WLAN无感知认证关键技术探讨

WLAN无感知认证是一种由终端自动识别的接入认证方式,为用户提供方便快捷的WLAN接入服务,极大地改变传统繁琐的接入方式,有效地提升用户感知.首先介绍WLAN业务现状及认证存在的问题,通过对IEEE 802.1x体系结构及认证方式的分析,探讨基于EAP身份认证协议的无感知认证方式的技术原理、网络结构、认证流程等关键技术,并对3种主流的无感知认证方法进行详细的分析比较,最后对其应用推广进行总结.     

无感知WLAN业务认证方式的分析

本文介绍了WLAN业务现状、业务认证方式及其应用情况,并对无感知WLAN认证的方式以及引入无感知认证方式后的业务推广进行了分析.     

WLAN网络在LTE时代的定位及发展策略分析

随着移动互联网的快速发展,移动数据业务激增。由于现有WLAN网络存在着设备／网络质量、用户体验以及业务推广模式等问题,不能很好的适应发展的需求。本文综合分析了现有WLAN网络建设和发展中存在的一些问题,明确TWLAN网络在LTE代的定位,阐述了协同规划、精确选点、新技术应用、无感知认证以及新业务推广模式等在WLAN网络未来建设和发展中的作用。     

无线局域网无感知认证方式研究

传统的WLAN（无线局域网）认证模式其繁琐的认证流程不但降低了网络的效率,更重要的是影响了用户的体验效果。从WLAN用户认证便利性出发,给出了基于MAC（媒体接入控制）的无感知认证解决方案,EAP-SIM/AKA（扩展认证协议-用户识别模块/鉴权与密钥协商）无感知认证解决方案和PEAP（受保护的扩展认证协议）无感知认证解决方案等3种解决方案,并分析了各自的优缺点。     

广东联通WLAN无感知认证应用部署探讨

通过分析目前广东联通WLAN的认证现状和WLAN无感知应用在其他运营商的部署现状,结合当前主流WLAN无感知技术,提出了针对广东联通的WLAN认证平台解决方案,对其他运营商WLAN平台的认证建设和部署具有一定的指导意义。     

基于用户感知的WLAN网络无线优化设计

基于对用户感知的WLAN网络无线优化设计,其目的主要是改善当前的网络速度及覆盖面积,由于传统的WLAN网络存在漏洞,以及真实环境网络质量较差,没有能够达到用户的要求.通过分析传统的WLAN网络指标,并观察其对用户体验感知的影响,然后采用Veriwave进行实验,验证WLAN网络无线优化对用户体验感知的效果,同时确定好网络优化的指标,最终对基于对用户感知的WLAN网络无线设计出一套可取的方案.     

基于用户感知的WLAN网络优化

侧重于用户感知的WLAN网络优化,其目的是弥补当前网络优化仅从网络覆盖面及射频角度出发,而忽略真实环境网络质量,用户体验也存在漏洞。方法是首先在经过分析WLAN传统优化指标的基础上,提出影响用户体验感知的因素,然后通过利用Veriwave进行仿真实验,模拟用户对网络的真实效果,验证出影响因素的效果并且确定网络优化指标,最终提出基于用户感知的WLAN网络优化方案。     

中兴通讯率先完成中国移动WLAN无感知认证部署

近日,中兴通讯率先完成中国移动28个省WLAN网络自有AC／AP设备支持无感知认证功能的软件升级,宣告中兴通讯WLAN设备无感知认证改造工作已圆满结束,这是继4月初在沈阳率先完成WLAN用户无感知认证FOA测试后,在中国移动WLAN项目进程中再次领先。同时,     

一种基于DPI数据的家宽投诉精细分析系统

用户上网的客户感知,对企业的业务推广,具有重要影响。针对用户手机上网的客户感知,企业有相应的精细化分析手段。而针对家庭宽带的用户投诉,欠缺好的行之有效的数据、信令码流做支撑,无法进行更为细致的分析,导致工作生产效率及准确度低下、无法实现对投诉的准确问题定位、精细分析及有效拦截。基于此,本文提出一种基于DPI数据的家宽投诉精细化分析系统,在实施家宽业务全流程穿越的同时,有效解决家宽投诉问题。     

