E-cert In The Wlan Security Protocol Research

WLAN(Wireless Local Area Network), a typical solution for wireless broadband access, has been applied in many fields for its distinguished advantages such as:supportmg mobile calculation.flexible and fast deployment,relatively low-cost maintenance and good scalability etc. However,the security of WLAN has become the main bottleneck of its development for its special nature and the flaws in IEEE 802.11.In order to solve the WLAN security issues,China National Standard GB15629.il introduces an innovative security scheme WAPI (WLAN Authentication and Privacy Infrastructure) for 802.11 WLANs.WAPI consists of two parts: WAI (WLAN Authentication Infrastructure) and WPI (WLAN Privacy Infrastructure) ,which addresses the user authentication and data privacy respectively.WAI ,built over the 802.11 association is the basis of WAPI.A authentication service system named ASU (Authentication Service Unit) is the most important component of WAI .The main function of ASU is to implement the user certificates management and user identity authentication.Relying on the PKI (Public Key Infrastructure) services provided by ASU,WAI realizes key management and the mutual authentication between STA and AP based on digital certificates.This project studies in details the application of digital certificates in WLAN security protocols and makes an analysis and comparison between the authentication system in WAPI and IEEE 802.11i.On the basis of that,our project achieves two achievements (1)we design and realize a ASU authentication service system for WAPI implementations in small and medium enterprise.The ASU system provides a whole solution for digital certificates application for it not only provides a full-functioned CA but also an efficient online certificates authentication system.(2)we analyze several proposed certificate revocation schemes for ad hoc networks and present an certificate revocation scheme based on one-way hash function.Instead of signing/verifying the certificate revocation messages in traditional scheme, our scheme realizes the publishing of certificate status through constructing hash chains of 160-bits revocation proofs or validity proofs and publishing the values of the hash chains inversely.For sign/verify operations require much higher computation cost and waste much more time than hashing,Our scheme has such advantages as high efficiency,reduced bandwidth utilization,low computional cost etc,so it is very suitable for ad hoc networks.