Nghiên cứu các phương pháp nhận thức IEEE 802.1X/EAO trong WLAN

Tgp chi khoa hgc Triicfng Dgi hgc Quy Nhcfn So 2, Tgp V nam 2011<br /> <br /> <br /> <br /> NGHIEN ClTU CAC PHl/CfNG P H A P N H ^ N T H I J C<br /> ffiEE 802.1X/EAP TRONG WLAN<br /> <br /> NGUYEN DLfCTHlfeN^<br /> <br /> l.DAT V A N D ^<br /> Ngiy nay, cac mang cue bd khdng day WLAN dang dtfdc trien khai mgt cich<br /> rdng khap td gia dinh den van phdng, cdng ty. Tuy nhien, do dtfdc thtfc hifn trong mdi<br /> trtfdng vd tuyen-mdi trtfdng ra't de bi tan cdng, vi viy bio mat cho WLANs li yeu cau<br /> cip thiet hien nay.<br /> Nhin thtfc/dieu khien truy nhap li mdt trong hai qui trinh cd ban khi de cap den<br /> chdc nang bao mat trong mang khdng day ndi chung vi WLANs ndi rieng. Mac du<br /> khai niem nhin thtfc cho WLANs da xui't bien td lau, nhtfng cho den nay, diy vin la<br /> mdt van de bet sde quan trgng va can dtfdc tiep tuc nghien cdu nham nang cao tinh<br /> bao mat va chit Itfdng mang.<br /> De giai quye't vi'n de nay, chua'n bao mat IEEE 802.111 ra ddi, trong dd xiy<br /> dtfng IEEE 802.1X/EAP vdi nhieu bd sung nham tang ctfdng tinh bao mat cho qui<br /> trinh nhan thtfc. Hien nay, nhin thtfc dtfa tren 802.1X/EAP la phtfdng phip phd bien<br /> va dat hieu qua cao.<br /> Bai bao niy trinh bay mdt so' phtfdng phap nhan thtfc dang dtfdc trien khai rdng<br /> rai trong WLAN dtfa vio giao thdc nhan thtfc md rdng EAP, kien true 802.1X/EAP vi<br /> giao thdc RADIUS. Ddng thdi, bii bao tie'n binh thtfc nghiem dd'i vdi cac phtfdng<br /> phap nhan thtfc niy, qua dd cd the so sanh, dinh gia kha nang bao mat vi bieu qua<br /> cua tdng phtfdng phap.<br /> 2. Cd sd LY THUYET VE NHAN T H U C TRONG WLAN<br /> 2.1. Nhan thdc trong WLAN<br /> Nhgn thuc la qud trinh phe chudn mot thyCc the dua tren cdc ddu hieu nhgn dgng<br /> dgc trUng vd cdc chvCng chi duac xdc dinh trUdc (mat khau hogc chiing thUc so',...) [ 1 ],[2].<br /> Day la mgt trong nhdng dich vu cd ban nhit cua qua trinh bao mat thdng tin. Khi trien<br /> khai nhan thtfc trong WLAN, can chd y mdt so' yeu cau sau:<br /> Cd kha nang nhin thtfc qua lai vi cd kha ning ttf bao ve.<br /> Tao ra cac khda phien.<br /> Nhan thtfc ngtfdi dung nhanh chdng, thuan tien va hieu qua.<br /> 26 NGUYIN DLfC THIEN"<br /> <br /> De ting ctfdng khi ning bio mat cho qui trinh nhin thtfc vi truy nhap mang,<br /> IEEE phat trien chuan IEEE 802.IX, trong dd )(ay dtfng phtfdng phip diiu khien truy<br /> nhgp mgng d mite cSng [5], [6]. Ban dau, phtfdng phip niy dng dung cac die tinh vat<br /> ly cua ha tang mang LAN dd dda ra cich nhin thdc va uy nhiem cic thiet bi dtfdc gan<br /> id\ LAN port [2]. Ve sau, vdi stf phat trien cua WLAN, IEEE 802.1X/EAP dtfdc ap<br /> dung cho nhan thtfc trong WLAN. Kien true IEEE 802. IX dtfdc minh hga tren hinh 1.