无线局域网的安全方法与技术研究
|
摘要
随着计算机网络的迅速发展,无线局域网WLAN因其有灵活的移动能力和足够高的传输速率而被人们越来越广泛地应用在各个领域。由于无线局域网采用无线媒体传输,具有信道开放的特点,故对它的安全要求比有线环境更高。随着无线网络的迅速,人们对无线局域网的安全性提出了更高的要求。
目前IEEE802.11无线局域网暴露出了一系列安全问题。在认证方面,802.11无线局域网采用的几种认证方式都存在安全漏洞:开放式认证是一个空认证,起不到安全保护作用;共享密钥认证也存在缺陷;对于基于ESSID的认证,由于ESSID被以明文形式广播,所以基于网络名的认证技术也不能防止非授权用户对受保护网络的非法访问;由于伪造合法MAC地址等原因使得基于MAC地址过滤的认证技术也不能保证无线局域网的安全。在数据加密方面,当前市面上的WLAN都采用有线等价保密协议WEP来实现对数据的加密和完整性保护,但由于该协议采用RC4加密算法,使得WEP存在一些漏洞,不能确保数据的安全性和完整性。WEP协议设计上的缺陷引起了IEEE的重视,它委托802.11i任务组制定新的标准来加强WLAN的安全性。于是于2004年6月IEEE推出了新的802.11i标准。
802.11i标准主要是针对WLAN的安全需求而制定的,它从数据加密、接入认证控制和密钥管理等方面对WLAN的安全做了全面的保护,使得数据能够安全地在无线网络中传输。在数据加密方面,802.11i采用了TKIP或CCMP加密机制;在接入认证方面,802.11i采用了802.11x标准和EAP协议及RADIUS协议;在密钥管理上,802.11i采用了四次握手协议和组播密钥握手协议,可以说802.11i标准从各个方面加强了WLAN的安全性能,到目前为止并没有发现其安全漏洞。
论文最后分析了3G移动网与WLAN互通系统的安全威胁、安全需求和安全机制。分析了3G系统的安全机制,对3G系统与WLAN系统互联之间的接入认证进行了详细的分析。
本文对现有的无线局域网中的安全技术作了深入细致的分析,针对当前无线局域网所面临的问题,特别是在国内外有重要影响的安全技术进行了深入的研究,也对3G移动网与WLAN的互联安全进行了一定的探索。
With the rapid development of computer network, WLAN was applied to various fields widely for its flexible removing and high transmitting rate. WLAN is wireless media transmitting with open channel, therefore it has higher security requirement than that with wire. The security of WLAN is more highly demanded due to its rapid development.
At present a series of security problems of IEEE802.11 was uncovered. There are security leaks in existence by several authentication methods: open authentication is a useless one, which can not protect the network; the sharing key authentication is also far from perfect; as for the authentication based on ESSID, which was proclaimed in writing, therefore illegal accessing can also access to the protected network and it can not be prohibited by the authentication technology on basis of network names; the authentication technology which based on MAC address filtration can not guarantee the security of WLAN due to faking illegal MAC address. The WLAN in market mostly realized data encrypted and integral protected by wire equivalence secrecy protocol WEP, which adopted RC4 encrypting algorithm, can not guarantee the security and integrality of data. The shortcomings of WEP protocol in design attracted the attention of IEEE, and 802.11i group was assigned to set new standard to enforce the security of WLAN. Therefore a new standard was put forwarded by IEEE in Jule, 2004.
802.11i standard was aimed at meeting the requirement of WLAN security, and it generally protect WLAN security by encrypting data, accessing authentication control and key management, which enabled data transmit in wireless network safely. 802.11i adopted TKIP or CCMP encrypting mechanism; and 802.11x standard and EAP protocol as well as RADIUS protocol was applied in it also. 802.11i standard adopted the 4th handshaking protocol and multicast key handshaking protocol to realize key management. It’s safe to say that 802.11i standard enforced the security of WLAN from every aspect, and there is no security leak was found until now.
In the last part of this thesis, the security threats, the security requirements and mechanism of systemic exchange between 3G mobile network and WLAN was particularly analyzed as well as the security mechanism of 3G systems, and the accessing authentication interconnection between 3G system and WLAN system was analyzed in details.
