The Research And Enhancement Of Key Exchange And Authentication Schema For Wireless LANs

With the rapid development of network technology, Wireless LAN is greatly applied in more and more fields, how to protect the security of the WLAN is becoming the important research topic at present. Meanwhile, Key Exchange and Mutual Authentication mechanism are the main content of protocol, in order to resolve the problems in wireless protocol standard 802.11 and 802.1X, the thesis mainly analyzes how to implement the Key Exchange and Mutual Authentication more efficiently in wireless LAN.By analyzing the security mechanism of Wire Equivalent Privacy(WEP) protocol, this thesis indicates that WEP can not provide the confidentiality and data integrity because of IVs reuse and linear CRC-32 checksum system, and also indicates that there is Man-In-Middle attack and Replay Attack by shared key authentication. In order to solve the flaws, the thesis provide a Variable Key Exchange Protocol(VKEP), the protocol achieves the mutual authentication and key distribution between the Supplicant and AP. In order to avoid the flaw of key reuse because of IVs used up in WEP, VKEP does not use IVs, and use the One- way HASH function MD5 instead of lined CRC-32 to assure the data integrity. During the session, we can refresh the shared materials safely, the shared elements are protected by the similar key exchange procedure.Moreover, by analyzing the IEEE802.1X's authentication mechanism, the thesis indicates the adversary can launch session hijack attack because of absence of mutual authentication between supplicant and AP. The thesis provides an improved schema for 802.1X by use the RADIUS to achieve the mutual authentication between the Supplicant and AP, and analyzes the security of this schema in theory compared with the 802.1X. The schema can efficiently solve the mutual authentication between supplicant and AP.According to the design of the VKEP, the thesis analyzes the security performance of the protocol from four aspects: data confidentiality, data integrity, mutual authentication and key refreshment, and also compares the VKEP protocol with WEP protocol. We also have a simulation about the algorithm used in the protocols. From the result, VKEP can settle the main problem of mutual authentication, and key distribution, VKEP can also defend the Man-In-Middle attack and replay attack because of IVs use up.