Analysis And Amelioration Of Security Strategy In WLAN

Rapid development of wireless communication and internet technique brings enormous changes to the people's life style and life quality. More and more consumers hope to access internet with high speed when moving. WLAN has agile ability of moving and its speed of transmission is high enough, so it becomes one of the important techniques in wireless communication of the time. As it is applied constantly abroad, the security problems of WLAN become more and more extrusive and have already turned into a research hotspot. The data in WLAN are transmitted by radio wave of high frequency, so they are easy to suffer wiretapping, and furthermore it is hard to use the physical access control means of wired network in the environment of WLAN. In order to make the security problems not to become the bottleneck of restricting the development of WLAN markets, the IEEE 802.11 promulgated in June of 1997 uses WEP protocol as its encryption mechanism. The aim of WEP is to provide security protection of same level with wired network for WLAN. WEP uses RC4 arithmetic as its kernel encryption arithmetic, and meanwhile it uses CRC to provide checkout. Furthermore WEP provides two kinds of authentication manners. In May of 2001 leaders of 802.11 workgroup established 802.11i task group with the special responsibility of constituting security standard of WLAN. IEEE 802.11i standard was formally promulgated in June of 2004. It is designed with aspects of identity authentication, data encryption and so on, and it includes TKIP protocol, CCMP protocol, 802.1x protocol and so on. In addition, our country put forward WLAN national standard GB15629.11 in May of 2003, introducing completely new security mechanism——WLAN Authentication and Privacy Infrastructure(WAPI).First this dissertation studies the work principium of existent WLAN security standard, including the security mechanism in IEEE 802.11, IEEE 802.11i standard and WAPI standard. We respectively introduce every standard from three aspects such as identity authentication, data encryption and data integrality. According to the security analysis, we explain a series of lacunas existing in the design, and some attack manners which can be possibly aroused by the lacunas. We especially make more detailed analysis of security leak in identity authentication protocol. And then contraposing these security leaks, this dissertation puts forward a kind of new authentication protocol——Wireless Authentication Protocol of Enhanced Security(WAPoES). This protocol carries out identity authentication of double direction, and authenticates AP preventing attack of counterfeiting AP. Meanwhile this protocol carries out secure key negotiation and key affirmance, and the third party can't get the encryption key. In addition this protocol fully protects the identity information of the consumer. But this protocol needs STA, AP, AS to have necessary ability of calculation. Especially AP and AS need to run calculation of encrypting, deciphering, signing and validating signature for several times. So the holistic efficiency of executing this protocol waits to be improved. In addition this dissertation simply studies the implementation framework of EAP-WAPoES protocol. We respectively present the implementation framework of authenticator module and client module.