In this thesis, the security technology of present WLAN was analyzed deeply which aimed at solving the problems of WLAN at present, especially security technology that had great influence at home and abroad, there is also a new approach which probes into the security of interconnection of 3G mobile network and WLAN as well.
目前IEEE802.11无线局域网暴露出了一系列安全问题。在认证方面,802.11无线局域网采用的几种认证方式都存在安全漏洞:开放式认证是一个空认证,起不到安全保护作用;共享密钥认证也存在缺陷;对于基于ESSID的认证,由于ESSID被以明文形式广播,所以基于网络名的认证技术也不能防止非授权用户对受保护网络的非法访问;由于伪造合法MAC地址等原因使得基于MAC地址过滤的认证技术也不能保证无线局域网的安全。在数据加密方面,当前市面上的WLAN都采用有线等价保密协议WEP来实现对数据的加密和完整性保护,但由于该协议采用RC4加密算法,使得WEP存在一些漏洞,不能确保数据的安全性和完整性。WEP协议设计上的缺陷引起了IEEE的重视,它委托802.11i任务组制定新的标准来加强WLAN的安全性。于是于2004年6月IEEE推出了新的802.11i标准。
802.11i标准主要是针对WLAN的安全需求而制定的,它从数据加密、接入认证控制和密钥管理等方面对WLAN的安全做了全面的保护,使得数据能够安全地在无线网络中传输。在数据加密方面,802.11i采用了TKIP或CCMP加密机制;在接入认证方面,802.11i采用了802.11x标准和EAP协议及RADIUS协议;在密钥管理上,802.11i采用了四次握手协议和组播密钥握手协议,可以说802.11i标准从各个方面加强了WLAN的安全性能,到目前为止并没有发现其安全漏洞。
论文最后分析了3G移动网与WLAN互通系统的安全威胁、安全需求和安全机制。分析了3G系统的安全机制,对3G系统与WLAN系统互联之间的接入认证进行了详细的分析。
本文对现有的无线局域网中的安全技术作了深入细致的分析,针对当前无线局域网所面临的问题,特别是在国内外有重要影响的安全技术进行了深入的研究,也对3G移动网与WLAN的互联安全进行了一定的探索。
With the rapid development of computer network, WLAN was applied to various fields widely for its flexible removing and high transmitting rate. WLAN is wireless media transmitting with open channel, therefore it has higher security requirement than that with wire. The security of WLAN is more highly demanded due to its rapid development.
At present a series of security problems of IEEE802.11 was uncovered. There are security leaks in existence by several authentication methods: open authentication is a useless one, which can not protect the network; the sharing key authentication is also far from perfect; as for the authentication based on ESSID, which was proclaimed in writing, therefore illegal accessing can also access to the protected network and it can not be prohibited by the authentication technology on basis of network names; the authentication technology which based on MAC address filtration can not guarantee the security of WLAN due to faking illegal MAC address. The WLAN in market mostly realized data encrypted and integral protected by wire equivalence secrecy protocol WEP, which adopted RC4 encrypting algorithm, can not guarantee the security and integrality of data. The shortcomings of WEP protocol in design attracted the attention of IEEE, and 802.11i group was assigned to set new standard to enforce the security of WLAN. Therefore a new standard was put forwarded by IEEE in Jule, 2004.
802.11i standard was aimed at meeting the requirement of WLAN security, and it generally protect WLAN security by encrypting data, accessing authentication control and key management, which enabled data transmit in wireless network safely. 802.11i adopted TKIP or CCMP encrypting mechanism; and 802.11x standard and EAP protocol as well as RADIUS protocol was applied in it also. 802.11i standard adopted the 4th handshaking protocol and multicast key handshaking protocol to realize key management. It’s safe to say that 802.11i standard enforced the security of WLAN from every aspect, and there is no security leak was found until now.
In the last part of this thesis, the security threats, the security requirements and mechanism of systemic exchange between 3G mobile network and WLAN was particularly analyzed as well as the security mechanism of 3G systems, and the accessing authentication interconnection between 3G system and WLAN system was analyzed in details.
In this thesis, the security technology of present WLAN was analyzed deeply which aimed at solving the problems of WLAN at present, especially security technology that had great influence at home and abroad, there is also a new approach which probes into the security of interconnection of 3G mobile network and WLAN as well.
