The Research And Implementation Of WLAN Security Authentication And Roaming Based On 802.1x/EAPoW

People have broken away from the bondage of cable with the development of wireless LAN, but there are some disadvantages of Wired Equivalent Privacy (WEP) in IEEE 802.11, and besides, WLAN signal is open, all of these make WLAN security becoming urgent. As VPN solution needs additional hardware, and stronger encrpytion techniques may bring high cost or incompatibility, so IEEE workgroup promulgate 802.1x protocol to solve identity authentication and key management.Furthermore, there is no explicit solution for roam mechanism in IEEE 802.11. At present, Mobile IP technique has been widely considered as the best network layer solution for realizing mobility in IP networks. The Mobile IP integration in WLAN that combines mobility with security will offer WLAN users better service.On the background above, this thesis designs and realizes uniform identity authentication scheme based on IEEE 802.1x/EAPoW, and introduces Mobile IP to support roaming. The thesis specific research and implementation includes:Analyzing the framework and processing of IEEE 802.1x. To a great depth, giving the analysis to the theory and the detail interaction among the client, AP and the authentication server focusing on the implementation of the client under WIN 32 and the server under Linux.Designing and realizing EAP-MD5 authentication to provide unilateralism authentication between client and the authetication server. Affirming its advantage and pointing out its shortage.Designing and realizing EAP-TLS authentication to provide bidirectional authentication. During the process, installing freeRADIUS and creating necessary certificates. Also discussing security of this method and giving improving suggestions.Introducing Mobile IP to support roaming. Giving the detailed analysis to the principles of Mobile IP, especially focusing on the regional registration mechanism and giving improving suggestions. Designing the fast regional registration scheme with multi-tier foreign agent framework.Testing to the implemented authentication system, giving out test data, anylysis and conclusion with results that the system works well and is capable of secure identity authentication based on port under WLAN.