| Presently, the main approach used to provide data security of 802.11 Wireless Product's transferring is WEP security mechanism. While fatal security problems exist in the original WEP, and these problems become more and more serious and make WEP unable to keep up with the current security requirements. For this point, several improved security protocols are proposed, such as 802.11i proposed by IEEE and WAPI proposed by China.But there are still some defects in these protocols. 802.11i has the authentication trouble for it adapts 802.1x authentication method while Chinese WAPI is not carried out in China for the opposite of foreign companies. And the security of WLAN is need protecting in different layers, not only in data link layer. IPSec, the security protocol of internet layer, can provide confidentiality ,integrity, Data source authentication, anti-replay attack, making up the defect of WEP. So it is important to research security products like IPSec Gateway, which can provide the security service in internet layer, enhance the security of WLAN, and has a great of application value.Firstly, This paper analyzes the defects of WEP and 802.11i, then it aims at further research on Virtual Private Net(VPN), a currently popular information security technique based on the IP Security protocol architecture (IPsec), and its implementation in Linux ? Embedded Linux and embedded VPN gateway based on x86 and FreeS/WAN are constructed and VPN gateway's function and performance are tested. The research work mentioned in this paper is mainly about:(1)Fatal security problems exist in the original WEP is analyzed, the authentication, key exchange, confidentiality mechanism of wireless security protocols like 802.11i and WAPI are studies deeply. (2) Research on IPSec architectureThe architecture of IPSec is analyzed, and after comparing with WLAN security protocols, a project based on IPSec VPN is proposed, which can make up the defects of 802.11 WLAN.(3) Implementation of IPsec protocolDetailed analyses on an implementation of IPsec based on Linux-FreeS/WAN, including its structure and components; And its setup scripts and configuration files are described in detail.(4) Construction and test of VPN gatewaysBased on the further research on Linux and FreeS/WAN, detailed descriptions on VPN gateway construction are provided, including hardware system configurations, embedded Linux construction, and configurations of FreeS/WAN. And tests on the VPN gateways are performed, including function test and performance test. The test shows the project based on IPSec VPN proposed in the article can enhance the security of WLAN.
|
PDF Full Text Request