Analysis And Improvement On Limitation Of IEEE802.1x Based Safety Certification Protocol

As the widespread application of wireless LAN, LAN security becomes a hot issue in computer networks area. Because of the openness of wireless networks, unlike wired networks which have fixed physical location, security protection of wireless networks is more difficult than wired networks. To insure the security of wireless LAN, two aspects are mainly taken into account: on the one hand strengthen the authentication technology, on the other hand strengthen the encryption techniques of transmitted data. Authentication protocol IEEE802.1x comes up right under this background, and play irreplaceable role now. But because of some flaws in design, IEEE802.1x protocol still has hidden defects like suffer Man-in-the-middle attacks or Session Hijack. This thesis put up discuss and research mainly from the aspect strengthen IEEE802.1x authentication, and combines EAP-TLS authentication together to insure the security of wireless networks.This thesis bases on summarizing former research on wireless LAN security, analyses and discuss how to strengthen wireless LAN security by strengthening IEEE802.1x protocol security in details, propose a improved authentication project-SDVIA (Source Data Verity and Integrity Authentication) from the point of view data integrity protection. The improved protocol makes up these two flaws Man-in-the-middle-attacks and Session Hijack, and makes up the flaw that lack of DoS protection greatly.First of all, this thesis gives a summarize and makes a orientation about research range, introduces the structure of wireless LAN, standard of wireless networks protocol IEEE802.11 , some security authentication technology of wireless networks in common use and research status in security authentication protocol. Hen, starts with wireless LAN principle, goes deep into physical layer, MAC layer and link layer, analyses wireless networks security and points out its main flaws and research route. Thirdly makes concentrated introduction about IEEE802.1x authentication protocol, analyses port-control-based cut-over principle and authentication process of EAP-TLS, also summarize former research production on security authentication, analyses kinds of security menaces exist in IEEE802.1x protocol, and proposes own improvement thought based on former research. In the end, makes module analysis and code practice aimed at EAP-TLS authentication of IEEE802.1x.This thesis is supported by National Natural Science Foundation of China (60672137,60773411) and the PH.D.Programs Foundation of Ministry of Education of China(20060497015) and Science and Technology Key Projects of Hubei Province (2007AA101C63).