EAP-FAST在公共无线局域网安全接入控制中的研究及实现

Cisco公司于2004年提出基于隧道的灵活认证协议（EAP-FAST）以替代存在安全漏洞的LEAP认证协议，该协议具有安全性和易部署性的特点。文章论述了基于8021x协议的EAP-FAST认证协议及其实现技术，并在公共无线局域网(PWLAN)综合实验平台上实现了EAP-FAST认证的客户端、认证者、认证服务器端功能。     

无线局域网安全策略研究

文章介绍了无线局域网的安全风险和安全需求,分析了IEEE802．11b标准采用的WEP方案及其安全漏洞,并进一步分析了WEP改进方案WEP2、WEP密钥散列、提供集中认证和动态密钥分发功能的EAP／802．1X、四次握手协议以及基于IPSec标准的安全方案,并提出WLAN安全方案实施策略。     

802.11i认证协议可验安全性形式化分析

IEEE 802.11标准组提出了802.11i标准以增强无线局域网的安全性能。在802.11i标准中采用了802.1X标准实现无线局域网用户的认证和接入控制过程。针对802.1X认证协议的三方交互结构提出一种扩展Bellare-Rogaway模型,对802.11i认证和密钥交换机制进行可验安全性分析。通过分析,证明802.11i认证协议存在缺陷并给出了相应的中间人攻击方法。     

利用CRC校验实现无线局域网帧纠错

研究了利用CRC校验对无线局域网MAC层数据帧进行纠错的算法。对于物理层纠错方案已经无法纠正的错误帧,分析了MAC帧可能的错误图样,并提出了有效的纠错方法及硬件实施方案。仿真结果表明,在基于802．11协议的无线局域网中应用此纠错算法后,系统误帧率能下降到原来的一半以下。     

校园无线组网方案

随着无线局域网技术和无线产品的成熟,无线网络为校园网建设提出了新的可行的思路。无线局域网标准IEEE802．11b能够与现有的计算机网络进行平滑无缝的连接,并能与现有的计算机网络和终端设备互联,与有线网络资源具有良好的兼容性和整合性。无线网络的特殊优势在于：采用无线联网技术,具有高度的空间自由性和网络灵活性,避免了大规模铺设网线,有效的削减了施工费用,并且建设周期很短。无线局域网产品通常与有线以太网配合使用,主要适用于便携终端应用较多的场所、范围较大而信息点分布稀疏的场所、环境恶劣或其它不适合布线的场所等,有助于简化网络结构,增加网络的扩展性和灵活性。     

曼谷东方饭店成为全球第一家部署802．11n无线技术的饭店

近日,曼谷东方饭店在全球酒店业率先部署了思科下一代无线802．11n技术。目前在整个饭店中都已安装了Cisco Aironet 1250系列接入点,其接入点是第一个通过WiFi认证的企业级接入点,支持IEEE802．11n草案2．0标准,提供了无线局域网客户所需的多功能性、高容量和企业级特性,即使客人和员工在楼层间走动,也能保持网络连接。     

基于IEEE 802.11无线局域网的安全分析与防范

介绍了基于IEEE 802．11的无线局域网(Wireless Local Area Network,WLAN)的工作原理，基于对WLAN安全机制的分析，阐述了WLAN现有机制的隐患及面临的安全风险，并提出了相应的安全防范策略。     

无线局域网的应用与发展

无线局域网的覆盖范围为几百米,在这样一个范围内,无线设备可以自由移动,其适合于低移动性的应用环境。而且无线局域网的载频为公用频段,无需另外付费,因而使用无线局域网的成本很低。无线局域网带宽更会发展到上百兆的带宽,能够满足绝大多数用户的带宽要求。基于以上原因,无线局域网在市场赢得热烈的反响,并迅速发展成为一种重要的无线接入互联网的技术。但由于无线局域网应用具有很大的开放性,数据传播范围很难控制,因此无线局域网将面临着更严峻的安个问题。本文在阐述无线局域网安全发展概况的基础上,分析了无线局域网的安全必要性,并从不同方面总结了无线局域网遇到的安全风险,同时重点分析了IEEE802．11b标准的安全性、影响因素及其解决方案,最后对无线局域网的安全技术发展趋势进行了展望。     

产品新秀

Fluke Networks发布业内第一款手持式Wi—Fi测试工具 近日,Fluke Networks发布了一款专用的手持式工具,AirCheck^TM Wi—Fi测试仪。该测试仪可用于无线局域网（WLAN）,能够实现对802．11a/b／g／n网络可用性、连通性、信道使用率和安全设置的验证,还可保存测试过程,     

一种基于跨层设计的UWB无线Ad hoc网络MAC层协议

运用跨层设计思想和方法研究了超宽带（UWB）无线自组织（Ad hoc）网络媒体访问控制（MAC）层协议的设计,提出了一种可利用UWB技术定位性好的优势和实现跨层协作的MAC层协议。该协议通过物理层、MAC层和网络层之间的跨层协作来解决自组织网络单信道无线传输过程中的隐藏终端和暴露终端问题以及网络能量节约问题,以提高网络的性能。仿真实验表明,该协议在平均吞吐量、平均端到端时延以及能量开销等性能指标上,均优于已有的IEEE802．11和MACA—BIMAC协议。该协议的设计思想和方法为下一步的UWB无线Ad hoc网络研究奠定了理论和实验基础。     

A Blockchain-Based Authentication Protocol for WLAN Mesh Security Access

In order to deploy a secure WLAN mesh network, authentication of both users and APs is needed, and a secure authentication mechanism should be employed. However, some additional configurations of trusted third party agencies are still needed on-site to deploy a secure authentication system. This paper proposes a new block chain-based authentication protocol for WLAN mesh security access, to reduce the deployment costs and resolve the issues of requiring key delivery and central server during IEEE 802.11X authentication. This method takes the user’s authentication request as a transaction, considers all the authentication records in the mesh network as the public ledger and realizes the effective monitoring of the malicious attack. Finally, this paper analyzes the security of the protocol in detail, and proves that the new method can solve the dependence of the authentication node on PKI and CA.     

