ͥåȥڥꥹ - SE̼η -

ͥåȥڥꥹȤλкȤǤͥåȥڥꥹȻι
̡ʤΥġ⡢μʤɤξǺܤޤкߥʡԤäƤޤ ͥåȥڥꥹ
кʤ麸κǤܤ֥ͥڡץ꡼ʵɾҡˤǡ
ͥåȥڥꥹȻ˹ʤȡͥåȥ˴ؤμ䵻ѤǤʤɲϤʸϤȤˤĤޤ
ˡλ˹ʤǤȤ뤳ȤǤޤ

ƥꡧ7.ءL1,L2 > 7.14 ̵LANʎ؎Î

̵LANΰŹ沽Ѥ򤭤줤ϤǤʤ
Ź沽εѤȤƤϡʲ3ĤǹͤФ褤
WEPʰŹ沽르ꥺRC4
TKIPʰŹ沽르ꥺRC4
AES
4

Ź沽르ꥺäƤʤǤ
ŹΤ褦ʡŹ沽εѤΤΡTKIP˴ؤƤϡǤϡְŹ沽ץȥפȤɽȤäƤ롣Ź沽ѤǤϤʤ򴹤ʤɤλȤߤղäΤ
Ź沽ץȥˤTKIPѤƤ,롼׸ιֳ֤3,600ää(H23SC孶2)
src="http://livedoor.blogimg.jp/securityadmin/imgs/1/3/13554d07.jpg"

Ź沽ѤȤWPA⤢Ȼפޤ
⡢դ꤫⤷ʤǤϡWPA̿ʡפɽƤ롣WPAϡŹ沽λȤߡTKIPˤȡǧڤλȤߡIEEE802.1XˤȡɻߡMICˤλȤߤޤ᤿̿ʤȸƤ֤٤ȹͤƤ롣ʤȤ⡢Ź沽εѤǤϤʤ
̿ʤˤWPAPSKѤƤ(ʲ,̿ʤǧʻWPA-PSKȤ)(H23SC孶2)

ľΩTKIPTemporal Key Integrity ProtocolˤϡWEPȼä뤿WEP4ĤʬɤѵʤǤФɬפϤޤ󤬡̿ǰŹ渰ѹƤ礭ѹǤ

ȤϤŪˤWEPѤƤʤΤǡŪʲˤϤʤäƤ餺ȼǧƤޤ
TKIPWPAѤ졢WPA2Ǥ϶٤ʰŹ浬ʤǤAESȤäƤޤ
TKIPŹ沽ʤɽƤ뤳Ȥ¿AESƱΤΤǤϤʤTKIPϰŹ沽르ꥺȤRC4ѤƤꡢTKIPϰŹȸ򴹤λȤߤȹͤ褤⤷ʤ

ޤ꿼ͤʤ褤Ǥ礦

TKIPưŪWEPȤƤʪ⤢롣

TKIPưŪWEPΰ㤤ϡ802.1xǧڤʤɤλȤߤϢưƤ⤷ʤƤ⥭ѤΤTKIPưŪWEPϤǤϤʤ

H29NW孶2ˤǤϡTKIP˴ؤơʲεܤޤ
TKIPǤϡŹ渰δˤʤTemporal KeyˤưŪ롣󥿡ץ饤⡼ɤξ硤ϡIEEE 802.1Xǧ[hǧڥС]ưŪƥ饤ȤۤPMKPairwise Master Keyˤˡ̵LANüڤ[h]ξԤ롣TKIPǤϡե1ǡIVڤ̵LANü[iMACɥ쥹]λĤ򺮹礷ƥȥ꡼1롣ե쥺2ǡȥ꡼1IVγĥ줿ʬ򺮹礷ơŹ渰Ǥ륭ȥ꡼2롣ȥ꡼1ȥȥ꡼2ϡ̿ѹ롣2ʳθ硤ȥ꡼ѹˤä,  WEP⤤¸Ƥ뤬ȼ𤵤ƤΤǺѤʤ
ˤޤ褦ˡTKIPǤϡIV̵LANüMACɥ쥹λĤ򺮹礷ưŹ業ޤ

̵LANΰŹ沽ˤĤƤϡʲǧ
WEPWPAWPA2ˤĤơӤǺܤƤޤ
http://www.viva-musen.net/archives/18796333.html
ޤH29NW孶2ˤǤϡʲΤ褦Ƥޤ

ɽ3̵LANΥǡŹ沽
WEP(Wired Equivalent Privacy) RC4ȸƤФŹ沽르ꥺѤ[d̡]Ź
WPA(Wi-Fi Protected Access) Ź沽르ꥺWEPƱRC4Ѥ뤬Ź沽ץȥTKIP Temporal Key Integrity ProtocolˤѤưŹ涯٤᤿
WPA2(Wi-Fi Protected Access 2) Ź沽르ꥺAESбŹ沽ץȥCCMP(Counter-mode with CBC-MAC ProtocolˤѤ,  WPA ϴIEEEΡ e802.11iϽ

