| With the development of wireless technology and the popularity of wireless LANs,wireless network security issues not only become increasingly severe, but also causemore and more concern of the whole society. It’s much important for the networkadministrator to try their best to avoid the attacker attacking the network, protect thelegitimate user’s privacy and insure a safe and healthy operation of the network. In awireless network, wireless access has become the weakest link of the whole system.Therefore, it has a big practical significance to establish a secure wireless access controlsystem.In this paper, we make in-depth discussions over the EAP_TLS based on802.1xaccess control system. Faced with the security threats that exist in the authenticationmechanism, we propose the improvement for the protocol and the authenticationmechanism. Based on the improvement solution, we design and implement the client andauthentication AP, build the appropriate certification environment, and realize the user’saccess authentication.Starting from EAP_TLS authentication framework, this paper make a detailedanalysis of EAP and RADIUS protocol used by the system, and focus on the informationexchange throughout the certification stage between the client and the AP authentication.Against the characteristics that some of the data frame is expressly spread duringinformation exchange, we encrypt the data frame to avoid the information beingeavesdropped by the attacker. By setting the calibration data, the intensity of the frontand rear frame check is increased, which further increases the difficulty of theattacker’s attack on the system and effectively prevent DOS attacks and middlemanattacks.Based on the systematic study above, this paper not only design and implementaccess control system based on802.1x_EAP_TLS, but also achieve the appropriate network attacks. At last, access control system has been tested and evaluated, the testresults showed: safety performance of the improved system has been greatly improved. |
PDF Full Text Request