引文
[1] IEEE. Std 802.11. 1999 Edition. August 1999
[2] IEEFE. Std 802.11i. 2004. July 2004
[3] IEEE. Std 802.1X. 2001. June 2001
[4] 3G Security. Security principles and objectives (R4). 3GPP.TS33.120 v4.0.0.2001
[5] 3G Security. Security architecture (R6). 3GPP.TS 33.102 vb.3.0.2004
[6] 3G Security. Integration guidelines (R4). 3GPP.TS 33.103 v4.2.0.2001
[7] Standards for Wi-Fi Alliance. WPA for 802.11 ver2. 2003 Edition.
[8] Feasibility study on 3GPP system to Wireless Local Area Network (WLAN) interworking (R6). 3GPP TR 22.934 v6.2.0. 2003
[9] 3G Security. Wireless Local Area Network(WLAN)interworking seucrity (R6). 3GPP TS 33.234 v6.3.0. 2004
[10] Requirements on 3GPP system to Wireless Local Area Network (WLAN) interworking (R6). 3GPP TS 33.234 v6.3.0. 2004
[11] Jesse Walker. "802.11 Security Series: The Wired Equivalent Privacy (WEP) ". Intel. 2001
[12] 3GPP TD S3-030081. WLAN-Certificate-Based Protection of IMSI for EAP-SIM/AKA
[13] John Mesenbrink. The wireless frontier. Security. Troy. Nov 2003,40
[14] Paul Congdon. IEEE802.1x RADIUS Usage Guidelines. Networking Group. 2003
[15] Carli M, Rosetti A, Neri A. Integrated security architecture for WLAN. Telecommunications. 2003
[16] Ding PQ, Holliday JN, Celik A. Improving the security of wireless LANs by managing 802.1x disassociation. Consumer Communications and Networkine Conference. 2004
[17] Findlay D, Flygare H, Hancock R, etc. 3G interworking with wireless LANs. 3G Mobile Communication Technologies. 2002.
[18] 中国宽带无线 IP 标准工作组.无线局域网媒体访问(MAC)和物理(PHY )层规范.GB 15629.2003 年
[19] 马健峰等.无线局域网安全.机械工业出版社.2005 年
[20] 王顺满.无线局域网络技术与安全.机械工业出版社.2005 年
[21] 沈平,耿嘉,曹秀英.无线局域网安全系统.电子工业出版社.2004 年
[22] 爱德尼,阿博,周正.无线局域网安全实务.人民邮电出版社.2006 年
[23] 鲁智勇,熊志昂,李志勇.无线局域网及其对抗技术.国防工业出版社.2006 年
[24] 杨军,李瑛,杨章玉.无线局域网组建实战.电子工业出版社.2006 年
[25] 钟章队,赵红礼,吴昊.无线局域网.科学出版社.2004 年
[26] 刘乃安,李晓辉.无线局域网(WLAN).西安电子科技大学出版社.2004 年
[27] 钱进.无线局域网技术与应用.电子工业出版.2004 年
[28] 西恩帕,王顺满.无线局域网设计与实现.科学出版社.2003 年
[29] 金纯,陈林星等.IEEE802. 11 无线局域网.电子工业出版社.2004 年 1 月
[30] 李波,雷维礼.IEEE 802.11i 标准与 WLAN 的安全性.通信与信息技术.2004 年 04 期
[31] 张丰翼.无线局域网安全机制研究.西安电子科技大学.2004 年 1 月
[32] 李林.无线局域网安全机制的分析与研究.西安电子科技大学.2005 年 1 月
[33] 刘晓寒.无线局域网安全技术研究及改进.西安电子科技大学.2004 年 1 月
[34] 刘剑波.无线局域网安全协议 IEEE 80211i 的研究与实现.华东师范大学.2004 年 3 月
[35] 凶江.无线局域网中的信息安全保护研究.重庆大学.2006 年 3 月
[36] 赖晓龙.80211 无线局域网的安全技术. 西安电子科技大学.2004 年 1 月
[37] 周琦.无线局域网安全及认证研究.华中科技大学.2004 年 5 月
[38] 赵志飞.无线局域网安全技术研究.西安电子科技大学.2005 年 1 月
[39] 周劼.无线局域网安全与认证系统的研究.东华大学.2006 年 1 月
[2] IEEFE. Std 802.11i. 2004. July 2004
[3] IEEE. Std 802.1X. 2001. June 2001
[4] 3G Security. Security principles and objectives (R4). 3GPP.TS33.120 v4.0.0.2001
[5] 3G Security. Security architecture (R6). 3GPP.TS 33.102 vb.3.0.2004
[6] 3G Security. Integration guidelines (R4). 3GPP.TS 33.103 v4.2.0.2001
[7] Standards for Wi-Fi Alliance. WPA for 802.11 ver2. 2003 Edition.
