shiri ne na takaddun shaida wanda Wi-Fi Alliance ya kirkira don nuna yarda da ƙa'idar tsaro da Wi-Fi Alliance ya kirkira don amintar da hanyoyin sadarwar kwamfuta mara waya. An ƙirƙiri wannan yarjejeniya don mayar da martani ga manyan raunin da masu bincike suka gano a cikin tsarin da ya gabata, Sirri Mai daidaita Waya (WEP).
Yarjejeniyar tana aiwatar da mafi yawan ma'aunin IEEE 802.11i, kuma an yi niyya azaman matsakaicin ma'auni don ɗaukar matsayin WEP yayin da aka shirya 802.11i. Musamman, An kawo Tsarin Yarjejeniyar Maɓalli na Zamani (TKIP) cikin WPA. Ana iya aiwatar da TKIP akan katunan keɓaɓɓiyar hanyar sadarwar mara waya ta WPA waɗanda suka fara jigilar kaya har zuwa 1999 ta hanyar haɓaka firmware. Saboda canje-canjen sun buƙaci ƙarancin canje-canje a kan abokin ciniki fiye da kan hanyar shiga mara waya, yawancin AP-pre-2003 ba za a iya haɓaka su don tallafawa WPA tare da TKIP ba. Tuni masu bincike sun gano aibi a cikin TKIP wanda ya dogara da raunin tsofaffi don dawo da keystream daga gajerun fakitoci don amfani don sake allura da zubewa.
Alamar shaida ta WPA2 daga baya tana nuna yarda da ƙa'idar aiki mai ƙarfi wanda ke aiwatar da cikakken ma'auni. Wannan yarjejeniya mai ci gaba ba za ta yi aiki tare da wasu katunan cibiyar sadarwar tsofaffi ba. Samfuran da suka yi nasarar kammala gwaji ta Hadin gwiwar Wi-Fi don bin ƙa'idar aiki na iya ɗaukar alamar takaddar WPA.
WPA2
WPA2 ya maye gurbin WPA; kamar WPA, WPA2 na buƙatar gwaji da takaddun shaida ta Wi-Fi Alliance. WPA2 yana aiwatar da abubuwan da ake buƙata na 802.11i. Musamman, yana gabatar da sabon tsarin tushen AES, CCMP, wanda ake ɗauka cikakken amintacce. Takaddun shaida sun fara ne a watan Satumba, 2004; Daga Maris 13, 2006, takaddar WPA2 ya zama tilas ga duk sabbin na'urori don ɗaukar alamar Wi-Fi.
Tsaro a cikin yanayin maɓallin da aka riga aka raba
Yanayin maɓallin da aka riga aka raba (PSK, wanda kuma aka sani da Yanayin Keɓaɓɓu) an tsara shi don gida da ƙananan hanyoyin sadarwar ofis waɗanda basa buƙatar rikitarwa na sabar tabbatarwa ta 802.1X. Kowace na'ura na cibiyar sadarwa mara waya tana ɓoye zirga -zirgar cibiyar sadarwa ta amfani da maɓallin bit 256. Ana iya shigar da wannan maɓallin ko dai azaman lambobi 64 hexadecimal, ko azaman lambar wucewa na haruffa ASCII 8 zuwa 63. Idan ana amfani da haruffan ASCII, ana ƙididdige maɓallin bit 256 ta amfani da aikin hash na PBKDF2, ta amfani da kalmar wucewa azaman maɓalli da SSID azaman gishiri.
WPA-key-key yana da rauni ga fashewar fashewar kalmar sirri idan an yi amfani da kalmar wucewa mai rauni. Don karewa daga mummunan hari mai ƙarfi, kalmar wucewa ta ainihi ta haruffa 13 (wanda aka zaɓa daga saitin haruffan halattattun haruffa 95) mai yiwuwa ya isa. Cocin WiFi (ƙungiyar bincike ta tsaro mara waya) ta ƙidaya tebura abubuwan dubawa don manyan SSIDs 1000 [8] don kalmomin wucewa na WPA/WPA2 miliyan. [9] Don ƙarin kariya daga kutse SSID ɗin cibiyar sadarwa bai dace da kowane shigarwa cikin manyan SSIDs 1000 ba.
