1

Phng php bo mt WLAN bng WEP Trong nhng nm gn y, gii cng ngh thng tin chng kin s bng n ca nn cng nghip mng khng dy. Kh nng lin lc khng dy gn nh tt yu trong cc thit b cm tay (PDA), my tnh xch tay, in thoi di ng v cc thit b s khc. Vi cc tnh nng u vit v vng phc v kt ni linh ng, kh nng trin khai nhanh chng, gi thnh ngy cng gim, mng khng dy tr thnh mt trong nhng gii php cnh tranh c th thay th mng Ethernet LAN truyn thng. Tuy nhin, s tin li ca mng khng dy cng t ra mt th thch ln v bo mt ng truyn cho cc nh qun tr mng. u th v s tin li ca kt ni khng dy c th b gim st do nhng kh khn ny sinh trong bo mt mng. Khi thit k cc yu cu k thut cho mng khng dy, chun 802.11 ca IEEE tnh n vn bo mt d liu ng truyn qua phng thc m ha WEP. Phng thc ny c a s cc nh sn xut thit b khng dy h tr nh mt phng thc bo mt mc nh. Tuy nhin, nhng pht hin gn y v im yu ca chun 802.11 WEP, n bc l nhng im yu m nhng k tn cng c th li dng. Trong phm vi bi tiu lun ny, chng em mun trnh by s lc v khi nim v phng thc hot ng ca giao thc WEP, cc im yu v cch phng chng, cng vi l gii thiu mt vi phng thc bo mt ci tin t WEP

Contents

Contents...................................................................................................................... 2 I S lc v WLAN.......................................................................................................3 Khi nim................................................................................................................. 3 u im.................................................................................................................... 3 Vn bo mt trong mng WLAN..........................................................................4 4. Cc loi tn cng trong cc h thng my tnh....................................................4 II.Giao thc WEP.......................................................................................................... 5 Gii php ti u cho WEP.......................................................................................11 5. Tng lai ca WEP..............................................................................................11 III. Mt s phng php bo mt ci tin ca WEP....................................................12 WPA.......................................................................................................................12 WPA2 .....................................................................................................................13 hon thin phng thc m ha v khc phc nhng im yu cn tn ti ca WPA th WPA2 c to ra.WPA2 s dng mt phng php m ha hon ton khc bit so vi WPA v WEP. Trong khi WPA v WEP s dng phng php php m ha lung RC4 , th WPA2 s dng phng php m ha khi AES.................13 Trc ht ta s so snh phng php m ha lung RC4 vi AED hiu r s khc bit ca WPA2 so vi WPA v WEP................................................................13 RC4 : M ha lung l m ha tng bit, ht bit ny n bit khc s dng cc t kha c th bin i ln ti 256bytes. Thut ton ny c u im l tc x l nhanh, v s dng t hn so vi m ha khi.Tuy nhin, qu trnh m ha v gii m ch ph thuc duy nht vo mt kha. Nu k tn cng s dng c kha ny th c th bit c ton b v d liu...................................................................13 AES : da trn phng php m ha khi, hot ng trn mt khi d liu c di 128 bit, kch c ca kha c chiu di 128, 196 hay 256 bit. AES m ha c khi bit ca vn bn thng cng mt lc v cng mt kha. iu ny c ngha l s m ha ca bt k bit no trong khi cho cng ph thuc vo mi bit khc trong cng khi......................................................................................................13 T vic so snh gia hai phng php trn, th c th thy c WPA c rt nhiu u im ni tri so vi nhng phng php trc . C th l :..............................14

