ch ra cc im yu ca
WEP v c tnh an ton rt cao, n tng thch ngc vi hu ht cc thit b Wifi. WPA l
gii php an ton tho ng cho hu ht ng dng mng khng dy.

Tuy nhin, WPA ang on cui ca gii php tho hip. N vn da vo thut ton m
ho RC4 v TKIP. Mc d khng chc chn, nhng c kh nng tnti im yu mi.
Mt h thng an ninh ton vn mi nn trnh thit k chun WEP yu km, v kh nng xm
nhp vo mng LAN khng dy. y ban thng trc WiFi Alliance quyt nh thit k
mt h thng an ton mi, chun 802.11i, cng l WPA2.

Chun 802.11i l g ?
Chun 802.11i l khi nim ca Robust Security Network (RSN). Trong cc thit b RSN
cn h tr tnh nng b sung. iu ny i hi phn cng mi v trnh iu khin tng
thch RSN vi cc thit b WEP. Trong qu trnh chuyn tip th c 2 thit b RSN v WEP
u c h tr (trong thc t WPA/TKIP l gii php thit k dng c cho cc thit b
c hn) nhng xa hn th cc thit b WEP s b loi b.
Chun 802.11i dng c nhiu mng v c th dng TKIP, nhng mc nh RSN dng
AES(Advanced Encryption Standard) v CCMP (Counter Mode CBC MAC Protocol)
chng cung cp gii php an ton hn.

AES/CCMP l g ?
Advanced Encryption Standard (AES) l h thng mt m c RSN s dng. N tng
ng thut ton RC4 c s dng trn chun WPA. Tuy nhin c ch m ho phc tp
hn v khng b xm hi bi nhng vn lin quan n WEP. AES l mt khi mt m,
hot ng trn cc khi d liu c di 128bit.
CCMP l giao thc an ninh c AES s dng. N tng ng TKIP trong WPA. CCMP
tnh ton MIC dng phng php ni ting CBC-MAC (Cipher Block Chaining Message
Authentication Code). Vic thay i d ch 1 bit trn thng tin cng lm sai lch ton b.
Mt trong nhng iu ti t ca WEP l qun l key b mt. Nhiu nh qun tr thy khng
kh thi khi phi qun l key ny trong mt mng ln. Kt qu l WEP key khng c
thay i thng xuyn v to iu kin d dng hn cho hacker.
RSN ch nh tui th ca Key; tng t nh TKIP, AES/CCMP yu cu 512bit cha tt
c cc Key, t hn TKIP.
Key chnh TKIP khng s dng trc tip, nhng c dng to cc key khc. May mn
l cc nh qun tr ch cn cung cp 1 key chnh.
Thng tin c m ho dng key b mt (128bit) v mt khi d liu 128bit. Qu trnh m
ho th phc tp nhng cc nh qun tr khng cn bit cc php tnh phc tp ny. Kt qu
m ho cui cng kh ph v hn c WPA.

Kt lun
Chun 802.11i l chun an ninh mnh nht i vi mng khng dy. Khi chun 802.11i
c ph chun th cc thit b tng thch RSN (WPA2) xut hin. 802.11i (WPA2) s l
gii php an ton, c sc thu ht i vi ngi dng doanh nghip, nh qun tr mng.

802.11i s dng cng ngh c minh chng. Vn an ninh c thit k t u vi s

tham vn y ca cc chuyn gia mt m gii nht v l gii php mng khng dy cn.
Mc d khng c h thng an ninh no c th c coi l hon ton khng th ph v, vn
an ninh chun 802.11i l mt gii php ng tin cy v c v nh cha b xm phm. N
trnh c cc vn ca h thng c.

802.11i l mt h thng bo mt khng dy m bn c th da vo. Bn c th s dng

WPA cho thit b c hn v kt thc cuc sng hu ch ca n, bn c th nng cp ln
mt mng tun th RSN y .