| ABSTRACT:WLAN are widely used in various applications because of its high rate, high mobility. As WLAN transmits in the air openly, it has exposed many security problems, such as eavesdropping, interception or modify transmission data, denial of service.In the current wireless equipment market,management activities are implemented by interacting clear frame unprotected, such as joining in and offline of wireless terminal,spectrum management etc.The malicious attacker can counterfeit legal client or wireless access point to join in or offline WLAN so that the legal client can not communicate properly. In the aspect of key management,most of wireless equipments take dynamic negotiation and real-time updates of key management to enhance the WLAN security.Algorithms of key management of current wireless equipment exists risk so that attacker can use of it.So it should strengthen its security in the key management.In order to enhance WLAN security of management functions, some researches are processed to enhance the security of the WLAN management devices based on H3C comware software system and wireless controllers, wireless access point hardware in this paper.Main job as follows:Firstly, in order to avoid leting out key during key negotiation process,according to the802.11Working Group’s proposal, adding the key derivation function whose core is SHA256on AC. In order to ensure compatibility, adding configuration management commands on AC-side.The administrator can selecte key derivation algorithm via the command line. Design and implementation the key derivation function during joining process and selecte key derivation algorithm based on negotiation to generate key.In order to enhance the security of key negotiation process, taking a new hash function for key negotiation process to protect the integrity of the frame.Secondly, for defects of transferring management frame expressly,design and implementation of broadcast management frame protection programs. Taking key-based hash mechanism for broadcast management frame to prevent frame being tampered during transmission. Append sequence number for broadcast management frame against replay attack by malicious attackers. For compatibility with older equipment as well, design configuration switch commands on AC-side. The administrator can enable management protection function through commands line. Then the device can determine whether to allow STA access and whether to protect management frames based on the status of switch and device’s capablity.Thirdly, set up a test environment to verify the correctness of function realization. |
PDF Full Text Request