【作者】 宋见；

【导师】 赵保华；

【作者基本信息】 中国科学技术大学 ， 计算机软件与理论， 2009， 硕士

【摘要】 无线局域网WLAN(Wireless Local Area Network)由于传输介质的公开性,不但会受到与有线网络相同的针对TCP/IP协议漏洞的攻击,而且还会受到针对802.11协议标准的特殊威胁,安全性受到了严重的挑战,需要安全分析与检测系统进行管理。目前针对WLAN的安全分析与检测系统,大都采用基于入侵检测的被动分析技术。与传统被动分析技术相比,基于协议测试的主动分析技术对WLAN有较好的安全防护能力。作为WLAN安全分析与检测系统的一部分,WLAN安全分析终端如何设计实现成为本文研究的主要工作。本文首先简要阐述了目前国内外WLAN安全的研究现状,介绍了WLAN的基本概念、安全技术和安全隐患。然后重点进行了以下三部分研究:1. WLAN安全分析终端的功能需求通过对WLAN主动和被动安全分析技术进行研究,得出WLAN主动安全分析技术的方法与执行过程。根据终端的部署结构图,设计出终端的具体功能需求,包括脚本交互管理、脚本执行能力、报文统计分析、报文处理和设备接口等几部份。2.实现了WLAN安全分析终端的平台构建终端采用PowerPC(mpc8270)处理器搭建硬件平台,嵌入式Linux系统为软件平台。射频模块采用芯片组型号为AR5212的PCI接口的无线网卡(TL-WN651G),该系列网卡采用madwifi系列驱动,对软件后续设计提供了支持。3.实现了WLAN安全分析终端的软件设计终端软件设计采用了三层结构,将软件分为系统层、测试命令支撑库层和应用程序层。测试支撑命令库提供了主控节点与终端的命令和脚本解析支持。通过扩展命令支撑库,使得程序具有了具有很好的扩展性。系统层的网络适配器模块通过加载madwifi库提供直接面向硬件驱动层的访问接口。应用程序层包括连接控制协议模块、执行控制模块和命令解释器模块。更多还原

【Abstract】 For the inherent characters of the wireless channel, The WLAN is not only threatened by the vulnerabilities of the TCP/IP protocol, but also by the weakness of the 802.11 protocol. It results serious challenges on security issues.The WLAN needs a security analysis system.So far, most security analysis systems are based on the intrusion detection. Compared with the intrusion detection, the active analysis methods based on testing of protocols are more safe for the WLAN. As a part of the WLAN security analysis system.,this paper focuses on the Design and implementation of the security analysis terminal of the WLANIn the paper, the research of the security of WLAN are addressed, including the Basic concepts, security technology and threats. At last, the paper emphasizes on research of the following three-parts1. The functional requirements for the terminalThis paper researchs how the active and passive analysis methods process. According to the deployment structure of the terminal, we design the funcitional requirements for the terminal. Including the interaction management and the implementation of the scripts、the statistical analysis and processing of the packets of WLAN and interfaces of devices etc.2. The implementation of the platform of the security analysis terminal Based on the PowerPC and the embedded Linux operation system, we design and implement the platform of the security analysis terminal. We use the TL-WN651G wireless network adapter as the RF module. It uses the madwifi as the software drivers and provides support for the following design3. The design and implementation of the software for the terminal The software of the terminal are divided into threee layers,including the system layer、the command library layer and the application layer. The command library provides supports for the command and script interpreting between terminals and sever. By extending the command library, it enhances the extendability of the software for the terminal. By loading the madwifi library, the network adapter module of the system layer provides the access interface that directly orients the hardware-driven layer. The application layer includes the connection control module, excution control module and command interpreter module.更多还原