无线局域网密钥管理机制研究
|
摘要
无线局域网(Wireless Lan)是高速发展的现代无线通信技术在计算机网络中的典型应用。从开始出现到现在规模,尽管才短短几年时间,WLAN却能依其灵活移动性、安装简单快速、运行成本低廉、可扩展性强、便于维护和管理等原因,发展十分迅速。但是WLAN的安全标准的研究却始终跟不上WLAN技术的发展,在密钥管理方面上,安全问题尤其突出。由于缺乏必要的密钥管理机制来产生和分发密钥,很多IEEE802.11WLAN在很不安全的环境下工作。这些WLAN对于刚入门的新手来说都是一个很容易攻击的目标,只要他刚好在运行此无线局域网建筑物的附近。
本文首先讨论了无线局域网从开始出现到现在,为解决安全问题,推出的安全措施。这些措施最典型的是Wi-Fi标准技术,相继采用了如WEP、WPA、VPN、802.11x、802.11i等方法试图保证WLAN安全。本文描述了这些措施,并分析这些措施存在的安全漏洞。
其次,本文介绍了一些基本的密钥管理技术,描述了密钥管理的管理策略,密钥管理的基本要素和密钥的生成方法,重点介绍了密钥分配协议(公开密钥分发和秘密密钥分发)。
然后,本文根据WEP、IEEE802.1X存在的密钥管理问题,提出基于广播的密钥分发方法,为WEP配置密钥分发机制。这种方法能够动态地生成和分发密钥,能够实现密钥的更新。
接着,本文就基于广播的密钥分发方法存在的问题,提出一种基于组播密钥分发机制的密钥分发方法。该方法在增加少量的密钥存储空间和占用适量的带宽的情况下,对组播的密钥分发帧进行加密,有效减小了密钥分发帧的长度。
最后,本文介绍了无线局域网的密钥管理系统,描述了强安全网络(RSN)的相关密钥管理机制,并分析了其中存在的问题。提出利用改进的Diffie-Hellman密钥交换方案和改进的SAKA算法,解决RSN中的密钥生成和更新问题。
With the high development of wirelss communication technology,WLAN has already become the typical applicantion of the network。WLAN has been resreached for only several years,with the flexible movement、fast and simple installment、the lower cost 、 robust expansibility and the convenience of maintenance and management,it developes quickly。But the research of it’s security standard can’t match with the development of the Wlan technology.The security problem is outstanding in key management.Without key management mechanism to generate and distribute key, As a consequence many IEEE 802.11 WLANs are operated in a completely insecure manner,representing an easy-to-attack target for even the most unskilled attackers, who happen to pass by near a building where an IEEE 802.11 WLAN is operated.
First,This arcticle discuss the wlan security method from its appearance till now.The outstanding method is Wi-Fi standard technology,it adopt several methods to security wlan such as WEP,WPA,802.11X,802.11i.This arcticle describe this methods and their shortage are analyzed.
Then,This arcticle introduce the technology of key management,describe the strategy of key management,the fator of the key management and the generation of key,The key distribution protocol is emphasized.(the public key distribution and the secret key distribution)
And then under the key management problem of WEP and IEEE802.1X,this arcticle propose a key distribution based on the brocast key distribution frame,configure WEP with key distribution mechanism.This mechanism can generate , update and distribute the key dynamicly.
Then under the problem of the key distribution based on the brocast key distribution frame,this arcticle propose a key distribution based on the multicast key distribution frame.With a few more storage and a few more bandwidth , this mechanism secure the key distribution frame,make the key distribution frame shorter.
At the last,this arcticle introduce wlan key managemenet system,describe the key
management mechanism of RSN,analyze the problem in RSN.The improved Diffie-Hellman arithmetic and the improved SAKA arithmetic are proposed to resolve the problem of the key generation and updation.
