A WLAN Security Mechanism Based On Digital Signature

WLAN is a computer local area network which use wirless transmission medium to transfer the data. With the popularization of the wireless application, the technique of WLAN get great development. We can get away from the astriction of the numerous and jumbled network line. We also can greatly improve the efficiency of office work by use wireless LAN. But WLAN's carrier is the public electromagnetic wave, so defend the eavesdropping and unauthorized acess are harder. The WLAN's security is now seriously slowing down the deveolpment speed of the WLAN. Manufacturers have published many WLAN security machanisms to solve the security problem. These machanisms guarantee the security of WLAN in some extend.But they also need to be updated and improved because of their bugs and weaknesses.For the main factor of the WLAN's security, a new WLAN Security Mechanism based on digital signature is presented in this paper.This mechanism aims at the WLAN's three threats: wireless eavesdropping, counterfeiting identity and modifying data. This mechanism was divided into two modules: certification , authentication mechanism and encryption mechanism. Certification and Authentication mechanism use digital signature based on RSA public key system and MD5 hash function, and also use the certificate to authenticate the AP and STA in WLAN. Defining a entity which named ASU( Authentication Service Unit). This entity manage the certificate which used for the imformation exchange (including creat, issue, revoke and update the certificate). The certificate includes the public key and digital signature ofASU.The certificate also includes the public key and digital signature of thecertificate's onwer.This certificate is the digital ID credential of the networkequipment.Encryption mechanism use session key to distribute the scheme based on public keysystem and the Blowfish block cipher. The session key distribute scheme is used forthe session key exchange between AP and STA. And the Blowfish is the encryptionalgorithm for session.The Whole mechanism provided many services such as certification and authentication ,integrity,availability, non-repudiation, confidentiality and so on. Algorithm is mature, credible and easy to implement. At the last part of this paper, the mechanism and the algorithm's secuirty performance was evaluated .Also the implement schemes under different conditions was presented.