<br /> Hinh L Md hinh kie'n triic IEEE 802. IX<br /> <br /> SiippHraiil AialifittifMor t)'ttfM AuOietiticiOlpn<br /> xysirm Sfrter Svaem<br /> <br /> I Supplicant '\ Dfch ni do j AuttimOteatM' nr .AiOhetiUctUmi<br /> Atilltniticator's P.4E Sftvrr<br /> systfiu tti xuit<br /> <br /> Cmtrollfd<br /> port .e<br /> Inmitliertitil<br /> \<br /> Part<br /> <br /> <br /> <br /> <br /> L4X<br /> <br /> <br /> <br /> Hinh 2. RADIUS trong kien triic 802.1X/EAP<br /> <br /> <br /> <br /> <br /> Trong kien true 802.1X/EAP, Authenticator vi AS sd dung giao thdc RADIUS<br /> (tuin theo md binh client-server) minh hga tren hinh 2 de truyen dd Ueu cua cac<br /> phtfdng phip EAP sau khi mi hda. RADIUS la mdt giao tiidc ldp dng dyng boat ddng<br /> dtfa tren giao thdc UDP.IEEE 802. IX ap dung giao thitc nhgn thuc md rong EAP<br /> {Extensible Authentication Protocol) vio qui tiinh nhan thtfc thtfc the trong WLAN.<br /> Theo RFC 2284, "EAP la giao thitc tdng qudt cho qud trinh nhgn thuc PPP {Point to<br /> Point Protocol) co the hd tra cad phuang phdp nhgn thuc, Id phuang phdp dinh nghia<br /> each thvCc trao ddi ban tin chudn giQa cdc thiet bi dang sit dung giao thiic nhgn thvtc<br /> duac thda thugn trudc^ [3],[4].<br /> NGHIEN cUu CAC PHUONG PHAP NHAN THUC IEEE 802. IX/EAP TRONG WLAN 27<br /> <br /> A' Brres 1 Bvres 1 Bytes : Bytes l-.\Bvtes ('?))<br /> <br /> Ethernet MAC Protocol Packet Packet body Packet<br /> Header I ersion Type Length body<br /> Suppticam AuAenScimSmtr<br /> <br /> X<br /> EAP-Pocket OmW DMH)<br /> PKI clout<br /> illABWSSmtD<br /> <br /> <br /> <br /> EAP Rc^ml/UttlHly /^^<br /> E.iPoL - Start OOOII 0001<br /> K-U'oL-Logoff 0000 0010 UP Raimu/ldiim}'lUtir lu<br /> E.iPoL-Key<br /> EiPoL-A.SF.ilert<br /> 0000 0011<br /> 0000 onto<br /> 0 EAI'Rtiiml'OTT'.Chilktgc<br /> <br /> <br /> EAP Kapm&orp. Pamnrd<br /> 0<br /> Ml<br /> <br /> (a) Cdu true bdn tin EAPoL 0 T EAP Succcn Accept<br /> <br /> !0<br /> Code Identifier Length ^1)9^ Data<br /> Byte 1 1 2 1<br /> M0<br /> EAP Sucaai'Accept<br /> <br /> <br /> <br /> <br /> (b) Ca'u triic bdn tin EAP EAP over UK EAPtRADIVS<br /> <br /> <br /> <br /> <br /> Hinh 3. Cd'u triic bdn tin EAP vd EAPol Hinh 4. Qud trinh trao ddi EAP<br /> <br /> Ben canh dd, IEEE 802.IX cdn dinh nghia ca'u true ddng gdi EAPoL-EAP over<br /> LAN {hinh 3a) de ddng gdi cic ban tin EAP {hinh 3b). Cac ban tin EAP sau dd dtfdc<br /> ddng thinh gdi RADIUS va truyen trtfc tiep dtfa tren dich vu LAN MAC. Qui trinh<br /> trao ddi ban tin EAP nhtf minh hga tren hinh 4 dtfdc thtfc hien thdng qua EAP Request<br /> hay EAP Response gida hai EAP peers va ket thdc bang cac EAP Success hay EAP<br /> Failure[2].<br /> 2.2. Mot so' phddng phap nhan thdc EAP<br /> Ngi dung chinh khi de cap de'n EAP li kha nang sd dung nhieu phtfdng phip<br /> nhan thtfc khac nhau, nham tang ctfdng tinh bao mat trong sud't qua trinh nhan thtfc.