A watan Agusta 2008, wani matsayi a cikin dandalin tattaunawar Nvidia-CUDA ya ba da sanarwar, yuwuwar haɓaka aikin munanan hare-hare kan WPA-PSK da kashi 30 da ƙari idan aka kwatanta da aiwatar da CPU na yanzu. Ana fitar da lissafin PBKDF2 mai ɗaukar lokaci daga CPU zuwa GPU wanda zai iya ƙididdige kalmomin shiga da yawa da makullin Pre-shared ɗin su daidai. Lokacin tsaka-tsaki don samun nasarar tsammani kalmar sirri ta yau da kullun tana raguwa zuwa kusan kwanaki 2-3 ta amfani da wannan hanyar. Masu nazarin hanyar da sauri sun lura cewa aiwatar da CPU da aka yi amfani da shi a cikin kwatancen zai iya yin amfani da wasu fasahohin daidaitawa iri ɗaya - ba tare da saukarwa zuwa GPU ba - don hanzarta aiki da kashi shida.
Rashin ƙarfi a cikin TKIP
An gano wani rauni a cikin Nuwamba 2008 ta masu bincike a jami'o'in fasaha na Jamus guda biyu (TU Dresden da TU Darmstadt), Erik Tews da Martin Beck, waɗanda suka dogara da wani kuskure da aka sani a baya a cikin WEP wanda za'a iya amfani dashi kawai don TKIP algorithm a WPA. Kuskuren na iya rage gajerun fakitoci tare da mafi yawan abubuwan da aka sani, kamar saƙon ARP, da 802.11e, wanda ke ba da fifikon Ingancin fakitin Sabis don kiran murya da watsa labarai. Kuskuren baya haifar da dawo da maɓalli, amma kawai maɓallin keystream wanda ya rufaffen fakiti na musamman, wanda kuma za a iya sake amfani da shi har sau bakwai don allurar bayanan sabani na tsawon fakiti ɗaya ga abokin ciniki mara waya. Misali, wannan yana ba da damar allurar fakiti na ARP wanda ya sa wanda aka azabtar ya aika fakiti zuwa Intanit ɗin da aka buɗe.
Goyan baya na kayan aiki
Yawancin sabbin na'urorin Wi-Fi CERTIFIED suna goyan bayan ƙa'idodin tsaro da aka tattauna a sama, daga cikin akwatin, saboda ana buƙatar bin wannan yarjejeniya don takaddar Wi-Fi tun Satumba 2003.
Yarjejeniyar da aka tabbatar ta hanyar shirin WPA na Wi-Fi Alliance (kuma zuwa mafi ƙarancin WPA2) an tsara shi musamman don yin aiki tare da kayan aikin mara waya wanda aka samar kafin gabatar da yarjejeniya, wanda galibi yana tallafawa rashin isasshen tsaro ta hanyar WEP. Yawancin waɗannan na'urori suna goyan bayan ƙa'idar tsaro bayan haɓaka firmware. Ba a samun haɓakar firmware don duk na'urorin na gado.
Bugu da ƙari, yawancin masana'antun na'urorin Wi-Fi masu amfani sun ɗauki matakai don kawar da yuwuwar zaɓin kalmar wucewa mai rauni ta hanyar haɓaka madadin wata hanyar samarwa da rarraba maɓallai masu ƙarfi ta atomatik lokacin ƙara sabon adaftar mara waya ko kayan aiki zuwa cibiyar sadarwa. Haɗin Wi-Fi ya daidaita waɗannan hanyoyin kuma yana tabbatar da bin ƙa'idodin waɗannan ƙa'idodin ta hanyar shirin da ake kira Saitin Kare Wi-Fi.
Bayanan Wikipedia
