基于802.1x/EAP的无线校园网安全认证研究与应用
|
摘要
随着无线局域网的迅速发展,无线局域网的应用越来越广泛,各大院校的校园网建设也相继引进了无线局域网技术。无线网络的迅速发展的同时,对网络的安全性也提出了更高的要求。目前基于802.11标准的无线局域网主要使用WEP安全机制来确保无线局域网中的数据安全。由于设计时缺乏对安全问题的全面考虑,WEP存在着安全缺陷。随着无线局域网的迅速发展,这些问题逐渐暴露出来,导致WEP已经无法满足无线局域网中的安全需求。
本文首先分析了无线网络应用中的安全特性和需求,然后分析研究了WEP协议存在主要安全缺陷,在深入研究了IEEE 802.1x、EAP、WPA协议及其工作原理的基础上,提出了一个基于IEEE 802.1x/EAP+RADIUS技术的无线校园网安全认证问题的解决方案。
With the rapid growth of WLAN, the application of the wireless LAN is more and more extensive and the technology of the wireless LAN has got widely deployed in succession in many universities and colleges. While the rapid development of WLAN, security in network has put forward high demands too. Most WLAN based on 802.11 standard adopts WEP as security mechanism to guarantee the data security in the wireless LAN. For lack of taking the security problems into consideration at the time when WEP was designed, some security flaws are left behind in WEP. The rapid development of WLAN urges the exposure of the security flaws, resulting in WEP cannot meet the security requirement in WLAN.
This paper has analysed security characters and security requirements of WLAN at first. Then we have studied the main security flaws existing in WEP. Finally we have further investigated IEEE protocols and principles such as 802.1x, EAP and WPA, and then based on IEEE 802.1x/EAP RADIUS technology, we put forward the improved scheme of the security problem of WLAN.
本文首先分析了无线网络应用中的安全特性和需求,然后分析研究了WEP协议存在主要安全缺陷,在深入研究了IEEE 802.1x、EAP、WPA协议及其工作原理的基础上,提出了一个基于IEEE 802.1x/EAP+RADIUS技术的无线校园网安全认证问题的解决方案。
With the rapid growth of WLAN, the application of the wireless LAN is more and more extensive and the technology of the wireless LAN has got widely deployed in succession in many universities and colleges. While the rapid development of WLAN, security in network has put forward high demands too. Most WLAN based on 802.11 standard adopts WEP as security mechanism to guarantee the data security in the wireless LAN. For lack of taking the security problems into consideration at the time when WEP was designed, some security flaws are left behind in WEP. The rapid development of WLAN urges the exposure of the security flaws, resulting in WEP cannot meet the security requirement in WLAN.
This paper has analysed security characters and security requirements of WLAN at first. Then we have studied the main security flaws existing in WEP. Finally we have further investigated IEEE protocols and principles such as 802.1x, EAP and WPA, and then based on IEEE 802.1x/EAP RADIUS technology, we put forward the improved scheme of the security problem of WLAN.
引文
[1] 李会军等.基于WLAN技术的复合型校园网研究[J].哈尔滨理工大学学报.2006(2):76~79
[2] 张善勇.浅析无线技术在校园网中的应用[J].内蒙古民族大学学报,2006(2):138~139
[3] 林福华.宽带无线通讯技术的发展研究[J].长江大学学报,2004(4):108~109
[4] Part Ⅱ: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications [S]. ANSI/IEEE Std802.11, 2003
[5] IEEE Std 802.11b-1999 Edition [S].
[6] IEEE Std 802.11a-1999 Edition [S].
[7] IEEE Std 802.11g-2003 Edition [S].
[8] 压奕琪.蓝牙——梦想与现实[M].北京机械工业出版社,2002
[9] 李建东等.个人通信[M].人民邮电出版社,1998
[10] 刘元安等.宽带无线接入和无线局域网[M].北京北京邮电大学出版社,2000
[11] 郭梯云等.数字移动通信(修订本)[M].人民邮电出版社,2001
[12] John G P. Digital Communications Fourth Edition. New York McGraw-Hill, 2001
[13] 张继东等.基于导频的OFDM信道估计及其研究进展[J].通信学报,2003(24)
[14] 刘乃安.无线局域网原理技术与应用[M].西安电子科技大学出版社,2004:26~28
[15] 高媛媛.HiperLAN/2-5GHz频段的宽带无线传输技术[J].北京电信科学,2002(2)
[16] R.Housley. Unternet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL)Profile[S]. RFC3280,却ril 2002. RFC2459, January 1999.
