【作者】 刘祥芝；

【导师】 杨士中；

【作者基本信息】 重庆大学 ， 通信与信息系统， 2007， 硕士

【摘要】 随着计算机网络的迅速发展,无线局域网WLAN因其有灵活的移动能力和足够高的传输速率而被人们越来越广泛地应用在各个领域。由于无线局域网采用无线媒体传输,具有信道开放的特点,故对它的安全要求比有线环境更高。随着无线网络的迅速,人们对无线局域网的安全性提出了更高的要求。目前IEEE802.11无线局域网暴露出了一系列安全问题。在认证方面,802.11无线局域网采用的几种认证方式都存在安全漏洞:开放式认证是一个空认证,起不到安全保护作用;共享密钥认证也存在缺陷;对于基于ESSID的认证,由于ESSID被以明文形式广播,所以基于网络名的认证技术也不能防止非授权用户对受保护网络的非法访问;由于伪造合法MAC地址等原因使得基于MAC地址过滤的认证技术也不能保证无线局域网的安全。在数据加密方面,当前市面上的WLAN都采用有线等价保密协议WEP来实现对数据的加密和完整性保护,但由于该协议采用RC4加密算法,使得WEP存在一些漏洞,不能确保数据的安全性和完整性。WEP协议设计上的缺陷引起了IEEE的重视,它委托802.11i任务组制定新的标准来加强WLAN的安全性。于是于2004年6月IEEE推出了新的802.11i标准。802.11i标准主要是针对WLAN的安全需求而制定的,它从数据加密、接入认证控制和密钥管理等方面对WLAN的安全做了全面的保护,使得数据能够安全地在无线网络中传输。在数据加密方面,802.11i采用了TKIP或CCMP加密机制;在接入认证方面,802.11i采用了802.11x标准和EAP协议及RADIUS协议;在密钥管理上,802.11i采用了四次握手协议和组播密钥握手协议,可以说802.11i标准从各个方面加强了WLAN的安全性能,到目前为止并没有发现其安全漏洞。论文最后分析了3G移动网与WLAN互通系统的安全威胁、安全需求和安全机制。分析了3G系统的安全机制,对3G系统与WLAN系统互联之间的接入认证进行了详细的分析。本文对现有的无线局域网中的安全技术作了深入细致的分析,针对当前无线局域网所面临的问题,特别是在国内外有重要影响的安全技术进行了深入的研究,也对3G移动网与WLAN的互联安全进行了一定的探索。更多还原

【Abstract】 With the rapid development of computer network, WLAN was applied to various fields widely for its flexible removing and high transmitting rate. WLAN is wireless media transmitting with open channel, therefore it has higher security requirement than that with wire. The security of WLAN is more highly demanded due to its rapid development.At present a series of security problems of IEEE802.11 was uncovered. There are security leaks in existence by several authentication methods: open authentication is a useless one, which can not protect the network; the sharing key authentication is also far from perfect; as for the authentication based on ESSID, which was proclaimed in writing, therefore illegal accessing can also access to the protected network and it can not be prohibited by the authentication technology on basis of network names; the authentication technology which based on MAC address filtration can not guarantee the security of WLAN due to faking illegal MAC address. The WLAN in market mostly realized data encrypted and integral protected by wire equivalence secrecy protocol WEP, which adopted RC4 encrypting algorithm, can not guarantee the security and integrality of data. The shortcomings of WEP protocol in design attracted the attention of IEEE, and 802.11i group was assigned to set new standard to enforce the security of WLAN. Therefore a new standard was put forwarded by IEEE in Jule, 2004.802.11i standard was aimed at meeting the requirement of WLAN security, and it generally protect WLAN security by encrypting data, accessing authentication control and key management, which enabled data transmit in wireless network safely. 802.11i adopted TKIP or CCMP encrypting mechanism; and 802.11x standard and EAP protocol as well as RADIUS protocol was applied in it also. 802.11i standard adopted the 4th handshaking protocol and multicast key handshaking protocol to realize key management. It’s safe to say that 802.11i standard enforced the security of WLAN from every aspect, and there is no security leak was found until now.In the last part of this thesis, the security threats, the security requirements and mechanism of systemic exchange between 3G mobile network and WLAN was particularly analyzed as well as the security mechanism of 3G systems, and the accessing authentication interconnection between 3G system and WLAN system was analyzed in details. In this thesis, the security technology of present WLAN was analyzed deeply which aimed at solving the problems of WLAN at present, especially security technology that had great influence at home and abroad, there is also a new approach which probes into the security of interconnection of 3G mobile network and WLAN as well.更多还原