【作者】 兰许昌；

【导师】 殷瑞祥；

【作者基本信息】 华南理工大学 ， 信号与信息处理， 2010， 硕士

【摘要】 无线局域网(Wireless Local Area Networks; WLAN)是指采用无线通信技术的计算机局域网。随着无线通信技术的发展,WLAN技术也得到了飞速的发展。采用WLAN,终端能够实现局域网内的移动通信,摆脱了庞杂的网络连线的束缚,极大地方便了终端用户。但由于采用公共的电磁波作为载体,因此WLAN对越权存取和窃听的行为更不容易防范。不可否认的是,安全问题严重的束缚了WLAN的高速和健康发展。为了解决WLAN的安全问题,各个生产厂商先后推出了多种安全解决办法,使WLAN的安全性得到了一定的保障,但是这些安全机制或多或少都存在着一些缺陷和漏洞,有必要进行更新和改进。本文根据WLAN安全的几个特点和要素,提出了一种新的基于数字签名的WLAN安全机制。本机制很好的解决了无线窃听,身份假冒和纂改数据这三个威胁WLAN安全的重大问题。本机制分为两种模式:1.认证后通信不加密模式:即在CA(Certificate Authority,证书认证机构)的中介下,TER(Terminal,终端)与AP(Access Point,接入点)相互鉴别身份且TER与AP连接成功之后,此后它们间传输的数据不加密。此模式适合安全性要求不高的情况下,比如浏览网页等业务;2.认证后通信非对称加密模式:即在CA的中介下,TER与AP相互鉴别身份且TER与AP连接成功之后,此后它们之间传输数据时用对方的公钥加密。此模式适合安全性要求高的场合。比如网上转帐之类等业务。本机制采用基于RSA公钥体制的数字签名技术和MD5消息散列算法,利用证书来对WLAN系统中的AP和终TER进行认证。同时.定义了一种名为CA的实体,用于管理参与信息交换的各方所需要的证书(包括证书的产生、颁发)。进一步地,为了解决系统中TER并发请求的问题,引进了多级CA的认证机制。整个安全机制提供了认证鉴别,完整性,不可否认性,加密等服务内容,算法成熟可靠,安全性高,实现简单易行。在文章最后,对机制本身和机制采用的各种算法进行了安全性评估,并给出了本机制的一个应用。更多还原

【Abstract】 WLAN (Wireless Local Area Networks) is a computer area network which use wireless communication technology. With the popularization of the wireless communication technology, the technique of WLAN get great development. Which makes us get away from the astriction of the numerous and jumbled network line, and gives us great convenience. However, WLAN’s carrier is the public electromagnetic wave, so they are harder to defending the eavesdropping and unauthorized acess. The WLAN’s security is now seriously slowing down the development the WLAN. Manufacturers have published many WLAN security machanisms to solve the security problem. These machanisms guarantee the security of WLAN in some extend. But they also need to be updated and improved because of their bugs and weaknessesFor some main factor of the WLAN’s security, a new WLAN security mechanism based on digital signature is presented in this paper. This mechanism aims at the WLAN’s three threats: wireless eavesdropping, counterfeiting identity and modifying data. This mechanism included two modes: one was certification but non-encryption mode .In this mode, after connecting successfully between TER(Terminal) and AP(Access Point), they started non-encryption communication; the other one was certification and encryption mode, in this case, they started encryption communication.The mechanism based on RSA public key System and MD5 hash function, and also use the certificate to authenticate the AP and TER in WLAN. Defining a entity which named CA(Certificate Authority). This entity manage the certificate which used for the information exchange (including create, issue, revoke the certificate).The whole mechanism provided many services such as certification and authentication, integrity, availability, non-repudiation, confidentiality and so on. Algorithm is mature, credible and easy to implement. At the last part of this paper, the mechanism and the algorithm’s security performance was evaluated, also the implement schemes under some conditions was presented.更多还原