I S lc v WLAN Khi nim Cng ngh khng dy l mt phng php chuyn giao t im ny n im khc m khng s dng ng truyn vt l, m s dng radio, hng ngoi v v tinh. Mng khng dy ngy nay bt ngun t nhiu giai on pht trin ca thng tin v tuyn, v nhng ng dng in bo, radio. Cng ngh mng khng dy do t chc IEEE xy dng v c t chc Wi-Fi Alliance chnh thc a vo s dng. Mng khng dy c tnh nng, c trng hon ton ging nh mng c in nh Ethernet, im ni bt ca h thng mng khng dy l khng s dng cables kt ni. H thng ny s dng tn s Radio 2.4MHz chuyn ti d liu. do d dng nng cp, thay i tc truyn, dung lng. Tn s radio c s dng v bng thng rng nn truyn tn hiu i c xa, ph sng rng. n nay, mng khng dy c nhng c nhng bc pht trin vt bc. Ngy nay ch cn mt laptop, smartphone hoc mt phng tin truy nhp mng khng dy bt k, ta c th truy nhp vo mng bt c ni u, trong qun cafe, trong nh, ngoi ng, trn my bay v.v, bt c ni u nm trong phm vi ph sng ca WLAN. Tuy nhin i li s h tr truy nhp cng cng, cc phng tin truy nhp li a dng, n gin, cng nh phc tp, kch c cng c nhiu loi trong vn bo mt, i cng vi n l vn lm th no tch hp c cc bin php bo mt. Vn kh khn l lm sao thc hin cc bin php bo mt vo cc phng tin truy nhp, m vn m bo nhng tin ch nh nh gn, gi thnh, hoc vn m bo h tr truy cp cng cng u im
3

Mng khng dy khng dng cp cho cc kt ni,thay vo , chng s dng sng radio. u th ca mng khng dy l kh nng di ng v s t do, ngi dng khng b hn ch v khng gian v v tr kt ni. Cc mng my tnh khng dy c u im v hiu sut, s thun li, c th nh sau: Tnh di ng : Ngi s dng cc thit b s dng Wireless network c th ty thay i v tr m vn lun duy tr c kt ni mng (tt nhin trong khong khng gian gii hn). y c th coi l u im ln nht ca mng. iu ny cho php chng ta c th di chuyn t a im ny n cc a im khc, i li trong qun c ph, lp hc m vn c th truy cp vo d liu mng. Nu khng c mng khng dy, ngi dng phi mang theo cp v b hn ch v phi lm vic gn vi ni c gn cp. Tnh n gin : to kt ni mng 2 ni c cc bit bi tr ngi v a im ta c th s dng lin kt c cung cp bi cc hng truyn thng (chi mt chi ph ci t c nh v gi thnh chi ph inh k) . Ta cng c th to mt lin kt khng dy point-topoint wireless lan (chi mt chi ph ci t c nh). Vic lp t l n gin v d dng. Tit kim chi ph lu di : Trong khi u t cn thit ban u i vi phn cng ca mt mng my tnh khng dy c th cao hn chi ph phn cng ca mt mng hu tuyn nhng ton b ph tn lp t v cc chi ph v thi gian tn ti c th thp hn ng k. Chi ph di hn c li nht trong cc mi trng ng cn phi di chuyn v thay i thng xuyn. Kh nng v hng : cc mng my tnh khng dy c th c cu hnh theo cc topo khc nhau p ng cc nhu cu ng dng v lp t c th. Cc cu hnh d dng thay i t cc mng ngang hng thch hp cho mt s lng nh ngi s dng n cc mng c c s h tng y dnh cho hng nghn ngi s dng m c kh nng di chuyn trn mt vng rng. D dng truy cp ti cc i im Internet cng cng. Xa hn na l cc ta nh cao tng ca nhiu cng ty, truy cp Internet v thm tr l truy cp vo cc trang ca cng ty c th c thc hin thng qua cc mng hot spot khng dy cng cng. Cc sn bay, nh hng, bn xe la v cc vng cng cng khc trong ton thnh ph c th c cung cp vi cc loi hnh dch v khng dy ny. Vn bo mt trong mng WLAN Ngy nay Wireless Lan ngy cng c s dng rng ri trong c dn dng v cng nghip. Vic chuyn v nhn d liu ca cc thit b Wireless Lan qua mi trng khng dy nh s dng sng in t. Do cho php ngi dng c cng kt ni v d dng di chuyn. y cng l nguyn nhn ca nhiu vn bo mt lin quan n Wireless: d liu truyn trn mi trng khng dy c th b bt ly mt cch d dng. Chnh v khng c gii hn v khng gian nn tn cng c th xy ra bt c ni no: c th sn bay, hay cc vn phng k, hay bt c ni no c th s dng wireless. Do cn c bin php x l thch hp khi s dng wireless truyn cc d kiu quan trng. 4. Cc loi tn cng trong cc h thng my tnh 1) Tn cng ch ng:
4

