802.1X协议分析及LINUX平台下的实现
摘要
随着以太网技术的飞速发展,其应用也日益广泛。目前,在校园网络中,以太网技术既是使用最广泛的组网技术,也成为用户计算机入网接入技术的首选。出于网络安全的考虑和计费的需要,网络管理者和运营商都明显地感到了对以太网端口进行控制的需求。在这样的背景下,802.1X协议应运而生,从而为以太网环境提供了一种标准的基于端口的访问控制机制和认证手段。
网络上原有的认证系统如PPPoE和WEB认证技术,已经越来越不适应宽带发展的认证需求。IEEE 802.1X认证技术有着简洁高效,易于实现,安全可靠,易于经营等优点,因此被广泛地应用于校园网认证中。
本论文首先较全面的分析了802.1X协议产生的背景、认证体系结构和通信规范;并将802.1X协议与传统接入认证技术如PPPoE、WEB进行比较,总结出802.1X认证技术的特点与优势,以及该技术的应用前景。针对LINUX对802.1X支持不够的情况,本文设计实现了LINUX平台下的802.1X认证。在此基础上详细分析了客户端软件在基于802.1X的接入认证过程中必不可少的重要作用以及其提供的基本功能。同时,为保证用户接入的合法性,在其传输报文中添加用户信息模块,并对LINUX下真实MAC地址的提取做了尝试。最后,利用Libpcap函数库实现了LINUX下数据抓包,检验了认证过程的正确性。
Continuous progress in Ethenet techniques has made it a prominent network technology,not only for building up LANs,MANs,and WANs,but also for accessing these works in compus network. As a result,there is an urgent need for access control in an Ethernet environment,and finally in 2001,the standard of 802.1X was defineded by an IEEE802 working group.IEEE 802.1X is a port based access control protocol,whichprovides a standard mechanism and authorization method for users connected to Ethernet port.
The traditional authentication system, such as PPPoE and Web,can't meet the authentication requirements for campus network development.IEEE 802.1x authentication is high efficient, easy to implement, safe and reliable, so it is widely applied to the authentication of campus network.
At first, this thesis analyses something roundly about the standard of 802.1X, such as the background of its appearance,the system architechure and communication protocols adopted by it,summarise the characters,advantages and foreground of 802.1xX protocol while Comparing with PPPoE and Web. ity.Supported the insufficient situation in view of the LINUX client side to 802.1X,this article designs realizes under LINUX to authenticate.Secondly,this thesis point out the importance of 802.1X client software and analyses the functions that 802.1X client software should provide.Thirdly,this thesis provide a method of adding the information of users into the authentication for the purpose of verifying the users,and tried something to get the real MAC.At last,this thesis verifies the process of 802.1X authentication using Libpcap stresses a packet in LINUX.
网络上原有的认证系统如PPPoE和WEB认证技术,已经越来越不适应宽带发展的认证需求。IEEE 802.1X认证技术有着简洁高效,易于实现,安全可靠,易于经营等优点,因此被广泛地应用于校园网认证中。
本论文首先较全面的分析了802.1X协议产生的背景、认证体系结构和通信规范;并将802.1X协议与传统接入认证技术如PPPoE、WEB进行比较,总结出802.1X认证技术的特点与优势,以及该技术的应用前景。针对LINUX对802.1X支持不够的情况,本文设计实现了LINUX平台下的802.1X认证。在此基础上详细分析了客户端软件在基于802.1X的接入认证过程中必不可少的重要作用以及其提供的基本功能。同时,为保证用户接入的合法性,在其传输报文中添加用户信息模块,并对LINUX下真实MAC地址的提取做了尝试。最后,利用Libpcap函数库实现了LINUX下数据抓包,检验了认证过程的正确性。
Continuous progress in Ethenet techniques has made it a prominent network technology,not only for building up LANs,MANs,and WANs,but also for accessing these works in compus network. As a result,there is an urgent need for access control in an Ethernet environment,and finally in 2001,the standard of 802.1X was defineded by an IEEE802 working group.IEEE 802.1X is a port based access control protocol,whichprovides a standard mechanism and authorization method for users connected to Ethernet port.
The traditional authentication system, such as PPPoE and Web,can't meet the authentication requirements for campus network development.IEEE 802.1x authentication is high efficient, easy to implement, safe and reliable, so it is widely applied to the authentication of campus network.
At first, this thesis analyses something roundly about the standard of 802.1X, such as the background of its appearance,the system architechure and communication protocols adopted by it,summarise the characters,advantages and foreground of 802.1xX protocol while Comparing with PPPoE and Web. ity.Supported the insufficient situation in view of the LINUX client side to 802.1X,this article designs realizes under LINUX to authenticate.Secondly,this thesis point out the importance of 802.1X client software and analyses the functions that 802.1X client software should provide.Thirdly,this thesis provide a method of adding the information of users into the authentication for the purpose of verifying the users,and tried something to get the real MAC.At last,this thesis verifies the process of 802.1X authentication using Libpcap stresses a packet in LINUX.
引文
[1]IEEE Std 802.1X-2001,IEEE Standard for Local and metropolitan area network-Port-Based Network Access Control.IEEE-2001
[2]王璐,曹秀英.EAP协议及其应用,通信技术,2002.7,127
[3]刘文明,改进型Radius组网方式.电信技术,2003,00(006)
[4]RFC 2865,Remote Authentication Dial In User Service(RADIUS)
[5]RFC 2284,PPP Extensible Authentication Protocol(EAP)
[6]毛拥华,802.1X认证技术分析及其应用建议,通信世界,2004,8:41~42
[7]郭立群,IEEE 802.1X认证技术的原理和应用,太原科技,2003,(6):72-73
[8]高祥,周林.802.1X协议及其在宽带接入中的应用.重庆邮电学院学报(自然科学版),2004,2:16.
