The Credibility Of The Wireless Lan Access Architecture And Remote Proof Of Realization

In order to improve the security and dependability of the applications in context of wireless LAN, Access Control technology has been used to control the terminal which requests to access the network. Typical authentication technology is identity verification. This technology is based on the key technology, and combines the security agreement to assure that only terminal which meets specific access control policy can access the network securely. This method just considers the credibility of wireless devices from protocol but no securities, which may allows the wireless terminal that meets the requirements of protocol security but has some threats to access the network and leads some destroy to the whole network. With the emergency and deep research of Trusted Computing technology, new solution to control the wireless terminal that requests to access the WLAN is come out.Through studying the Access Control technology in wireless LAN and Trusted Computing technology, contributions made in this thesis are listed as below.1. A trusted multi-level architecture model for access controlling in wireless environment is proposed. This model requires bidirectional access verification when a terminal requests to access network, which overcomes the limitations of unidirectional verification; The Authentication Verification and Integrity Verification of terminal are introduced also, which improves the intension of access control; The model also improves the flexibility and efficiency by introducing dichotomy access control technology.2. Two remote attestation methods are proposed. Based on the given trusted multi-level architecture model for access controlling, two remote attestation methods are given, which based on the property of terminal and Hidden Credentials technology. Then, the security protocol and authentication process of these remote attestation methods is given in detail. Analysis shows that these two attestation methods improve the privacy and security of existing remote attestation methods, and have good protocol efficiency.3. Remote attestation methods supposed in this thesis has been verified by TPM-Emulator. Using TPM-simulator and VMware software, a prototype platform in Linux operating system is built. Using Glade technology, corresponding graphical interface is designed, and some validation of the theory results presented in this paper is given.