L loi tn cng thc hin thay i d liu c gi hoc to ra lung d liu khng trung thc. C th chia thnh cc loi tn cng nh sau: - Gi mo: c thc hin bi ch th tn cng bng cch gi mo thnh mt thc th khc thu thp thng tin trong cc phin xc thc v s dng xm nhp vo h thng. - Hi p : thc hin bng cch bt d liu mt cch th ng v cc gi truyn li sau xm nhp h thng. - Sa i : mt hoc mt vi phn ca thng tin nguyn thy c thay i hoc lu li. 2) Tn cng th ng: Dng tn cng ny rt nguy him v n rt kh b pht hin do khng li du vt sau khi tn cng. Tn cng c thc hin bng cch lng nghe v bt cc gi tin ang truyn. 3) Tm li: Tt c cc loi tn cng t nhiu u gy nh hng n tnh bo mt ca h thng. Do , ngay t nhng phin bn u tin ca Wireless Lan vn bo mt c t ln hng u. Bo mt trong Wireless Lan cung cp cho ngi s dng cc dch v sau: - Tin cn : bo v d liu truyn trn knh truyn khi cc loi tn cng th ng nhm ly thng tin c gi, c thc hin thng qua phng php m ha. - Kim sot truy cp : m bo ch nhng my c cho php mi c php truy cp vo. - Xc thc : m bo gi tin c gi t cc my cho php, tc l n m bo pha trong phin truyn khng b gi mo. - Ton vn : m ba tnh ton vn ca d liu, thng ip khng b thay i hay nhn bn. II.Giao thc WEP i vi mng LAN theo nh ngha chun IEEE 802.3 th bo mt d liu trn ng truyn khi cc tn cng t bn ngoi c m bo qua bin php gii hn vt l, tc l hacker khng th truy xut trc tip n h thng ng truyn cp. Do chun 802.3 cng khng t ra vn m ha d liu chng li cc truy cp tri php. Tuy nhin i vi chun 802.11, do c tnh ca mng khng dy l khng gii hn v mt vt l truy cp n ng truyn, tc l bt c ai trong vng ph sng u c th truy cp d liu nu d liu khng c bo v, do vn m ha d liu l rt quan trng. WEP (Wired Equivalent Privacy) l mt phn trong chun IEEE 802.11 c a ra nhm m bo tnh bo mt cho mng khng dy t mc nh mng ni cp truyn thng. Trong phn ny em s trnh by s lc v phng thc hot ng ca giao thc WEP v mt s hn ch ca phng php ny. 1. Phng thc chng thc
5

Phng thc WEP cho php Client chng thc vi AP (Access Point ) thng qua cc bc trao i gia Client v AP(Access Point) c m ha. Hnh sau y m t qu trnh chng thc ny :

Hnh 1.Qu trnh chng thc gia Client v AP

Qu trnh ny c th qua cc bc sau: Bc 1: Client gi n AP yu cu xin chng thc. Bc 2: AP s to ra mt chui mi kt ni (challenge text) ngu nhin gi n Client. Bc 3: Client nhn c chui ny ny s m ha chui bng thut ton RC4 theo m kha m Client bit, sau Client gi li cho AP chui m ha. Bc 4: AP sau khi nhn c chui m ha ca Client, n s gii m li bng thut ton RC4 theo m kha cp cho Client, nu kt qu ging vi chui ban u m n gi cho Client th c ngha l Client c m kha ng v AP s chp nhn qu trnh chng thc ca Client v cho php thc hin kt ni. 2. Phng thc m ha
6

hiu r qu trnh m ha v gii m chng ta lm quen vi mt s khi nim sau : Share key: (Kha dng chung): y l m kha m AP v Client cng bit v s dng cho vic xc thc cng nh m ha v gii m d liu. Kha ny c cc loi khc nhau v di l 64 bit v 128 bit. i khi ta thy vit l kha 40 bit v 104 bit, l do l c 2 loi kha ny u dnh 24 bit s dng cho vector khi to kho m ho (Initialization Vector), nn di kho ch cn 40 bit hoc 104 bit . Initialization Vector - Vector khi to IV: y l mt chui di 24 bit, c to ra mt cch ngu nhin v vi gi tin mi truyn i, chui IV li thay i mt ln. C ngha l cc gi tin truyn i lin nhau s c cc gi tr IV thay i khc nhau. RC4 PRNG : RC4 l mt thut ton m ha dng, dng sinh ra dng bit gi ngu nhin (mt keystream). a. M ha khi truyn i u tin kha b mt (v d 40 bit) v vector khi to IV - Initialization Vector 24 bit kt hp thnh u vo ca thut ton lp kha (Key Scheduling Algorithm KSA). KSA c s dng to ra mt gi tr khi u m s c s dng trong PRNG to ra kha dng key sequence (key stream) khp vi di ca vn bn gc. Mt khc, phn ni dung bn tin c b xung thm phn kim tra CRC to thnh mt gi tin mi, CRC y c s dng nhm kim tra tnh ton vn ca d liu (ICV Intergrity Check Value), chiu di ca phn CRC l 32 bit. Gi tin mi vn dng cha m ha (plant text), s c XOR vi chui cc kha key stream to ra mt bn tin c m ha ciphertext . Gi tin ny cng vi chui IV, mt frame header chun v FCS c thm vo bn tin v n c truyn i.

