802.11i 4步握手协议攻击分析和改进

802.11i是最新版本的WLAN安全协议,提供机密性、完整性检测和相互认证机制。但期在四步握手协议认证过程可能会出现漏洞。对此本文提出了两种改进的方法,即.ANonce加密方法与消息1完整性检测方法,最后对改进机制的安全性进行了分析。     

基于SHA-256消息认证的四次握手协议研究

分析了无线局域网安全标准IEEE 802.11i中的四次握手协议,针对消息1未受保护而易遭受伪造消息DoS攻击的问题,提出一种基于SHA-256的消息1认证改进方案.该方案利用PMK对消息1进行认证,并引入高安全性的SHA-256算法对PMK进行散列,而后用其散列值来进行消息认证,从而能够在消息1阶段辨别并剔除伪造的消息,确保消息3验证成功,提高握手成功率.实验结果表明,在同等攻击强度下,改进方案使得AP的网络负载率降低,网络接入的STA数量增加,提高了网络性能.     

WTLS握手协议的形式化验证

目前还未见到公开发表的对WTLS握手协议进行形式化分析的研究成果。本文首次使用密码协议分析工具集AVISPA,从机密性和鉴别两个方面,对WTLS握手协议进行了建模和验证。所得到的验证结果表明WTLS握手协议是安全的。     

无线局域网密钥协商协议安全性分析与改进

分析了中国无线局域网标准中无线鉴别基础设施WAI（WLAN Authentication Infrastructure），指出其中密钥协商协议缺乏密钥确认、易遭受拒绝服务攻击等安全问题。提出了一种采用三次握手和带消息认证的密钥协商协议，以及周期密钥更新协议．使用BAN逻辑对提出的改进密钥协商协议进行形式化分析，验证了其正确性．与WAI比较，提出的协议具有较少的交互性，提供了消息鉴别并具有抗拒绝服务攻击能力。     

一种数据流处理器的异步流水结构设计

介绍了一种基于握手协议的异步数据流处理器.首先阐述了数据流处理器的基本结构,4相捆绑数据握手协议.并随后根据DFP自身特点提出了改进式自控式单元结构应用于握手协议的硬件实现,以及2级循环分支流水结构应用于异步流水.最后就基本操作运算对该结构进行了仿真验证.     

WPA/WPA2协议安全性分析

WPA/WPA2协议作为WEP协议的后继者,认识到WEP协议的设计缺陷、漏洞等方面的不足,成为无线局域网安全的守护者。文中分析了WEP协议加密原理和缺陷、WPA协议的加密原理。深入分析了802.11i4步握手协议,并针对4步握手协议的漏洞成功完成了一次完整的字典攻击,证明采用字典攻击的方法攻击WPA-PSK认证协议漏洞是可行的,并指出3种有效提高攻击速度的方法。通过分析字典攻击的基本原理提出一种防范字典攻击的有效方法。     

一种具有检错功能的传输协议设计

针对不可靠的非连接网络传输,本文设计了一种具有检错功能的网络传输协议,协议中使用帧头检验和数据信息CRC校验,能有效检出传输中的数据错误,并综合运用发送、应答和错误重传等手段,保证了协议的可靠性和协议数据的正确性.文中重点介绍了该协议的帧格式和握手过程,详细讲述了数据发送接收过程和循环冗余校验.     

自计时电路中握手协议与延迟假定的研究

自计时(self-timed)电路由于没有全局时钟而具有无时钟偏移、低功耗、高速度、低电磁辐射等优点,因此逐渐受到世界范围内电路设计领域的关注并成为研究热点。针对目前国内对自计时电路设计原理方面的研究才刚刚起步的现状,采用抽象和具体相结合的对比研究方法,对握手协议和延迟假定进行了深入研究,并对研究结果进行了直观的说明。     

一种防范对TCP初始序列号攻击的方案

针对TCP/IP三次握手中TCP初始序列号易受攻击的不安全因素,利用RSA加密算法对其进行加密有效地防止了攻击和欺骗,提高了TCP/IP协议的安全性。     

基于P-OTN的3WHS信令协议技术研究

分组增强型光传送网(P-OTN)兼具分组传送网(PTN)和光传送网(OTN)的优点,是下一代光传送网的理想选择。三次握手信令协议(3WHS)是业界最先进的分布式连接建立机制,通过3次消息过程实现网络中连接的快速建立;同时,通过额外预留网络资源,有效解决"后向阻塞"问题。在P-OTN网络中,通过采用3WHS信令协议技术,结合路径计算单元(PCE)技术,能够实现网络资源的快速智能调度。     

基于IEEE802.11r的无线局域网快速切换研究

在IEEE802.11网络中高效地切换是多媒体实时应用的一个关键要求。IEEE802.11r快速切换协议使切换时延得到了有效限制。但整个切换过程仍无法满足实时应用的需求。文中综述了无线局域网快速切换的研究,分析了IEEE802.11r对整个切换过程的影响,并介绍了快速切换研究工作。     

基于SSL协议的智能电视安全支付方案

通过对SSL协议的分析与讨论,在SSL协议的握手阶段的消息字段添加一个选择是否使用上一次会话密钥字段,以此减少握手阶段产生密钥的时间和提高电视支付的速度。并提出采用简单的映射关系来保护java层的密码数字以及利用USB Key移动设备的身份认证支付模式应用于智能电视支付,大大的提高了智能电视支付的安全性。     

