Based On Opnet Wireless Lan Security Authentication Protocol Improvements And Simulation

The combination of computer network and wireless communication technology produces WLAN which approach the network with wireless route and afford the potential ways for communication of mobilization , personalization and the application of multimedia as well as one of the effective ways to access to the wireless broadband. However, the WLAN safety has been a serious problem due to the opening access feature of the wireless communication medium within a limited scope, thus the further development and popular spread would be prohibited if the security problems could not be well solved.Firstly, the dissertation gives some of the details of the systematic structure, service and protocol system of IEEE802.11WLAN and truss the basic BSS structure to simulate experiments. Secondly, it discusses the WLAN safety mechanism and existing security problems, analyze the most common attack approach refusing service attack with simulation, sums up the character of refusing service attack, points out the solution act to the safety problem of WALN refusing service attack , which lay the foundation base for the improvement of system mechanism. Then it studies the extendable approving protocol EAP and points out its flaws. Last it finely discusses approving approach EAP-TLS of the approving layer in WLAN safety layering structure and the RADIUS protocol in approving server.Though EAP-TLS approving is based on customer side STA and mutual attestation of RADIUS attestation server and adopts the secret key of previous issued digital certification, still it doesn't do enough examination to the AP adopted, which will bring somehow security loophole. Meanwhile when AP sending customer side STA information"EAP-success"transported without any protection, this would be easily attacked to halt the communication between the customer side STA and AP, thus causing the following refusing service attack.This thesis improves the foregoing existing problems in 3 aspects:(1) To send all the information communicated between customer side STA and AP side in encrypt mode;(2) To attest mutually the customer side STA and AP side;(3) To add the state confirmation to avoid refusing service attack.Last to simulate experiments and compare to the current IEEE802.1X/EAP-TLS attestation approach clearly showing the advantage of the improved acts in defending DOS attack.