<br /> 2.2.1. EAP-TLS (Transport Layer Security over EAP)<br /> EAP-TLS la mgt trong so it cac giao thdc nhan thtfc ho trd chdc nang nhan thtfc qua<br /> lai, ma bda va quan ly khda nay dtfa tren cac lidn ke't PPP dtfdc md ta trong RFC 2716.<br /> EAP-TLS tuan theo md hinh two-part, trong dd client thda thuan vdi mdt<br /> authenticator (boat dgng nhtf EAP server). Mac du cd nhieu tfu the nhd ket hdp gida<br /> giao thdc EAP vi TLS, nhtfng phtfdng phap nhan thtfc niy khdng phu bdp vdi mdt sd<br /> trtfdng hdp giao tiep client -server va tdn tai mdt so' van de:<br /> - Can phai cd chdng thtfc cua cUent va phan biet rd vdi chdng thtfc thiet bi.<br /> - Thtfc hien chdc nang bao ve nhan dang cua ngtfdi dung.<br /> Do nhdng tdn tai neu tren, phtfdng phip nhin thtfc EAP-TLS it dddc sd dung<br /> tren thtfc te. Thay vao do la cac phtfdng phip nhan thtfc dtfa tren viec khdi tao dtfdng<br /> ham nhtf EAP-TTLS, PEAP,...<br /> 28 NGUYfeNDCCTHJEN"<br /> <br /> <br /> 2.2.2. EAP-TTLS (EAP-Tunneled TLS)<br /> EAP-TTLS (EAP-Tunneled TLS) li mdt phtfdng phip nhin thtfc EAP khic, cung<br /> ci'p tinh ning bio mat tdt hdn EAP-TLS. EAP-TTLS md rgng stf thda thuan nhan thtfc<br /> niy b^ng cich sd dung Uen ket<br /> I >^ ^'^ an toin dtfdc thiet lap bdi TLS<br /> <br /> S ^ •F J " *^Jl Handshake de trao ddi thdng tin<br /> TZAAA H^AA bd sung gida client vi server theo<br /> Client (AccesuPomi<br /> SKUK TLS ImiiulAfy txckange (I) Server Server ^ic giaO thdc: PAP, CHAP, MS-<br /> Srcurr iait mijic 13)<br /> <br /> Clitnl iullmiinilim (2) CHAP v2.<br /> Qui trinh trao ddi nhan thtfc<br /> *" trong EAP-TTLS thtfc hien tiieo<br /> Hinh 5. Mo hinh nhdn thuc EAP - TTLS. hai giai doan:<br /> Giai dogn 1: TLS Handshake<br /> TTLS server nhin thdc vdi cUent dtfa vio chdng thtfc cua nd. EAP-TTLS sd<br /> dung giao thdc TLS tai EAP layer dd thiet lap va kich boat kenh TLS an toin gida<br /> client-server. De bao ve nhin dang cua minh, cUent chi cung cap thdng tin gidp NAS<br /> dinh tuyen Itfu Itfdng den ndi thtfc hien EAP-TTLS.<br /> Giai dogn 2: tgo dudng hdm TLS (TLS tunnel)<br /> EAP-TTLS sd dung TLS Record Layer dtfdc thiet lap d giai dogn J, tao dtfdng<br /> bam thdng tin gida client v i TTLS server de thtfc hien chdc ning nhan thdc ngtfdi<br /> dung, thda thuan tinh bao mat trong giao tie'p dd lieu, phin phd'i khda. Thdng tin gida<br /> cUent va TTLS server dtfdc trao ddi tiidng qua AVPs (Attribute-Value Pairs) ttfdng<br /> thich vdi RADIUS.<br /> <br /> 2.2.3. PEAP (Protect EAP- EAP over TLS over EAP)<br /> Giao thii'c PEAP de xui't giai phip b i o ve nhin dang ngtfdi dung. Hien tai dang<br /> sd dung phien ban PEAPv2 htfdng den mdt sd vi'n de: b i o ve nhin tiitfc ngtfdi dung,<br /> xay dtfng phtfdng phip chui'n de trao ddi khda v i hd trd tii Uen ket nhanh.