无线网络安全问题探讨

具有移动性、开放性和灵活性等特点的无线网络快速发展与普及,为人们日常工作、学习和生活提供了前所未有的便利,同时也因为无线网络自身的特点,面临着严峻的安全问题挑战.本文重点研究无线网络中最常见的无线局域网的安全问题,通过分析无线网络的安全威胁,探讨无线局域网的安全问题防范技术及措施.     

A mutual authentication and privacy mechanism for WLAN security

IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.     

WLAN无线接入网络规划及其网络性能优化研究

随着WLAN无线的发展,其覆盖区域、用户量、网络容量不断增加,使其接入网络规划的问题逐渐成为建设公共无线局域网的重要问题.同时,对WLAN无线接入网络性能优化是满足用户需求的关重要手段,网络性能优化主要有覆盖优化、容量优化、设备优化.     

无线接入技术的争战

文章首先介绍在二三百米之内的近距离无线接入技术,特别是Wi-Fi(IEEEE802.11,WLAN)的发展极为迅速,成为与2.5G(GPRS)、3G、4G、WAP、Bluetooth、红外等接入技术的强大竞争对手;在最后一英里的争战中,宽带无线接入WiMax(IEEE802.16,WWAN)成为有线宽带副载波(DSL)接入和光纤接入的强大竞争对手;而无线超宽带(UWB)技术已成为目前无线接入技术发展的热点,它将为用户高速多媒体接入提供新的更方便途径。文章结合有关标准介绍这三方面的发展,并且讨论有关信息安全的问题。     

无线局域网热点智能安全监护系统

随着无线局域网（WLAN, Wireless Local Area Networks）用户数据业务量的不断增长,无线局域网维护的工作量也不断增加,严重影响了无线局域网的性能和用户体验和满意度,为建设稳定、高效、安全的无线局域网,这里研究如何实现无线局域网热点智能安全监护系统（WASM,WhSM, h Smart Security Monitoring System of WLAN AP）。首先详细讨论了无线局域网系统的原理和组成,其次讨论使用智能探针方式,实现无线局域网热点远程性能监护和排障工作,有效解决无线局域网热点安全问题。     

WLAN技术在软交换系统中的应用

文章主要讨论无线局域网（WLAN）如何接入软交换系统,通过对WLAN技术标准、网络架构及承载能力的探讨,揭示了软交换系统无线应用面临的挑战,在此基础上给出了一些有前景的应用,如VoWLAN、远程无线监控、无线即时消息和定位服务等的解决方案。文章认为宽带无线接入标准WiMAX有望成为WLAN的升级版,一旦成熟,并与软交换等NGN技术相结合,将会实现人们追求的。网络无所不在,信息随手可得”的美好愿望。     

Architecture,mobility management,and quality of service for integrated 3G and WLAN networks

Integration of 3G and wireless LAN (WLAN) becomes a trend in current and future wireless networks, and brings many benefits to both end users and service providers. In this paper, we provide a comprehensive survey on integration of 3G and WLAN. We discuss issues such as underline network architectures, integrated architectures, mobility management, and quality of service (QoS). We particularly study handoff QoS mapping and guarantee between 3G and WLAN, as well as how seamless voice/multimedia/data handoff becomes possible. Copyright © 2005 John Wiley & Sons, Ltd.     

无线安全协议802.1x的认证研究

首先分析了802.11无线局城网的安全机制，重点讨论了广泛应用的安全协议——IEEE802．1x协议．最后介绍了IEEE 802.1x协议的优点．     

蓝牙与WLAN安全方案的分析与探讨

随着应用于无线通信和接入领域的蓝牙与无线局域网技术的发展,对它们安全性问题的研究变得越来越重要。主要分析、比较了两种新技术的安全性解决方案,并且针对比较的结果提出了改进方案。     

无线网络电磁干扰屏蔽技术及应用研究

对于普通的无线网络用户来说,无线网络的使用需要同时兼顾便携、高速和安全的特性,因此IDS是一个重要的发展方向,但对于类似军队中的保密要求更高的应用来说,则需采用更加稳妥的解决方案。TIPTOP无线网络阻断系统使用电磁干扰技术,通过对2．4GWLAN无线通信网络（802．11b／g／n）进行干扰,能够达到全部或有选择性的阻断WLAN中无线接收器（Access Point）或个人工作平台（Station）的无线信道,同时采用了智能分析技术,一旦环境中出现无线信号,即对其进行干扰,并记录干扰结果,供需要时使用。     

安全的可扩展无线视频监控系统

无线视频监控系统是视频监控的新方向,无线局域网能够提供足够的带宽进行视频流传输,但是安全性和传输距离是制约利用无线局域网进行视频监控的重要因素。讨论基于WEP和WPA的无线网络传输安全和用户认证,并利用无线分布式系统来拓展无线局域网的传输范围,从而较好地解决了这两个问题。该解决方案已用于实际系统,并取得良好效果。     

Seamless continuity of real-time video across UMTS and WLAN networks: challenges and performance evaluation

