智能设备Wi-Fi凭证安全分析:从SmartCfg漏洞探讨

需积分: 9 0 下载量 22 浏览量 更新于2024-09-12 收藏 747KB PDF 举报
"这篇研究论文揭示了智能设备中SmartCfg无线配置方案的安全漏洞,特别是针对Wi-Fi凭证的泄漏问题。作者来自上海交通大学,通过实验分析了八种不同的SmartCfg实现,发现它们在设置智能设备与无线路由器连接时,对凭证保护不足,可能导致Wi-Fi凭据被窃取。" 正文: 在当今的物联网(IoT)时代,许多智能设备如智能灯泡、安全摄像头等缺乏交互式用户界面,它们通常依赖特定的配置方案来连接到无线网络。SmartCfg是一种广泛采用的技术,用于简化智能设备与无线路由器之间的连接设置。然而,尽管SmartCfg技术提供了便捷的Wi-Fi配置方式,但现有的解决方案并未充分考虑凭证的保护,这在一定程度上引入了针对Wi-Fi凭据的安全威胁。 该论文"Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning"深入探讨了这一问题。作者指出,由于SmartCfg协议的设计缺陷,攻击者可能在智能设备进行配置过程中截取Wi-Fi网络的名称(SSID)和密码,从而窃取用户的身份验证信息。这种攻击可能发生在设备初始化设置阶段,甚至在用户不知情的情况下发生。 论文对八种不同的SmartCfg实现进行了安全性评估,发现所有这些实现都存在漏洞,使得攻击者有机会捕获敏感的Wi-Fi凭证。这些漏洞可能源于无线信号的未加密传输、设备对网络请求的响应处理不当,或是配置过程中认证机制的不足。 为了证明这些威胁的可行性,研究人员设计并实施了一系列实验,成功地从空中(即通过无线监听)捕获了Wi-Fi凭证。这些实验结果突显了当前智能设备安全性的脆弱性,以及对于SmartCfg技术改进的迫切需求。 论文还提出了针对这些问题的防御策略,包括增强无线通信的加密强度、改进SmartCfg协议以确保凭证的安全传输,以及提高用户的网络安全意识。此外,建议设备制造商在产品设计和开发阶段就充分考虑安全因素,对SmartCfg的实现进行安全审计和测试。 总结来说,这篇研究揭示了SmartCfg在Wi-Fi配置中的潜在风险,并呼吁业界重视物联网设备的安全性,采取有效措施防止Wi-Fi凭证的泄漏。通过提升设备的安全标准,可以降低智能家庭和企业网络遭受攻击的风险,保护用户的隐私和数据安全。
2018-12-05 上传
Table of contents 1 INTRODUCTION .......................................................................................................................................................... 8 1.1 Scope ............................................................................................................................................................ 8 1.2 References.................................................................................................................................................... 8 1.3 Definitions and acronyms............................................................................................................................ 10 1.3.1 Shall/should/may/might word usage .............................................................................................. 10 1.3.2 Conventions ................................................................................................................................... 10 1.3.3 Abbreviations and acronyms.......................................................................................................... 11 1.3.4 Definitions ...................................................................................................................................... 12 1.3.5 Symbols ......................................................................................................................................... 13 1.4 Architecture ................................................................................................................................................. 14 1.5 Device roles ................................................................................................................................................ 14 1.5.1 Authentication roles........................................................................................................................ 14 1.5.2 Configurator delegation.................................................................................................................. 15 1.6 Security considerations............................................................................................................................... 15 1.6.1 Overview ........................................................................................................................................ 15 1.6.2 Threat profile .................................................................................................................................. 15 1.6.3 Trust model .................................................................................................................................... 18 2 DPP PROTOCOL USAGE.......................................................................................................................................... 20 2.1 Overview ..................................................................................................................................................... 20 2.2 Infrastructure setup and connectivity .......................................................................................................... 20 2.2.1 AP configuration............................................................................................................................. 20 2.2.2 STA configuration........................................................................................................................... 20 2.2.3 Infrastructure connectivity .............................................................................................................. 20 2.2.4 Message flows for infrastructure connectivity ................................................................................ 20 2.3 Wi-Fi Direct ................................................................................................................................................. 23 2.3.1 Establishing a P2P group using DPP............................................................................................. 24 2.3.2 P2P Group operation ..................................................................................................................... 26 3 SECURITY.................................................................................................................................................................. 27 3.1 Properties.................................................................................................................................................... 27 3.2 Public key cryptography.............................................................................................................................. 27 3.2.1 Supported public key cryptosystem ............................................................................................... 27 3.2.2 Notation.......................................................................................................................................... 27 3.2.3 Cryptographic suites ...................................................................................................................... 28 3.2.4 Point representation....................................................................................................................... 28 4 DATA STRUCTURES................................................................................................................................................. 29 4.1 Public keys .................................................................................................................................................. 29 4.2 Connectors.................................................................................................................................................. 29 4.3 DPP Configuration object............................................................................................................................ 30 4.3.1 Wi-Fi Technology ........................................................................................................................... 30 4.3.2 DPP Discovery ............................................................................................................................... 30 4.3.3 DPP Credential .............................................................................................................................. 30 5 BOOTSTRAPPING OF TRUST.................................................................................................................................. 32 5.1 Overview ..................................................................................................................................................... 32 5.2 Bootstrapping information ........................................................................................................................... 