| Because of convenient deployment,low cost,quick speed,good stability and many other advantages,WLAN has been developed rapidly and applied widely under the promotion of the organization of Wi-Fi,since the promulgation of IEEE802.11b standard in 1999.However, because of WLAN using electromagnetic waves in the air to send and receive data,data dissemination is difficult to control,WLAN is faced with more severe security problems than the wired network.Security issues impact WLAN on entering the core of the stage of informationization and playing a greater role in E-commerce,E-government,industry applications and enterprise informationization.Therefore,the study of WLAN's security mechanisms and enhancing the security performance of WLAN is significant to the development of WLAN.The identity authentication is the first step to achieve security.In this thesis,WLAN authentication mechanism is the research object.The first part introduces the origin,implementation technology,work patterns and related standards of the WLAN first and analyzes the advantages and disadvantages of WLAN.Then,it studies on the current WLAN authentication mechanisms,including the SSID,MAC address filtering,WEP, 802.1x and WAI deeply,points out the problems among them.The second part studies 802.1x-based authentication mechanism in detail,analyzes IEEE802.1x,EAP and RADIUS protocols' implementation process,packet structure and characteristics,analyzes and compares the EAP authentication methods including MD5,TLS, LEAP,PEAP and TTLS.TLS is the most secure authentication method according to the analysis result,but it's deployment is higher cost.PEAP authentication protocol has obvious superiority comparing with other methods at flexibility,compatibility,stability,and easy deployment.It is very suitable for SMEs and campus network.The third part builds a wireless campus network authentication system based on IEEE802.1 x/EAP-PEAP,which is on the basis of theoretical research in the first few chapters. Authentication system uses Linux as operating system,uses the famous open-source software FreeRADIUS as the RADIUS server,uses PEAP authentication protocol,uses OpenSSL to generate and manage digital certificate and uses MySQL database to store users' message.The thesis design and develops a 802.1x client authentication program,the certification program covers all the complex with a friendly user interface.Finally,the thesis analyzes the PEAP protocol's implementation process in detail and points out it's disadvantages,that is,it suffers middleman attack easily.Subsequently,it raises several feasible solutions and introduces a client-server authentication program's implementation process in detail. |
PDF Full Text Request