Hnh 2.Qu trnh m ha b. Qu trnh gii m Qu trnh gii m c bn c thc hin ngc li. to li kha dng (keystream) ta s dng vector khi to IV. V vy m vector khi to IV phi c gi km theo bn tin di dng khng m ha. Kha b mt v IV c a qua KSA, PRNG nhn li keystream. Sau keystream v vn bn m ha c XOR vi nhau, v kt qu tr v vn bn gc v ICV. Cui cng, nt n tnh ton ICV mi, v kim tra xem nu gi tr mi ny khp vi gi tr ICV gi. Nu n khp, sau nt nhn s chp nhn v x l bn tin.

Hnh 2.Qu trnh gii m 3. Nhng hn ch ca giao thc WEP Mc d WEP p ng mt s yu cu ca mt gii php an ninh cho mng khng dy nh C th a ra rng ri, trin khai n gin M ha mnh Kh nng tng thch Cho php ty chn Ti u tnh ton Tuy nhin vi nhng hn ch sau y ngi ta nhn ra rng WEP khng kh nng bo mt mt cch ton din. Xc thc mt chiu : WEP cho php client xc thc vi AP trong khi client khng th xc thc AP. Hu qu rt nghim trng nu client kt ni ti mt AP gi mo, v AP ny c th ly cp cc thng tin quan trng t client.
WEP s dng mt kha dng chung chia s cho tt c client trong WLAN v kha

dng chung ny thng c lu tr trong mi thit b ti ni m cc phn mm khc c th d dng truy nhp. Nu bt k thit b no b mt hay b l kha th ch c cch duy nht l thay i kha ca ton b cc thit b cn li. Giao thc WEP khng quy
9

10

nh giao thc qun l kha dn ti vic kha tn ti thi gian qu lu v tr nn km an ton, vic ng b chuyn i kha gia AP v client rt kh v phi lm th cng. Nhng thiu st ny lm WEP khng m bo tnh bo mt v ton vn. RC4 l thut ton m ha dng, do mt kha khng nn c dng hai ln. Mc ch ca IV l trnh s lp li keystream sau mi ln gi bn tin, nhng 24-bit IV khng di m bo vic khng b lp li trong khong thi gian an ton. 24-bit IV cho php 16,777,216 keystream khc nhau i vi 1 WEP key. Nu 1 keystream ca 1 IV b pht hin, k tn cng c th gii m cc bn tin sau m c m ha vi cng IV . iu ny c ngha l chng ta s khng cn ti WEP key gii m bn tin nu bit keystream m ha bn tin . V vic tm ra keystream li d hn so vi vic tm WEP key. Mt khc, WEP li khng c t vic IV c chn v tn sut thay i nh th no. Do mt s IV thng khi to t 0 v tng dn qua mi gi tin, khi t ti ngng 16,777,216 n s quay li v 0. Mt s cch ci t khc th IV c chn ngu nhin. Thc t th vi vic chn ngu nhin IV th xc sut l 50% IV s b lp li sau 5000 gi tin. Ngoi ra, cn c nhiu phng php tm ra keystream ca mt IV. V d, Nu bit 2 gi tin m ha cng IV, th vic XOR 2 gi tin ny chnh l php XOR hai gi tin ban u. Nu nn nhn c kt ni mng, th k tn cng c th ping hay gi message ti. V nu k tn cng c th gi cc gi tin cho nn nhn, hn c th quan st v phn tch cc gi tin ny khi c m ha, t hn c th d ra keystream. WEP s dng m CRC kim tra tnh ton vn ca d liu. Tuy nhin CRC-32 ICV l mt hm tuyn tnh ca bn tin c ngha l k tn cng c th sa bn tin m ha v d dng sa ICV thnh ng bn tin c chp nhn. V d mt k tn cng c th d dng khin AP gii m bn tin cho hn. Bng cch bt mt gi tin m ha, sa a ch n thnh a IP ca ch k tn cng, sa CRC-32, gi li gi tin cho AP. AP s gii m gi tin ri gi li cho k tn cng. Nhng vn ln nht i vi tn cng da trn IV v ICV l ch n hon ton khng ph thuc vo kch thc WEP key, ngha l thm ch WEP key di rt ln th cng khng c ngha g. Vic tn cng khng c g khc. Tn cng vo im yu KSA (Key Scheduling Algorithm) trong thut ton m ha RC4. Kiu tn cng ny cn gi l tn cng FMS (do Fluhrer, Mantin v Shamir a ra nm 2001). Tn cng FMS li dng im yu ca gii thut to kha KSA trong RC4 ti to kha WEP t tp hp cc bn tin m ha. Cch tn cng ny tn dng cc im sau :
o