32 5.2.1 Bootstrapping information format................................................................................................... 32 5.3 Scanning a QR code................................................................................................................................... 33 5.4 NFC............................................................................................................................................................. 34 5.4.1 Overview ........................................................................................................................................ 34 5.4.2 NFC Connection Handover............................................................................................................ 35 5.4.3 DPP bootstrapping via NFC URI record ........................................................................................ 37 5.5 Bluetooth ..................................................................................................................................................... 38 5.5.1 Overview ........................................................................................................................................ 38 5.5.2 Responder procedures .................................................................................................................. 40 5.5.3 Initiator procedures ........................................................................................................................ 40 Device Provisioning Protocol Specification v1.0 © 2018 Wi-Fi Alliance. All Rights Reserved. Used with the permission of Wi-Fi Alliance under the terms as stated in this document. Page 4 of 124 5.6 PKEX: Proof of knowledge of a shared code, key, phrase, or word...........................................................41 5.6.1 PKEX preliminaries ........................................................................................................................ 41 5.6.2 PKEX exchange phase .................................................................................................................. 42 5.6.3 PKEX commit-reveal phase ........................................................................................................... 43 6 DPP AUTHENTICATION............................................................................................................................................ 45 6.1 Overview ..................................................................................................................................................... 45 6.2 DPP Authentication protocol ....................................................................................................................... 45 6.2.1 DPP capabilities negotiation .......................................................................................................... 46 6.2.2 DPP authentication request ........................................................................................................... 47 6.2.3 DPP authentication response ........................................................................................................ 47 6.2.4 DPP authentication confirm ........................................................................................................... 49 6.3 DPP Configuration protocol ........................................................................................................................ 50 6.3.1 Overview ........................................................................................................................................ 50 6.3.2 DPP configuration request ............................................................................................................. 50 6.3.3 DPP configuration response .......................................................................................................... 51 6.3.4 DPP Configuration Attributes object .............................................................................................. 51 6.3.5 Connector....................................................................................................................................... 52 6.3.6 DPP Configuration object............................................................................................................... 53 6.4 Network introduction protocol ..................................................................................................................... 55 6.4.1 Introduction .................................................................................................................................... 55 6.4.2 Connector group comparison......................................................................................................... 56 6.5 Network access protocols ........................................................................................................................... 56 7 STATE MACHINES .................................................................................................................................................... 57 7.1 Initiator state machine................................................................................................................................. 57 7.1.1 States ............................................................................................................................................. 57 7.1.2 Events and output .......................................................................................................................... 57 7.1.3 Variables ........................................................................................................................................ 57 7.1.4 Parent process behavior ................................................................................................................ 57 7.1.5 State machine behavior ................................................................................................................. 57 7.2 Responder state machine ........................................................................................................................... 59 7.2.1 States ............................................................................................................................................. 59 7.2.2 Events and output .......................................................................................................................... 59 7.2.3 Variables ........................................................................................................................................ 59 7.2.4 State machine behavior ................................................................................................................. 60 7.3 Configurator state machine......................................................................................................................... 62 7.3.1 States ............................................................................................................................................. 62 7.3.2 Events and output .......................................................................................................................... 62 7.3.3 Variables ........................................................................................................................................ 62 7.3.4 Parent process behavior ................................................................................................................ 62 7.3.5 State machine behavior ................................................................................................................. 62 7.4 Enrollee state machine................................................................................................................................ 