| WLAN is easier to be attacked than the wired network because it uses the radio to deliver data over the air, so the safety problem in WLAN is also more noticeable outstanding than the wired network. The original safety solution does not guarantee the safety of WLAN well and there are too many defects, so it can not be used in the situation where safety is exigent and it blocks the development and large-scale use of WLAN. The safety problem is becoming more and more rigorous. Therefore, the IEEE organization passed the 802.11i drafted plan in June, 2004, putting forward the concept of Robust Security Network, which contains Access control, key management, strong data encryption etc.In the IEEE 802.11i, the creation and distribution of the keys is achieved by the four handshake protocol, in which the attacker can easily break off the process, and even worse, maybe reauthentication is needed. This paper aims to solve the DoS attack in the four handshakes, and proposes several ways, then gives the comparison between them, among which, the Random-selected Queue and Pseudo Random Numbers are better than others. The obligatory of the RSN data encryption CCMP is AES with Counter Mode, and it is CBC-MAC which is used to check the data integrity. But, it is vulnerable to TMTO attack, and in this paper, the reason is discussed, that is the pre-computation of the initial counter value when using the counter mode because the pre-computation of the Nonce. So the paper gives the suggestion and solution, that is, using a random number when constructing the nonce, and use larger key that is used to encrypt data.Although the AES supports three different kinds of key length, the CCMP uses 128 as the key length when encrypting. So if we want the longer key supported, we must redesign the detail way of encryption, which is the work in the future. |
