【作者】 葛学锋；

【导师】 金心宇；

【作者基本信息】 浙江大学 ， 电子科学与技术， 2008， 硕士

【摘要】 随着移动通信和互联网的迅速发展,无线局域网所面临的安全问题日趋严重。传统安全机制存在着大量的缺陷和漏洞,难以满足WLAN的高安全性需求。IPSec做为一种网络层的安全技术,能在WLAN网络上使用隧道技术和加密技术创建安全的专用通道,为WLAN中数据的快速安全传输提供保护。目前基于IPSec的WLAN安全系统中大多存在着网络效率低、安全性不高等问题,其主要原因是加密算法安全性不强,协议冗余及加密手段单一等。此类问题可通过增加密钥长度来解决,但这无疑会使加密算法的复杂度和处理时间显著增长,非常不适合WLAN这样资源受限的安全环境。针对这些问题,本文提出一种基于ECC和IPSec的无线局域网安全方案,其特点是在IPSec中用椭圆曲线密钥交换（ECDH）和椭圆曲线数字签名（ESDSA）建立起安全隧道,这样系统在具备了高安全性、低带宽特点的同时,也可灵活的扩展以适应于不同的WLAN安全环境。论文在研究ECC等加密算法和IPSec安全机制之后,先对椭圆曲线密码系统中主要的操作点乘算法做了设计,加快了G(F^2m)域上的运算速度。在此基础上,根据WLAN安全具体应用需求,给出基于ECC与IPSec的WLAN安全系统的系统架构和功能结构,对系统中关键模块理论做了介绍,系统在IKE的两个阶段中使用ECC进行身份鉴别和密钥协商,提高了系统的安全性和处理速度。论文最后阐述了系统主要模块的实现,说明系统的测试方案和测试部署,为系统的应用提供测试依据,测试结果表明,系统WLAN的安全性和效率均得了提高,具有良好的安全性和可靠性。更多还原

【Abstract】 With the rapid development of mobile communication and Internet, the security problem that the WLAN faces is becoming more serious. The traditional safe mechanism has a large number of defects and loophole, which is difficult to meet high security requirement of WLAN. IPSec, as the safe practice of a kind of Internet, can use technology of the tunnel and encryption to establish the safe VPN in WLAN which offers protection for transmitting data fast and safely in WLAN.The security system of WLAN, which based on IPSec, has low network efficiency and security problem. The main reason of that is their redundant agreement and the system encryption method sole algorithm security is not strong. This kind of problem can solve by increasing key length, but this can notably increase complexity to encrypt algorithm and punish time undoubtedly, which not very fit for the limited security environment of WLAN. Because of this, this text proposes a kind of WLAN safe scheme based on ECC and IPSec framework. The main characteristic of that is to use ECDH and ESDSA to set up safe tunnel among IPSec, so the system can not only possess high security, low bandwidth characteristic, but can also expand flexiblely, in order to adapt to different WLAN safe environments . After studying ECC, etc. encrypting algorithms and IPSec, the thesis has improvied to the ECC algorithm which accelerated the operation pace on the land and finished the application of the algorithm to design. On this basis, the thesis provides system framework and function structure based on WLAN security system of ECC and IPSec according to the demand specifically safely of WLAN. which use ECC to carry on identity distinguish with the key consulting among two period of stage in IKE and have improved systematic security and processing speeds. The thesis finally explain the realization of main module of the system and the systematic test scheme and test that disposes and offer basis of testing for application of system. The result of the test indicates that systematic security and efficiency of WLAN which have good security and dependability have raised.更多还原