[9]沈孟坤,IEEE 802.1X-基于端口的接入控制协议,广播电视信息,2002,(12):43~44,48
[10]IEEE 802.1X技术白皮书V1.0
[11]田辉,张彤,基于802.1X认证技术的应用分析,通信行业,2005
[12]高东怀,许卫中,802.1X认证技术分析及应用,医学信息,2004,(5):265~267
[13]彭伟,使用802.1X实现校园网认证,计算机应用.200323(003)
[14]曹敬,张敬平,RADIUS在远程接入安全认证中的应用,计算机工程与应用,2003,39(007)
[15]袁智坚,宽带接入网络中的主要认证技术,中国数据通信,2003,05(010)
[16]乐德广,PPPoE技术及其在宽带接入系统中的应用,计算机应用研究,2003,(3):130~136
[17]陈文洁,方涌,探讨802.1X协议及其校园网中的应用,福建电脑,2006,4:62~63
[18]沙捷,费青松,校园网接入认证技术对比与分析,信息技术教育,2004,7
[19]李卫国,曹志毅,高健,浅谈认证技术在校园网中的应用,西安欧亚学院学报,2005,3(3):90~92
[20]陶哓明,孙树峰,无线安全协议802.1X的认证研究,现代电子技术,2004,(13):74~76
[21]肖志新,杨岳湘,基于802.1X的宽带认证技术在校园网中的应用,计算机系统应用,2004,(3):32~34
[22]谢希仁,计算机网络(第四版),北京:电子工业出版社,2004
[23]郑晓蕾,曹秀英,802.1X:基于端口的网络接入控制标准,通信技术,2002,(6):79~81
[24]朱海龙,张国清,基于802.1X的以太网接入技术,计算机工程,2003,(18):130~133
[25]Conry Murray,Andrew,802.1X enables comply or deny for PCs.network Magazine,v20,n 22005,p 67~69
[26]张永德,对802.1X协议的安全性分析,东北电力学院学报,2003,23(2)
[27]蒋海锋,苗放,802.1X标准和Radius协议的扩展应用研究,计算机应用,2003,23:88~90
[28]杨飚,对802.1X技术应用的深入思考,教育信息化,2005,3:14~16
[29]港湾网络公司,如何实现IEEE 802.1X,中国计算机报,2003.6
[30]刘文涛,网络安全开发包详解,北京:电子工业出版社,2005
[31]冯登国,网络安全原理与技术,北京:科学出版社.2003
[2]王璐,曹秀英.EAP协议及其应用,通信技术,2002.7,127
[3]刘文明,改进型Radius组网方式.电信技术,2003,00(006)
[4]RFC 2865,Remote Authentication Dial In User Service(RADIUS)
[5]RFC 2284,PPP Extensible Authentication Protocol(EAP)
[6]毛拥华,802.1X认证技术分析及其应用建议,通信世界,2004,8:41~42
[7]郭立群,IEEE 802.1X认证技术的原理和应用,太原科技,2003,(6):72-73
[8]高祥,周林.802.1X协议及其在宽带接入中的应用.重庆邮电学院学报(自然科学版),2004,2:16.
[9]沈孟坤,IEEE 802.1X-基于端口的接入控制协议,广播电视信息,2002,(12):43~44,48
[10]IEEE 802.1X技术白皮书V1.0
[11]田辉,张彤,基于802.1X认证技术的应用分析,通信行业,2005
[12]高东怀,许卫中,802.1X认证技术分析及应用,医学信息,2004,(5):265~267
[13]彭伟,使用802.1X实现校园网认证,计算机应用.200323(003)
[14]曹敬,张敬平,RADIUS在远程接入安全认证中的应用,计算机工程与应用,2003,39(007)
[15]袁智坚,宽带接入网络中的主要认证技术,中国数据通信,2003,05(010)
[16]乐德广,PPPoE技术及其在宽带接入系统中的应用,计算机应用研究,2003,(3):130~136
[17]陈文洁,方涌,探讨802.1X协议及其校园网中的应用,福建电脑,2006,4:62~63
[18]沙捷,费青松,校园网接入认证技术对比与分析,信息技术教育,2004,7
[19]李卫国,曹志毅,高健,浅谈认证技术在校园网中的应用,西安欧亚学院学报,2005,3(3):90~92
[20]陶哓明,孙树峰,无线安全协议802.1X的认证研究,现代电子技术,2004,(13):74~76
[21]肖志新,杨岳湘,基于802.1X的宽带认证技术在校园网中的应用,计算机系统应用,2004,(3):32~34
[22]谢希仁,计算机网络(第四版),北京:电子工业出版社,2004
[23]郑晓蕾,曹秀英,802.1X:基于端口的网络接入控制标准,通信技术,2002,(6):79~81
[24]朱海龙,张国清,基于802.1X的以太网接入技术,计算机工程,2003,(18):130~133
[25]Conry Murray,Andrew,802.1X enables comply or deny for PCs.network Magazine,v20,n 22005,p 67~69
[26]张永德,对802.1X协议的安全性分析,东北电力学院学报,2003,23(2)
[27]蒋海锋,苗放,802.1X标准和Radius协议的扩展应用研究,计算机应用,2003,23:88~90
[28]杨飚,对802.1X技术应用的深入思考,教育信息化,2005,3:14~16
[29]港湾网络公司,如何实现IEEE 802.1X,中国计算机报,2003.6
[30]刘文涛,网络安全开发包详解,北京:电子工业出版社,2005
[31]冯登国,网络安全原理与技术,北京:科学出版社.2003