This article addresses several challenges related to the evolution toward seamless interworking of wireless LAN and 3G cellular networks. The main objective is to evaluate the conditions and restrictions under which seamless continuity of video sessions across the two networks is feasible. For this purpose, we formulate a number of practical interworking scenarios, where UMTS subscribers with ongoing real-time video sessions hand over to WLAN, and we study the feasibility of seamless continuity by means of simulation. We particularly quantify the maximum number of UMTS subscribers that can be admitted to the WLAN, subject to maintaining the same level of UMTS QoS and respecting the WLAN policies. Our results indicate that the WLAN can support seamless continuity of video sessions for only a limited number of UMTS subscribers, which depends on the applied WLAN policy, access parameters, and QoS requirements. In addition to this study, we do address several other issues that are equally important to seamless session continuity, such as the QoS discrepancies across UMTS and WLAN, the vertical handover details, and various means of access control and differentiation between regular WLAN data users and UMTS subscribers. The framework for discussing these issues is created by considering a practical UMTS/WLAN interworking architecture.     

Remote access virtual private network architecture for high‐speed wireless internet users

The new emerging broadband wireless network (BWN) technologies with high‐speed wireless internet access promotes corporations to provide their roaming employees with high‐speed wireless access to the computing resources on their corporate networks. Thus, a value added service to broadband wireless network is the remote access virtual private network (VPN), where the corporate legitimate users can connect to their offices wirelessly from different locations and get secure services as if they were connected to the corporate local area network (LAN). One of the most important challenges is to block out illegitimate user requests, which are wirelessly received, to protect corporate privacy. Registration (adding new users) and authentication (accepting current users) functions should be implemented with highly secured wireless connection. These functions are accomplished by encapsulating (i.e. tunneling) the user information in a secured form to the corporate authentication server through the internet traffic. The corporate authentication server then grants or denies the user access. In this paper, we propose a new operational design algorithm for remote access wireless VPN authentication and registration protocols that depends on modifying tunnel establishment as compared to existing dial‐in VPN mechanisms. The modifications proposed in this paper are made to support successful deployment of the remote access VPN services over high‐speed wireless network. The paper presents an overview of two tunneling approaches using Layer 3 and Layer 2 separately for implementing these functions. Then we propose how we establish the tunnel in both approaches, and compare it to similar operation steps previously reported for the dial‐in VPN protocols. The proposed algorithms are distinguished from previously developed dial‐in VPN protocols by using L2TP and IPSEC instead of mobile IP. It is also shown that the steps involved in the establishment of the tunnel are functionally different and more appropriate to our applications using communication environment of the BWN. Finally, a qualitative analysis of the added functions, and a comparison between L2TP‐based and IPSec‐based approaches are established. Copyright © 2004 John Wiley & Sons, Ltd.     

无线局域网安全综述

鉴于以广为人知的安全漏洞为基准的无线局域网标准,研究具有安全意识的网络管理人员应该怎么来进行维护他们的无线网络环境。有不少人涉及IT领域,但是他们也没看到过一篇文章是来描述无线局域网安全的弱点。AirSnort、war-driving和war-chalking是讨论起无线局域网安全问题时常见的词语。将介绍无线局域网怎样才能够安全和通过各种标准的某些技术方面。     

无线通信网络中流量分析技术综述

对无线网络流量的分析和准确预测是无线网络管理与安全领域的重要研究内容之一,在网络规划、网络监控、流量趋势分析、网络优化以及入侵检测和异常检测等方面发挥着重要作用。介绍了目前典型的无线网络流量分析的模型与常用流量分析方法,综述了传统无线通信网络(如无线局域网和物联网)中的流量分析技术,指出了流量分析技术应用于无线自组网系统的可能性与面临的几点挑战,以及无线自组网系统与流量分析技术结合的发展方向。     

电信级WLAN网络面临的问题研究

随着智能终端的不断普及以及运营商的大力推动,WLAN对于分流无线数据流量起到了越来越重要的作用,WLAN成为运营商无线宽带业务中不可或缺的组成部分。作为一种无线接入技术,WLAN以其灵活性、移动性的特点越来越为广大公众接受。然而,在各大运营商加紧推进WLAN建设的同时,WLAN网络在建设以及使用过程中也出现了各种各样的问题。文章结合国内三大运营商,通过分析当前电信级WLAN网络现状,从用户认证不简介、AP之间干扰严重、故障排查定位困难这三个方面进行了详细的分析,是WLAN网络的规划与优化的基础。     