64 7.4.1 States ............................................................................................................................................. 64 7.4.2 Events and output .......................................................................................................................... 64 7.4.3 Variables ........................................................................................................................................ 64 7.4.4 State machine behavior ................................................................................................................. 64 7.5 Detailed protocol description....................................................................................................................... 66 7.5.1 DPP bootstrapping......................................................................................................................... 66 7.5.2 DPP authentication exchange........................................................................................................ 66 7.5.3 DPP configuration exchange ......................................................................................................... 68 7.5.4 DPP network introduction exchange.............................................................................................. 69 7.5.5 Network access.............................................................................................................................. 70 8 DPP ATTRIBUTE, FRAME, AND ELEMENT FORMATS .......................................................................................... 71 8.1 DPP attributes ............................................................................................................................................. 71 8.1.1 DPP attribute body field definitions................................................................................................ 72 8.2 DPP frames................................................................................................................................................. 74 8.2.1 DPP Public Action frames.............................................................................................................. 74 8.2.2 DPP Generic Advertisement Service (GAS) frames...................................................................... 78 Device Provisioning Protocol Specification v1.0 © 2018 Wi-Fi Alliance. All Rights Reserved. Used with the permission of Wi-Fi Alliance under the terms as stated in this document. Page 5 of 124 8.3 DPP status and error codes........................................................................................................................ 81 8.4 Network Introduction protocol elements...................................................................................................... 82 8.4.1 Overview ........................................................................................................................................ 82 8.4.2 Network Introduction protocol AKM suite....................................................................................... 82 9 DPP CONFIGURATION BACKUP AND RESTORE.................................................................................................. 83 9.1 Overview ..................................................................................................................................................... 83 9.2 DPP AsymmetricKeyPackage..................................................................................................................... 83 9.3 DPPEnvelopedData .................................................................................................................................... 84 9.3.1 DPPAsymmetricKeyPackage encryption....................................................................................... 86 9.3.2 DPPEnvelopedData decryption ..................................................................................................... 86 9.4 DPP configuration backup .......................................................................................................................... 86 9.5 DPP configuration restore........................................................................................................................... 86 9.6 Enabling multiple Configurators in DPP...................................................................................................... 87 APPENDIX A (INFORMATIVE) TEST VECTORS ............................................................................................................ 88 A.1 Test vectors for DPP Authentication using P-256 for mutual authentication..............................................88 A.2 Test vectors for DPP Authentication using P-256 for Responder-only authentication ...............................91 A.3 Test vectors for DPP Authentication using P-384 for mutual authentication..............................................94 A.4 Test vectors for DPP Authentication using P-521 for mutual authentication..............................................98 A.5 Test vectors for DPP Authentication using Brainpool P-256r1 for mutual authentication ........................103 A.6 Test vectors for DPP Authentication using Brainpool P-384r1 using mutual authentication....................106 A.7 A.7 Test vectors for DPP Authentication using Brainpool P-512r1 for mutual authentication ..................110 APPENDIX B ROLE-SPECIFIC ELEMENTS FOR PKEX............................................................................................... 115 B.1 Role-specific elements for NIST p256 ...................................................................................................... 115 B.2 Role-specific elements for NIST p384 ...................................................................................................... 115 B.3 Role-specific elements for NIST p521 ...................................................................................................... 116 B.4 Role-specific elements for Brainpool p256r1 ............................................................................................ 117 B.5 Role-specific elements for Brainpool p384r1 ............................................................................................ 117 B.6 Role-specific elements for Brainpool p512r1 ............................................................................................ 118 APPENDIX C PKEX TEST VECTOR FOR NIST P256................................................................................................... 119 C.1 Initial state of Initiator and Responder ...................................................................................................... 119 C.2 Initiator generates PKEX Exchange Request frame................................................................................. 119 C.3 Responder processes PKEX Exchange Request frame........................................................................... 120 C.4 Responder generates PKEX Exchange Response frame ........................................................................ 120 C.5 Initiator processess PKEX Exchange Response frame............................................................................ 121 C.6 Initiator generates PKEX Commit/Reveal request.................................................................................... 121 C.7 Responder processes PKEX Commit/Reveal Request frame.................................................................. 122 C.8 Responder generates PKEX Commit/Reveal Response frame................................................................ 123 C.9 Initiator processes PKEX Commit/Reveal Response frame..................................................................... 124
2014-09-17 上传