Security Analysis of Wi-Fi and 3G networks connected to iOS devices

For more mobile security topics, see http://mobile.51cto.com/hot-293442.htm

 

1. Access WiFi

1.1 wireless peer-to-peer Security WEP (Wired Equivalent Privacy)

WEP adopts RC4 symmetric encryption technology at the link layer. The user's encryption key must be the same as the AP's key to allow access to network resources, thus preventing unauthorized user listening and unauthorized user access. WEP provides a 40-bit and 128-bit key mechanism, but it still has many defects. For example, all users in a service area share the same key, if a user loses a key, the entire network is insecure. In addition, 40-bit keys are easily cracked today. Keys are static and need to be manually maintained with poor scalability. To improve security, we recommend that you use a 128-bit encryption key.

1.2 WPA-PSK (Wi-Fi Protected Access Pre-Shared Key)/WPA2-PSK (TKIP or CCMP)

Both adopt pre-shared key authentication. WPA2 is based on the Formal Specification of IEEE802.11i, which is more secure than WPA. The WPA-PSK must support Key management and data encryption based on TKIP (Temporal Key Integrity Protocol), and whether WPA supports CCMP (Counter mode with Cipher-block chaining Message authentication code Protocol) and data encryption. The WPA2-PSK must be able to support both TKIP and CCMP, and both methods must pass compatibility tests. TKIP is an enhanced and upgraded WEP encryption method. Its key length is 128 bits, which solves the problem of too short WEP Key Length and enhances security. TKIP is used to encrypt each data packet by mixing multiple factors (including the basic key, MAC address of the AP, and serial number of the data packet. This hybrid operation minimizes the requirements for wireless terminals and AP, and provides sufficient password strength so that it will not be easily cracked. In addition, hybrid operations can effectively solve duplicate key usage and replay attacks in WEP encryption. CCMP is a security protocol based on the block password of AES (Advanced Encryption Standard. IEEE 802.11i requires the use of CCMP to provide four security services for wireless networks: authentication, confidentiality, integrity, and replay attack protection. CCMP uses the 128-bit AES Encryption Algorithm for confidentiality and other CCMP protocol components for the remaining three services. CCMP combines two complex encryption technologies (counter mode and CBC-MAC) to provide a robust security protocol for data communication between wireless terminals and APs. It should be emphasized that, although the WPA-PSK/WPA2-PSK uses a more powerful encryption algorithm, its user authentication and encryption of the Shared Password (original key) is manually determined and set through, the keys set for all terminals connected to the same AP are the same. Therefore, it is difficult to manage and leak keys, and is not suitable for applications with strict security requirements.

1.3 WPA/WPA2 (TKIP or CCMP)

To improve key management deficiencies in WPA-PSK or WPA2-PSK (referring to Personal standards, primarily for individual users), the WiFi Alliance provides WPA/WPA2 (TKIP or CCMP) (Enterprise Standard, mainly used for Enterprise users). They use 802.1x for user authentication and generate root keys for data encryption, instead of using pre-shared keys manually set, however, there is no difference in the encryption process. In WPA (or WPA2), the RADIUS server replaces a single password mechanism during WPA-PSK (or WPA2-PSK) authentication. Before accessing the wireless network, you must first provide the corresponding identity certificates and check the authentication information in the user identity database, to confirm that you have permissions and dynamically distribute the keys used for data encryption to the client. Because 802.1X is used for user identity authentication, each user's login information is managed by itself, effectively reducing the possibility of information leakage. In addition, each time a user accesses a wireless network, the data encryption key is dynamically allocated through the RADIUS server, making it difficult for attackers to obtain the encryption key. Therefore, WPA/WPA2 (TKIP or CCMP) greatly improves network security and becomes the preferred access method for high-security wireless networks.

2. Access 3G

3G stands for the 3rd Generation, which is the third Generation mobile communication technology. Compared with the first generation of analog mobile phones (1G) and the second generation of GSM, CDMA and other digital mobile phones (2G), the third generation of mobile phones (3G) Generally speaking, it is a new generation mobile communication system that combines wireless communication with multimedia communication such as the Internet. From the operator's network perspective, the main difference between 3G and 2G is the improvement in the speed of sound and data transmission. It can achieve better wireless roaming globally, it also processes images, music, video streams, and other media forms to provide Webpage Browsing, teleconference, e-commerce, and other information services. At the same time, it is necessary to consider the compatibility with existing second-generation systems. To provide such services, wireless networks must support different data transmission speeds, that is, they can support at least 2 Mbps (megabits/second) in indoor, outdoor, and driving environments) the transmission speed of 384 kbps (kilobytes/second) and kbps (this value varies depending on the network environment ).

From the card used by the mobile phone, the iPhone/iPad used a 2G network and a SIM card, which has many security problems, including mobile phone card copy, phone call theft, base station impersonating, information leakage, and so on.

Currently, the iPhone/iPad 3G system provides the following security mechanisms:

(A) implements two-way authentication. It not only provides user authentication for the base station, but also provides user authentication for the base station, which can effectively prevent pseudo base station attacks.

(B) provides integrity protection for signaling data on the access link.

(C) The length of the CMK is increased to 128 bits, and the algorithm is improved.

(D) Data encryption on the 3GPP access link extends to the wireless access controller.

(E) the 3G security mechanism is scalable to provide security protection measures for new businesses in the future.

(F) 3G provides users with security visibility. Users can view their security modes and security levels at any time.

(G) In terms of key length, algorithm selection, authentication mechanism, and data integrity check, 3G provides far better security performance than 2g.

The username and password of a 3G network user are embedded in the SIM card, which cannot be directly read by the user, and the possibility of theft and cracking is extremely small (no cracking case for a 3g sim card is found currently ), therefore, it is safer.

This article from the "excellence begins with the foot" blog, please be sure to keep this source http://patterson.blog.51cto.com/1060257/686723