WPA ��ȼ��˴ؤ��ʬ��

RCIS Technical Notices 2009-01 (B)

2009ǯ8��26�� (��)
2009ǯ8��27�� (��1.1��)

��ȵ��縦�� 󥻥��ƥ��楻�󥿡�

1. ʬ�Ϥγ��

̵��LAN�ǻȤ��Ź�ץ��ȥ��ˤ�ʣ��μ�ˡ��ޤ��ȼ��Τ�� WEP [2, Sec. 8.2.1] ��¾��̤� WPA (TKIP) �ȸƤФ��ץ��ȥ��ˤĤ��Ƥ��ȼ�� 2004 ǯ��Ŧ��Ƥ��ޤ� [5]�� 2008 ǯ�ˤ� Beck �� [1] �ˤ��15ʬ��٤Ǥβ��ɻ߸��ο�¬��ӥѥ��åȤθ��Ū�ʲ��ˡ��𤵤줿¾�� 2009 ǯ 8 ��ˤϤ��ι��ˤĤ��Ƥο��ʹͻ��𤵤�Ƥ��ޤ� [6]�� Υ�ݡ��Ȥϡ��ι��αƶ��ˤĤ��Ʋ��Ϥ��Ū�ʱƶ��ϰϤ��к��ʤˤĤ��Ƹ�Ƥ��ΤǤ��Ƥ��̤γ��פϼ��̤�Ǥ��

1.1 ��¸�ߡ��ꥹ��ʬ�Ϸ��

ɽ1: �Ź沽��르�ꥺ��Ȱ��δط�

WPA ��	TKIP	AES	(��)�̤θƾ�
	�Ź沽��르�ꥺ��
WPA	��к�	��	WPA-PSK
WPA2	��к�	��	WPA2-PSK, RSNA, 802.11i

ɽ2: TKIP �ΰ��к��ȼ��αƶ�

QoS ��ǽ	2ʬ��٤�û��	�̾�
	��ֳ�
��	��	��
�ʤ�	��	��

ɽ1��2��㡧
��侩��ġ��ꥹ��θ�Ƥ��פ��
��ꥹ��¸�ߤ��

ʸ�� [1] �� [6] �ˤ�빶��Ф��WPA (TKIP), WPA2 (TKIP) ��ȹ礻�Ϥɤ��ȼ�Ǥ��ȹͤ��ޤ�� WPA (AES) �� WPA2 (AES) ��Ф��ơ��ι��Ŭ�ѤǤ��ͭ��ʲ��ɼ�ˡ��ޤ��𤵤�Ƥ��ޤ�� (ɽ1)��

��θ��ˤĤ��Ƥϡ�ʸ�� [1] �ι��Τ��1�� ˤĤ��Ƥϡ��ͥåȥ��郎��ε�ǽ��QoS��̿��Ȥ�ͥ��ˤ�ͭ��硢 ñ��ʥͥåȥ��İ�ǹ��⤬��ǽ�ʤ��ᡢ��¤ζ��Ҥ��Τȹͤ��ޤ�� ι��ˤĤ��Ƥϡ��˹��ġ��뤬��Ƥ��ޤ�� ʸ�� [1] �Τ⤦1�Ĥι��ȡ�ʸ�� [6] �ι��ˤĤ��Ƥϡ� �ºݤι��Ȥ��Ω��뤿��ˤϡ�̵��LAN��̿��ǽưŪ��˸��ɬ�פ��ꡢ ��Ȥ��ɬ�פʥġ��ꤷ��Ǥ⡢��¤�¿��̵��LANƳ��Ķ��ˤ��ƤϹ��β�ǽ��Ū�㤤�ȹͤ��ޤ� (ɽ2)��

��ι��⤬��ˤϡ�WEP ��Ǥʤ� TKIP �Ź�ץ��ȥ��Ѥ��̿��ˤĤ��Ƥ⡢ ��Υͥåȥ��ѥ��åȤε�¤��ǽ�ˤʤ�ޤ��â��ǽ�ʥѥ��åȤˤĤ��Ƥϸ��󤬤��뤿�ᡢ Ǥ�դΥѥ��åȤ�¤��뤳�ȤϽ��ޤ�� ˤ��ͤ��ζ��ҤȤ��Ƥϡ��ͥåȥ��֤��줿��µ��򤷡� ��̵��LAN��³��PC��ؤ��³�ʤɤ��Ǥ��ǽ��ޤ��

1.2 �侩��к�

�ʾ�β��Ϸ�̤��顢�ܹƤǤϲ�ǽ�Ǥ��С�̵��LAN��ݥ��ȤˤĤ�� WPA (AES) �ޤ�� WPA2 (AES) �ؤ��ѹ��Ԥʤ��Ȥ�侩��ޤ��

��TKIP ��Ѳ�ǽ�Ǥ��뤬 AES �ؤΰܹԤ��Ǥ��Ǥ��äƤ⡢ ��ݥ��Ȥ˸��ֳ֤��굡ǽ��ˤϡ�120�á�2ʬ�ˤʤɤ�û��ͤ��ѹ��뤳�Ȥǡ� ʸ��ǻ�Ŧ��빶��򤹤뤳�Ȥ��ǽ�Ǥ��򤨤� TKIP ��Ѥ��硢��ѹ��侩��ޤ�� â��ͤ�û��뤳�Ȥǡ��ݥ��Ȥ��٤��夬�뤳�Ȥ�ͽ�ۤ��ޤ�� Ƴ��˺ݤ��Ƥϻ��˥ƥ��Ȥ�Ԥʤ��Ȥ��ᤷ�ޤ��

�ޤ� QoS ��ǽ��Ѿ��פǤʤ��硢��ݥ��ȡ��饤��Ȥ�ξ�� QoS �ε�ǽ��ͭ��̵�� Ǥ��뵡ǽ��ˤϡ��ε�ǽ��Ѥ��ʤ��ˤ��뤳�ȤǤ⡢��θ��礭��뤳�Ȥ��ޤ�� Τ褦��к��ɤ��ʤ��ˤϡ��ܹƤΰʲ��ε��Ҥʤɤ򻲹ͤˡ��ºݤα��ѴĶ��ˤ��빶��ǽ��ȥꥹ��Ƥ��Ƥ�� Ƥ�η��ɬ�פǤ��С�AES �б��ؤΰܹԤ��Τ褦�ʱ��Ѿ��к��뤳�Ȥ��ᤷ�ޤ��

�ޤ��TKIP ��ε��ʤǤ�� WEP ��ȤäƤ��⡢�ܹƤǻ�Ŧ��ȼ��¾�ˤ⤿��ȼ�� Ŧ��Ƥ��ꡢWEP ��̿��ϻ��¾��İ��δ��˻��Ƥ��ꤵ��ޤ�� Ū�˥ѥ��åȤβ��ɤ��ǽ�ˤʤ��ǽ��뤳�Ȥ��顢��ޤ� AES�ʤ��ʤ�� TKIP�ˤؤΰܹԤ�侩��ޤ�� â��ܹԤ˺ݤ��Ƥϡ�WPA �� WPA2 �Ǥϥ��ݥ��1��³�� ¤��ʤ��ĸ�̩�ˤʤäƤ��뤳�Ȥ��ޤ��ä˲��ѤΥ��ݥ��ȤǤϡ�10��٤Υ��饤��Ȥ�� ³��Ǥ��ʤ��⤢��ޤ��ϡ�WEP �Ǥϥ��ݥ��Ȥ�1�ĤΰŹ渰��ƤΥ��饤��Ȥ��̿��Ƥ��Τ��Ф�� WPA �� WPA2 �Ǥ��³��饤��ʬ�ΰŹ渰��ݻ��ʤ��Фʤ�ʤ��Ǥ�� Τ��ᡢ�ä�10��ʾ�Υ��饤��Ȥ��³��ǽ��Τ��̵��LAN�Ǥϡ��դ�ɬ�פǤ�� ܹԤ��ʤ��硢�ʲ��Τ褦�ʱ��Ѿ��к��ܤ��Ȥ򶯤��侩��ޤ��

�ʤ��嵭��ꤽ��¾�ˤ�� WEP ��Ѥ��ѻߤǤ��ʤ��䡢TKIP ��Ѥ��ꥹ��Ǥ��ʤ��ˤϡ� ��Ȥ��ƥꥹ��ڸ��뤿��˼��Τ褦�ʱ��Ѿ��к��ܤ��Ȥ��ͤ��ޤ��

1.3 α��

�ʤ��ܹƤη�̤�ºݤ�̵��LAN��ƥ��Ŭ�Ѥ��äƤϡ��ʲ��α�դ��Ʋ��

1.4 �ܹƤι��

�ܹƤΰ��̸��ξ��ϰʾ�Ǥ��ʲ��Ǥϲ��Ϥξܺ٤ˤĤ��ơ��2��Ǥ��ε��Ѥγ��פ� ��3��𤵤�Ƥ��빶��ˡ�� 4�� CCMP �ؤ�Ŭ�Ѳ�ǽ��5�� WPA �� WPA2 �κ��ۤ��ӹ��Ŭ�Ѳ�ǽ��ˤĤ��𤷤ޤ�� 6��Ǥϡ�WPA �ͥåȥ��α��Ѿ��α��Ȥ��ơ��ѥ��ե졼��ζ��٤ˤĤ��ƽҤ٤ޤ��

2. WPA �� WPA2 �γ��

WPA (Wi-fi Protected Access) �� WPA2 �ϡ� ̵��LAN��٥��ζȳ��ΤǤ�� Wi-fi Alliance ��᤿̵��LAN�Υ��ƥ��ǽ��̾�ΤǤ�� 2001ǯ��ޤǻȤ��Ƥ�� WEP �Ȥ��ƥ��ץ��ȥ��μ��𤵤졢 ��ƥ��꤬��Ȥ�ǧ��ޤä��ᡢ ̵��LAN�ε��ɸ�� IEEE �� 802.11 �Ѱ��ǡ� ��ƥ��ʳ�ĥ 802.11i �θ�Ƥ��Ϥޤ�ޤ�� ǡ�ɸ�൬�ʤκ��ˤϻ��֤��뤿�ᡢ Wi-fi Alliance �ϸ�Ƥ��ε��ʤ��3��Ƥ򸵤ˡ� ��Ū�ʶȳ��ʤȤ�� WPA ��ꤷ�ޤ�� 802.11i ��ʳ�ĥ�Ϥ��θ� 2004 ǯ��ʤȤʤꡢ �ȳ��ʤȤ��Ƥ� WPA2 �Ȥ��ƺΤ��ޤ�� ܵ��ʳ�ĥ�� 2007 ǯ�� 802.11 ��ʤβ��ȼ�� 802.11 ��ʤ��Τ˼��ޤ�Ƥ��ޤ��

802.11i �θ��Ƥ��ʳ��ǡ�WEP ��Ѥ�뿷��Ź楢�르�ꥺ��Ȥ��Ƥ�2�Ĥμ�ˡ��Ƥ��Ƥ��ޤ�� 1�Ĥϡ�TKIP (Temporary Key Integrity Protocol)�ס��⤦1�Ĥϡ�CCMP (CTR with CBC-MAC Protocol)�פ� �ƤФ��ΤǤ��TKIP �ϡ��ޤǤ�̵��LAN��¿��˥ϡ��ɥ��Ȥ��Ȥ߹��ޤ�Ƥ�� WEP �Τ�� ϩ��¤�ή�Ѥ��ǽ�ʸ¤꥽�եȥ��ѹ��б��Ǥ��褦��߷פ��줿��ΤǤ�� CCMP �Ϻǿ��ɸ��Ź�ץ�ߥƥ��֤Ǥ��Ź涯�٤�ͥ�줿AES��줿�ۤ��ˤ⡢ WEP �θŤ��ˤȤ��줺��Ź沽�ν��ˡ��1��߷פ��ΤˤʤäƤ��ޤ�� ʤ��CCMP �Ϥ��ѥץ��ȥ��̾��顢��߰��̤˻��Τ��Ƥ��뵡��ܤʤɤǤ� �̾��AES�פ�ɽ��Ƥ��ޤ��

��ʤߤˡ�WPA �λ��Ǥ� TKIP �μ��ɬ�ܤǤ��CCMP �μ��Ǥ�դȤʤäƤ��ޤ��Ĥޤꡢ TKIP �ˤΤ��б��⡢��WPA �б��פȤ��񤭤��䤹�뤳�Ȥ��Ǥ��褦�ˤʤäƤ��ޤ�� WPA2 �б��׵��̾��뤿��ˤϡ�CCMP ��뤳�Ȥ�ɬ�ܤˤʤäƤ��ޤ�� Τ��ᡢ��ˤϡ�WPA �� TKIP��WPA2 �� AES�פȤ��WPA �Ǥ� AES �ϻȤ��ʤ��פȤ��ä�� 褦�Ǥ��ºݤˤϡ�WPA �λ��Ǥ�ξ��Υ��르�ꥺ�ब��Ƥ��ޤ�� ޤ��WPA2 �� TKIP �򥵥ݡ��Ȥ��¸�ߤ��ޤ��

3. ��𤵤줿 WPA ��TKIP�� ȼ��γ��

��Ǥϡ�[1] ��𤵤�Ƥ��ȼ��ˤĤ��ơ��Ū�ʳ��פ�Ҥ١��ޤ� [6] �Ȥδط��ˤĤ��ƿ��ޤ��

3.1 WEP ��Ф�� chopchop ��

2008ǯ [1] ��𤵤줿 WPA (TKIP) ��ϡ�2004ǯ�� [4] �ǻ�Ŧ��줿 WEP �ؤ� ��ˡ��ˤʤäƤ��ޤ��Ρ�chopchop ��פȸƤФ�빶��ϡ� WEP �˻�Ŧ��¿��¾�Υ��ƥ��ȼ��Ȱۤʤꡢ RC4 �μ帰�˴ط��ˤ�ɬ��¸��ʤ��ΤˤʤäƤ��ޤ��

[�� 2]: WEP �Ź沽�ѥ��åȤι�¤��
�ºݤϤ��ˡ�MAC �إå�� FCS 4�Х��Ȥ��ղä��롣
��ŵ: [2, p.158]

WEP �Ź沽��Ѥ��̵��LAN�Υѥ��åȤϡ�[�� 2] �Τ褦�ʹ�¤�ˤʤäƤ��ޤ�� οޤ� ICV ��ʬ�ˤϡ�Data ��ʬ�ν񤭴��Τ��뤿��ˡ�CRC-32 �ؿ��Ƿ׻�� Data �Υ��å��4�Х��ȡˤ��Ǽ��졢 Data �� ICV ��ξ��碌��Τ� RC4 �ǰŹ沽��Ƥ��ޤ�� Ź沽��γ��׿ޤ� [�� 3] �˼��ޤ�� ǡ�RC4 ��ɽ��륹�ȥ꡼��Ź�˰��Ū��Ȥ��ơ�

��ޤ��ǡ�CRC-32 �򸵥ǡ��ľ��˷Ҥ��Ƥ��Ȥ��Υǡ��¤�Ǥϡ� CRC-32 �ؿ��Ū�� [1, p. 82] ��顢�⤷�� ICV ��ʬ�� 1�Х��Ȥ�ʬ��äƤ��С��Υǡ��1ʸ��ä��ǡ��Ŭ��ʸ�� XOR ��뤳�Ȥǡ� ��κ�ä��ǡ��Ƥӡ�1ʸ��ʤ� Data + ��Υǡ�� CRC-32�פȤ��ѷ��뤳�Ȥ��ǽ�Ǥ�� RC4 �� CRC ��ξ��顢�⤷��ΰŹ沽�� ICV ��1ʸ��ʬ��С��򸵤�1ʸ��û��̤� �Ź�ʸ��Ĥ��äơ��Ź��椷��Υ��å��פ��뤳�Ȥ��Ǥ��뤳�Ȥˤʤ�ޤ��

Chopchop ��å��Ǥϡ��դ˻Ȥäƹ��Ԥʤ��ޤ�� ˵�� WEP �Ź沽�Ѥߥѥ��åȤˤĤ��ơ��Ź沽�� ICV �κǸ��1�Х��ȤˤĤ��Ƥ�256�̤�β�ǽ��ޤ�� 1�Ĥ��ĤˤĤ��ƾ嵭��ѷ��֤˻�ƥ��ݥ�� (AP) ��Ƥߤ롢�Ȥ��Ȥ�Ԥʤ��ޤ�� AP ��ʥ��å�� WEP �ѥ��åȤ��ȥ��顼��Τ��ѥ��åȤ��֤��Τǡ� ��Υѥ��åȤ�ƻ뤷�Ʊ��Τʤ��ä��ѥ��åȤ�õ��Ȥǡ� �ǽ��256�̤��ꤷ��ICV ��ʿʸ�κǸ��1�Х��ȡפΤɤ줬��ä��ɤ��Ƚ�ǤǤ��ޤ�� ˷��֤��С��1�Х��Ȥ��ġ�Data �� ICV�פ��ʬ��ʿʸ��Ƚ��ޤ��Τǡ� Data ��ʬ�ˤĤ��Ƥ⡢ʿʸ�β��ɤ��ٲ�ǽ�ˤʤ�ޤ��

