【作者】 康忠毅；

【导师】 胡宁静；

【作者基本信息】 长沙理工大学 ， 计算机应用技术， 2008， 硕士

【摘要】 无线局域网(WLAN)是目前无线网络技术的研究热点之一。由于支持用户高效率、高质量、低成本的移动接入,因此得到了非常广泛的应用,但同时开放的无线传输带来了比有线网络更多的安全问题。因此,确保无线局域网安全是目前迫切需要解决的问题。人们对无线局域网的安全需求主要包括数据的保密性和完整性,双向认证以及可用性等。目前基于802.11标准的无线局域网主要使用WEP机制来确保无线网的数据安全。由于设计时缺乏对安全问题的全面考虑,WEP存在着安全缺陷。随着无线局域网的发展,导致WEP已经无法满足安全需求。为了解决无线局域网安全问题,IEEE提出了改进的安全协议如TKIP协议、802.11i协议及中国的WAPI协议等。本文主要从加强安全认证方面对802.11协议进行研究。首先分析无线局域网的安全特点、安全机制、802.11协议和典型的拓扑结构;其次具体研究WEP协议,并详细分析WEP协议存在的五个主要安全问题:WEP的加密机制、信息认证码CRC、WEP协议的密钥管理、IV重用和身份认证,接下来从安全认证方面深入剖析802.11协议,分析了开放式和共享式认证的安全特性;本文最后重点对802.11i中的基于802.1x协议的身份认证进行研究,并采用Bellare-Rogaway模型分析方法对802.1x协议进行形式化描述;对当今流行的EAP-TLS认证机制进行形式化分析后,指出EAP-TLS协议中存在中间人攻击问题,特此提出一种EAP-TLS认证增强协议,用BAN逻辑证明增强协议的安全性与完整性,同时设计实验表明在目前实验环境下EAP-TLS认证增强协议能有效抵制中间人攻击。更多还原

【Abstract】 The wireless local area network is one of the researches hot of the network technology. It would help people enjoy its high efficiency, high quality and low business cost mobile network services, so it has a very wide range of applications. However, it brings more security issues than wire network because of wireless transmit. There is an urgent need to guarantee security in wireless network.The needs of people on the wireless LAN include data confidentiality and integrity, two-way authentication and availability and so on. At present, most WLAN based on 802.11 standards adopts WEP as security mechanism to guarantee the data security in the WLAN. For lack of taking the security problems into consideration at the time when WEP was designed, some security flaws are left behind in WEP. WEP can’t meet the security need with the rapid development of WLAN. For this point, many improved security protocols were proposed, such as TKIP, 802.11i of IEEE and WAPI protocol of China.This paper mostly studied security mechanism in 802.11 protocols from authentication mechanism. First of all, this paper has carried out analysis of security characters, security mechanism, 802.11 protocol and typical topology network of WLAN. Then we have studied and analyzed in detail the five security problem existing in WEP protocol which include the encryption mechanism, message authentication code, key management, IV reuse and identity authentication. Furthermore, it makes a further exploration on security authentication in the 802.11 protocol, with analysis on the security character of open system authentication and share key authentication. Finally, importance is attached to research on identity authentication based on 802.1x protocol which is completed formalize analysis of in Bellare-Rogaway model. After analyzing popular EAP-TLS authentication mechanism in formalize analysis, an problem of middle man attack is founded, so an improved protocol based on EAP-TLS is proposed and is proved the safety and integrity using BAN logic. At the same time, it is indicated the improved protocol has better security capability in rejecting attack than EAP-TLS protocol through experiment.更多还原