架構於無線區域網路同步時間之資料加密與金鑰產生機制

Abstract

隨著無線網路(WLAN)的時代來臨，其便利性與移動性使得人們可隨時隨地不受空間及時間的限制，進行商業交易或是資料的傳遞。但事實上在其資料傳輸加密與身分認證等安全性上卻仍然存在著部份問題。而目前的資料加密大多是以Wired Equivalent Privacy (WEP)或是動態WEP方式進行資料加密，但是WEP在實際運作上出現了許多漏洞[1][2][3]。為此RSA提出了一個Fast Packer Keying (FPK)的演算法[9] ，另外在802.11i也提出Temporal Key Integrity Protocol (TKIP)及Advanced Encryption Standard (AES)加密系統的安全機制，來防止以上的攻擊[4]，但是在一些的測試與研究報告中指出[11][12]，AES的加解密速度仍較RC4慢，其需求的硬體設備也較RC4來的高，且不適用於運算能力較低的硬體裝置上。另外在硬體安全性提升上，若原有的WEP有缺陷我們只需進行相關的改善後更新其韌體程式即可，但若改用AES則必須更換硬體設備或晶片對使用者與市場的投資將是一項挑戰。 本篇論文主要架構在802.11的無線區域網路中，如何運用以RC4演算法為核心並改善其原有WEP與RC4的問題，因此我們提出利用同步時間來快速的動態產生產生一個暫時性的加密金鑰的方法稱之為 Synchronization Key Exchange Protocol (SKEP)，且傳送過程中的資料將不含IV值，使得攻擊者對此不斷變換的加密金鑰無法進行有效的攻擊分析，而達到資料安全加密的目的。

Wireless LANs (WLANs) are going more and more popular because they are easy to deploy and can provide access anywhere in LAN. But in the WLAN there have several security problems in scheme for the data communication encryption and authentication. Most functions have been used Wired Equivalent Privacy (WEP) algorithm or Dynamic Wired Equivalent Privacy (DWEP) algorithm to protect data communication. The WEP uses the RC4 encryption algorithm, which is known as a stream cipher. A paper by Flurhrer, Mantin and Shamir details two weaknesses in RC4[1]. Another problem was ascribed to the Initialization Vector (IV) reused and the shared secret key not changed [2][3]. Thus the RSA proposes a Fast Pack Keying (FPK ) algorithm [9] and 802.11i also proposes the Temporal Key Integrity Protocol (TKIP) and AES algorithm [4] to avoid attacks. In IETF workgroup discussion, whether AES can replace the RC4 or not is on the WLANs. Because AES slower then RC4 and need of hardware higher, and unwell be used for the low computing power device. [11][12] In order to correct the drawback of these problems, we provide a simple and efficient protocol called, Synchronization Key Exchange Protocol (SKEP), to avoid above attack. In SKEP the keys will keep on changing by the timer and the transmission data will be without the IV, so more effectively protect the transmission data.