<br /> Y ttfdng cua PEAP l i cho phdp nhieu phtfdng phap nhin tiitfc EAP boat ddng<br /> tren mdt kenh hoic phien TLS dtfdc tiiiet lap trtfdc tiieo kieu nd'i tiep hoic song song<br /> dtfa tren ca'u true TLV {Type-Length-Value). Cic users chi dtfa ra chdng thtfc cda minh<br /> sau khi phien TLS dtfdc thiet lap, nhd dd chdng thtfc cua user dtfdc dtfa den server<br /> dtfdi stf bao ve cua phien TLS. Qui tnnh nhin thtfc trong PEAPv2 dtfdc thtfc hien tiieo<br /> hai giai doan: [2].<br /> NGHIEN CtfU cAc PHUONG PHAP NHAN THUC IEEE 802. IX/EAP TRONG WLAN 29<br /> <br /> Giai dogn 1: Thoa thugn vd thiet lap phien TLS.<br /> Trong giai doan nay client khdng gdi nhan dang thtfc cua nd tbdng qua bin tin<br /> EAP Response/Identity, mi thay vio dd la sd dung NAI (Network Access Identifier).<br /> Nhan dang thtfc cua client dtfdc thiet lap trong giai doan 2.<br /> - Giai dogn 2: Dong gdi EAP. Trong giai doan niy, toan bd qui trinh hdi thoai<br /> gida cUent va server dddc bao ve trong kenh TLS, dim bio nhdng yeu cau ve bao<br /> mat cho PEAP.<br /> 3. THUC NGHIEM<br /> 3.1. Mo hinh thtfc nghifm nhin thdc WLAN<br /> <br /> Access Point<br /> (WAP54G-Linksys)<br /> IPAddress: 192.168.1.245<br /> ,„^ Subnet mask: 255.255.255.0<br /> End User 1<br /> Dell VosttD<br /> Core2Duox1.6Ghz<br /> <br /> Nhjn ttivc 802.1X/EAP +RADIUS / \ I AM/^ohlo<br /> (WAP - Enterprise) ' » '-'^^ CaDie<br /> Giao ttiCrc EAP -TTLS v4 PEAP<br /> <br /> Authentication Server<br /> (Freeradius Server 2.1.9)<br /> IP Address: 192.168.1.100<br /> Subnet mask: 255.255.255.0<br /> End User 2<br /> Port: 1812<br /> HP 6530s<br /> Shared secret: whatever<br /> Cote 2 Duo X 2.0Ghz<br /> <br /> <br /> <br /> <br /> Hinh 6i Mo hinh thuc nghiem qud trinh nhdn thuc trong WLAN<br /> <br /> 3.2. Cac trifdng hdp va kd't qua thdc nghifm.<br /> Thtfc nghiem tie'n hinh tren giao thdc EAP-TTLS va PEAP tiieo ba trtfdng hdp:<br /> 3.2.1. TrU&ng hctp I<br /> Muc dich cua trtfdng hdp nay li danh gii anh htfdng cua tdc do CPU cua Users<br /> den hieu nang cua cic giao tiidc nhan tiitfc EAP dtfa tren thdi gian xd ly cic yeu cau<br /> nhin thtfc.<br /> Td ket qua bieu dien tren hinh 7 va hinh 8, cd the nhan xet nhtf sau:<br /> - Thdi gian xd ly yeu cau nhin thtfc trung binh cua cac Users 1,2 vdi TTLS<br /> nhanh hdn so vdi PEAP: ty sd ? ,,. ^,Jt ... „ . . cua Users 1, 2 lan Itfdt la: 0.7689 vi<br /> -' Xlf ly TTLS xu ly PEAP<br /> 0.7829.<br /> Thdi gian xd ly yeu cau nhin thtfc trung binh cua User 2 nhanh hdn so vdi<br /> User 1: 13.06% khi dung PEAP va 11.47% khi dung TTLS.<br /> 30 NGUYEN DLfC THIEN"<br /> <br /> <br /> 3S0<br /> <br /> g 300<br /> <br /> •JC- 2 SO<br /> <br /> 1 200<br /> PtAP -PEAP<br /> "SI ISO<br /> TTLS -TTLS<br /> J 100<br /> <br /> User I User 2<br /> 1 } 3 ) S 6 7 8 9 1 0 1 1 12 IJ 14 IS 16 17 l a 19 20 1 2 > » i 6 7 > 9 10 11 12 13 14 IS 16 17 18 19 20<br /> No kin nhin Hiiic So b n nhan llivc<br /> <br /> <br /> <br /> Hinh 7. Thdi gian nhdn thUc PEAP, TTLS tren User I (Dell Vostro)<br /> va User 2 (HP 6530S)<br /> 600<br /> <br /> i soo<br /> e<br /> i. 400<br /> s<br /> -U'.Ml-PtAP<br /> i 300<br /> -UMr2PEAP -uwi-nu<br /> « 200 -Ultr2-mS<br /> Z 100 I<br /> 0 -<br /> 1 2 3 4 S 6 7 8 9 101112 1314 IS 16 1718 19 20<br /> Su liin nhan thuc 1 2 3 4 S C 7 6 9 1011 1213141S161718 1920<br /> So lan nhan thuc<br /> <br /> <br /> Hinh 8. So sdnh thdi gian nhdn thytc cua cd 2 users theo ti/ng<br /> giao thiic PEAP vd TTLS<br /> Nhin chung, giao thdc TTLS cd thdi gian nhan thtfc thip hdn so vdi PEAP. Kha<br /> nang thtfc tbi cua PEAP va TTLS phu thudc manh vao td'c do CPU cua End User, nhit<br /> li giao thdc PEAP. User cd tdc do CPU cang cao tiii thdi gian xd ly nhan thtfc cing<br /> tha'p va ngtfdc lai.<br /> 3.2.2. Triicfng hcfp 2<br /> Muc dich cua trtfdng hdp niy la dinh gii sd anh htfdng cua khoang cich v i yeu<br /> to dia binh gida cic End Users va AP den hieu qua nhin thtfc cua cic giao thdc PEAP<br /> vi TTLS.<br /> Mdi trtfdng 1: khoang each 50 feet, mdi trtfdng truyen xem nhtf LOS.<br /> - Mdi trtfdng 2: khoang each 75 feet, nhieu vat can, mdi trtfdng tmyen xem nhtf NLOS.<br /> - Mdi trtfdng 3: khoang cich 100 feet, mdi trtfdng xem nhtf LOS.<br /> 800<br /> <br /> 1000 • 700<br /> <br /> B s 600<br /> <br /> " 800 1 . SOO<br /> •g •s<br /> e «» ll u I n , 1 PtAPSOIwt B<br /> 40O<br /> -TTlSSOfMt<br /> <br /> •e<br /> 400 jNkvWJmCyKJinI PEAP 75 feci 300 -TTLS 75 t e n<br /> Thirl<br /> <br /> <br /> <br /> <br /> PEAP 1 0 0 I M I<br /> — 300 ^*-ArlW>^'-'^''"'W»J.Js^v^<br /> 200 -TTlSlOOfwl<br /> 100<br /> 0 . ,.„.r^„,^^,..,„„.,,„,„,..,..^ ..„..,-.-„.-<br /> 0<br /> •-••HrsifNW •n- BO a ff' 0^ O<br /> <br /> .Su IJn nhun llnrc No l^n nhan tfauv<br /> <br /> Hinh 9. Thdi<br /> 1^hdi Qgian xu: ly PEAP vd TTLS d khodng cdeh 50, 75 vd<br /> WO feet (xet vdi User J)<br /> NGHIEN CCU CAC PHUdNG PHAP NHAN THUC IEEE 802.1X/EAP TRONG WLAN 31<br /> <br /> Dtfa vao cac ket qua dat dtfdc, cd the rut ra mdt so' nhan xet sau:<br /> Xet User 1 trong cung dieu kien truyen dan LOS (mdi trtfdng 1 va 3), khi khoang<br /> each tang td 50 len 100 feet, tiidi gian nhantiitfcting 25.95% (TTLS) vi 48.55% (PEAP).<br /> - Trong mdi trtfdng 2 (75 feet), do truyen sdng trong dilu kien NLOS nen thdi<br /> gian nhan thtfc tang 45.95% (TTLS) vi ting 4% (PEAP) khi so sanh vdi mdi trtfdng 3<br /> (100 feet).<br /> - Khi khoang cich truyen din giim vi dia hinh it phdc tap, do phin tin thdi gian<br /> xd ly gida cic lan nhin tiitfc giam, dac biet, ddi vdi giao thdc PEAP (gida mdi trtfdng 2<br /> va 1 giam 88.73%, gida mdi trtfdng 3 va 1 cdn 84.45%, gida mdi trtfdng 2 va 3 li 27.52%).<br /> Cac ket qua tren cho tiia'y ye'u td khoang cich vi dieu kien truyen din, nha't li<br /> dieu kien truyen dan cd anh htfdng rat ldn den hieu qua cua cic giao thdc nhin thtfc<br /> PEAP va TTLS (die biet li PEAP khi lam viec trong mdi trtfdng NLOS).