西藏移动WLAN数据自动化修复方案设计与实现

近些年,由于WLAN业务的市场推广,用户量也随之上涨较快,同时带来了较大量的业务投诉。WLAN由于业务场景多、流程长,始终没有建立一套高效率的解决机制。后续分析发现,大部分的投诉原因集中在用户数据一致性问题,体现为平台与省CRM系统的数据差异。为了更好的保障业务发展,降低WLAN业务投诉量,提升用户感知,本文设计和实现了一套功能齐全、执行高效的自动化修复方案。     

3GPP与WLAN互连的技术

主要介绍第三代移动通信合作计划(3GPP———3GPartnershipProject)与无线局域网(WLAN)互连的结构,3GPP用户可通过WLAN开展WLAN接入业务。在WLAN中,通过3GPP预约,使用客户识别模块(SIM)/用户服务识别模块(USIM)接入通用IC卡(UICC),使3GPP与WLAN终端互连。文中还介绍基于3GPP的WLAN接入认证授权、IEEE802.11i中的认证和密钥协定、3G-WLAN互连中的认证和授权、复用3GPP的归属位置注册器等,描述了用户数据如何选路和接入业务,最后介绍WLAN中基于3GPP的计费方法(预付费和后付费),以及如何对这些用户计费和对归属网络中基于IP的计费。     

基于国家标准GB15629．11的无线局域网鉴别技术

文章主要研究了无线局域网国家标准GB15629.11中的安全接入技术,并介绍了其中的一种重要的鉴别协议——证书鉴别。该标准包含全新的WAPI(WLANAuthenticationandPrivacyInfrastructure)安全机制,这种安全机制由WAI(WLANAuthenticationInfras-tructure)和WPI(WLANPrivacyInfrastructure)两部分组成。WAI和WPI分别实现用户身份的鉴别和传输数据的加密。WAI的证书鉴别过程,实现了BSS中的STA与AP的双向鉴别,对于采用"假"AP的攻击方式具有很强的抵御能力。WPI中的会话密钥没有在信道上进行传输,而且在通信一段时间或者交换一定数量的数据之后,STA和AP之间可以重新协商会话密钥。从而验证了WAPI能为用户的WLAN系统提供全面的安全保护。     

基于WLAN接入的DHCP+Web认证关键技术分析

DHCP Web认证是国内外WLAN公众用户通用的接入认证技术,本文详细分析了DHCP Web认证技术及流程,重点讨论3种IP地址分配实现方式、用户在线检测机制、个性化页面推送技术及跨域漫游等技术.     

A Robust Authentication Protocol with Non-Repudiation Service for Integrating WLAN and 3G Network

The third-generation cellular systems provide great coverage, complete subscriber management and nearly universal roaming. Nevertheless, 3G systems suffer the high installation cost and low bandwidth. Though WLAN provides hot spot coverage with high data rates, it lacks roaming and mobility support. From users' points of views, the integration of WLAN and 3G systems is an attractive way that will provide them a convenient access to network. When integrating WLAN and 3G, there are still some problems should be concerned in terms of authentication and security, such as authentication efficiency and repudiation problem. In this paper, we review the authentication scheme for WLAN and 3G/UMTS interworking which is specified by 3GPP and propose a robust localized fast authentication protocol with non-repudiation service for integrating WLAN and 3G network. The localized re-authentication protocol can shorten the authentication time delay. On the other hand, with the non-repudiation service, the assumption, that subscriber has to fully trust 3G home operator, can be deleted and the trust management between the independent WLAN operator, 3G visited operator and 3G home operator can be eliminated. In other words, our proposed protocol provides legal evidences to prevent the 3G home operator from overcharge toward the subscriber and also prevent the WLAN operator and 3G visited operator from overcharge toward the 3G home operator. The authentication protocol employs HMAC, hash-chaining techniques, and public-key digital signature to achieve localized fast re-authentication and non-repudiation service.     

Secure Data Access and Sharing Scheme for Cloud Storage

Cloud storage is a new storage mode emerged along with the development of cloud computing paradigm. By migrating the data to cloud storage, the consumers can be liberated from building and maintaining the private storage infrastructure, and they can enjoy the data storage service at anywhere and anytime with high reliability and a relatively low cost. However, the security and privacy risks, especially the confidentiality and integrity of data seem to be the biggest hurdle to the adoption of the cloud storage applications. In this paper, we consider the secure data access and sharing issues for cloud storage services. Based on the intractability of the discrete logarithm problem, we design a secure data access and data sharing scheme for cloud storage, where we utilize the user authentication scheme to deal with the data access problem. According to our analysis, through our scheme, only valid user with the correct password and biometric can access to the cloud storage provider. Besides, the authorized users can access the rightful resources and verify the validity of the shared data, but cannot transfer the permission to any other party. At the same time, the confidentiality and integrity of data can be guaranteed.

     

Authentication and Billing Protocols for the Integration of WLAN and 3G Networks

Wireless communications have developed rapidly and have been applied for many services. Cellular (the third-generation) mobile networks and wireless local area network (WLAN) are two important technologies for providing wireless communications. The third-generation (3G) networks provide wider service areas, and “always-o” and ubiquitous connectivity with low-speed data rate. WLAN networks offer higher data rate and the easy compatibility of wired Internet, but cover smaller areas. In fact, 3G and WLAN possess complementary properties. Integrating 3G and WLAN networks may offer subscribers high-speed wireless data services and ubiquitous connectivity. For integrating two heterogeneous networks, several issues should be involved, authentication, billing, quality of service, and seamless roaming between 3G and WLAN networks. In this paper, we address the authentication and billing problems and propose two protocols that provide both authentication and billing services. One protocol utilizes a one-time password approach to authenticate subscribers. This protocol is efficient in both computation time and authentication procedures. Because of the restrictions of the password-based approach, this protocol could not offer the non-repudiation property for the billing problem. Another protocol is constructed on a public-key-based system (i.e., certificates). Although it requires more computation time than the password-based approach, non-repudiation is guaranteed. Performance analysis simulation results are given to validate our two protocols.     

一种改进的WLAN-3G融合网络认证协议

本文在分析了现有3GPP WLAN-3G融合网络接入认证协议EAP-AKA的优势和不足的基础上,引入WAPI证书鉴别机制,提出WAPI-3G互联结构模型,并针对该互联模型设计了一种接入认证协议EAP-WAPI.本文提议的WLAN-3G互联结构模型及接入认证机制解决了融合组网环境下WLAN终端统一接入认证的问题.分析和仿真结果表明,相比于原有的WAPI认证协议WAPI-XG1,本文所提议的协议具有较高的安全性和执行效率.     

Authentication-based Access Control and Data Exchanging Mechanism of IoT Devices in Fog Computing Environment

The emergence of fog computing has witnessed a big role in initiating secure communication amongst users. Fog computing poses the ability to perform analysis, processing, and storage for a set of Internet of Things (IoT) devices. Several IoT solutions are devised by utilizing the fog nodes to alleviate IoT devices from complex computation and heavy processing. This paper proposes an authentication scheme using fog nodes to manage IoT devices by providing security without considering a trusted third party. The proposed authentication scheme employed the benefits of fog node deployment. The authentication scheme using fog node offers reliable verification between the data owners and the requester without depending on the third party users. The proposed authentication scheme using fog nodes effectively solved the problems of a single point of failure in the storage system and offers many benefits by increasing the throughput and reducing the cost. The proposed scheme considers several entities, like end-users, IoT devices, fog nodes, and smart contracts, which help to administrate the authentication using access policies. The proposed authentication scheme using fog node provided superior results than other methods with minimal memory value of 4009.083 KB, minimal time of 76.915 s, and maximal Packet delivery ratio (PDR) of 76.

     

Provable data possession scheme based on public verification and private verification

More and more users choose to transfer their applications and data into the cloud.Data security is a key issue for cloud storage systems.To ensure the integrity and validity of the data stored in the cloud,provable data possession (PDP) scheme is particularly important.In order to verify whether the cloud storage service provider had stored the data of the user completely,a scheme on the basis of NRPDP (non-repudiable PDP) was improved and extended,and a data retention scheme based on public authentication and private authentication was proposed.The scheme can verify the trustworthiness of the service provider and the user in the cloud storage at the same time,which satisfies the non-repudiation of the verification.The theory proves the non-repudiation of the proposed scheme.The experiment proves that the efficiency of each stage is better than that of the existing single public verification method or private authentication method.