[8] Feasibility study on 3GPP system to Wireless Local Area Network (WLAN) interworking (R6). 3GPP TR 22.934 v6.2.0. 2003
[9] 3G Security. Wireless Local Area Network(WLAN)interworking seucrity (R6). 3GPP TS 33.234 v6.3.0. 2004
[10] Requirements on 3GPP system to Wireless Local Area Network (WLAN) interworking (R6). 3GPP TS 33.234 v6.3.0. 2004
[11] Jesse Walker. "802.11 Security Series: The Wired Equivalent Privacy (WEP) ". Intel. 2001
[12] 3GPP TD S3-030081. WLAN-Certificate-Based Protection of IMSI for EAP-SIM/AKA
[13] John Mesenbrink. The wireless frontier. Security. Troy. Nov 2003,40
[14] Paul Congdon. IEEE802.1x RADIUS Usage Guidelines. Networking Group. 2003
[15] Carli M, Rosetti A, Neri A. Integrated security architecture for WLAN. Telecommunications. 2003
[16] Ding PQ, Holliday JN, Celik A. Improving the security of wireless LANs by managing 802.1x disassociation. Consumer Communications and Networkine Conference. 2004
[17] Findlay D, Flygare H, Hancock R, etc. 3G interworking with wireless LANs. 3G Mobile Communication Technologies. 2002.
[18] 中国宽带无线 IP 标准工作组.无线局域网媒体访问(MAC)和物理(PHY )层规范.GB 15629.2003 年
[19] 马健峰等.无线局域网安全.机械工业出版社.2005 年
[20] 王顺满.无线局域网络技术与安全.机械工业出版社.2005 年
[21] 沈平,耿嘉,曹秀英.无线局域网安全系统.电子工业出版社.2004 年
[22] 爱德尼,阿博,周正.无线局域网安全实务.人民邮电出版社.2006 年
[23] 鲁智勇,熊志昂,李志勇.无线局域网及其对抗技术.国防工业出版社.2006 年
[24] 杨军,李瑛,杨章玉.无线局域网组建实战.电子工业出版社.2006 年
[25] 钟章队,赵红礼,吴昊.无线局域网.科学出版社.2004 年
[26] 刘乃安,李晓辉.无线局域网(WLAN).西安电子科技大学出版社.2004 年
[27] 钱进.无线局域网技术与应用.电子工业出版.2004 年
[28] 西恩帕,王顺满.无线局域网设计与实现.科学出版社.2003 年
[29] 金纯,陈林星等.IEEE802. 11 无线局域网.电子工业出版社.2004 年 1 月
[30] 李波,雷维礼.IEEE 802.11i 标准与 WLAN 的安全性.通信与信息技术.2004 年 04 期
[31] 张丰翼.无线局域网安全机制研究.西安电子科技大学.2004 年 1 月
[32] 李林.无线局域网安全机制的分析与研究.西安电子科技大学.2005 年 1 月
[33] 刘晓寒.无线局域网安全技术研究及改进.西安电子科技大学.2004 年 1 月
[34] 刘剑波.无线局域网安全协议 IEEE 80211i 的研究与实现.华东师范大学.2004 年 3 月
[35] 凶江.无线局域网中的信息安全保护研究.重庆大学.2006 年 3 月
[36] 赖晓龙.80211 无线局域网的安全技术. 西安电子科技大学.2004 年 1 月
[37] 周琦.无线局域网安全及认证研究.华中科技大学.2004 年 5 月
[38] 赵志飞.无线局域网安全技术研究.西安电子科技大学.2005 年 1 月
[39] 周劼.无线局域网安全与认证系统的研究.东华大学.2006 年 1 月