| 802.11WLANs are used more and more broadly and deeply, due to their benefits of wide applicability, easy to deploy, convenient to use, and low total cost.The related technologies grow more and more quickly. Wireless network is very different from wired network due to its adoption of open medium, which makes it more exposed to threats. Security factors greatly affects people’s decisions of choosing WLAN products or not. Wireless network users’ access control and the safe communication of wireless side become very sensitive security themes, which greatly arouse researchers’interest and are just the research topics of this paper.With802.1X published, WLAN’s authentication can depends on backend authentication server to control the wireless users’access.It provides security certificate based on users’ identity and also provides reliable key management mechanism.This paper firstly analysed WLAN’s security threats from intergrity, secrecy, and availability based on WLAN’s security definition. Following that WLAN’s security solution was discussed with an emphasis of802.1X, after introducing the knowledge of802.11’s identity authentication, access control and data encryption technology. The most latest version of802.1X,802.1X-2010, was also introduced here. RADIUS’S evolution to adapt to EAP authentication method was also pointed out.Afterwards, on basis of theory analysis and giving considerations of application demand, an admission control system model of WLAN was illustrated from aspects of system topoloty, framework, authentication process and function modules.Then, the paper gave the realization of authenticator system based on HostAP, making the focus of this paper.This may make some sense for reference of improving AP’s performance.This part gave details on the realization of authenticator PAE state machine, backend authentication state machine, key management state machine and so on. After that an experiment platform was built through installation and configuration of FreeRadius, OpenSSL, MySql, and then EAP-TLS dual authentication based on PKI was tested followed by other experiments on our realized authenticator system.The results showed that our authenticator system could communicate with the station and authentication server normally; still, functions of authentication,key management and authentication data’s secrecy were realized.At last, according to the proposed admission control system model, additional studies were done in the following two aspects.(1)Some researches on WLAN’s security detection were carried on.Focusing on the typical problem of MAC address spoofing and all kinds of DoS attacks based on that, some detection methods were given.Then a simplified model of wireless distributed intrusion detection system based on stations was put forward. It included two abstract entities, stations(STAs) and network management side(MS).Through customized802.1X client software, rich information was submit during authentication process, which would help management system do a better job on admssion control.The software could ensure valid users’safe access into networks and secure communication, besides, other traffic in the air was captured periodly and the network was monitored according to the network condition information and abnormal traffic filtering policies sent by MS. Suspicious network behavior, such as the existense of unauthorized stations or APs, was handed over to the MS.MS gathered the abnormal traffic information, anylized, and made decisions, and then new security policies were sent to STAs.(2)Designs for mangement program s’function realization were made according to the need.(3)Researches on AP’s management protocol were done. The protocol is CAPWAP, well known as communication protocol between APs and ACs.Still open source access controller solution, Coova Chilli, was introduced with its configuration methods given. |
PDF Full Text Request