Research Of Security Vulnerabilities Of Wireless Local Area Networks Based On Architecture

As the broadcasting nature of wireless signal and design vulnerabilities ofnetwork protocols and mechanisms in the WLAN, the security problems of WLANhave becoming increasingly prominent. This thesis takes the security assessment ofWLAN as the research goal and processes the vulnerabilities disclosure and securityanalysis of WLAN based on WLAN architecture. This thesis also gives decisionsupports for the WLANs with high security demands. The research achievementsinclude as follows.For PHY and MAC layer, in all-channel jamming, traditional single channeljammer requires times of relative time consuming channel switching. An IEEE802.11g all-channel jammer (ARJ) with alterable jamming radius is proposed. Byadjacent channel interference (ACI), especially non-overlapping channel interference,ARJ had the advantages of realizing all-channel jamming on fixed single channel. TheMarkov chain model of distributed coordination function (DCF) under the channel biterror rate (BER) proves that ARJ could make the throughput efficiency drop to zeroinside the jamming radius. The simulation scenario experiments verify the alterabilityof jamming radius, prove that the jamming radius increases with the growth oftransmission power of jamming signal and with the decrease of channel distance, andgive the definition of jamming radius. The real experiments further verify thecorrectness of ARJ design, and discuss the set of jamming frequency and influence ofother factors to jamming radius.For key management layer, to overcome the limitations of existing brute forcecracking method of WPA/WPA2-PSK based on single core CPU, a new crackingmethod called DMCG (distributed multi-core CPU and GPU parallel cracking method)is proposed. Multiple computing cores that are made up of multi-core CPU and GPUon multiple PCs crack in parallel. Colored Petri Nets (CPN) is used to prove that4-way handshake protocol has reachable unsecure state and brute forcer could cracksuccessfully. An improved Amdahl’s law is proposed, by which the upper bound ofcracking speedup of DMCG is analyzed. Aiming to the DMCG expansion of cloudcomputing based on GPU, Dandelion Computing Model (DCM) is also presented andapplicable to different types of supercomputer centers. Experimental results show thatDMCG improves the cracking speed of WPA/WPA2-PSK by3or4orders of magnitude. Analysis of the influences of the graphics card parameters on the crackingspeed is also processed, and the decision support for choosing graphics card inDMCG based on Analytic Hierarchy Process (AHP) is provided.For authentication layer, aiming to various attacks to Extensible AuthenticationProtocol (EAP) based on IEEE802.1X such as downgrading attack andman-in-the-middle attack, the informal analysis is processed and improvingsuggestions are proposed. CPN is used to prove that the WPS protocol has reachableunsecure state and brute forcer could crack successfully. It is proved that whenjammer exists, under setting retry times of connection authentication to be three times,the original protocol could be completely breached and the success breach probabilityof improved protocol is only about3/108. In the WAPI, the current known attackmethods against WAI and the improvement of WAI called WAI’ are analyzed.Through analyzing the unicast key agreement protocol in the WAI’ by CPN, theweakness of WAI’ is found out and the improvement, a new protocol, called WAI’-E isproposed. Using CK model, it is proved that WAI’-E is SK-secure with perfect forwardsecrecy (PFS) and is provided with independent security of certificate authentication.