WPA2IEEE802.11iΰ㤤ˤĤ
H25NW孶ˤǤϡIEEEΥƥ褹뤿, IEEE802.11iʲ줿IEEE 802.11i˺ꤵ줿WPA2 (Wi-Fi Protected Access 2ˡפȵܤƤޤ
ͥåȥڥꥹȤܻؤSEϥƥ

ǡ IEEE802.11iWPA2ȤϤɤ㤦ΤǤ
ƤϡۤܤʤȹͤƤIEEE802.11iIEEEɸಽΤǡWPA2ϡ̵LANζȳΤǤWi-Fi饤󥹤ꤷΤǤ

WPA(WPA2ˤǤϡѡʥ⡼ɤȥ󥿡ץ饤⡼ɤ2Ĥޤ
ѡʥ⡼ɤǤϡPSKǧڤޤĤޤꡢǧڥФס
󥿡ץ饤⡼ɤǤϡǧڥФȤäƸ̤ǧڤ򤷤ޤ
ѡʥ⡼


ͤǤʲWindows8.1ǿ̵LAN򤹤Ȥβ̤Ǥ
ƥμȤơWPA2-ѡʥפȡWPA2-󥿡ץ饤פ٤ޤ
wifi

Ȥ
IPAȯɽ̵LANΥƥкϳǧƤޤ礦ƤIPAθʤΤǡȹפޤ

ʲΥȤѡʵ󥯤ǡϰ㤦褦
http://www.ipa.go.jp/security/ciadr/20030228wirelesslan.html

ʣ̿Ƥİ
ʣ̵LAN

ƥк
ʣѹ
̵LANݥȤ򡢹вپ֤ɬѹ롣
ʣ
SSIDService Set ID
 вپ֤SSIDѹ
 SSIDϵѼԤ¬ˤͤѹޤ礦
 
WEPWired Equivalent Privacy
 128bitWEPŹͭˤ
 WEPϿ¬ˤͤŪѹޤ礦
 
MACMedia Access Control˥ɥ쥹
 MACɥ쥹ǧڤˤü¤

α
̵LANΥƥˤĤƤϼΤ褦𤵤Ƥޤ
WEPΰŹ沽ϴñ˲ɤƤޤ
MACɥ쥹¤ˤꡢʤꤹޤưפ˹Ԥ
ʤ顢WEPMACɥ쥹ǧڤϡİѤ񤷤ޤǤ򤱤뤿κ¤кȤŰ줷ޤ礦

1.MACɥ쥹ǧ
MACɥ쥹ե륿󥰤MACɥ쥹ˤǧڤǤ뤬ƥкȤƤԽʬǤ롣ʤʤ顢MACɥ쥹ϰŹ沽Ƥ餺ޤǽǤ롣ޤƥݥȡAPˤˡѤPCMACɥ쥹Ͽɬפꡢ̤ô礭
ȤϤMACɥ쥹ǧڤϷ빽ȤƤ롣ť䤹Ȥ˿ΤƱǡ¤ǽȤϤ¿Ǥ⥻ƥкƤСݤȤͳǿˤʤ롣ޤǧڥФMACɥ쥹ϿǧڥФˤǧڤ뤳ȤǽǤСAPؤѻϿʤ

H20SV孶2ˤˤϡʲεҤ롣
Ѽǧڤ̤,μΤͤʤMACɥ쥹ϵ뤳ȤǤ뤫齽ʬкȤϤʤ,ƹAPѼԤΥΡPCMACɥ쥹򤹤٤Ͽɬפ뤫,μ֤⤫롣

̵LANǧڵ
嵭MACɥ쥹ǧڤϡ̵LANεѤȤϡͥåȥȤƤǧڤǤ롣ʲϡ̵LANǧڵѤ˴ؤơºݤռʬह롣
ǧڵѤϰʲ3ĤǹͤȤ褤
1)ץ󥭡
2)ͭ1)ȤäƤ뤳ȤƱ
3)EAP

줾б̵LANλȤߤϰʲǤ롣

1)WEP
Ź沽WEPRC4)
ǧڡץ󥭡

2)WPA-PSK
Ź沽TKIPRC4)
ǧڡͭ

3)WPAWPA2
Ź沽TKIPAES
ǧڡEAPPEAPEAP-TLS

򿼤뤿ˡȤΥѥβ̤ǡºݤ򸫤ƤߤȤ

PSKpre-shared keyͭ
PSK˴ؤơ­롣ϰŹ沽˻ȤǤϤʤǧڤΤΤΤǤŹ沽θRC4AESλȤߤˤäơӺ롣

H23SC孶2ˤˤϡʲεܤ롣
K󥿤ѤƤWPA-PSK8ʸλͭ񹶷ˤäǤȤξ,񹶷ؤɸΤ, WPA-PSKλͭǤϾʤȤ21ʸ٤ʸȤȤ侩Ƥ뤳Ȥ

ͣWebǧ
ǶǤϡWebǧڤǤ뵡郎Ƥ롣IEEE802.1XPEAPƱID/ѥɤˤǧڤǤ뤬ѥ¦̤꤬פʤΤݥȤǤ롣̵LAN˸¤äȤߤǤϤʤ̿ΰŹ沽ʤɤ̼ʤǹԤɬפ롣뤳Ȥ̵Ȼפ