本文首先讨论了无线局域网从开始出现到现在,为解决安全问题,推出的安全措施。这些措施最典型的是Wi-Fi标准技术,相继采用了如WEP、WPA、VPN、802.11x、802.11i等方法试图保证WLAN安全。本文描述了这些措施,并分析这些措施存在的安全漏洞。
其次,本文介绍了一些基本的密钥管理技术,描述了密钥管理的管理策略,密钥管理的基本要素和密钥的生成方法,重点介绍了密钥分配协议(公开密钥分发和秘密密钥分发)。
然后,本文根据WEP、IEEE802.1X存在的密钥管理问题,提出基于广播的密钥分发方法,为WEP配置密钥分发机制。这种方法能够动态地生成和分发密钥,能够实现密钥的更新。
接着,本文就基于广播的密钥分发方法存在的问题,提出一种基于组播密钥分发机制的密钥分发方法。该方法在增加少量的密钥存储空间和占用适量的带宽的情况下,对组播的密钥分发帧进行加密,有效减小了密钥分发帧的长度。
最后,本文介绍了无线局域网的密钥管理系统,描述了强安全网络(RSN)的相关密钥管理机制,并分析了其中存在的问题。提出利用改进的Diffie-Hellman密钥交换方案和改进的SAKA算法,解决RSN中的密钥生成和更新问题。
With the high development of wirelss communication technology,WLAN has already become the typical applicantion of the network。WLAN has been resreached for only several years,with the flexible movement、fast and simple installment、the lower cost 、 robust expansibility and the convenience of maintenance and management,it developes quickly。But the research of it’s security standard can’t match with the development of the Wlan technology.The security problem is outstanding in key management.Without key management mechanism to generate and distribute key, As a consequence many IEEE 802.11 WLANs are operated in a completely insecure manner,representing an easy-to-attack target for even the most unskilled attackers, who happen to pass by near a building where an IEEE 802.11 WLAN is operated.
First,This arcticle discuss the wlan security method from its appearance till now.The outstanding method is Wi-Fi standard technology,it adopt several methods to security wlan such as WEP,WPA,802.11X,802.11i.This arcticle describe this methods and their shortage are analyzed.
Then,This arcticle introduce the technology of key management,describe the strategy of key management,the fator of the key management and the generation of key,The key distribution protocol is emphasized.(the public key distribution and the secret key distribution)
And then under the key management problem of WEP and IEEE802.1X,this arcticle propose a key distribution based on the brocast key distribution frame,configure WEP with key distribution mechanism.This mechanism can generate , update and distribute the key dynamicly.
Then under the problem of the key distribution based on the brocast key distribution frame,this arcticle propose a key distribution based on the multicast key distribution frame.With a few more storage and a few more bandwidth , this mechanism secure the key distribution frame,make the key distribution frame shorter.
At the last,this arcticle introduce wlan key managemenet system,describe the key
management mechanism of RSN,analyze the problem in RSN.The improved Diffie-Hellman arithmetic and the improved SAKA arithmetic are proposed to resolve the problem of the key generation and updation.
引文
[1]曹秀英等.无线局域网安全系统.电子工业出版社.2004-3
[2]李珊. WLAN 安全问题现状.世界电信.2004-8
[3]刘琦,杨灿群.wep 的安全分析.无线通信技术.2003-2
[4]陈占计等.基于 IEEE802.11i 标准的 WLAN 安全性分析.中国数据通信.2005-5
[5]何秉姣.基于 VPN 技术实现 WLAN 的安全存取.武汉理工大学学报.2004-4
[6]王建新,罗建军.无线局域网中的入侵检测.电信快报.2004-10
[7]郑君杰,肖军模,程林.wapi 协议及其安全性分析.电视技术.2004-5
[8]林柏钢.网络与信息安全教程.机械工业出版社.2004-7
[9]李庆,梁学俊,江汉红.无线局域网 wep 协议安全漏洞研.微机发展.2004-11
[10]姜楠,王健.Wi-Fi 保护接入 wpa.计算机安全.2005-3
[11]沈孟坤.ieee802.1x——基于端口的接入控制协议.广播电视信息.2002-12
[12]王鹏卓,张尧弼.802.11 WLAN 的安全缺陷及其对策.计算机工程.2004-3
[13]秦杰生,曹秀英.在无线局域网(WLAN)中 eap-tls 认证的应用.计算机安全. 2004-9
[14] Ted Choc,Tracey Diamond,Maleika C. Holder,Mahesh Palekar. Wireless Local Area Network (WLAN) Security-The 802.11i Solution .Research Paper.2004 年 9 月
[15] B. Aboba and D. Simon. PPP EAP TLS Authentication Protocol. RFC 2716, October 1999.