Cipher text = plaint text key stream nn suy ra Key stream = plaintext Cipher text. Nu bit key stream v IV th s bit kha WEP do keystream = RC4(IV|k)

o Cc bytes u tin ca bn tin cha m ha thng l 802.11 LLC SNAP header nn d on c.

10

11

o i vi mt s vector khi to IV th vic bit bytes th m s c th dn ti on c bytes th m+l ca keystream. o Vector khi to IV c gi i cng bn tin di dng khng m ha Nguy him na l, kiu tn cng ny hon ton b ng nn vic pht hin l gn nh khng th. Cch tn cng ny c p dng trong cc phn mm ph kha WEP nh WEPCrack, AirSnort. Gii php ti u cho WEP Mc d khng hn l mt im yu nhng WEP ch h tr kha tnh c chia s trc. Qu trnh xc thc trong 802.11 l xc thc thit b ch khng xc thc ngi s dng thit b, khi card wireless b mt th n tr thnh vn bo mt trong mng WLAN. Ngi qun tr mng phi tn rt nhiu cng sc v thi gian gn kha WEP li cho tt c thit b wireless trong mng. Vn gn kha c th chp nhn c nu nh mng nh nhng trong mng trung bnh v mng ln c s thit b wireless c th ln n hng nghn, cn phi c phng php phn phi kha hoc ngi qun tr mng phi qun l cht tt c cc thit b wireless trong mng. nng cao mc bo mt cho WEP ng thi gy kh khn cho hacker khi dng cng c d tm kha WEP, cc bin php sau c ngh: dng cng c d tm kha WEP, cc bin php sau c ngh: - S dng kha WEP c di 128 bit gia tng s lng gi d liu hacker cn c s dng phn tch IV, gy kh khn v ko di thi gian gii m kha WEP. i vi cc thit b khng dy c ch h tr WEP mc 40 bit th ngi dng cn lin lc vi nh sn xut c cp nht phin bn mi nht ca firmwares update. - Tin hnh phng php thay i kha WEP nh k. Do WEP khng th thay i kha t ng nn vict thay i kha nh k s gy kh khn cho ngi s dng. Mc d vy, nu khng th thay i kha WEP c thng xuyn th vn nn thay i kha t nht mt ln trong thng hoc khi thy nghi ng v kh nng b l kha. - Theo di d liu thng k trn ng truyn khng dy. V cc cng c d kha cn bt c s lng ln gi d liu v hacker c th phi s dng cc cng c pht sinh d liu. S t bin bt thng v lu long d liu c th l du hiu ca mt cuc tn cng WEP, cho php ngi qun tr mng pht hin v p dng cc bin php phng chng kp thi. 5. Tng lai ca WEP Nh chng ta bit, WEP c th c coi nh mt c ch bo mt mc thp nht. v vy WEP khng cung cp bo mt cn thit cho a s cc ng dng khng dy cn an ton cao. WEP c th b b kha d dng bng cc cng c sn c. iu ny thc y cc nh qun tr mng tm cc gii php WEP khng chun t cc nh sn xut. Tuy nhin, v nhng gii php ny khng c chun ha nn li gy kh khn cho vic tch
11

12

hp cc thit b gia cc cc hng sn xut khc nhau. Hin nay chun 802.11i ang c pht trin bi IEEE vi mc ch khc phc cc yu im ca WEP v tr thnh chun thay th hon ton cho WEP khi c chp thun v trin khai rng ri. Nhng hin nay chun 802.11i vn cha chnh thc c thng qua. Do , hip hi WiFi ca cc nh sn xut khng dy xut v ph bin rng ri chun WPA(Wifi Protected Access) nh mt bc m trc khi chnh thc trin khai 802.11i. V phng din k thut, chun WPA l bn sao mi nht ca 802.11i v m bo tnh tng thch gia cc thit b ca cc nh sn xut khc nhau. Cho n thi im hin nay, mt s cc thit b Wifi mi h tr WPA, WPA2, gii quyt c vn bo mt ca WEP III. Mt s phng php bo mt ci tin ca WEP WPA Nh phn trc trnh by cng WEP sinh ra nhm bo v mt mng WLAN chng li nhng k nghe trm. Tuy nhin phng php ny sm b loi b do chng c qu nhiu l hng bo mt, ngy ny ngi ta rt t dng phng php ny cho vic bo mt trong mng khng dy. khc phc nhng l hng cht ngi ca WEP, Wi-Fi Alliance xut mt phng php bo mt mi khc phc nhng l hng bo mt ca WEP l phng php WPA (Wi-Fi Protected Access) .C th WPA tp chung ci tin 3 im yu ni bt ca WEP Th nht : WPA m ha thng tin cng ging nh WEP l dng m RC4 tuy nhin chiu di m l 128 bit ch khng phi l 40bit hay 104bit nh ca WEP v di IV l 48 bit ch khng phi l 24bit nh ca WEP. Ngoi ra mt im ci tin quan trng ca WPA l s dng giao thc TKIP (Temporal Key Integrity Protocol) nhm thay i mt cch lin tc kha dng chung gia cc user v AP trong qu trnh truyn tin. TKIP dng mt kha nht thi chiu di 128 bit kt hp vi a ch MAC ca user host v IV to ra m kha. M kha ny s c thay i lin tc trong qu trnh truyn cc gi tin nh vy nu k th c bt c kha ny cng khng d thi gian c th s dng kha . Th hai: Khc phc im yu ch xc thc mt bn client ca WEP m khng xc thc c bn AP , phng php WPA s dng 802.1x/EAP m bo tnh xc thc ln nhau gia pha client vi pha AP nhm chng li man- middle attack. WPA s dng mt server xc thc c bin n vi tn l RADIUS/DIAMETER, server ny dng xc thc user cng nh nh ngha nhng quyn kt ni ca user. Nh vy ta thy nu s dng mt server ta c th khc phc c vic xc thc ln nhau m WEP khng lm c. Tuy nhin i vi mt mng nh nh ca mt gia nh hay mt trng hc th vic s dng mt server li l vn kh c th s dng do yu cu kinh t v s lng ph. Chnh v vy ngi ta xut mt phng php ginh cho mng wifi nh l s dng WPA-PSK . tng ca n l dng mt password(Master key) chung cho c AP v cc client . Thng tin xc thc ln nhau gia AP v user s c trao i thng
12

