Font Size: a A A

Research And Design Of Authentication Security Infrastructure Of WLAN

Posted on:2007-01-18Degree:DoctorType:Dissertation
Country:ChinaCandidate:H J ZhangFull Text:PDF
GTID:1118360212975803Subject:Computer software and theory
Abstract/Summary:PDF Full Text Request
As its flexibility and convenience, Wireless Local Network (WLAN) is widely used in corporations, offices, airports, hospitals, and at home, or in special environment for dealing with an emergency event. However, opening wireless transmission brings some security vulnerabilities into WLAN, such as data is easily eavesdropped, intercepted and modified, as well as Denial of Sevices and masquerading attacks are easily mounted.In order to solve these security problems, upon analyzing the network features and security need of WLAN, vulnerabilities are summarized and classified. The infrastructures of two main standards - IEEE 802.11i and WAPI - are analyzed systematically and vulnerabilities and shortcomings of them are pointed out, which include inefficient authentication, sources-costly computation and DoS attacks brought up with the design of protocols, which influence the availability of WLAN. In 802.11i, the property of authentication can be lost if configuration is deployed incorrectly and reflection attacks are existed to key negotiation protocol. In WAPI, the STA is not authenticated by AS and the key negotiation protocol is incomplete. Furthermore, DoS attacks are easily amounted in the two standards. In order to solve these problems, some improved schemes and method are proposed that could improve the security, availability and computation efficiency of 802.1 li or WAPI.Upon analysis of the two standards and using one-way hash chains technique, a novel and efficient WLAN authentication infrastructure (EWAI) is proposed and protocol components of it are designed, including initial authentication protocol (IAKN), 3-way key negotiation protocol (3WAY) and group key distribution (GK). The implementation architecture of keys is presented. In IAKN , no signature algorithm is needed, AS authenticates STA in the foremost time using less handshakes and less messages in protocol flows, as well as the mutual authentication of STA, AP and AS and initial key negotiation are completed. Compared with 802.11i and WAPI, the proposed infrastructure EWAI has better security properties (muli-factors entities authentication and defending against DoS effectively) and efficiency. The proposed IAKN protocol is reasoned using BAN logic and its correctness is proved. The proposed another protocol - 3WAY - does not decrease one protocol flow, but also achieves source authenticated and integrity protected for every flow and refreshes keys in a more secure manner.The Protocol Composition Logic (PCL) is introduced and extended, which is used to...
Keywords/Search Tags:WLAN, security, authentication protocol, 802.11i, WAPI, protocol composition logic, hash chain, self-updating
PDF Full Text Request
Related items