Security Framework for Wireless Sensor Networks

Wireless sensor network is more prone to adversary compare to common wireless network. This is due to the nature of wireless sensor network that involves many nodes, thus making the system more vulnerable. Another reason is the nature of wireless sensor network as an ad hoc network, making it having no hierarchal structure, complicating management tasks. Deploying new technology without security in mind has often proved to be unreasonably dangerous.One of the most fundamental rights in a 'healthy' society is the right of every citizen to be left alone. Article 12 of the U.N, Universal Declaration of Human Rights, states that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence.”, in reality, though this right is increasingly being trod upon, along with undreamed of comforts and conveniences for the population in general. The digital revolution has made it possible to gather as well as store information about human behaviour on a massive scale. We leave electronic footprints everywhere we go, footprints that are being watched, analyzed and sold without our knowledge or even control.With this Security and Privacy solutions are mandatory aspects when developing new pervasive technologies such as wireless sensor networks (WSN).This paper analyses the security issues, threats and attacks and requirements of wireless sensor networks. This paper further proposes security framework and security architecture to integrate existing technologies with WSN technology, to provide secure and private communications to its users. Neeli Rashmi Prasad, Associate Professor and Head of Wireless Security and Sensor Networks Lab., part of Wireless Network including Embedded systems Group (WING), Center for TeleInfrastruktur (CTIF), Aalborg University, Aalborg, Denmark. She received her Ph.D. from University of Rome “Tor Vergata”, Rome, Italy, in the field of “adaptive security for wireless heterogeneous networks” in 2004 and M.Sc. (Ir.) degree in Electrical Engineering from Delft University of Technology, The Netherlands, in the field of “Indoor Wireless Communications using Slotted ISMA Protocols” in 1997. She joined Libertel (now Vodafone NL), Maastricht, The Netherlands as a Radio Engineer in 1997. From November 1998 till May 2001, she worked as Systems Architect for Wireless LANs in Wireless Communications and Networking Division of Lucent Technologies (now Agere Systems), Nieuwegein, The Netherlands. From June 2001 to July 2003, she was with T-Mobile Netherlands, The Hague, The Netherlands as Senior Architect for Core Network Group. Subsequently, from July 2003 to April 2004, she was Senior Research Manager at PCOM:I³, Aalborg, Denmark.During her industrial career she coordinated several projects. Just to name few major ones: country wide GSM landmass coverage (Vodafone NL), the impact of IP based security on Lucent WLAN (Wavelan later known as Orinoco) Access Points (APs), implementation of Virtual LAN and IAPP on Orinoco APs, VoIP implementation on APs, design and implementation of real-time embedded software platform for APs, mobile core network evolution towards All-IP for T-Mobile International to technical project lead for Public WLAN deployment for T-Mobile NL.Her publications range from top journals, international conferences and chapters in books. She has also co-edited and co-authored two books titled “WLAN Systems and Wireless IP for Next Generation Communications” and “Wireless LANs and Wireless IP Security, Mobility, QoS and Mobile Network Integration”, published by Artech House, 2001 and 2005. She has supervised several Masters Students projects.In December 1997 she won Best Paper award for her work on ISMA Protocol (Inhibit Sense Multiple Access). Her current research interest lies in wireless security, mobility, mesh networks, WSN, WPAN and heterogeneous networks.She was the Technical Program Committee Co-Chair IWS2005/WPMC05 held on September 18–22, 2005 in Aalborg. She is the Project Coordinator of EC Network of Excellence Project CRUISE on Wireless Sensor Networks. She is also cluster leader of EC Cluster for Sensor Networks. Mahbubul Alam, Ph.D. student at Center for TeleInfrastruktur (CTIF), Aalborg University, Denmark. He is with Cisco Systems, Inc. Netherlands from 2001 and worked as Consulting Systems Engineer in the field of mobile and wireless technology and since September 2002 he works as Business Analyst in areas of mobile, wireless and security. He is now based in Cisco Systems, Inc. San Jose, CA, USA, with focus on home networking, wireless and security. Previously he was with Siemens Netherlands as Systems Engineer and as Technical Team Leader of UMTS group. He received M. Sc. degree in Electrical & Electronic Engineering from Delft University of Technology, The Netherlands in 1998. He has published several papers at international conferences, journals, IEEE communication magazine and chapters for books. His research interest is in the field of wireless sensor networks.     

Dynamic Adaptive Routing for a Heterogeneous Wireless Network

This paper presents an integrated architecture of a Heterogeneous Wireless Network (HWN) and a dynamic adaptive routing protocol (DARP) for a HWN. To allow mobile users versatile communication with anyone or any device at any place and anytime, HWN integrates cellular network with an ad hoc network (independent Basic Service Set) in wireless local area network (WLAN) and reserves advantages of sizable coverage in a cellular network and high data rate in deployable ad hoc network. It also enlarges the scope of communication for ad hoc network and improves the throughput for cellular network. Consequently, nodes in HWN can communicate with each other or access Internet ubiquitously. We also address the routing issues for HWN, because the routing protocol for HWN is different from those used in cellular network or ad hoc network. The dynamic adaptive routing protocol establishes a better path for the source to arrive at the destination across multiple hops or cellular network and provides appropriate QoS (quality of service) in HWN.Through simulation, we will demonstrate the merit of the HWN, proposed routing performance on HWN and overhead of control traffic. A performance analysis of the proposed protocol is depicted. The results of the analysis, and simulations, are presented and discussed.