WLAN與Cellular安全機制探討.ppt
《WLAN與Cellular安全機制探討.ppt》由会员分享,可在线阅读,更多相关《WLAN與Cellular安全機制探討.ppt(56页珍藏版)》请在三一文库上搜索。
1、1,WLAN與Cellular安全機制探討,2,Outline,Current Status of WLANs Deployment WLANs Network Security 802.11, Attack WLANs Security Architecture 802.1x, EAP-TLS , EAP-SIM WPA, 802.11i Upcoming WLAN/Cellular Integration Security Integration Architecture Conclusion Q&A,3,PWLAN : Crossing the Chasm?,Source : “WLAN
2、 in the Era of 3G” Xinli Hou Ericsson 2003.07.09,4,行動通訊 手機普及率 106% 世界第一(2002) WLAN產量全球市佔率高達 80%,產值佔全球 30% (2002)(產值與產量不成正比,賺辛苦錢!) 雙網應用整合發展計畫規劃 提昇生產製造優勢,加強高附加價值應用服務 藉由雙網應用整合發展計畫,培養國內業者建立整體解決方案能力 手機 WLAN and Cellular 整合 創造雙網應用服務,2002,世界製造,市場佔有率,WLAN,1,8,0%,台灣發展Cellular/WLAN雙網服務利基,5,Cellular/WLAN Integ
3、ration Solution,GGSN,Cellular Network,SGSN,HLR,Internet,AP,AP,Public WLAN,(GSM/GPRS/WLAN) & WLAN card,Loose coupling Integration starting at the IP layer,6,Cellular與 WLAN各有所長,2.5G -數據 (GPRS, cdmaOne),2G- 語音 (GSM, PDC, IS-95),3G-多媒體 (W-CDMA, cdma2000),系 統 說 明,Voice、Circuit Data (14.4kbps) Macro/Micro
4、 cell GSM, PDC, IS-95,Voice 、Packet Data (Up to 115kbps) Macro/Micro/Pico cell GPRS, IS-95B,Multimedia(Up to 2Mbps) Macro/Micro/Pico/Spot cell W-CDMA, cdma2000,資料來源:工研院IEK( 2003/03),Cellular - Wide area coverage, voice & narrow-band data services WLAN - High-bandwidth wireless but in specific locati
5、on, Low-cost deployment,Cellular及 WLAN 各有所長,兩者可以互補 WLAN有助改變消費者行為,刺激隨處快速存取數據及 3G service的需求 Operator業者結合WLAN,可搶佔高速傳輸市場 Hot Spot - Wi-Fi City - 雙網,7,WLAN/Cellular Integration商機 - Service,Operator業者可提供傳輸語音與上網的服務,行動電話使用者,網際網路使用者,使用行動電話與網際網路的使用者,GPRS/3G之原有大餅,Keep,語音 使用者,資料+語音使用者,Cellular Operator 業者之用戶,W
6、LAN進入,GPRS/3G加上PWLAN 對原有客戶之之大餅,網際網路使用者,資料來源:工研院IEK (2002/12),新客戶,GPRS/3G加上PWLAN 對新、舊客戶之之大餅,8,全球Cellular + WLAN進展 - 各國應用Cellular + WLAN 案例 - 各國推廣 PWLAN 進展,9,各國目前發展PWLAN情況,資料來源:工研院 IEK, 2003/06,10,Digital Content Program,1.無線上網點:2003年中約700處。 2.用戶數: WLAN發卡數已超過100萬張,但實際達成漫遊者接近 0。 3.台灣WLAN設備製造全球第一,市佔率超過8
7、成。 4.目前已利用主導性新產品開發計畫等,促使WLAN設備之零組件國產化。 5.台灣有全球最強的設備製造能力, 若能加強應用及Content 能力台灣將擁有完整整體解決方案。 6. 網路服務整合Cellular與WLAN,設備 製造,晶片設計 /製造,系統 整合,服務 業者,揚智、上元、威盛、 瑞昱、益勤、鎵葳、 亞信、聯發、工研院,正文、亞旭、智捷、 環隆、建漢、友訊 中華電訊、智邦 明基電通、晶訊 神腦、突破、陽慶,全球領航、傳易科技 傳象科技、華電聯網 弘運科技、士恆資訊 ,曜正、 Hinet、蕃薯藤、東信、遠傳 億聯科技,Content,我國發展PWLAN現況,工研院IEK (200
8、3/06),11,12,PWLAN 成功關鍵因素分析,開發具地方特色之應用及內容,示範應用區建立,具競爭力之 商業營運模式,系統整合業者,設備提供者,WLAN漫遊,上網及安全機制是否恰當,總入口網站建置與維護,宣導推廣與成果展示,Cellular & WLAN網路漫遊認證,作業管理機制,建立漫遊機制與平台,13,Security Issues of WLAN,Current Status of WLANs Deployment WLANs Network Security 802.11, Attack WLANs Security Architecture 802.1x, EAP-TLS ,
9、EAP-SIM WPA, 802.11i Upcoming WLAN/Cellular Integration Security Integration Architecture Conclusion,14,WLAN/Cellular Integration挑戰,行動電話服務業者的態度,硬體類 PDA 或Notebook等可攜式產品價格降低 整合GSM/GPRS/WLAN功能且具有SIM卡的 WLAN售價降低 Technology Development,消費者被適當的教育 Education Programs Regulatory Body Government Initiatives,軟體
10、類 軟體業者提供相關 線上遊戲等加值軟體,資料來源:工研院IEK (2002/12),Service Providers,Equipment Manufacturers,Customers & others,Content Providers,Service Trials,Competitive Billing,DRM Support,15,WLAN/Cellular Integration 挑戰,Power Consumption Handoff & Roaming Security (Authentication, Authorization) DRM Billing QoS System
11、 Interface.,Business Models Global Roaming Agreement Relationship among WISP, Network Providers, Content Providers Service Charge Customer Habit.,技術面,商業面,16,Security Issues of WLAN,Current Status of WLANs Deployment WLANs Network Security 802.11, Attack WLANs Security Architecture 802.1x, EAP-TLS ,
12、EAP-SIM WPA, 802.11i Upcoming WLAN/Cellular Integration Security Integration Architecture Conclusion,17,WLAN Security,論文簡述及發表時間,WLAN has encryption, authentication and system security problem WLAN最根本的問題為使用“分享靜態的金鑰”的認證方式,18,WLAN安全標準發展現狀,Time,WPA,WPA v.2,19,Background,WLAN using ISM (Industry Scientif