<br /> 3.2.3. Truing hctp 3<br /> Muc dich cua nhdm trtfdng hdp niy nham nghien cdu tinh dn dinh cua cic giao<br /> thdc nhan thtfc PEAP vi TTLS de nhan thtfc cac Users trong thdi gian dii (khoang 72<br /> gid lien tuc).<br /> 500 j-<br /> <br /> Mac dutie'nhanh d nhdng 450 j—<br /> UI)<br /> <br /> <br /> <br /> <br /> 350 1<br /> thdi diem bit ky, nhiftig khi so '.£-<br /> •a<br /> n.\<br /> <br /> <br /> <br /> <br /> sinh vdi trtfdng bdp 1 v i 2 (dd'i 250 n<br /> s 200 ^ -PEAP<br /> -DC<br /> •5 ISO t - -ms<br /> vdi User 1), thdi gian nhan thtfc H- 100 !-<br /> <br /> tmng binh trong trtfdng hdp nay<br /> oo CV ^ —•<br /> khdng cd stf chenh lech qui ldn So lan nhan thyrc<br /> (-3% vdi PEAP va 3.45% vdi Hinh 10. Tlidi gian xH ly PEAP-TTLS trong 72h<br /> TTLS so vdi trtfdng hdp 1).<br /> Dieu nay cho tha'y stf dn dinh cua cic giao thdc nhin thtfc khi boat ddng lien tuc trong<br /> thdi gian dii.<br /> Td hinh 10, cd the nhin thi'y, khi boat ddng lien tuc trong thdi gian dii, nhin thtfc<br /> tiieo phtfdng phip EAP-TTLS vin cd tiidi gian xd ly nhin thtfc td't hdn so vdi PEAP<br /> 3.3. Nhan xet chimg<br /> Nhtf da de cap d nhdng phan tren, mac du ca hai phtfdng phap TTLS vi PEAP<br /> deu dam bao do an toin vi tin ciy cho qua trinh nhan thtfc End Users trong WLAN<br /> nhtf nhau. Tuy nhien, gida hai phtfdng phap niy vin cd nhieu khic biet trong qui trinh<br /> nhan thtfc:<br /> Phuong phdp TTLS sd dung kenh TLS de trao ddi cic AVPs (dtfdc ma hda va<br /> ddng gdi trong cic EAP-TTLS packets). Dinh dang AVPs nay tddng thich vdi AVP<br /> 32 NGUYEN B C C THIEN"<br /> <br /> cua giao thdc RADIUS vi DIAMETER nen ri't thuan tign Cho viec truyen AVP packets<br /> gida End Users vi AS. Nhd dd, TTLS khdng mat nhieu thdi gian di chuyen ddi gida<br /> cic dinh dang bin tin.<br /> Trong khi dd, qua trinh nhan thdc cua giao thutc PEAP phai dtfa vao mdt trong<br /> nhdng giao thdc dtfdc dinh nghia trong EAP. Mdt vi'n dl quan trgng khac ddi vdi<br /> PEAP li phan mem ho U-d khich hing. Vi dtfdc phit tridn td Cisco Systems, RSA Data<br /> Security Inc. vi Microsoft, ndn PEAP chu ye'u boat dgng kem theo cic san phi'm cua<br /> cic nha cung ci'p trdn. Dieu niy lim cho PEAP khdng dtfdc sd dung rdng rii nhtf TTLS.<br /> Chinh vi viy, trong qui trinh bio mat vi nhin thtfc ciia WLANs, xet tren<br /> nhieu phtfdng dien: tinh hieu qua, tinh ddn giin, tinh phd bie'n va die biet li thdi<br /> gian xd ly cic yeu cau nhan thtfc thi phtfdng phip TTLS the hien stf vtfdt trdi so vdi<br /> phtfdng phip PEAP<br /> 4. KET LUAN<br /> Dtfa tren phan tich cd sd 1$ thuyet ve nhin thtfc ap dung cho WLAN vi xui't<br /> phat td yeu cau bao mat cho qua trinh nhin thtfc tren thtfc te', bii bio di xiy dtfng<br /> dtfdc md binh thtfc nghiem cho he thd'ng WLAN dtfa tren kien true IEEE 802. IX/EAP<br /> ke't bdp vdi giao thdc RADIUS cung nhtf tien hanh mdt sd trtfdng hdp thtfc nghiem<br /> tiitfdng gap theo cac giao tiidc EAP-TTLS va PEAP