基于国家标准GB15629．11的无线局域网鉴别技术

文章主要研究了无线局域网国家标准GB15629.11中的安全接入技术,并介绍了其中的一种重要的鉴别协议——证书鉴别。该标准包含全新的WAPI(WLANAuthenticationandPrivacyInfrastructure)安全机制,这种安全机制由WAI(WLANAuthenticationInfras-tructure)和WPI(WLANPrivacyInfrastructure)两部分组成。WAI和WPI分别实现用户身份的鉴别和传输数据的加密。WAI的证书鉴别过程,实现了BSS中的STA与AP的双向鉴别,对于采用"假"AP的攻击方式具有很强的抵御能力。WPI中的会话密钥没有在信道上进行传输,而且在通信一段时间或者交换一定数量的数据之后,STA和AP之间可以重新协商会话密钥。从而验证了WAPI能为用户的WLAN系统提供全面的安全保护。

WLAN Authentication Technology Based on the National Standard GB15629.11

This paper studies the secure access technology in GB15629.11 protocol and an important authentication technology named certificate authentication in the WLAN protocol of GB15629.11 which includes the bran-new security mechanism of WAPI. It is composed of WAI and WPI. WAI is used to authenticate the user's identity and WPI is for the encryption of transferred data. The process of certificate authentication realizes the mutual authentication over STA and AP in BSS. It has very strong ability to resist the fake AP attack. The session key of WPI doesn't transfer in the channel and can be reestablished after a section time or some data exchange. It is proved that WAPI can provide the whole security protect for user's WLAN system.