阿德利亚WLAN基础知识培训ppt课件.pptVIP

There are five topics. * * Wireless security is broken into three key components, each of which can exist individually or as a group. The first piece is network authentication, which validates your identity prior to logging in. The second is access control, which controls your access to the network. Access control can either allow or restrict access to different network resources. The third piece is data encryption, which encrypts the data so that your communications cannot be monitored. Over the next few slides we will look at some of the technologies and standards that provide these three security functions. * 标准的64比特WEP使用40比特的钥匙接上24比特的初向量(initialization vector，IV) 成为 RC4 用的钥匙。128位比特的WEP用 104 比特的钥匙实作了 128 比特的 WEP 延伸协定。用户输入 128 比特的 WEP 钥匙的方法一般都是用含有 26 个十六进制数 (0-9 和 A-F)的字串来表示，每个字符代表钥匙中的 4 个比特， 4 * 26 = 104 比特，再加上 24 比特的 IV 就成了所谓的 128 比特 WEP 钥匙。有些厂商还提供 256 比特的 WEP 系统，就像上面讲的，24 比特是 IV，实际上剩下 232 比特作为保护之用，典型的作法是用 58 个十六进制数来输入，(58 * 4 = 232 比特) + 24 个 IV 比特 = 256 个 WEP 比特。 * Wi-Fi Protected Access was created as an interim security method to resolve some of the shortcomings of WEP and provide a temporary solution until 802.11i was ratified. WPA Enterprise uses 802.1x/EAP for authentication and access control, along with Temporal Key Integrity Protocol (TKIP). A 48-bit IV prevents duplicate IVs from occurring since at 10,000 frames per seconds, it would take almost 900 years before a 48-bit IV would repeat itself. This helps prevent a weak IV attack. TKIP is a modified and improved version of WEP. TKIP uses a Message-Integrity Check (MIC) to prevent frame tampering. TKIP combines a 128-bit “temporal key” with the client’s MAC address and the 48-bit IV to produce the encryption key. TKIP is also dynamic, changing the temporal key every 10,000 packets. Since home networks do not have the same resources as enterprise, a home or personal version of WPA was created, known as WPA-PSK. With WPA-PSK, the user must enter a passphrase between 8 to 63 characters long. The longe