【作者】 李计；

【导师】 刘云；

【作者基本信息】 北京交通大学 ， 通信与信息系统， 2011， 硕士

【摘要】 无线Mesh网络是一种新型的多跳无线网络,它组网灵活,部署便捷,网络容量大,健壮性好,极大地满足了当今人们的应用需求。但是这种网络中信息传输具有开放性,在应用中数据被窃听、拒绝服务、信息被篡改等安全问题日益凸显。虽然现有的802.11s/i协议及其它基于路由的安全方案对无线Mesh网络起到了一定的防护作用,但并没有彻底解决其安全问题。尽管我国针对现有网络的安全状况,提出了WAPI安全协议,较好地满足了国内用户对信息安全的需求,但将WAPI应用在无线Mesh网络上时,仍存在一些需要完善的地方。本论文针对这一问题进行研究,并开发出基于S-WAPI协议的无线Mesh网络集中式认证测试系统。论文首先介绍无线Mesh网络产生的背景,及其网络结构和相关关键技术,并把它与其它无线网络做了对比分析,说明了其实际应用价值；其次,论文全面介绍了WAPI协议,对其中的鉴别和数据保密原理及其工作流程进行了深入分析,并着重讨论了WAPI协议的一些需要改进的地方,提出了相应的解决办法,比如：认证过程中增加数字签名可以防止抵赖行为的发生,密钥协商请求改由AP节点首先发送可以避免DoS攻击,密钥协商过程中对生成的密钥进行确认可以防止由于错误生成密钥而带来的资源浪费,以及对数字证书的结构进行了适当的优化可以提高其编码效率等。再次,论文还给出了理论分析结果,设计出能够应用于自主场合的S-WAPI认证服务器(AS)总体框架,及其认证模块、加解密模块和相关数据库等。最后,论文开发出基于S-WAPI协议的无线Mesh网络集中式认证测试系统,并进行了多次试验,试验中利用抓包工具Netfilter获取了认证过程中的相关数据包,通过在程序中添加输出语句得到了加解密数据。试验结果和分析表明S-WAPI基本解决了WAPI应用于无线mesh网络时的不足,达到了预期目标。同时,论文也初步讨论了一种基于S-WAPI的分布式认证系统方案,将其作为未来进一步研究的一个方向。更多还原

【Abstract】 WMN, a new type of wireless network, is capable to provide mesh clients with multiple routes featuring flexible configuration, convenient deployment, large capacity and good robustness, all of which facilitate to meet the demands of clients. However, in the application, certain security issues, for instance, wiretapping, DoS, information falsification and the like, emerge more and more, due to its openness during the data transmission. And this kind of problems is still suspended, although some solutions existing such as 802.11s/i protocol and other based-on-routing-technolo-gy ones could protect wireless mesh network in a certain way in which actually problems are not cracked thoroughly. Although, the government, considering the safe condition of the network in our country, has put forward WAPI security protocol, which is better to meet the needs of information security by the public, the WAPI still needs to be perfected when applied to wireless mesh network. To solve the problem, a centralized authentication test system based on S-WAPI is developed referring to wireless mesh network at last.In the paper, at first, background of WMN, its structure and related critical technologies are introduced, and comparative analysis with other related networks are done to indicate its value in the application. And then, the WAPI is introduced completely, especially principle and work flow of authentication and data security, with focus on diagnosing the bugs of it, and corresponding solutions are formulated, such as making digital signature before clients sending their data packages can prevent from denying, sending key exchange request first by Ap node instead of STA node can prevent from DoS, confirming the key produced in the process of key consulting can prevent from wasting resource of the network, and optimizing the structure of digital certificate appropriately can make coding and decoding more efficiently. After that, the theoretical analysis result is given, and the framework of certification server based on S-WAPI protocol, authentication module, encryption and decryption module, and corresponding database are designed, all of which work well in independent occasions of the lab.Finally, a centralizing authentication system based on S-WAPI referring to wireless mesh network is developed, and some tests are done. In the tests, packets in authenticating process are got with the help of Netfilter while encrypted data and decrypted data are output by adding output program. Both test result and analysis indicate that the S-WAPI basically solves the shortcomings brought about in the process of applying the WAPI in wireless mesh network, and achieves the expected goals. Meanwhile, a preliminary S-WAPI program based on distributed authentication system is discussed, which would be a direction for the research in the future.更多还原