[17] 张振川.无线局域网技木与协议[M].沈阳东北大学出版社,2003
[18] Ciampa M(美)著,王顺满等译.无线局域网设计与实现[M].北京科学出版社,2003
[19] 全天荣.HomeRF技木发展趋势分析[J].科技资讯,2005(25)
[20] 杨波.网络安全理论与应用[M].电子工业出版社,2001-06
[21] Joon S Park. WLAN Security:Current and Future. IEEE lnternet Computing. 2003(5):60~65
[22] Jim Celer.无线局域网[M].北京邮电出版社,2001
[23] Jesse Walker. 802.11 Security Series Part Ⅱ:TKIP http://cedar.intel.com/
[24] Aboba B. IEEE 802.1x Pre-authentication, IEEE 802,11 TGi draft. June 2002
[25] 郭立群.IEEE802.1x认证技术的原理与应用[J].太原科技.2003(6):72-73.
[26] IEEE STD 802.1x-2001. IEEE standard for local and metropolitan area network, port-bascd network access control. Oct.2001
[27] 王璐.EAP协议及其应用[J].通信技术,2002.7
[28] 施荣华.基于数字签名的安全存取控制方案[J].软件学报,2002,13(5)
[29] 陈曦.无线局域网的安全机制及安全性分析[J].计算机应用,2003.3:30~32
[30] Wi-Fi及无线网状网(Mesh)安全状况.http://www.beareyes.com.cn/2/lib/
[31] 刘乃安等.无线局域网——原理、技术与应用[M].西安电子科技大学出版社,2004.4
[32] 孙雷.无线局域网解决方案及实施策略[J].文教资料,2005(29):124~126
[33] 朴雪等.简析无线校园网中的组建[J].教育信息化,2005(6)
[34] Daid Brumley and Dan Boneh. Remote Timing Attacks are Practical [DB/OL]. http://crypto.standard.edu/-dabo/papers/ssl-timing.pdf. 2003.
[2] 张善勇.浅析无线技术在校园网中的应用[J].内蒙古民族大学学报,2006(2):138~139
[3] 林福华.宽带无线通讯技术的发展研究[J].长江大学学报,2004(4):108~109
[4] Part Ⅱ: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications [S]. ANSI/IEEE Std802.11, 2003
[5] IEEE Std 802.11b-1999 Edition [S].
[6] IEEE Std 802.11a-1999 Edition [S].
[7] IEEE Std 802.11g-2003 Edition [S].
[8] 压奕琪.蓝牙——梦想与现实[M].北京机械工业出版社,2002
[9] 李建东等.个人通信[M].人民邮电出版社,1998
[10] 刘元安等.宽带无线接入和无线局域网[M].北京北京邮电大学出版社,2000
[11] 郭梯云等.数字移动通信(修订本)[M].人民邮电出版社,2001
[12] John G P. Digital Communications Fourth Edition. New York McGraw-Hill, 2001
[13] 张继东等.基于导频的OFDM信道估计及其研究进展[J].通信学报,2003(24)
[14] 刘乃安.无线局域网原理技术与应用[M].西安电子科技大学出版社,2004:26~28
[15] 高媛媛.HiperLAN/2-5GHz频段的宽带无线传输技术[J].北京电信科学,2002(2)
[16] R.Housley. Unternet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL)Profile[S]. RFC3280,却ril 2002. RFC2459, January 1999.
[17] 张振川.无线局域网技木与协议[M].沈阳东北大学出版社,2003
[18] Ciampa M(美)著,王顺满等译.无线局域网设计与实现[M].北京科学出版社,2003
[19] 全天荣.HomeRF技木发展趋势分析[J].科技资讯,2005(25)
[20] 杨波.网络安全理论与应用[M].电子工业出版社,2001-06
[21] Joon S Park. WLAN Security:Current and Future. IEEE lnternet Computing. 2003(5):60~65
[22] Jim Celer.无线局域网[M].北京邮电出版社,2001
[23] Jesse Walker. 802.11 Security Series Part Ⅱ:TKIP http://cedar.intel.com/
[24] Aboba B. IEEE 802.1x Pre-authentication, IEEE 802,11 TGi draft. June 2002
[25] 郭立群.IEEE802.1x认证技术的原理与应用[J].太原科技.2003(6):72-73.
[26] IEEE STD 802.1x-2001. IEEE standard for local and metropolitan area network, port-bascd network access control. Oct.2001
[27] 王璐.EAP协议及其应用[J].通信技术,2002.7
[28] 施荣华.基于数字签名的安全存取控制方案[J].软件学报,2002,13(5)
[29] 陈曦.无线局域网的安全机制及安全性分析[J].计算机应用,2003.3:30~32
[30] Wi-Fi及无线网状网(Mesh)安全状况.http://www.beareyes.com.cn/2/lib/
[31] 刘乃安等.无线局域网——原理、技术与应用[M].西安电子科技大学出版社,2004.4
[32] 孙雷.无线局域网解决方案及实施策略[J].文教资料,2005(29):124~126
[33] 朴雪等.简析无线校园网中的组建[J].教育信息化,2005(6)
[34] Daid Brumley and Dan Boneh. Remote Timing Attacks are Practical [DB/OL]. http://crypto.standard.edu/-dabo/papers/ssl-timing.pdf. 2003.