WPS PBC方法不安全,参见规范中的描述
2016-03-17 14:35
381 查看
The PBC method should only be used if no PIN-capable Registrar is available and the WLAN user is willing to accept the security risks associated with PBC.
PBC Security Considerations
PBC protects against eavesdropping attacks and takes measures to prevent a device
from joining a network that was not selected by the device owner. The absence of
authentication, however, means that PBC does not protect against active attack.
PBC is susceptible to an active attack where the attacker makes the intended AP
completely undetectable. This attack is possible by jamming the channel and offering
an AP in the active PBC mode on another channel to induce an Enrollee to connect to a
rogue network. It is also possible for an active attacker to gain access to the end user’s
WLAN. If, for example, the end user presses the Registrar button first, the attacker has
an opportunity to connect to the AP before the intended Enrollee’s button is pressed.
The end user should be instructed to check the LED(s) on both the Registrar and the
Enrollee in case there is a success indication on one and a failure indication on the
other. Users should also verify that the device is connected to the correct network when
PBC is used. The user may, for example, print a page on the newly connected printer
from another network device, or view content on a media device.
If the attacker combines an attack to capture an Enrollee with an attack that gains
access to the user’s WLAN the LED(s) will indicate success. If the attacker
subsequently routes traffic between the Enrollee that it has captured and the user’s
WLAN, the attack would be virtually undetectable.
Because of the vulnerabilities to active attack, users who are concerned about the
security of their network should be advised to use one of the other Wi-Fi Simple
Configuration methods rather than PBC. Client devices are required to support the PIN-based method. Therefore, as long as the network includes at least one Registrar
capable of PIN entry, users have a viable option of setting up the network securely.
翻译过来就是:
PBC保护遭受窃听攻击,采取措施阻止设备加入设备拥者没选择的网络。然而,没有身份认证,意味着PBC不能阻止主动攻击。
PBC对于主动攻击来说是脆弱的,攻击者使目的AP完全感觉不到。该攻击可能通过阻塞该信道,并提供一个处在活跃PBC模式的AP(该AP在另外信道上)来诱导Enrollee加入一个流氓网络。也可能让一个攻击者获得最终用户的WLAN的访问权。比如,如果最终用户首先按下了Registrar的按键,在目的Enrollee按键被按下之前,攻击者有机会连上该AP。
终端用户应该被指示检测Registrar和Enrollee上的LED等,以防一个连接成功一个连接失败。当使用PBC时,用户也需要确认设备是否连入了正确的网络。比如,用户可能在新连接的来自另外一个网络设备的打印机上打印了一页,或者在一个媒体设备上浏览内容。
如果攻击者及攻击了Enrollee又攻击了用户的WLAN,两者的LED都显示成功。如果攻击者随后在Enrollee和WLAN之间路由traffic,该攻击几乎无法侦测。
由于对主动攻击的脆弱性,关心网络安全的用户将被建议使用其他的WSC方法而不是PBC。客户端设备要求支持基于PIN的方法。因此,只要网络包含至少一种PIN输入能力,用户就有一个可行的选择来安全地建立网络。
PBC Security Considerations
PBC protects against eavesdropping attacks and takes measures to prevent a device
from joining a network that was not selected by the device owner. The absence of
authentication, however, means that PBC does not protect against active attack.
PBC is susceptible to an active attack where the attacker makes the intended AP
completely undetectable. This attack is possible by jamming the channel and offering
an AP in the active PBC mode on another channel to induce an Enrollee to connect to a
rogue network. It is also possible for an active attacker to gain access to the end user’s
WLAN. If, for example, the end user presses the Registrar button first, the attacker has
an opportunity to connect to the AP before the intended Enrollee’s button is pressed.
The end user should be instructed to check the LED(s) on both the Registrar and the
Enrollee in case there is a success indication on one and a failure indication on the
other. Users should also verify that the device is connected to the correct network when
PBC is used. The user may, for example, print a page on the newly connected printer
from another network device, or view content on a media device.
If the attacker combines an attack to capture an Enrollee with an attack that gains
access to the user’s WLAN the LED(s) will indicate success. If the attacker
subsequently routes traffic between the Enrollee that it has captured and the user’s
WLAN, the attack would be virtually undetectable.
Because of the vulnerabilities to active attack, users who are concerned about the
security of their network should be advised to use one of the other Wi-Fi Simple
Configuration methods rather than PBC. Client devices are required to support the PIN-based method. Therefore, as long as the network includes at least one Registrar
capable of PIN entry, users have a viable option of setting up the network securely.
翻译过来就是:
PBC保护遭受窃听攻击,采取措施阻止设备加入设备拥者没选择的网络。然而,没有身份认证,意味着PBC不能阻止主动攻击。
PBC对于主动攻击来说是脆弱的,攻击者使目的AP完全感觉不到。该攻击可能通过阻塞该信道,并提供一个处在活跃PBC模式的AP(该AP在另外信道上)来诱导Enrollee加入一个流氓网络。也可能让一个攻击者获得最终用户的WLAN的访问权。比如,如果最终用户首先按下了Registrar的按键,在目的Enrollee按键被按下之前,攻击者有机会连上该AP。
终端用户应该被指示检测Registrar和Enrollee上的LED等,以防一个连接成功一个连接失败。当使用PBC时,用户也需要确认设备是否连入了正确的网络。比如,用户可能在新连接的来自另外一个网络设备的打印机上打印了一页,或者在一个媒体设备上浏览内容。
如果攻击者及攻击了Enrollee又攻击了用户的WLAN,两者的LED都显示成功。如果攻击者随后在Enrollee和WLAN之间路由traffic,该攻击几乎无法侦测。
由于对主动攻击的脆弱性,关心网络安全的用户将被建议使用其他的WSC方法而不是PBC。客户端设备要求支持基于PIN的方法。因此,只要网络包含至少一种PIN输入能力,用户就有一个可行的选择来安全地建立网络。
相关文章推荐
- SqlServer 添加列并赋值
- Windows消息机制概述
- HTML5使用canvas绘制图形
- 移动端1px细线解决方案总结
- 移动端1px细线解决方案总结
- Mac/Linux编译OpenCV程序
- JavaScript 字符串(String) 对象
- iOS 子视图 父视图 UIView 相关的方法
- 从今天开始写博客了
- 两台机器免密码登录
- TestNG
- 关于移动端1px边框问题
- mysql 语句资料总结
- 用java观察者模式解耦经典三层架构
- c++工程编译选项符号忘记定义导致程序运行不确定问题
- JSP中的EL表达式详细介绍
- WebRTC音频处理流程概述
- C语言内存分配(九)
- web api 异常处理
- BZOJ2431: [HAOI2009]逆序对数列