| In wireless network environment, when STA move into the coverage of accesspoint AP, the initial access authentication will be conducted for network connection. Theexisting security standard IEEE802.11i and802.11r can meet the demand in most cases,but in some special scenarios, for instance: a large number of users simultaneouslyentering one ESS, users still want to connect to WLAN although they just spend a verysmall dwell time in coverage area of one ESS, etc. AS the existing access authenticationschemes require too many rounds of messages, making the certification processesconsume too much time, STA could not give full play to the ability of the WLANsystems. In response to these problems, we made the following two aspects of work:(1) Proposed a new access authentication method, which could omit the EAPauthentication and the4-way handshake processes in the existing technologies, onlyrequire three authentication messages to complete authentication and key distributionprocess, the number of messages could be significantly reduced, yet replay attacks couldbe prevented by current counter value. It is compatible with the802.11i and802.11rprocess, can achieve fast and secure initial access authentication in WLAN, shorten thetime required for authentication, and also reduce implementation complexity. Theproposed protocol was implemented and deployed to the actual wireless environment,then made tests and analysis, the results shows that the new protocol could greatlyincrease the performance of the initial access compared with the existing standards.(2) Proposed a system framework for fast initial link setup, the EAP authenticationprocess and key distribution process could properly be carried out simultaneously, theprocesses of mutual authentications between AS and STA,AP and STA, key distribution,distribution of AID, and IP address assignment could be completed in five steps. Theframework is compatible with the existing variety of authentication methods and hasbetter flexibility and scalability, the original authentication method could be usedwithout any modification.And the framework removed the processes of the open systemauthentication, association and4-way handshake and so on, integrated them and EAPauthentication into a unified process, which could greatly reducing the number ofmessaged exchanged, and accelerate the process of terminal accessing the network. |
PDF Full Text Request