With the development of the mobile internet, nowadays various kinds of mobile communication apparatuses are able to be connected to hot-spot access points (AP) through WIFI (Wireless-Fidelity) to access the internet. As one of a variety of AP hotspots, the AP in intelligent mobile phones can also provide a WIFI accessing function for the various mobile communication apparatuses at any time and anywhere. Because of the openness of WIFI, the communication security of accessing an AP via WIFI to access the internet has become a focus of concern for internet security.
Currently, in WIFI hot-spot apparatuses, security protocols that support wireless local area network (WLAN) transmission, i.e., mechanisms of security authentication between an AP and a station (STA), include WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access)/WPA2 encryption mechanisms. However, the security level of WEP is not high because signals can be intercepted by a third party and the password can be easily cracked. Currently, most of WIFI hot-spot apparatuses adopt the WPA/WPA2 encryption mechanism for connection, which provides a security level much higher than the WEP encryption mechanism. However, the WPA/WPA2 encryption mechanism still presents some potential security hazards, and is likely to be cracked. Firstly in the WPA security mechanism, data transmission encryption algorithms and data integrity check algorithms including 802.1x, EAP (Extensible Authentication Protocol), TKIP (Temporal Key Integrity Protocol) and MIC (Message Integrity Code) are adopted in WPA for enterprise-level applications. 802.1x and EAP are enterprise-level authentication solutions which provide a high security level and require use of an authentication server. For home-level applications which require a lower security level and does not require use of a server, the PSK (Pre-shared Key) authentication is adopted, which is accomplished by means of encryption algorithms including PSK (Pre-shared Key), TKIP and MIC. In the WPA2 security mechanism, data transmission encryption algorithms and data integrity check algorithms including 802.1x, EAP, AES (Advanced Encryption Standard) and CCMP (Counter CBC-MAC Protocol) are adopted for enterprise-level applications, and data transmission encryption algorithms and data integrity check algorithms including PSK, AES and CCMP are adopted for home-level applications. Surely, WPA has made great improvement over WEP in terms of data encryption transmission and integrity check. However, for the home-level encryption mechanism based on PSK, processes including authentication, encrypted data transmission and data integrity check all rely on the PSK. In case of a “−0 Deautenticate” disconnection attack (i.e., a −0 Deautenticate illegal command is transmitted by a third-party attacker to the AP, to force disconnection of the AP from all STAs, and then re-authentication must be performed between the STAs and the AP for re-connection), re-connection and re-authentication must be done by the AP and the STA. During the process of re-connection and re-authentication, the attacker can intercept enough handshake packets to analyze and crack the password. FIG. 1 shows a process flow of a four-handshake authentication process adopting the prior WPA encryption mechanism, in which the steps are executed from the top to the bottom and from the left to the right:
(1) WPA-PSK Initialization (not Shown)
PSK is obtained through the pdkdf2_SHA1 algorithm according to the password, an SSID (Service Set Identifier), a length of the SSID len(SSID) and 4096. In WPA-PSK, the PSK is equal to the PMK, the password is pre-shared by the AP and the STA, and the operation function of pdkdf2_SHA1 is as follows:
PSK=PMK=pdkdf2_SHA1 (PasswordSSID,Len(SSID),4096)
(2) The First Handshake (Step S10′)
The AP broadcasts the SSID and transmits the MAC address AP_MAC(AA) of the AP to the STA, and the PSK is generated by the STA also according to the pdkdf2_SHA1 algorithm.
(3) The Second Handshake (Step S20′)
The STA transmits a random number SNonce and transmits the MAC address STA_MAC(SA) of the STA to the AP.
After receiving the data from the STA, the AP generates an ANonce, which is used to calculate an MIC KEY (i.e., a key for message integrity check) through the SHA1_PRF algorithm. The operation function of SHA1_PRF is as follows:
PTK=SHA1_PRF (PMK,Len(PMK),“Pairwise key expansion”,Min(AA,SA) ||Max(AA,SA)||Min(ANonce,SNonce)||Max(ANonce,SNonce))
where, the PTK is a Pairwise Transient Key and is calculated through the SHA1_PRF algorithm, and the MIC KEY is formed of the first 16 bytes of the PTK.
(4) The Third Handshake (Step S30′)
The AP transmits the ANonce to the STA.
The STA generates the PTK according to SHA1_PRF to obtain the MIC KEY, and then the MIC is calculated by the STA through the HMAC_MD5 algorithm according to the MIC KEY and the 802.1x data. The operation function thereof is as follows:
MIC=HMAC_MD5(MIC KEY,16,802.1x data)
where, the 802.1x data represents one 802.1x data frame.
(5) The Fourth Handshake (Step S40′)
The STA transmits 802.1x data+MIC+0000(H) to the AP.
The AP removes the MIC, puts in the MIC portion of the data frame with 0, and generates an MIC′ according to the HMAC_MD5 algorithm. If MIC=MIC′, then the handshake is successful; and otherwise, it means that the two passwords are inconsistent with each other or the middle of the data has been tampered, and the handshake fails.
For the WPA encryption mechanism, the security thereof relies on the pre-shared password, and currently, an effective form of attack against the WPA is the conventional dictionary attack. The KEY used in the data transmission encryption is derived from the PTK, and as can be known from the aforesaid handshake process, the privacy of the PTK is guaranteed by the password. If the communication process between the AP and the STA suffers from the “−0 Deautenticate” disconnection attack, re-connection and re-authentication must be performed between the AP and the STA. If the attacker has intercepted an enough number of handshake authentication packets which comprise information related to the password, he or she can try a dictionary attack (i.e., an exhaustive attack, which tries with all possible values of the password) by using other intercepted data together to crack the password. In this way, the WPA can be cracked.
Accordingly, improvement and advancement still have to be made on the conventional technologies.