13、ic and Medical) band Unlicensed 2.4 GHz IEEE 802.11b 11 Mbps (22 Mbps) 1999 5.8 GHz IEEE 802.11a 54 Mbps (72 Mbps) 2001 2.4 GHz IEEE 802.11g 54 Mbps 2003 WLAN standards 802.11b 802.11g is good for security 802.11a,11 MPS,2.4GHZ,WPA(incompatible 11i),30-75m,54 MPS,2.4GHZ,WPA(compatible 11i),30-75m,co
14、mpatible 11b,54 MPS,5.8GHZ,WPA(incompatible 11i),30-75m,incompatible 11b,20,802.11 basic,Association must be done before data transmission The association process has three states,De Authentication,21,802.11 basic(cont.),Association process Find AP AP send beacon containing SSID periodically or Clie
15、nt send probe request to find AP that is using a desired SSID Authentication Open system, or pre share secret MAC address list Client send association request & receive response Send data,22,802.11 basic(cont.),Authentication Open System Authenticate using SSID Pre share secret Encrypt challenge usi
16、ng pre share secret as a key Access Point uses “challenge and response” method to auth client.,23,802.11 basic(cont.),Access List,00:02:03:04:05:06,Office intranet,01:02:03:04:05:07,01:02:03:04:05:65,00:02:03:04:05:06,Setup an access table manually,02:02:03:04:05:07,reject,accept,24,Some Known Attac
17、ks of WLAN Environment(1),Information Exposure Brute-Force SSID Denial of service Session Hijacking Man-in-the-middle attack,25,Some Known Attacks of WLAN Environment (2),Information Exposure What can we see in an APs Configuration Service Set Identifier (SSID) Channel Strength WEP Status APs MAC Ad
18、dress Attackers can use these message to get what they want,26,Information Exposure Example,Some Known Attacks of WLAN Environment (3),27,Some Known Attacks of WLAN Environment (4),Brute-Force SSID,Try Default SSID, such as: tsunami - Cisco 101 3Com Compaq - Compaq WLAN Addtron intel - Intel “linksy
19、s Linksys Wireless or Default Use Brute-force Dictionary Attack,28,Some Known Attacks of WLAN Environment (5),Denial of Service Using the flaw of the 802.11 protocol (De-authentication frames) Use MAC address of Access Point Send deauthenticate frames Send continuously Send to broadcast address User
20、s are unable to reassociate with AP,29,Some Known Attacks of WLAN Environment (6),Session Hijacking,Switch,Server 10.0.0.1 00:01:02:03:04:05,Victim 10.0.0.10 05:04:03:02:01:00,Victims ARP Table IP | MAC 10.0.0.1 | 00:01:02:03:04:05,Servers ARP Table IP | MAC 10.0.0.10 | 05:04:03:02:01:00,30,Some Kno
21、wn Attacks of WLAN Environment (7),Man-in-the-Middle,Communicate,ESSID=CISCO AP MAC=00:01:02:03:04:05,MAC=E1:3B:D3:78:D5:43,Victim,31,Security Issues in Enterprise and Public WLAN Environment (1),Enterprise environment Physical AP Control(connect to intra directly !?) Authorization at AP Authenticat
22、ion WEB page is on Gateway,32,Security Issues in Enterprise and Public WLAN Environment (2),Public environment APs at insecure environment(forge APs ) Seldom WEP Encryption Authorization at AP or Gateway,Authentication,Authorization,Seldom WEP Encryption,Centralized AAA,AAA servers,Gateway,Public Ne
23、twork,ISP network,Office,Insecure environment,secure environment,33,Enhanced WLAN access methods needed,Link-layer enhancements Authentication Web-based authentication (for public WLAN) 802.1x-based authentication (for office/public WLAN) Encryption Frequent key exchange TKIP (long IV, MD5 in key sc
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- WLAN Cellular 安全 機制探討
链接地址:https://www.31doc.com/p-3032616.html