[16] H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing for Message Authentication. RFC 2104, February 1997.
[17] N. Borisov, I. Goldberg, and D. Wagner. Intercepting Mobile Communications: The Insecurity of 802.11. Draft Paper, http://www.isaac.cs.berkeley.edu/isaac/wep-draft.pdf, March 2001.
[18] 徐明伟, 董晓虎, 徐 恪.组播密钥管理的研究进展.软件学报.2005-1
[19]Waldvogel M, Garonni G, Sun D, Weiler N, Plattner B. The VersaKey framework: Versatile group key management. IEEE Journal on Selected Areas in Communications (Special Issue on Middleware), 1999,17(9):1614~1631.
[20]Balenson D, McGrew D, Sherman A. Key management for large dynamic groups: One-Way function trees and amortized initialization. IETF Internet Draft (work in progress), 2000.
[21]Canetti R, Caray J, Itkis G, Micciancio D, Naorr M, Pinkas B. Multicast security: A taxonomy and some efficient constructions. In: Proc. of the INFOCOM’99. New York, 1999. 708~716.
[22] 孔晖,徐秋亮, 郑志华.几种典型的认证 Diffie-Hellman 型密码共识协议的分析与比较.计算机工程与应用.2001-18
[23]Seo D,Sweeney p.Simple authenticated key agreement algorithm. Electron.Lett. ,1999; 35(13): 1073~1074
[24]Tseng Y M.Weakness in simple authenticated key agreement protocol.Electron.Lett.,2000; 36 (1):48~49
[25]KU W C,WANG S D.Cryptanalysis of modified authenticated key agreement protocol. Electron .lett.,2000; 36(21):1770~1771
[26]Sun H.On the security of simple authenticated key agreement algorithm.Proceedings of the Management Theory Workshop’2000,2000
[27]Lin I C,C-hang C C,Hwang M S. Security enhancement for the simple authentication Key agreement algorithm.24th Ann. Int.Computer software and Application Conf.,2000:113~115
[28]Hsieh B T,Sun H M,Hwang T.Cryptanalysis of enhancement for simple authenticated key agreement algorithm
[29]马逵.无线局域网安全认证技术的关键技术-802.1X 认证系统的研究和实现.[硕士学位论文] .东南大学.2004-3
[30]沈芳阳.基于 IEEE802.11 系列标准的无线局域网安全性研究.[硕士学位论文] .广东工业大学.2004-3
[31]赖晓龙.802.11 无线局域网的安全技术.[硕士学位论文] .西安电子科技大学.2004-1
[32]张龙军.无线局域网安全技术研究.[博士后论文] .中山大学.2003-5
[33]范小鹏.无线局域网中组播的应用和实现.[硕士学位论文] .北京邮电大学.2004-6
[34] Yang L, Li XS, Zhang XB, Lam SS. Reliable group rekeying: A performance analysis. In: ACM SIGCOMM 2001. San Diego,2001. 27~31.