3.2 WPA (TKIP) ��Ф�� chopchop ��

��ǡ�TKIP �ξ��ΰŹ沽�ѥ��åȤι�� [�� 5] �ˡ� �Ź沽��γ��׿ޤ� [�� 6] �˼��ޤ�� ǽҤ٤��̤� TKIP �� WEP �μ��ѤǤ��褦��߷פ��Ƥ��뤿�ᡢ ��Υѥ��åȤ� Data �� ICV ��ʬ�ϡ��ޱ�ü�ǡ�WEP Encapsulation�� Ƚ񤫤줿��ʬ�� WEP ��Ʊ��ˡ�ǰŹ沽��Ƥ��ޤ�� â��WEP �Ȱۤʤ�Τϡ�

�Ȥ��Ǥ�� ICV �ϡ��MIC�פ�ޤ��ǡ��Ф�� CRC-32 �Υ��å��ˤʤäƤ��ޤ��

��ʤ��顢��Ū�ʰŹ沽�Τ�꤫��Τ� WEP ��Ʊ��Ǥ��顢 Ʊ��褦�ʼ�ˡ�ǥѥ��åȤ�� ICV ��1ʸ��Ŀ�¬��Ƥ��ϡ� �� WPA (TKIP) �Ǥ�Ŭ��ǽ�Ǥ�� TKIP �Ǥ� ICV �԰��פΥ��顼��Ф��Ƥ��Τ��Ԥʤ��ޤ��󤬡� chopchop ��1ʸ��û�̤��ѥ��åȤǤ� ICV ��Ƥ� MIC ��̾��פ��ʤ��ᡢ ��饤��Ȥ�� AP �� MIC �԰��פΥ��顼��𤵤�뤳�Ȥ��Ѥ��ƹ��Ԥʤ��ޤ��

��WPA ��߷��ʳ�� TKIP ��ƥ��崰��Ǥʤ��Ȥϴ��˰ռ��Ƥ��ꡢ ��򤵤��񤷤��Ǥ�2��ɲä��Ƥ��ޤ� [2, Sec. 8.3.2.4, pp. 171-180]��

��Τ��ᡢ�̿��İ��ѥ��åȤ� WEP ��Ʊ��褦�� chopchop ��ԤʤäƤ⡢ ��˹��˻Ȥ��Ź�ʸ��Ʊ�� IV �Υѥ��åȤ��˼��ѤߤΤ�� 1. ��¤Ǽ��ݤ��졢��⤬��ޤ�� ޤ��Ǥ��ICV��1ʸ��ܤβ��ɤϤǤ��ޤ�� 1ʬ��2ʸ��ܤβ��ɤ�Ԥʤ��ȡ�1ʬ��2�� MIC �԰��ץ��顼�Τ�� 2. ��¤Ǽ�ưŪ��³��Ǥ��졢�֥ޥ��פ�򴹤��ƹ��⤬��Ԥ��Ƥ��ޤ��ޤ��

ʸ�� [1] �Ǥϡ�1. ��к��Ȥ��ơ��ѥ��åȤ�ͥ��̤��դ�� QoS �ε�ǽ��Ѥ��Ƥ��ޤ�� TKIP �Ǥ� IV ��󥿤�ͥ��˻��äƤ��뤳�Ȥ��顢 ��ͥ��٤��İ��ѥ��åȤ��̤�ͥ��٤ǹ��˻Ȥ��Ȥǡ� ��¤��򤷤Ƥ��ޤ��ޤ��2. �ˤĤ��ƤϹ��®�٤�1ʸ��1ʬ��¤��뤳�Ȥǲ��򤷤Ƥ��ޤ�� Τ��˹��ɬ�פ��٤ޤǥѥ��åȤ��ɤ��Τ�12ʬ��٤��פ��ޤ��

�ޤ��QoS ��ǽ��Ƥ��ʤ��ˤ��Ƥ⡢̵��Ķ��ѤǤ�� AP�ȥ��饤��Ȥδ֤ǥѥ��åȤ�ľ��Ϥ��Ĺ��Ԥ�AP��Ԥȥ��饤��Ȥδ֤Ǥ� �ѥ��åȤ��ã��ꡢ��10ʬ�ۤɤ�̵�̿��֤��Ƥ��С� Ʊ�ͤι��⤬�¸��Ǥ��ǽ��Ŧ��Ƥ��ޤ� [1, p. 84]��

��ǡ�Michael ��߷׼��Τ��꤬��ꡢ��öʿʸ�Ȥ��б�� MIC ��ʬ��äƤ��ޤ��С� ��ˤʤä��MIC ��ˤ��ñ�˷׻��Ǥ��Ƥ��ޤ��Ȥ� [1, p. 84] ��ǻ�Ŧ��Ƥ��ޤ�� Τ��ᡢ��ö chopchop ��å��ǥѥ��åȤ�ʿʸ�� MIC ��ɤ��С� �ѥ��åȤβ��Ū�ưפˤǤ��ʲ��Υǡ��Ф��MIC�ͤ��׻��Ǥ��Ƥ��ޤ��ˤ��Ȥˤʤ�ޤ�� ö MIC ��ꤷ��ϡ��ΰŹ�ʸ��İ�Ⱥ�û��4ʬ�ۤɤβ��Ϥˤ�äơ� ��7�ѥ��åȡ�QoS ��Ѥ��ʤ��1�ѥ��åȡˤβ��⤷��ѥ��åȤ��뤳�Ȥ��Ǥ��ޤ��

3.2.1 ʸ�� [1] �ι��ˤ��ƶ��ɾ��

�ޤ��β�ǽ��ˤĤ��Ƥϡ�QoS ��ǽ��̵��LAN��ͭ��ꤵ��Ƥ��ʥ��ʥꥪ1�ˡ��ܹ��β��Ͻ�ʬ�˸��Ū�Ǥ��ꡢ ��Ū�ʻ��֤Ȳ�ǽ��ˤ�� Michael �β��⸡�θ��ɤ��ȹͤ��ޤ�� ޤ��⥯�饤��Ȥ��̾��̿��ʿ��̤�˲�ǽ�Ǥ��ꡢ��⤬��Τ��ǽ��㤤�ȹͤ��ޤ�� ι��ɬ�פʵ��Ѥ��2008ǯ��ʳ��ǥġ��뤬��Ƥ��ꡢ��ǽ�Ǥ��

��ǡ��ʥꥪ2�ˤĤ��Ƥϡ�PC �ȥ��ݥ��Ȥδ֤��̿��˵��Ѥ��Ǥʤ�� Ȥˤ��PC��ݥ��ȴ֤��̿��˸��ɬ�פ��ޤ�� ̤� WPA ��ɬ�פȤ��뿦��Τ褦�ʴĶ��Ǥϡ�̵��AP�ȥ��饤��Ȥδ֤˸��̤��뤳�Ȥ� ¿��Τ褦�ʾ��İ��Ǥʤ�ľ��̿��˸��뤳�Ȥϡ��ǽ��Ǥ��ʤ��Τ��ʺ��ȼ��Ȥ� �פ��ޤ��Michael ��ꤹ�뤿��10ʬ��٤��̿��֤ˤĤ��Ƥϡ� ��˥桼��˵��դ��ǽ��⤯�ʤ��ΤΡ��β�ǽ��ꤹ��ۤɤˤϻ��ʤ��ȹͤ��ޤ��

��ȼ��ꥹ��ˤĤ��Ƥϡ��ܹ��ǲ��ɤ��븰��Michael �β��⸡�θ��Ǥ��ꡢ �Ź沽��Ǥ��ʤ��ᡢ��Ƥ��̤��İ��ѥ��åȤ�ľ��˲��ɤǤ��褦�ˤϤʤ�ޤ�� ޤ��ɲ�ǽ�ʥѥ��åȤϤ��ͽ¬��ǽ�Ǥ��ɬ�פ��ꡢ ��оݤ��Ū�ˤʤ�ޤ��

�ܹ��⤬��ȯ��ºݾ�Υꥹ��ˤĤ��ơ� ʸ��ǽҤ٤��Ƥ��ΤΤ��Ǥⶼ�ҤΤ��Τϡ��ե��䥦��β�� [1, p. 84] �Ǥ��ȹͤ��ޤ�� ե��䥦��֤Τ��̿��Τߤ��ӽ�� 鳰��̿��Ǥ��ʤ��Τϡ��̿��ѥ��åȤ��Ƥ򸡺�� ⢪��Υѥ��åȤȡ��Ф��볰��α��Τߤ��̲ᤵ��褦�ˤʤäƤ��ޤ� [�� 9]�� Τ褦�ʥͥåȥ��³�׵�ѥ��åȤ��ȡ� 1�ѥ��åȤΤߤε�� TCP/IP ��̿��򳰢��˳�Ω��뤳�Ȥ��Ǥ��ǽ��ޤ� [�� 10]�� ι��ϡ��̿��³��פ򤷤ʤ��Ρ�stateless firewall�ˤˤĤ��Ƥ��Ω��ΤȻפ��ޤ�� ³��פ򤷤Ƥ��Ρ�stateful firewall�ˤ� NAT �ε�ǽ��ͭ��ʪ�ˤĤ��Ƥϡ� ��β��ݤϤ��μ��˰�¸��ޤ��Ȥ�櫓��鳰��Υѥ��åȤˤĤ��Ƥξ��׼��Ԥ� ��Ū��Ƥʤ�ΤˤĤ��ƤϹ��⤬��ǽ�Ǥ��

3.2.2 ʸ�� [1] �ι��Ф��к�

�ܹ��Ф��й��Ȥ��ơ�[1] �� 5.1 ��Ǥ� TKIP �� CCMP ��Ѥ��뤳�Ȥ�¾�ˡ� 2�Ĥλ��Ū��к��󼨤��Ƥ��ޤ�� 1��ܤ� MIC �԰��ץ��顼��Υѥ��åȤ��Ф�ߤ�뤳�Ȥǡ��ɤμ꤬��Ȥʤ��̵��Ȥ��Ǥ��ޤ�� 饤��¦��̵��LAN�Υե��०��ɥ饤�Фβ�¤��פ��ޤ�� 2��ܤϡ�TKIP ��Ѥ��ݤ� WPA �θ��ֳ֤�120��٤�û��뤳�Ȥ��Ƥ��Ƥ��ޤ�� ˤ�ꡢMichael �β��ɤ��˸��ι��Ԥʤ��뤳�Ȥ��ݾڤǤ��뤿�ᡢ��⤬�񤷤��ʤ�ޤ�� TKIP ��Ѥ��Ǹ��ֳ֤�� ѹ��Ǥ��ˤϡ��ѹ��ܤ��Ƥ��Ȥ��侩��ޤ�� ѹ��ˤ�ꥢ��ݥ��Ȥ��٤��Ť��ʤꡢ �ä˥��饤��Ȥ�¿��¸�ߤ��ͥåȥ��Ǥ��٤��԰��ˤʤ��ǽ��ޤ��Τǡ� ��κݤ�α�դ�ɬ�פǤ��

�ʤ��ʸ�� [1] �Ǥ�Ҥ٤��Ƥ��ޤ��ܹ��ˡ�ι��ưפ��ϡ� ��줾��Υ��饤��Ȥ��AP�μ��˰�¸��ޤ�� äˡ�TKIP ��ʤ��׵ᤵ��Ƥ��2�� MIC �԰��פ˴ؤ��̿��פ� AP �ޤ��ϥ��饤��Ȥ� ��Ƥ��ʤ��硢��ɬ�פʻ��֤��ɤ��Υ��ʥꥪ�Ǥ�1ʬ�ʲ��ˤʤꡢ ��⤬��ʤ긽��Ū�ˤʤ뤳�Ȥ�ͽ�ۤ��ޤ��

3.3 ʸ�� [6] ��

ʸ�� [6] ��𤵤�Ƥ��빶��ϡ��Ū�ˤ� [1] ��Ʊ��ι��Ǥ�� Τ��̵��Ķ��ѹ��ˤĤ��Ƥϡ�[1] �Ǥ��2��ꥷ�ʥꥪ��Ʊ��ȹͤ��ޤ��

[6] �Ǥο��ʼ�ĥ�Ȥ��ơ�3.2 ��ǽҤ٤� WPA �Ǥ��ɲ�� 2. ��Ф��к��Ȥ��ơ� ��̿��򹶷�Ԥ��Ѥ��Ƥ��ǤϹ��Υ��ߥ󥰤򹶷�Ԥ��ͳ��Ǥ��Τǡ� �ޤ��ϥѥ��åȤ��Ѥ�Ԥʤ��ʤ��ͥåȥ��ƻ뤷�� ޤ��פ��̿��Τʤ��ߥ󥰤򸫷פ�ä�10ʬ��Ѥ�ߤ�ƹ��ųݤ��С� �桼��̿��Ф��ƶ��򲡤��ĤĲ��ɤ��ǽ�ˤʤ�Ȥ��Ƥ��ޤ��

�ѥ��åȤβ��ˤĤ��Ƥϡ��ɤ��ѥ��åȤΤ��ʿʸ�β�ǽ��⡹256��٤˸��Ǥ��Ǥϡ� chopchop ��å��1ʸ��ä� ICV �κǸ��1ʸ��ꤹ��С��ȤϿ�¬��ѥ��åȤ� ICV ��Ӥ��Ƥ�뤳�Ȥ� �֤��٤γ�Ψ��ѥ��åȡפ��Ƥ��Τǡ��̿��4ʬ��˺�û��äˤǤ��롢�Ȥ��ĥ�Ǥ�� Ū��оݤȤ��Ƥϡ��ɥ쥹�ϰϤ��Τ� IP �ͥåȥ��ˤ�� ARP �ѥ��åȤ��ꤵ��Ƥ��ޤ��

3.3.1 ʸ�� [6] �ι��ˤ��ƶ��ɾ��

��ʸ��֤��Ƥ��β��ˤĤ��Ƥϡ��μ±��ѴĶ��Ǥ��ˤĤ��ƤϾ��ˤ��Ƚ�Ǥ�ʬ��ΤȻפ��ޤ�� ޤ��̵��Ķ��ˤĤ��Ƥ� 3.2.1 ��ǽҤ٤��̤ꡢ ̵��Ķ��Ǥ�ľ��̿��˸��ϡ��ǽ��Ǥ��ʤ��Τ��ʺ��ȼ��ȤȻפ��ޤ�� ˡ��ɤΤ��10ʬ��٤��̿��֤ˤĤ��Ƥϡ� ��ʸ��Ρ��̿��Ƴ��줿�ݤ˹��⤬ȯ�Ф��ʤ��˸�õ��Ǥ��ʬ�ˤĤ��Ƥϵ��䤬�Ĥ�ޤ� ��10ʬ��٤��TCP�̿��ARP�䤤��碌��ȯ��뤿�ᡢ�̾��ARP��䤵��Ƥ⤤��̿��Ȥζ��̤ˤϺ��񤬤��ˤ�� ̾��PC��ѤǤ�̵��LAN��³��³��Ƥ��֤Ǥ�10ʬ��٤�̤��ѻ��֤Ͻ�ʬ��뤿�ᡢ ��¤˵��ǽ��ꤹ��ˤϻ��ޤ��Ǥ�� Ǹ�ι��֤κ︺�ˤĤ��Ƥϡ�1�Х��Ȥǿ��ǽ�ʹ��оݥѥ��åȤ� [1] ��Ӥ��ƹ��˸��ꤵ�졢 ��¾� ARP �ѥ��åȤ˸��ꤵ��ޤ��¾�Υѥ��åȡ��Ȥ�� DNS �Ȥ� TCP SYN �ʤɤǤϿ��Х��Ȥο�¬�Բ�ǽ�ǡ��ˤ�� Ѥ��ˤĤ��Ƥ��礭�ʱƶ��Ϥʤ��ȹͤ��ޤ��

�ʾ��顢ʸ�� [6] ��󼨤��줿�ȼ��ϡ��¤�̵��LAN�ξ��ѴĶ��Ǥ� ��Ū��Ǥ��ꡢľ��˼��ѴĶ��ǤΥǡ��İ�ʤɤο��ﳲ��̢��ͽ�ۤ��ʤ��ΤΡ� ʸ�� [1] �ι��⤬¸�ߤ��뤳�Ȥ��⡢ �� WPA (TKIP) (�� WPA2 (TKIP)) ��Ѥ��Ƥ��Ķ��Ǥ� AES �ؤ��ѹ��Ԥʤ��Ȥ��ܹƤǤϿ侩��ޤ��

�ʤ�� [6] ��û�̤��줿�Ȥ��Ƥ��빶��֤ϥѥ��åȤβ��⹶��ˤ��֤Ǥ��ꡢ ��ʳ��ɬ�פȤʤ� MIC ��β��ɤˤϡ��Ȥ��10ʬ�ʾ�λ��֤��פ��Ƥ��ޤ�� Τ��ᡢ3.2.2 ��ǿ��줿ʸ�� [1] �θ��ֳ��ѹ��ˤ��й��ϡ� ��ˤ��빶��ˤ�ͭ��Ǥ��ȹͤ��ޤ�� ޤ��ꤵ��붼�ҡ��٤��˵��ˤĤ��Ƥ⡢ 3.2.1 ��ʥ��ʥꥪ2�ˤ�Ʊ�ͤη��Ƴ��Ф��ޤ��

4. CCMP ��Ф��빶��ǽ��ˤĤ��

��Ǥϡ��ä� [2, Sec. 8.8.3.3] �� CCMP��WPA2 (AES)�פˤĤ��ơ� ��Ʊ�ͤμ��ʤˤ�빶��ǽ��򸡾ڤ��ޤ��

CCMP ��Ѥ��ѥ��åȤΥե��ޥåȤ� [�� 11] �ˡ��Ź沽��γ��׿ޤ� [�� 12] �� ޤ��ޤ��ѥ��åȤοޤ�ʬ��Τϡ� TKIP �Ǥ� WEP ��θߴ��Τ��˰ݻ��Ƥ�� ICV �ե��ɤ��Ƥ��뤳�ȤǤ�� ޤ��ޤ��Τ�Τ��Ӥ��ȡ�WEP �ȶ��̤Υ��ݡ��ͥ�Ȥ��ۤȤ�ɤʤ��ʤꡢ 1��Ź沽��߷פ��ľ��Ƥ��뤳�Ȥ�ʬ��ޤ��

CCMP ��Ѥ��Ƥ��CCM encryption�פν��ϡ��Counter with CBC-MAC (CCM)��[7] �Ȥ�� Ź沽�ץ��ȥ��ˡ�128 bit �� AES �Ź沽��2�Х��ȤΥѥ��å�Ĺ��8�Х��Ȥ�MACĹ�򤽤줾��Ŭ�Ѥ��ΤǤ�� ΰŹ沽�ץ��ȥ��ˤĤ��Ƥϡ��β��θ��Ǥΰ��ξ��Ԥʤ��Ƥ��ꡢ��ξܺ٤� [3] �� ܤ��Ƥ��ޤ��

��ι��ơ�ICV �ˤ��ưŹ�ʸ��ǲ��⸡�Τ��Ŭ��Ƥ��ʤ� CRC-32 ��Ѥ��Ƥ��ꡢ ��⤽�λȤ��ޤ�� CRC ��Ū��ȥޥå��Ƥ��ơ� ľ�� CRC �ͤ��᤺�Ȥ�1ʸ��û�̤Ȥ��ǡ��Ѥ򤹤��ˡ��ä��ȡ� ��ˤ��Υǡ��Ѥ˵��RC4 ��Ϥ��Ȥ��ñ��ʥ��ȥ꡼��Ź�� ̤��Ƥˤ��ޤ��ޥޥå��Ƥ��뤳�Ȥʤɡ��ֱ��Τ��ʰ��ˡ��Ǥ�¿ʬ�˴ޤޤ�Ƥ��ޤ�� ǡ�CCMP �ˤ��Ǥ�¿��ޤޤ�Ƥ��ʤ��Ȥ��ǧ�Ǥ��ޤ��

��Τ��Ȥ�ʸ�� [3] �ξ��顢��ʤ��Ȥ⸽��ʸ�� [1] ��ǻ�Ŧ��Ƥ��ˡ��Ӥ��κ��ʲ��ɤǤϡ�802.11 �� CCMP �Ź沽 (WPA2 (AES)) ��Ф��ƤϹ��⤬��ʤ��ȷ��Ť��뤳�Ȥ��Ǥ��ޤ��

5. WPA2 (TKIP), WPA (AES) ��Ф��빶��ǽ��ˤĤ��

�Ǹ�ˤ��Ǥϡ��2��Ǽ��夲�ʤ��ä��Ĥ�2�Ĥ��ȹ礻��WPA2 (TKIP), WPA (AES) ��Ф��븡Ƥ�ȡ� ��TKIP/AES ξ�б��⡼�ɡפˤĤ��Ƹ�Ƥ��ޤ��

�ޤ��IEEE 802.11-2007 ��ʤ˴ޤޤ�� TKIP ��͡�� WPA2 (TKIP) [2, Sec. 8.3.2] �ˤĤ��Ƥϡ� ��λ��ͽ񤫤�ܺ٤ʻ��ͤˤĤ��Ƴ�ǧ��뤳�Ȥ��Ǥ��ޤ��η�̡��3��ǽҤ٤��褦�� WPA (TKIP) �˴ؤ�� ˤ��߷׾��ѹ��Ϥʤ��Ʊ��⤬��ǽ�Ǥ��뤳�Ȥ��ǧ�Ǥ��ޤ��

��WPA (AES) �ˤĤ��Ƥϡ�WPA2 �Ȱۤʤ��̤˻��ͽ񤬸��Ƥ��ʤ��Ȥ��顢 ʸ��Ĵ��ˤϺ��񤬤��ޤ��TKIP �� CCMP �δ��Ū��ʬ�ˤĤ��Ƥ��ѹ��ʤ��Ȥ� �ۤ�Ƚ�äƤ��Ȥ��顢��3��ι��⼫�Τ�4��Ʊ��Բ�ǽ�Ǥ��뤳�Ȥϳο��ä��ΤΡ� ��ʬ�ʤ�¾��ʬ�ˤĤ��ơ��ۤ��ǽ��Ǥ��ޤ��Ǥ�� Ȥʤä� 802.11i draft 3 �λ��ͽ񤫤�θ�Ƥ��θ��ޤ�� λ��ͤ��ȳ��ʤؤδ֤��ѹ��ǽ��Ǥ��ʤ��Ȥ��顢 ��ξ�ץ��ȥ��Ƥ�� Linux �� wpa_supplicant �Υ��Ϥ�� ۤˤĤ��Ƹ�Ƥ��ޤ��

��β��Ϥβ��Ƚ��WPA �� WPA2 (802.11i) �Ǥμ��ѹ��ϼ��̤�Ǥ��

��ѹ��ˤĤ��ơ��ष�� WPA2 �ǿ��˥��ƥ��Ƥ��ɬ�פ��ѹ�� (2., 4. �ʤ�) ��Ĥ��ΤΡ� WPA �� WPA2 �ǥ��ƥ��嶯��Τ��ѹ��줿��ǽ��Τ� 7. �ΤߤǤ��ꡢ 7. ��̾��AP�μ��Ǥ��꤬��ȤϹͤ��񤯡��˾��ʤ��Ȥ� WPA (AES) ñ�ȤǱ��Ѥ��ݤˤ� ��ˤʤ�ʤ� (��) ��ᡢWPA2 (AES) ��Ȳ��Ǥ��Ǥ� WPA (AES) ��Ʊ�ͤ˰��Ȳ��Ǥ��ޤ��

�Ǹ�ˡ��TKIP/AES ξ�б��⡼�ɡפˤĤ��ơ�� AP �ˤ� AES �� TKIP ��ξ��Υ��饤��Ȥ� Ʊ��³�Ǥ��뵡ǽ��ݡ��Ȥ��Ƥ��ޤ�� Τ��ʤ��Ȥ� 1�Ĥ� PSK��1�Ĥ� SSID �Τߤ��ꤷ��Ѥ��⡼�ɤϡ��3��ι��αƶ�� ǽ��ޤ��ϡ�WPA ��Ѥ��̿��ˡ��ƥ��饤�� ָ��̸��פȡ��饤��ȤǶ��̤��Ѥ��AP��Υ֥��ɥ��㥹�ȥѥ��åȤʤɤΰŹ沽�� Ѥ��֥��롼�׸��פ�¸�ߤ��뤳�Ȥˤ��ޤ��̾�� TKIP �⡼�ɤ� AES �⡼�ɤǤϡ� ��̸��ȥ��롼�׸��Ʊ��Ź沽��ˡ��TKIP��CCMP�ˤ��Ѥ��ޤ�� ʻ�ѥ⡼�ɤǤ� CCMP �򥵥ݡ��Ȥ��Ƥ��륯�饤��ȤȤ� CCMP ��̿��Ĥġ��֥��ɥ��㥹�ȥѥ��åȤ� TKIP ��ѼԤˤ� CCMP ��ѼԤˤ��Ϥ��ɬ�פ��뤿�ᡢ �ָ��̸�� CCMP��롼�׸��TKIP�פȤ��Ѥ��ޤ� ([�� 13])�ʤ��ʤߤ˵դϰ�̣��ʤ��Τ�ǧ��Ƥ��ʤ��ˡ� ��Τ��ᡢ��륯�饤��ȤˤĤ��Ƹ��̸�� CCMP �ˤʤäƤ��Ƥ⡢ AP ��Υ֥��ɥ��㥹�ȥѥ��åȤ� TKIP ��졢��оݤȤʤ��ǽ��ޤ�� Τ��ᡢ��ι��Ф��к��Ȥ�� CCMP �ؤΰܹԤ�Ԥʤ��硢AP ¦��ϡ�CCMP��AES�˸��פˤ��뤳�Ȥ�ɬ�פǤ��

6. ��¾��α��

�ʤ��WPA �� WPA2 �Υץ��ȥ��Τ��̾�δĶ��Ѥ��뤳�Ȥ�¿��ͭ��PSK�ˤΥѥ��ե졼��Ѥ�� (WPA-PSK, WPA2-PSK) �� Ƥϡ��ͭ��ʬ��ͽ¬�Բ�ǽ�Ǥ��뤳�Ȥ�ɬ�פǤ��WPA ��̿��Ω��Ѥ��븰�򴹥ץ��ȥ��ˤ��ơ� �ޤ��ѥ��ե졼�� AP��饤��Ȥ��ǥϥå��ؿ� [2, Sec. H.4.1] ��Ѥ��ƻ��ͭ��Ѵ��ޤ�� ξ�ǡ��ݥ��Ȥȥ��饤��ȤϤ��Ĥ�� (Nonce) ��ʿʸ�̿��Ǹ򴹤�� ͤȻ��ͭ��ϥå��ؿ��Ѥ��̿��Ƴ�Ф��ޤ� [2, p. 198]�� Τ��ᡢ�ѥ��ե졼��θ��ʼ��ʤɤ��Ѥ��ơ˻��˹ʤ��ळ�Ȥ��硢 ��̿��Υѥ��åȤ��İ��ͭ��ѥ��ե졼��β�ǽ��ƤˤĤ��Ƹ��׻��̿��ƤȾȹ礹�뤳�Ȥǡ� �ѥ��ե졼��̿��Ź��̿��ѥ��åȤ��İ��Ԥʤ��Ȥ��ǽ�ˤʤ�ޤ��

��򤱤뤿��ˤϡ��ѥ��ե졼��Ͻ�ʬ��ͽ¬�Բ�ǽ�ʤ�ΤǤ��ɬ�פ��ޤ��ܹƤǤϺ��20ʸ��ʾ�ǡ� ��3�Ԥ˿�¬��Բ�ǽ��ʸ��ꤹ�뤳�Ȥ�侩��ޤ��

WPA ���ȼ��������˴ؤ���ʬ��

RCIS Technical Notices 2009-01 (B)

2009ǯ8��26�� (����)2009ǯ8��27�� (��1.1��)

���ȵ������縦��� ���󥻥����ƥ����楻�󥿡�

1. ʬ�Ϥγ���

1.1 �����¸�ߡ����������ꥹ����ʬ�Ϸ��

1.2 �侩�����к�

1.3 α����

1.4 �ܹƤι���

2. WPA ����� WPA2 �γ���

3. ��𤵤줿 WPA ��TKIP�� �ȼ����γ���

3.1 WEP ���Ф��� chopchop ����

3.2 WPA (TKIP) ���Ф��� chopchop ����

3.2.1 ʸ�� [1] �ι���ˤ��ƶ���ɾ��

3.2.2 ʸ�� [1] �ι�����Ф����к�

3.3 ʸ�� [6] �����

3.3.1 ʸ�� [6] �ι���ˤ��ƶ���ɾ��

4. CCMP ���Ф��빶���ǽ���ˤĤ���

5. WPA2 (TKIP), WPA (AES) ���Ф��빶���ǽ���ˤĤ���

6. ����¾��α����

����ʸ��

ô�����ԡʵ����ԡ�

��������