无线接入点WAPI认证机制的研究与实现

随着无线局域网技术的广泛应用，新的无线局域网安全标准被提出以增强无线局域网的安全性能。在分析WAPI(WLAN Authentication and Privacy Infrastructure)标准的技术特征和基本架构的基础上，介绍了无线接入点对WAPI认证机制的实现机理和具体流程，并对WAPI认证机制的性能进行测试分析。     

Authentication mechanism over the integrated UMTS network and WLAN platform using the cross-layer bootstrap

The 3G mobile data network provides always-on and ubiquitous connectivity for subscribers. Although the service coverage area in wireless local area network (WLAN) is much smaller than that in a 3G mobile data network, the data transmission rate in WLAN can be from 2 to 54 Mbps, which is much faster than 3G mobile network. Obviously, the relationship between the 3G mobile data network and WLAN is complementary in terms of service coverage and data transmission rate. Therefore integration of 3G mobile network and WLAN can offer subscribers higher speed wireless service in hot spots and ubiquitous connectivity in 3G mobile data network. An authentication mechanism over the loose coupled integration mechanism using a cross-layer bootstrap is proposed. The benefits of the proposed mechanism are (a) integrating Universal Mobile Telecommunication System network and WLAN using the existing protocols denned in 3GPP, IETF and IEEE 802. Hi, (b) the use of the Extension Authentication Protocol authentication method is flexible, (c) reduction of the authentication signalling when a subscriber roams from one access point (AP) to another AP and (d) user identity privacy protection.     

ESAP: Efficient and secure authentication protocol for roaming user in mobile communication networks

The Global System for Mobile communication (GSM) network is proposed to mitigate the security problems and vulnerabilities observed in the mobile telecommunication system. However, the GSM network is vulnerable to different kinds of attacks such as redirection attack, impersonation attack and Man in-the Middle (MiTM) attack. The possibility of these attacks makes the wireless mobile system vulnerable to fraudulent access and eavesdropping. Different authentication protocols of GSM were proposed to overcome the drawbacks but many of them lead to network signalling overload and increases the call set-up time. In this paper, an efficient and secure authentication and key agreement protocol (ESAP-AKA) is proposed to overcome the flaws of existing authentication protocol for roaming users in the GSM network. The formal verification of the proposed protocol is presented by BAN logic and the security analysis is shown using the AVISPA tool. The security analysis shows that the proposed protocol avoids the different possible attacks on the communication network. The performance analysis based on the fluid flow mobility model shows that the proposed protocol reduces the communication overhead of the network by reducing a number of messages. On an average, the protocol reduces 60% of network signalling congestion overhead as compared with other existing GSM-AKA protocols. Moreover, the protocol not only removes the drawbacks of existing protocols but also accomplishes the needs of roaming users.     

A Quantum Authorization Management Protocol Based on EPR-Pairs

Quantum authorization management (QAM) is the quantum scheme for privilege management infrastructure (PMI) problem. Privilege management (authorization management) includes authentication and authorization. Authentication is to verify a user’s identity. Authorization is the process of verifying that a authenticated user has the authority to perform a operation, which is more fine-grained. In most classical schemes, the authority management center (AMC) manages the resources permissions for all network nodes within the jurisdiction. However, the existence of AMC may be the weakest link of the whole scheme. In this paper, a protocol for QAM without AMC is proposed based on entanglement swapping. In this protocol, Bob (the owner of resources) authenticates the legality of Alice (the user) and then shares the right key for the resources with Alice. Compared with the other existed QAM protocols, this protocol not only implements authentication, but also authorizes the user permissions to access certain resources or carry out certain actions. The authority division is extended to fin-grained rights division. The security is analyzed from the four aspects: the outsider’s attack, the user’s attack, authentication and comparison with the other two QAM protocols.     

一种面向信息系统集成的双向安全认证方法研究

随着计算机网络技术的发展和信息化的普及,系统集成的重要程度日益提升,而信息安全则是集成过程中必须考虑的重点因素之一。本文提出了一种面向信息系统集成的双向安全认证方法,并对其关键步骤与核心算法做了详细阐述,该方法在一定程度上为系统集成过程中的身份认证环节提供了安全保障。     

基于多跳双向认证的802.16Mesh网络SA管理机制

IEEE802.16-2004无线城域网(wireless-MAN)标准支持的多跳(Mesh)网络是一种树状网络和adhoc网络结合的新型网络.针对Mesh中使用的单跳单向认证SA(安全关联)管理机制安全和效率上的缺陷,提出了一种和次优修正路由结合的多跳双向认证SA管理机制.与单跳单向机制相比,该机制是前向安全的,对中间节点的攻击具有强安全性,同时减少了系统开销和传输时延.在按需路由建立前使用修正路由传递管理信息可减少服务流建立时延.安全性分析证明了多跳双向机制的安全性,性能比较说明了在效率上的优势.