Tren cd sd dd, bai bio di tien<br /> hanh tiiu thap sd heu, phin tich va dinh gii hieu qua cua cic giao tiidc TTLS va<br /> PEAP trong qui trinh nhantiitfc.Vdi ci'u true va phtfdng phip tiitfc hien ddn gian, md<br /> hinh nhan thtfc dtfdc de xua't cung nhtf cic giao tiidc dtfdc de cap trong bai bio niy<br /> hoan toin phu hdp de trien khai cho hau bet mdi trtfdng WLAN yeu cau bio mat cao:<br /> cdng ty chdng khoan, van phdng,... Tuy viy, khi ip dung can die biet chd y de'n yeu td<br /> khoang each, dia hinh cung nhtf bd tri tiiiet bi AS nham tao ra mdi trtfdng truyen dan<br /> td't nhi't (mdi trtfdng LOS), ning cao hieu qua cua qui trinh nhan tiitfc.<br /> Hien nay. Mobile Ad-hoc Networking (MANET) dang dtfdc xem la giii phip<br /> cung cap giao tiep khdng diy ra't hieu qua. Day li linh vtfc ri't mdi me vi cd the ap<br /> dung cic giao thdc PEAP hay EAP-TTLS. Do cd sd khac biet trong ci'u tnic vi nguyen<br /> tac boat ddng, nen khi ning dng dung cic md hinh bao mat vi nhan thtfc cho MANET<br /> phdc tap hdn nhieu so vdi WLAN. Nhdng ngi dung va ket qua dat dtfdc tren day se la<br /> nen tang cd ban, td dd cho phep ning ci'p cho phu hdp vdi MANET. Ket qua nghien<br /> cdu ve bao mat vi nhan thtfc cho MANET dtfa tren cic giao thdc EAP-TTLS va<br /> PEAP se dddc trinh biy d cic bii bio khic.<br /> NGHIEN CLfU CAC PHUdNG PHAP NHAN THUC IEEE 802. IX/EAP TRONG WLAN 33<br /> <br /> TAI LIEU THAM KHAO<br /> <br /> [1] Noureddine Boudriga, Security of Mobile Communications, CRC Press, (2010).<br /> [2] Thomas Hardjono, Lakshminath R. Dondeti, Security in Wireless LANs and MANs,<br /> Artech House, Inc, (2005).<br /> [3] RFC 2284-PPP Extensible Authentication Protocol, (1998).<br /> [4] RFC 3748-Extensible Authendcation Protocol-EAP, (2004).<br /> [5] IEEE Computer Society, 802. IX^^ IEEE Standard for Local and metropolitan area<br /> networks Port-Based Network Access Control, (2004).<br /> [6] Philip Kwan, 802.l.\ Authentication & Extensible Authentication Protocol (EAP),<br /> Foundry Networks, Inc, (2003).<br /> <br /> <br /> SUMMARY<br /> STUDY ON IEEE 802.IX/EAP AUTHENTICATION METHODS IN WLAN<br /> <br /> Nguyen Due Thien<br /> <br /> Nowadays, there are several dangerous attacks that have appeared and had serious<br /> impacts on computer network security; therefore, the act of finding out effective methods<br /> of improving security and authentication in computer network, especially in WLAN, is of<br /> great importance. This paper discusses some basic problems related to security and<br /> authentication methods based-on IEEE 802.IX/EAP architecture. The paper then performs<br /> some sceneries to test and compare the efficiency of these methods.<br /> <br /> <br /> ''Khoa Ky thuat & Cong nghe, TriTcfng Dai hoc Quy Nhdn<br /> 170 An DiTcfng Vifdng-Quy Nhdn-Bmh Dinh<br /> Ngay nhan bai: 29/4/2011; Ngay nhan dang: 25/9/2011.<br />