13

qua giao thc EAP(Extensible Authentication Protocol) . EAP session s to ra gia user v server d truyn thng tin lin quan n tnh identity ca user cng nh ca mng. Trong qu trnh ny AP ng vai tr nh mt EAP proxy , lm nhim v trao i thng tin gia server v user. Th ba: WPA s dng MIC(Michael Message Integrity Check) tng cng tnh integrity ca thng tin truyn. MIC l mt message 64 bit c tnh da trn thut ton Michael. MIC s c gi km trong gi TKIP v gip ngi nhn c th kim tra xem gi tin cn ton vn hay khng. Nh vy ta c th thy WPA sinh ra nhm v nhng l hng m WEP to ra , tuy nhin WPA vn cha phi l phng php ti u v nhiu ngi dng vn cha tin tng. C th WPA vn cn nhng im yu k tn cng c th khai thc v tn cng c . C th y chnh l: N vn cha gii quyt chng c tn cng DoS. K ph hoi s gi lin tip nhng gi tin (c th l t nht 2 gi tin vi kha sai/1sec) . Trong trng hp ny AP s pht hin ra b tn cng v s ct tt c cc ni kt trong vng mt pht trnh tiu hao h thng. Tuy nhin nh vy trong vng 1 pht cc gi tin ng ca ngi dng s khng c thc hin nh vy lm xo trn c h thng WPA s dng RC4 m ha nn c th d dng b b kha do phng php RC4 d dng b b kha bng FMS attack c ngh bi trng i hc Berkeley. RC4 cha nhng kha yu v ch cn bt c cc kha yu ny l c th gii m c kha ca RC4. Vic tm cc kha yu ny ch cn thu thp mt lng thng tin trn knh truyn. WPA-PSK l mt phin bn yu ca WPA m n gp vn trong vic qun l Password gia nhiu ngi dng. Khi mt ngi dng ri cng ty hay mt t chc , mt password mi cn phi thit lp. WPA2 hon thin phng thc m ha v khc phc nhng im yu cn tn ti ca WPA th WPA2 c to ra.WPA2 s dng mt phng php m ha hon ton khc bit so vi WPA v WEP. Trong khi WPA v WEP s dng phng php php m ha lung RC4 , th WPA2 s dng phng php m ha khi AES. Trc ht ta s so snh phng php m ha lung RC4 vi AED hiu r s khc bit ca WPA2 so vi WPA v WEP. RC4 : M ha lung l m ha tng bit, ht bit ny n bit khc s dng cc t kha c th bin i ln ti 256bytes. Thut ton ny c u im l tc x l nhanh, v s dng t hn so vi m ha khi.Tuy nhin, qu trnh m ha v gii m ch ph thuc duy nht vo mt kha. Nu k tn cng s dng c kha ny th c th bit c ton b v d liu AES : da trn phng php m ha khi, hot ng trn mt khi d liu c di 128 bit, kch c ca kha c chiu di 128, 196 hay 256 bit. AES m ha c khi bit ca
13

14

vn bn thng cng mt lc v cng mt kha. iu ny c ngha l s m ha ca bt k bit no trong khi cho cng ph thuc vo mi bit khc trong cng khi. T vic so snh gia hai phng php trn, th c th thy c WPA c rt nhiu u im ni tri so vi nhng phng php trc . C th l :

c ci tin t phng php WPA. im khc bit ch yu chnh l WPA2 s dng phng php m ha AES cn wpa vn s dng phng php TKIP. nh gi : wpa2 s phng php m ha AES nn c tnh bo mt cao hn rt nhiu so vi phng php s TKIP. Do AES s dng c ch m ha rt mnh v phc tp. Chnh v iu m n yu cu cc thit b phn cng cao v kh nng x l ca chip. Khng nh WPA c th s dng phn cng c m ha wep, ch cn nng cp phn mm l c th thc hin c. Do WPA2 cha c s dng ph bin v rng ri nh WPA.Mt vi nm trc y ch cc h thng c quan chnh ph hoc cc doanh nghip yu cu tnh bo mt cao mi c trang b thit b h tr WPA2 .Nhng hin nay hu ht cc sn phm u h tr WPA2. lm r hn tnh bo mt ca WPA2 so vi wpa ta s so snh 2 phng php bo mt l AES v TKIP vi nhau : o TKIP da trn thut ton m ha lung RC4 : M ha lung l m ha tng bit, ht bit ny n bit khc s dng cc t kha c th bin i ln ti 256bytes. Thut ton ny c u im l tc x l nhanh, v s dng t hn so vi m ha khi.Tuy nhin, qu trnh m ha v gii m ch ph thuc duy nht vo mt kha. Nu k tn cng s dng c kha ny th c th bit c ton b v d liu. nng cao tnh bo mt ca RC4 th TKIP h tr t ng sinh kha mi sau mt s lng packet nht nh.y l ci tin ca TKIP so vi WEP . Nhng iu ny khin vic qun l kha tr nn phc tp hn. o AES : da trn phng php m ha khi, hot ng trn mt khi d liu c di 128 bit, kch c ca kha c chiu di 128, 196 hay 256 bit. AES m ha c khi bit ca vn bn thng cng mt lc v cng mt kha. iu ny c ngha l s m ha ca bt k bit no trong khi cho cng ph thuc vo mi bit khc trong cng khi.Do tuy ch s dng mt kha duy nht nhng AES vn c tnh bo mt rt cao. Khi m ha cc file vn bn th tc m ha nhanh hn hn so vi TKIP.Do AES c coi nh l tiu chun vng ca h thng m ha.

14