[2]李珊. WLAN 安全问题现状.世界电信.2004-8
[3]刘琦,杨灿群.wep 的安全分析.无线通信技术.2003-2
[4]陈占计等.基于 IEEE802.11i 标准的 WLAN 安全性分析.中国数据通信.2005-5
[5]何秉姣.基于 VPN 技术实现 WLAN 的安全存取.武汉理工大学学报.2004-4
[6]王建新,罗建军.无线局域网中的入侵检测.电信快报.2004-10
[7]郑君杰,肖军模,程林.wapi 协议及其安全性分析.电视技术.2004-5
[8]林柏钢.网络与信息安全教程.机械工业出版社.2004-7
[9]李庆,梁学俊,江汉红.无线局域网 wep 协议安全漏洞研.微机发展.2004-11
[10]姜楠,王健.Wi-Fi 保护接入 wpa.计算机安全.2005-3
[11]沈孟坤.ieee802.1x——基于端口的接入控制协议.广播电视信息.2002-12
[12]王鹏卓,张尧弼.802.11 WLAN 的安全缺陷及其对策.计算机工程.2004-3
[13]秦杰生,曹秀英.在无线局域网(WLAN)中 eap-tls 认证的应用.计算机安全. 2004-9
[14] Ted Choc,Tracey Diamond,Maleika C. Holder,Mahesh Palekar. Wireless Local Area Network (WLAN) Security-The 802.11i Solution .Research Paper.2004 年 9 月
[15] B. Aboba and D. Simon. PPP EAP TLS Authentication Protocol. RFC 2716, October 1999.
[16] H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing for Message Authentication. RFC 2104, February 1997.
[17] N. Borisov, I. Goldberg, and D. Wagner. Intercepting Mobile Communications: The Insecurity of 802.11. Draft Paper, http://www.isaac.cs.berkeley.edu/isaac/wep-draft.pdf, March 2001.
[18] 徐明伟, 董晓虎, 徐 恪.组播密钥管理的研究进展.软件学报.2005-1
[19]Waldvogel M, Garonni G, Sun D, Weiler N, Plattner B. The VersaKey framework: Versatile group key management. IEEE Journal on Selected Areas in Communications (Special Issue on Middleware), 1999,17(9):1614~1631.
[20]Balenson D, McGrew D, Sherman A. Key management for large dynamic groups: One-Way function trees and amortized initialization. IETF Internet Draft (work in progress), 2000.
[21]Canetti R, Caray J, Itkis G, Micciancio D, Naorr M, Pinkas B. Multicast security: A taxonomy and some efficient constructions. In: Proc. of the INFOCOM’99. New York, 1999. 708~716.
[22] 孔晖,徐秋亮, 郑志华.几种典型的认证 Diffie-Hellman 型密码共识协议的分析与比较.计算机工程与应用.2001-18
[23]Seo D,Sweeney p.Simple authenticated key agreement algorithm. Electron.Lett. ,1999; 35(13): 1073~1074
[24]Tseng Y M.Weakness in simple authenticated key agreement protocol.Electron.Lett.,2000; 36 (1):48~49
[25]KU W C,WANG S D.Cryptanalysis of modified authenticated key agreement protocol. Electron .lett.,2000; 36(21):1770~1771
[26]Sun H.On the security of simple authenticated key agreement algorithm.Proceedings of the Management Theory Workshop’2000,2000
[27]Lin I C,C-hang C C,Hwang M S. Security enhancement for the simple authentication Key agreement algorithm.24th Ann. Int.Computer software and Application Conf.,2000:113~115
[28]Hsieh B T,Sun H M,Hwang T.Cryptanalysis of enhancement for simple authenticated key agreement algorithm
[29]马逵.无线局域网安全认证技术的关键技术-802.1X 认证系统的研究和实现.[硕士学位论文] .东南大学.2004-3
[30]沈芳阳.基于 IEEE802.11 系列标准的无线局域网安全性研究.[硕士学位论文] .广东工业大学.2004-3
[31]赖晓龙.802.11 无线局域网的安全技术.[硕士学位论文] .西安电子科技大学.2004-1
[32]张龙军.无线局域网安全技术研究.[博士后论文] .中山大学.2003-5
[33]范小鹏.无线局域网中组播的应用和实现.[硕士学位论文] .北京邮电大学.2004-6
[34] Yang L, Li XS, Zhang XB, Lam SS. Reliable group rekeying: A performance analysis. In: ACM SIGCOMM 2001. San Diego,2001. 27~31.