Research And Simulation Realization Of WAPI Security Technology

China's WAPI protocol proposed in the WLAN is composed of two aspects of WAI and WPI.WAI provides the mutual authentication and key negotiation between STA and AP and adopts the public key certificate scheme based on elliptic curve.WPI provides confidentiality of communication data transmission,and adopts our own research group encryption algorithm SMS4.WAPI protocol is now in two versions.the original protocol version for the first time put forward the concept of WAPI.The new protocol version has modified the existing security problems,such as there is no private key authentication for the user's identity and the key negotiation algorithm is too simple and so on.But the new version also exists some security problems,such as it does not protect the confidentiality of user information,it can't resist pseudo-AP attacks and it lacks of means to resist replay attacks.Therefore,the purpose of this paper is to improve the existing problems of the new WAI protocol in the identity authentication and key negotiation,so that the identity authentication phase and key negotiation phase will be more secure and at the same time,this mesuare will enhance the security performance of the protocol.This improvement will improve the WAI Protocol‘s application in the Android smart phone and wireless access point.At the same time,this paper makes a visual simulation of WAI authentication and key negotiation process.With the help of this software,the researcher can easily analyze and view the corresponding parameters.The main contents of this paper include:Firstly,this thesis systematically study and summarize the original WAPI security protocol standard and the newly implemented WAPI standard;make security analysis on the original WAI's identity authentication and key negotiation and the newly implemented WAI's identity authentication and key negotiantion.And points out the shortcomings in the new implementation standard of WAI,and compares the original version with the new version in the identity authentication and key negotiation stage.Secondly,Based on the analysis of the security of WAI's new implementation scheme,three improvement measures are proposed.The first improved measure,this article uses the public key of ASU to encrypt the user's digital certificate to solve the problem of user certificate secret.The second improved measure,in order to eliminate the threat of replay attacks,this measure adds timestamps to the authentication activation group.The third improved measure,this measure cancels the AP on the STA signature verification,adds AP signature,and improve the follow-up data processing process.Finally,aiming at the improved WAI authentication and key negotiation scheme,this paper analyzes the whole process and STA,AP and ASU corresponding data processing in software.