Leakage-resilient security architecture for mobile IPv6 in wireless overlay networks

The coupling of mobility and quality-of-service with security is a challenge that should be addressed in future wireless overlay systems. The mobility of a node can disrupt or even intermittently disconnect an ongoing real-time session because a secure handover must be performed to ensure continuous connectivity. The duration of the such interruptions is called disruption time or handover delay and can heavily affect the user satisfaction. The handover procedure needs to protect its integrity and confidentiality-otherwise, the packets may be rerouted to a malicious node and the legitimate handover may not be performed. The security procedure to ensure this should not lengthen significantly the handover delay to provide good quality real-time services. In this paper, we focus on the network-layer mobility, specifically, on Mobile Internet protocol version 6 (MIPv6) since it is the natural candidate for providing such mobility in future systems. To solve the problem of on-path attackers and prevent leakage of secrets, we propose a security architecture for MIPv6 based on leakage resilient-authenticated key establishment (LR-AKE) protocol and its cooperation with public key infrastructure. The proposed architecture prevents against on-path attackers which was not addressed in the specifications of MIPv6, and also provides robustness against leakage of secret values. Using analytical models, we evaluate MIPv6 handover delay for real-time services. We identify the crucial factors affecting the handover delay among transmission delays of MIPv6, security and LR-AKE messages, queueing delays and en/decryption delays.     

Effectiveness of RTS/CTS handshake in IEEE 802.11 based ad hoc networks

IEEE 802.11 MAC mainly relies on two techniques to combat interference: physical carrier sensing and RTS/CTS handshake (also known as “virtual carrier sensing”). Ideally, the RTS/CTS handshake can eliminate most interference. However, the effectiveness of RTS/CTS handshake is based on the assumption that hidden nodes are within transmission range of receivers. In this paper, we prove using analytic models that in ad hoc networks, such an assumption cannot hold due to the fact that power needed for interrupting a packet reception is much lower than that of delivering a packet successfully. Thus, the “virtual carrier sensing” implemented by RTS/CTS handshake cannot prevent all interference as we expect in theory. Physical carrier sensing can complement this in some degree. However, since interference happens at receivers, while physical carrier sensing is detecting transmitters (the same problem causing the hidden terminal situation), physical carrier sensing cannot help much, unless a very large carrier sensing range is adopted, which is limited by the antenna sensitivity. In this paper, we investigate how effective is the RTS/CTS handshake in terms of reducing interference. We show that in some situations, the interference range is much larger than transmission range, where RTS/CTS cannot function well. Two independent solutions are proposed in this paper. One is a simple enhancement to the IEEE 802.11 MAC protocol. The other is to utilize directional antennas. Simulation results verify that the proposed schemes indeed can help IEEE 802.11 resolve most interference caused by large interference range.     

Effective session key distribution for secure fast handover in mobile networks

In this paper, we introduce a session key distribution mechanism for fast secure handover in wireless mobile networks. The proposed mechanism is based on the stream control transmission protocol in where a mobile node actively changes its IP address without its connection loss. When a mobile node moves between different access routers, the required session key at a new access router is distributed previously through the tunnel established between the previous access router and the new access router. Due to the reduced key distribution time, the mobile node achieves its secure seamless handover. The provided performance analysis proves that the proposed mechanism provides the reduced signaling cost compared to existing mobility protocols. In addition, the proposed mechanism reduces the handover latency so that the reduced amount of packet loss provides the stable handover performance for real-time applications.     

基于多控制器输出模块的同步设计

在多控制器、多时钟的复杂系统中,能否解决多种信号的同步问题,是决定该信号系统成败的关键。针对设计一个多控制器、多时钟的数字量输出模块时,遇到的信号同步问题,提出了自己的解决方案：采用双锁存器法解决单数据位的控制信号的同步问题,采用异步FIFO与全握手协议相结合的方法解决多数据位信号的同步问题,该同步方法已经用于某测试系统的实际工作,完全达到了预期的设计效果。     

无线网络中中继协助的媒体接入协议

IEEE 802.11在物理层支持多速率.目前已提出许多机制通过自动调整速率充分利用多速率能力.本文观察到在无线网络中,相对于单跳的低速率链路,多跳高速率的路径可以减少信道占用时间,并提出了中继协助的媒体接入协议(Relay Aided Media Access,RAMA).RAMA利用中继节点将一跳低速链路拆为两跳高速链路.大量仿真结果表明,RAMA能够提供更好的吞吐量和时延性能.     

基于IEEE802.11 DCF的链路预先修复AODV路由协议

基于无线自组织网络中普遍使用的底层通信协议IEEE802.11 DCF,针对广泛应用于无线自组织网络中的路由协议(AODV),提出了一种链路预先修复算法。该算法首先推算了DCF协议中的不稳定传输范围,然后通过MAC层与路由层的跨层协作,在下一跳节点移动在不稳定传输范围时就事先采取相应的路由修复措施。相对于AODV中采用节点周期性地发送HELLO消息来监测邻居节点变化的方法,该算法更为高效及时。仿真结果表明,该算法能够有效的减小端到端时延,保障了投递率。     

无线局域网安全缺陷分析

本文介绍了Wi-Fi标准为解决无线局域网中的安全问题,相继采用的WEP、WPA、802．11i的方法,并分 析了这些方法可能存在的漏洞。同时,文中还进一步分析了VPN技术和入侵技术在无线局域网中的应用和存在的问题。 最后,介绍了我国无线局域网国家标准。