Countermeasures Of Attacks For IEEE8021x Network Access Authentication Techniques

Nowadays, WLAN mostly based on the standard of the IEEE802.11, however, numerous works indicated that there are some security issues such as lack of mutual authentication and weak key. In view of the current security issues on the WLAN, IEEE802.1x introduce access-control-protocols based on ports to enhance access control and the strength of authentication. But its authentication mechanism is also one-way, and it's easy to suffer Man-In-The-Middle (MITM) Attack, Session Hijacking and denial of service. So it's meaningful to the improvement and application of the WLAN, by develop the authentication method of the IEEE802.1x and offer more powerful security system.Firstly, by introducing the protocol of IEEE802.11, this article analyzed the secure service, weakness of authentication and the flaw of encryption. Then the author presented many problems in IEEE802.1x (Absence of mutual authentication, lack of field of the extended authenticate protocol, the flaw of the authenticate mechanism and the authenticator state machine loose coupling), and discussed MITM Attack, Session Hijacking and denial of service. It is tested that above of attacks can be performed by simulated attack tests.Secondly, to cope with the three kinds of attacks, three solutions are proposed, which include:①Reduce the denial of service by the center manager assisting authenticator server;②Decrease the frequency of MITM Attack by modifying format of response message;③reduce Session Hijacking by rejecting all MAC message for disconnection when the authentication is association.Finally, the results show: the way that copes with denial of service can distribute the resource more reasonable and control the resource consumption in the smallest range; the way that copes with MITM Attack can prevent MITM connection; the way that copes with Session Hijacking can avoid existing Session Hijacking by restricting state machine transfer and perfecting format of the EAPOL frame.The improving solutions remedy the flaw of absence of mutual authentication in IEEE802.1x, design central manager and modify format of the EAPOL frame, etc, and provide a sufficient level of security.