ͣSSID
SSIDService Set IDentifierˤϥƥкλȤߤǤϤʤڤۤ褤SSIDESS-IDƱǹͤɤˤESS-IDֺ32ʸαѿɽ蘆ͥåȥ̻ҤǤꡢ³륢ݥȤѤH18NW 38ˡפƤ롣֤ˤʤ뤬ñʤ뼱̻ҤǤäơƥݤĤΤǤϤʤǧڵѤǤʤ

̵LANWPAǤϡCCMPȤŹ沽르ꥺबо줷ޤ
ǤϡCCMPˤĤƲ⤷ޤ
ޤH25NWˤ򸫤Ƥߤޤ礦
19̵LANˤWPA2ħϤɤ줫
AHESPεǽˤäǧڤȰŹ沽¸롣
Ź沽르ꥺAESѤCCMP (Counter-mode with CBC-MAC ProtocolˤѤ롣
üȥݥȤδ֤̿Ԥݤ, SSL Handshake Protocol Ѥơߤ꤫ɤǧڤ롣
ѼԤꤹ̩ȡʤIV (Initialization Vector)ȤϢ뤷ˡǡե졼ऴȤRC4ǰŹ沽롣
ϥǤ
ͥåȥڥꥹȤܻؤSE㤦
,
äԤäƤ
WPA2ΰŹ楢르ꥺϡAESʤǤCCMPʤǤɤäǤ
ϡAES١ˤCCMPH29NW孶2ˡפǤ
ĤޤꡢΤˤAESǤϤʤCCMPʤΤǤAES̵LANѤˤĤλȤߤɲäΤCCMPǤ̵LANΰŹ沽ץȥ뤬CCMPǡCCMPǤϰŹ沽르ꥺȤAESȤäƤȹͤƤ⤤Ǥ礦ʤäȤ䤳ʡ

ǤϡCCMP϶ŪˤɤʻȤߤǤ礦
CCMPΥե륹ڥ򸫤ޤ礦Counter-mode with CBC-MAC ProtocolפǤ
ޤCounter-modeǤǤϰʲβ⤬ޤ
AESϥ֥åŹʤΤǡŹ沽åꥵΥ֥åñ̤ʬ䤷ƽɬפ롣å֥åñ̤ʬ䤹ȡǸΥå֥åʤ⤢Τ,   CCMPǤϥ󥿥⡼ɤѤƤ롣󥿥⡼ɤǤϡŹ沽å쥯Ȥ˰Ź沽ΤǤϤʤ֥åƱХȿΥͤŹ沽ơŹ沽ͤȰŹ沽åȤXOR¾Ū¡ˤưŹʸ롣󥿥⡼ɤˤŹ沽2˼
a
  ³񤭤ޤ


PMKϡ̵LANˤƺ븰ΰĤǡŹ渰δˤʤޤ
ޤϲH29NW孶2ˤ򸫤Ƥߤޤ礦
2WPAǤ,  TKIPˤäưŹ渰롣TKIPǤϡŹ渰δˤʤTemporal KeyˤưŪ롣󥿡ץ饤⡼ɤξ硤ϡIEEE 802.1Xǧ[h:ǧڥС]ưŪƥ饤ȤۤPMKPairwise Master Keyˤˡ̵LANüڤ[h:ǧڥС]ξԤ롣
Pairwise Master Key PMKˤȤϡŹ渰δˤʤΤǡIEEE802.1XǧڸʲޭˤˡǧڥСʢhβˤʲޭˤ̵LANPCAP˶ͭޤʲޭˡPMKˡPCAP֤ǰŹ渰Ԥޤʲޭˡ
a

ͥåȥڥꥹȤܻؤSEϥƥ


PMKPCȤ˰㤦ΤΤǤ
ϤǤ
PSKˤǧڤ򤹤ѡʥ⡼ɤǤϡPMKƤPCAPǶ̤ΤǤ
󥿡ץ饤⡼ɤǤϡνPC³APñ̤Ǽ»ܤޤ
Ǥ顢PCѤPMKѤޤ
ޤPCư³APڤؤäʥϥɥСˤǤ⡢νľ졢PMKƺޤ
ˤ̿Ǥȯ뤿ᡢWPA2ǤϡֻǧڡפȡǧڥݻPairwise Master Key åˡפȤɤ򤷤ƤޤܤϰʲǤ
http://nw.seeeko.com/archives/50980077.html


ݥ󥵡ɥ

ΥڡΥȥåץ