【作者】 刘可；

【导师】 杨士中；

【作者基本信息】 重庆大学 ， 通信与信息系统， 2007， 硕士

【摘要】 无线通信和Internet技术的迅速发展给人们的生活方式和生活质量带来了巨大的变化,越来越多的用户希望在移动过程中高速接入Internet,无线局域网具有灵活的移动能力和足够高的传输速率,是当代无线通信的重要技术之一,随着应用的不断广泛,其安全问题也越来越突出,己成为一个研究热点。无线局域网中的数据通过高频无线电波传输,极易遭到窃听,而且在无线局域网环境中,有线网络的物理访问控制手段难以适用。为了不让安全问题成为制约无线局域网市场发展的瓶颈,1997年6月公布的IEEE 802.11中使用了WEP协议作为其加密机制,其目标是为WLAN提供与有线网络相同级别的安全保护,其中利用RC4算法作为其核心加密算法,同时用CRC提供校验,并且提供了两种认证方式,2001年5月802.11工作组领导成立了802.11i任务组,改由其专门负责制定WLAN的安全标准,IEEE 802.11i标准于2004年6月正式颁布,它从身份认证和数据保密等方面进行设计,包括了TKIP协议、CCMP协议、802.1x协议等,另外,2003年5月,我国提出了无线局域网国家标准GB15629.11,引入了全新的安全机制——无线局域网鉴别和保密基础结构WAPI。本论文首先研究了无线局域网已有的安全标准的工作原理,包括了IEEE 802.11中的安全机制、IEEE 802.11i标准以及WAPI标准,分别从身份认证、数据加密和数据完整性三个方面对每个标准进行了介绍。通过安全分析,我们说明了在其设计中存在的一系列缺陷,以及由此可能导致的一些攻击方式,尤其对身份认证协议进行了更详细的安全漏洞分析,然后针对这些安全漏洞,本文提出了一种新的认证协议——增强安全的无线认证协议EAP-WAPoES。该协议实行了双向身份认证,并且对AP进行认证,防止了假冒AP攻击,同时还进行安全的密钥协商和密钥确认,第三方无法获知加密密钥,另外,对用户的身份信息也进行了充分的保护,但是协议对STA、AP和AS三方的计算能力都有一定的要求,尤其是在AP和AS端需要进行多次的加密、解密、签名以及解签名运算,所以协议执行的整体效率还有待改进。另外,本文简单地研究了EAP-WAPoES协议的实现框架,分别给出了认证者模块和客户端模块的实现框架。更多还原

【Abstract】 Rapid development of wireless communication and internet technique brings enormous changes to the people’s life style and life quality. More and more consumers hope to access internet with high speed when moving. WLAN has agile ability of moving and its speed of transmission is high enough, so it becomes one of the important techniques in wireless communication of the time. As it is applied constantly abroad, the security problems of WLAN become more and more extrusive and have already turned into a research hotspot. The data in WLAN are transmitted by radio wave of high frequency, so they are easy to suffer wiretapping, and furthermore it is hard to use the physical access control means of wired network in the environment of WLAN. In order to make the security problems not to become the bottleneck of restricting the development of WLAN markets, the IEEE 802.11 promulgated in June of 1997 uses WEP protocol as its encryption mechanism. The aim of WEP is to provide security protection of same level with wired network for WLAN. WEP uses RC4 arithmetic as its kernel encryption arithmetic, and meanwhile it uses CRC to provide checkout. Furthermore WEP provides two kinds of authentication manners. In May of 2001 leaders of 802.11 workgroup established 802.11i task group with the special responsibility of constituting security standard of WLAN. IEEE 802.11i standard was formally promulgated in June of 2004. It is designed with aspects of identity authentication, data encryption and so on, and it includes TKIP protocol, CCMP protocol, 802.1x protocol and so on. In addition, our country put forward WLAN national standard GB15629.11 in May of 2003, introducing completely new security mechanism——WLAN Authentication and Privacy Infrastructure(WAPI).First this dissertation studies the work principium of existent WLAN security standard, including the security mechanism in IEEE 802.11, IEEE 802.11i standard and WAPI standard. We respectively introduce every standard from three aspects such as identity authentication, data encryption and data integrality. According to the security analysis, we explain a series of lacunas existing in the design, and some attack manners which can be possibly aroused by the lacunas. We especially make more detailed analysis of security leak in identity authentication protocol. And then contraposing these security leaks, this dissertation puts forward a kind of new authentication protocol——Wireless Authentication Protocol of Enhanced Security(WAPoES). This protocol carries out identity authentication of double direction, and authenticates AP preventing attack of counterfeiting AP. Meanwhile this protocol carries out secure key negotiation and key affirmance, and the third party can’t get the encryption key. In addition this protocol fully protects the identity information of the consumer. But this protocol needs STA, AP, AS to have necessary ability of calculation. Especially AP and AS need to run calculation of encrypting, deciphering, signing and validating signature for several times. So the holistic efficiency of executing this protocol waits to be improved. In addition this dissertation simply studies the implementation framework of EAP-WAPoES protocol. We respectively present the implementation framework of authenticator module and client module.更多还原