Research And Implementation Of WLAN Security Technology

With the development of network and communication technology, wireless LAN has been widely used for its high mobility, easy management and the advantages of easy network building and expansion. However, it is facing increasing serious security threats because of its open transmission media. The research of the WLAN security technology is of important practical significance.Firstly, the security technology of WEP is studied, with focus on the loopholes of WEP. Then the technology WPA is researched including the encryption algorithm of TKIP and CCMP protocol, dynamic key management mechanism,802. IX access control mechanism and the related protocol of EAP and RADIUS. From the analysis of encryption algorithm, access control and data integrity protection, WPA has improved much better in WLAN security performance than WEP.Secondly, the 802.11i standard-based client software is designed with the encryption algorithm of AES based on the protocol of CCMP and the authentication mechanism of PEAP being used. The client is implemented in WinXP platform with the development kit WinPcap, Libnet and OpenSSL. Then three open source software of freeradius, openssl and mysql are installed, some associated configurations are made to implement the authentication sever of Freeradius in the operating system of Linux.Thirdly, with the implemented client software as supplicant, the authentication sever of Freeradius as background authentication sever, the wireless AP supporting the technology of WPA as authenticator, a security authentication system of wireless LAN is built and the packets of the communication are captured with the software of Wireshark. According to the analysis of the process of PEAP authentication, the captured packets show that the implementation with the previous basic design is consistent which proves the correctness of the client software.At last, the Man-in-the-Middle Attack in the authentication process of PEAP is analyzed based on its authentication characteristics and a method is proposed to prevent the MitM Attack. The method is to achieve the aim through that when the client responses to the challenge of sever, it takes the sever certification information in the TLS tunnel. Then the sever can identify whether the authentication client and the tunnel client is the same one, preventing the Man-in-the-Middle Attack.