wifi分为两大类:
RSNA算法:TKIP, CCMP,RSNA establish and termination procedures, key management procedures
RSNA算法:TKIP, CCMP,RSNA establish and termination procedures, key management procedures
Pre-RSNA算法:wep; ieee80211 entity authentication
MIC: message integrity code, 该值是由对称密钥加密算法产生的;
Michael: the MIC for TKIP;
PMK: pairwise master key(对称主密钥);be obtained directly from a pre-shared key(PSK);
PMKSA: pairwise master key security association
PTK:pairwise transient key ;
AS: authentication Server;
RSNA: robust security network association;
ANonce: Authentication none;
AKM: Authentication and key management;
CTR:counter mode
CBC-MAC:cipher-block chaining(CBC) with message authentication code(MAC);
CCMP: CBC-MAC protocol
TKIP: temporal key integrity protocol;
PAE: port access entity
SS: station service
SME:station management entity
SAP: service access point
TSN: transition security network
RSNA组成部分:
Authenticator PAE & Supplicant PAE;
AS;
IEEE80211提供三种加密算法:WEP,TKIP, CCMP;
WEP/TKIP基于RC4算法,CCMP基于AES,
the system setup and operation of an RSN,in two case:
1\ an IEEE802.1X AS is used
2\a PSK is used
4次握手由authenticator开始初始化EAPOL-KEY帧:
- 确认PMK;
- 由PMK产生PTK;
- 交互PTK及PTK序列号
- 安装密钥
GTK更新流程:
Frame formats
802.11 MAC head -->frame control flags-->protected frame filed 只有数据帧/管理帧,且加密的情况下才会置1;
802.11 Management -->privacy subfield 当需要加密时,该值为1;
原因码:
802.1X认证方式
|
方式代码
|
认证方式协议
|
说明
|
|
4
|
MD5 Challenge
|
挑战握手方式
|
|
6
|
GTC
|
一般令牌卡方式
|
|
13
|
EAP-TLS
|
数字证书方式
|
|
21
|
TTLS
|
隧道式 TLS
|
|
25
|
PEAP
|
受保护的 EAP (用户名 / 密码方式)
|
|
18
|
EAP-SIM
|
以 SIM 卡进行身份验证的方式
|
|
29
|
MS-CHAP-V2
|
用于 microsoft 的加密密码方式
|
若测试PC的PEAP认证时,配置如下:
