基于WiFi的无线网络安全方案对比分析

基于802．11b无线网络的首个安全协议——有线对等式加密(Wire Equivalent Privacy,WEP),由于其自身的各种技术缺陷,目前正遭受巨大的安全冲击。安全隐患将是制约WiFi发展的瓶颈,因此WiFi联盟提出了一系列加强无线网络安全的新举措。文章详述了WEP协议的缺陷,着重分析比较了TKIP、CCMS以及802．1x等新型无线网络安全方案与WEP的差异。     

WEP的安全分析

为了解决无线局域网络的安全问题 ,IEEE组织在无线网络标准 80 2 .11中提出了WEP协议。但这一协议不能真正解决无线局域网络的安全问题。本文重点分析了WEP中存在的安全缺陷 ,包括数据加密、IV重用、密钥管理、身份认证机制和数据完整性检查机制等方面 ,接下来介绍了目前在这一领域的主要改进     

无线局域网安全问题研究

为了提供相当于有线局域网的数据安全,IEEE802.11定义了有线等价保密(WEP)协议。然而,最近的研究发现WEP存在严重的缺陷。介绍了无线局域网存在的安全隐患,分析了WEP的结构以及WEP协议的缺陷以及可能遭受的攻击,并探讨了改进方案。     

无线网络数据安全模型研究及实现

根据无线网络的拓扑结构,比较了有线网络和无线网络存在的差异性,分析了无线网络存在的安全问题及其脆弱性;分析了WEP协议存在的严重缺陷,给出了改进方案;基于虚拟专用网技术,提出了无线网络的安全性架构;给出了针对无线网络的入侵检测模型和网络异常行为检测策略。     

基于IEEE802.11无线局域网的安全性研究

随着无线局域网的不断发展，网络安全问题日益突出。这里根据无线局域网信道的特点，首先介绍了无线局域网的安全需求，其次，描述了基于IEEE802．11无线局域网标准的有线等效保密（WEP）协议原理，并对WEP协议存在的安全漏洞及其相应的攻击进行了分析，最后，针对这些安全漏洞和攻击提出了增强无线局域网安全性的改进方案。     

无线局域网中的安全问题

本文首先简述了无线局域网(WLAN)的发展情况和存在的网络安全隐患，分析了无线局域网中的有线对等保密协议(WEP)、基于端口的访问控制协议IEEE802．1x和WPA安全，最后给出了目前无线局域网应具有的安全对策。     

无线局域网安全加密算法的研究

分析讨论无线局域网的安全现状及现有的安全机制存在的问题,主要研究目前常见的安全加密算法WEP,详细阐述WEP加密算法的原理、指出WEP协议自身存在的安全漏洞,并针时漏洞和攻击提出了改进型的WEP加密算法建议,仿真实验表明改进后的加密算法对无线局域网的安全防范有非常好的加强作用.     

无线网络安全与防范技术

伴随着无线网络的迅速发展,其安全性问题也成为大家关注的重点。由于无线网络是通过无线介质进行传输,信息容易遭到窃取和破坏,因此仅靠物理控制是不能保证网络安全的。虽然无线网络大都采用了ESSID、密码访问控制和无线加密协议等技术来控制无线网络的安全,但仍然存在着不少安全隐患。无线网络设备的存储容量有限,处理速度慢,带宽低的特点决定了它不能像有线网络那样靠高强度的密钥及算法来保证安全性。本文针对无线网络的分类状况,对无线网络的加密解密算法进行了简要介绍,分析对比了WEP和WPA、WPA2的加密模式,并提出相应的解密原理。     

基于Linux的无线网络安全分析与入侵检测

分析了无线局域网中的安全隐患及无线局域网802.11b协议WEP的安全漏洞,在无线捕包及协议分析的基础上,提出了wlan中非法接入点、未授权用户检测方法及实现.     

无线局域网WEP协议分析及基于TKIP协议的改进方案

在深入分析IEEE802．11标准有线等效私密（WEP）算法安全漏洞的基础上，分析RC4加密算法自身的缺陷和无线局域网WEP协议对RC4的误用，介绍了基于TKIP仂般的算法在安全性上的改进。经过分析和实验结果表明，该方法能够排除WEP算法的安全隐患，提高了无线局域网的数据安全性能。     

VoWLAN通信平台的设计与实现

VoWLAN也叫VoWiFi或者WiFi VoIP。它是基于无线网络技术和VoIP网络,是两者的有机结合。即是通过WLAN提供VoIP业务,使得终端用户通过WLAN拨打IP电话成为现实。本文提出了在基于Linux操作系统的SIP应用服务器及VoIP网关中,如何通过SIP信令和传统的PSTN数据通信线路与无线网络无缝连接方案,从而实现IP网络与传统电话间的实时语音通信、电话会议、语音信箱、视频通信、短消息、数据传输等业务。本设计已成功应用于某企业的实时语音通信平台,获得良好的效果。     

安全的可扩展无线视频监控系统

无线视频监控系统是视频监控的新方向,无线局域网能够提供足够的带宽进行视频流传输,但是安全性和传输距离是制约利用无线局域网进行视频监控的重要因素。讨论基于WEP和WPA的无线网络传输安全和用户认证,并利用无线分布式系统来拓展无线局域网的传输范围,从而较好地解决了这两个问题。该解决方案已用于实际系统,并取得良好效果。     

Performance Optimizations for Deploying VoIP Services in Mesh Networks

In the recent past, there has been a tremendous increase in the popularity of VoIP services as a result of huge growth in broadband access. The same voice-over-Internet protocol (VoIP) service poses new challenges when deployed over a wireless mesh network, while enabling users to make voice calls using WiFi phones. Packet losses and delay due to interference in a multiple-hop mesh network with limited capacity can significantly degrade the end-to-end VoIP call quality. In this work, we discuss the basic requirements for efficient deployment of VoIP services over a mesh network. We present and evaluate practical optimizing techniques that can enhance the network capacity, maintain the VoIP quality and handle user mobility efficiently. Extensive experiments conducted on a real testbed and ns-2 provide insights into the performance issues and demonstrate the level of improvement that can be obtained by the proposed techniques. Specifically, we find that packet aggregation along with header compression can increase the number of supported VoIP calls in a multihop network by 2-3 times. The proposed fast path switching is highly effective in maintaining the VoIP quality. Our fast handoff scheme achieves almost negligible disruption during calls to roaming clients     

Lightweight Key Management for IEEE 802.11 Wireless LANs with Key Refresh and Host Revocation

The IEEE 802.11 Wireless LAN standard has been designed with very limited key management capabilities, using up to 4 static, long term, keys, shared by all the stations on the LAN. This design makes it quite difficult to fully revoke access from previously-authorized hosts. A host is fully revoked when it can no longer eavesdrop and decrypt traffic generated by other hosts on the wireless LAN. This paper proposes WEP*, a lightweight solution to the host-revocation problem. The key management in WEP* is in the style of pay-TV systems: The Access Point periodically generates new keys, and these keys are transferred to the hosts at authentication time. The fact that the keys are only valid for one re-key period makes host revocation possible, and scalable: A revoked host will simply not receive the new keys. Clearly, WEP* is not an ideal solution, and does not address all the security problems that IEEE 802.11 suffers from. However, what makes WEP* worthwhile is that it is 100% compatible with the existing standard. And, unlike other solutions, WEP* does not rely on external authentication servers. Therefore, WEP* is suitable for use even in the most basic IEEE 802.11 LAN configurations, such as those deployed in small or home offices. A WEP* prototype has been partially implemented using free, open-source tools. Avishai Wool received a B.Sc. (Cum Laude) in Mathematics and Computer Science from Tel Aviv University, Israel, in 1989. He received an M.Sc. and Ph.D. in Computer Science from the Weizmann Institute of Science, Israel, in 1992 and 1997, respectively. Dr. Wool then spent three years as a Member of Technical Staff at Bell Laboratories, Murray Hill, NJ, USA. In 2000 Dr. Wool co-founded Lumeta corporation, a startup company specializing in network security. Since 2002 Dr. Wool has been an Assistant Professor at the Department of Electrical Engineering Systems, Tel Aviv University, Israel. Dr. Wool is the creator of the Lumeta Firewall Analyzer. He is an associate editor of the ACM Transactions on Information and System Security. He has served on the program committee of the leading IEEE and ACM conferences on computer and network security. He is a member of the ACM, IEEE Computer Society, and USENIX. His research interests include firewall technology, network and wireless security, data communication networks, and distributed computing.     

一种新的VoIP组网解决方案

随着NGN语音网规模增大,设备管理、网络安全等问题成为网络运行维护的难点和重点.该文在分析当前NGN语音网建设中面临的诸多问题基础上,分析介绍一种新的VoIP组网解决方案以及相关协议,并进一步阐述边界网关和接入网关对这种方案所需做的功能特性支持以及基于其上的扩展网管特性.     

Efficient silence suppression and call admission control through contention-free medium access for VoIP in WiFi networks

In view of the rapidly growing trend of migrating customers from traditional wired phones to mobile phones and then to VoIP services in the recent past, there is a tremendous demand for wireless technologies to support VoIP, specially on WiFi technologies which have already matured commercially. This has put forth great research challenges in the area of wireless VoIP. In this article we have addressed two core issues, efficient silence suppression and call admission control, in QoS provisioning for VoIP services in WiFi networks. In this connection we present a QoS-aware wireless MAC protocol called hybrid contention-free access (H-CFA) and a VoIP call admission control technique called the traffic stream admission control (TS-AC) algorithm. The H-CFA protocol is based on a novel idea that combines two contention-free wireless medium access approaches, round-robin polling and TDMA-like time slot assignment, and provides substantial multiplexing capacity gain through silence suppression of voice calls. The TS-AC algorithm ensures efficient admission control for consistent delay bound guarantees and further maximizes the capacity through exploiting the voice characteristic so that it can tolerate some level of non-consecutive packet loss. We expose the benefits of our schemes through numerical results obtained from simulations.     

Provisioning of VoIP services for mobile subscribers using WiFi access network

This article proposes a solution for two issues in current communications. Firstly, that IMS suffers from lack of clients. Secondly, that mobile operators want to give the subscriber a possibility to access their VoIP network and efficiently cover special, densely populated areas like airports. To address these problems, we have developed a novel service architecture, which allows 2G subscribers access to a SIP based VoIP network via WiFi complying security standards. User authentication and authorization is based on the EAP-SIM algorithm. Integrity and confidentiality is provided by IPSec connection established using parameters derived from authentication triplets. Consequently, all security-related issues can be performed exclusively using the Subscriber Identity Module (SIM). We have tested and verified the proposed architecture with a mobile phone and have proven the correctness of our approach. The main drawback that remains is the difficulty of IPSec implementation that can be bypassed by a special application.     

IEEE802．11的WEP算法安全性浅析

本文简要介绍了IEEE 80 2 .11无线局域网的安全保证算法———WEP算法 ,指出了该算法的安全性漏洞 ,并针对这些漏洞给出了对其实施攻击的方式。随后介绍了它的改进版本TKIP算法对WEP存在问题的对策。最后提出了一些现有设备使用中提高安全性的解决措施。     

IEEE 802.11n MAC Enhancement and Performance Evaluation

The IEEE 802.11-based WiFi wireless technology is one of the most promising technologies to provide ubiquitous networking access. The IEEE 802.11 working group has always strived to improve this wireless technology through creating new amendments to the base 802.11 standard. Recently, IEEE 802.11n amendment was created to enhance 802.11 for higher throughput operation. Not only new Physical Layer enhancements are standardized, but new Medium Access Control Layer mechanism are also defined. In this paper, we examine the network performance enhancement by the proposed 802.11n MAC layer features: aggregation, block acknowledgement, and reverse direction mechanism. We implemented a new 802.11n module in the NS-2 simulation platform. The simulation results demonstrated the effectiveness of 802.11n MAC layer enhancement. VoIP performance is effectively improved with 802.11n MAC enhancement.     

VoIP电话的安全问题及防护措施

VoIP电话是综合了传统电信技术与计算机网络技术的一种新型应用。VoIP电话在传输时将信号压缩后封装成IP包，在IP网络上传输，这种传输方式存在着各种安全隐患。讨论了VoIP电话多种可能存在的安全问题，并就这些安全问题作了详细的分析，同时提出了防护措施，以最大限度地保障VoIP电话的安全。