The Research Of Security Mechanism For Wireless Local Area Network

The security threat that Wireless Local Area Network facing may sum up as the initiative attack and the passive attack. The initiative attack includes: information distortion, the status camouflage, Denial of Service and replaying attack and so on; the passive attack mainly refers to the network interception.In order to strengthen the network security, the IEEE 802.11 wireless local area network uses wired equivalent confidentiality agreement——WEP as the security kernel mechanisms generally, guarantees the data in the transmission process confidentiality and the integrity. Through deep research to the WEP agreement, this paper summarized the three aspects questions of WEP in the authentication, the data encryption and the data integrity verifies: 1) authenticates ineffectivity; 2) the key reuse, the weak key and the key management problems; 3) completeness checking loophole. Aiming at the key reuse problem, this paper proposes two kinds of plans to avoid encrypting key conflict through increased the initial vector IV length and the continuous revision shared system key. Paper not only elaborates WEP optimized scheme exhaustively, but also design the experiment plan, monitors and analyzes the encryption data stream with the aid of the AirSnort software package, and gained the key stream reuse information.The paper has also conducted the deep research to WEP optimized standard WPA. The research discoveries that although WPA uses IEEE802.1x based on port's access control and the access control based on certificate bidirectional upper formation authentication mechanism EAP-TLS to strengthen the authentication intensity. But, for the self problems of the network and the authentication, the authentication process is easy to suffer the Man-In-The-Middle(MITM) Attack and Denial of Service(DoS).Through the analysis and the research to EAP-TLS authentication process, this paper proposes the EAP-TLS authentication optimized scheme: 1) through the encrypting protection to the special management frame, the transmission security of management frame can be guaranted; 2) Through the contrast to management frame comparative table, the management frame without encryption can be discarded so as to prevent the aggressor to implement the MITM and DoS by using the management frame effectively; 3) For DoS, establishment response message marking and the response priority method are carries on to process controlling; 4) By the establishment of news examination server, DoS by using massive useless news can be defended. Aiming at the optimized scheme, relevant design and the performance analysis are processed simultaneously.