无线局域网安全技术的分析与改进
|
摘要
随着无线局域网的迅速发展,无线局域网的应用越来越广泛,甚至军事领域也引进了无线局域网技术。无线网络的迅速发展的同时,对网络的安全性也提出了更高的要求。目前基于802.11标准的无线局域网主要使用WEP安全机制来确保无线局域网中的数据安全。由于设计时缺乏对安全问题的全面考虑,WEP存在着安全缺陷。随着无线局域网的迅速发展,这些问题逐渐暴露出来,导致WEP已经无法满足无线局域网中的安全需求。本文在分析目前WEP协议的主要安全问题的基础上,提出了一个无线局域网安全问题的解决方案。
本文首先分析了无线网络的安全特点和安全需求。其次讨论了WEP协议存在的五个主要安全问题:WEP的加密机制、信息认证码CRC、WEP协议的密钥管理、Ⅳ重用和身份认证。然后提出了一个无线局域网安全问题的解决方案。该方案基于有中心的无线局域网拓扑结构,包含了数据加密、数据完整性认证、密钥管理和身份认证等四个基本模块。为了确保安全性,在方案设计中,使用了Rijndael算法的OCB执行模式来实现认证加密、提出了双层动态密钥管理机制、采用了基于公钥体系的双向身份认证机制。并在最后对各种技术的性能进行了初步的分析。
With the rapid growth of WLAN, the WLAN has got widely deployed in many fields, even in military. At the same time, the quick development of WLAN has brought about more security requirements in WLAN. Most WLAN based on 802.11 standard adopt WEP as security mechanism to provide data security in WLAN. For lack of taking the security problems into consideration at the time when WEP was designed, some security flaws are left behind in WEP. The development of WLAN urges the exposure of the security flaws, resulting in WEP cannot meet the requirement. Base on the analysis of main security problems of WEP, this paper presents a solution to security problems in WLAN.
In the paper, the analysis of security characters and security requirement of WLAN is made at first. Then we will discuss the five main security flaws existing in WEP including the encrypting mechanism of WEP, message authentication code, key management, IV reuse, and authentication. The emphasis of the paper is to present a solution to security problems in WLAN, which is based on the fundamental topological structure of Infrastructure. The design includes four main modules: data encryption, data integrality code, key management and authentication. To ensure data security of WLAN, the design adopts Rijndael algorithm's implementation in OCB mode to provide authenticated encryption, presents a double dynamic key management mechanism, and adopt mutual authentication based on public key system. Primary performance analysis of the design is made at the end.
本文首先分析了无线网络的安全特点和安全需求。其次讨论了WEP协议存在的五个主要安全问题:WEP的加密机制、信息认证码CRC、WEP协议的密钥管理、Ⅳ重用和身份认证。然后提出了一个无线局域网安全问题的解决方案。该方案基于有中心的无线局域网拓扑结构,包含了数据加密、数据完整性认证、密钥管理和身份认证等四个基本模块。为了确保安全性,在方案设计中,使用了Rijndael算法的OCB执行模式来实现认证加密、提出了双层动态密钥管理机制、采用了基于公钥体系的双向身份认证机制。并在最后对各种技术的性能进行了初步的分析。
With the rapid growth of WLAN, the WLAN has got widely deployed in many fields, even in military. At the same time, the quick development of WLAN has brought about more security requirements in WLAN. Most WLAN based on 802.11 standard adopt WEP as security mechanism to provide data security in WLAN. For lack of taking the security problems into consideration at the time when WEP was designed, some security flaws are left behind in WEP. The development of WLAN urges the exposure of the security flaws, resulting in WEP cannot meet the requirement. Base on the analysis of main security problems of WEP, this paper presents a solution to security problems in WLAN.
In the paper, the analysis of security characters and security requirement of WLAN is made at first. Then we will discuss the five main security flaws existing in WEP including the encrypting mechanism of WEP, message authentication code, key management, IV reuse, and authentication. The emphasis of the paper is to present a solution to security problems in WLAN, which is based on the fundamental topological structure of Infrastructure. The design includes four main modules: data encryption, data integrality code, key management and authentication. To ensure data security of WLAN, the design adopts Rijndael algorithm's implementation in OCB mode to provide authenticated encryption, presents a double dynamic key management mechanism, and adopt mutual authentication based on public key system. Primary performance analysis of the design is made at the end.
引文
[1] 周武旸,陆晓文,朱近康.无线互联网.北京:人民邮电出版社,2002. 1
[2] Sultan Weatherspoon. "Overview of IEEE 802. 11b Security. Network Communications Group, " Intel Corporation, 2002. 3
[3] Jesse R. Walker, Intel Corporation. "Unsafe at any key size; An analysis of the WEP encapsulation," IEEE 802. 11-00/362, 2000. 10
[4] Mihir Bellare, John Black, Ted Krovetz. "OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption, " Internet Draft, 2002. 1
[5] Joan Daemen, Vincent Rijmen. "AES Proposal: Rijndael, " Internet Draft, 1999. 9
[6] Peter T.Davis,Craig R.McGuffin.无线局域网-技术、问题和策略.北京:电子工业出版社,1995. 10
[7] Nikita Borisov, Ian Goldberg, David Wagner. " (In) Security of the WEP algorithm," Internet Draft, 2001. 6
[8] Arbaugh, W. A., Shankar N., and Wan. Y. C. J. "Your 802. 11 Wireless has No Clothes," Internet Draft, 2001. 3
[9] Nikita Borisov, Ian Goldberg, David Wagner. "Intercepting Mobile Communications-The insecurity of 802. 11, " Internet Draft, 2001. 6
[10] Jesse R. Walker, Intel Corporation. Unsafe at any key size; An analysis of the WEP encapsulation, doc:IEEE 802. 11-00/362, 2000. 10
[11] Sultan Weatherspoon, Network Communications Group, Intel Corporation. "Overview of IEEE 802. 11b Security, " Internet Draft, 2002. 3
[12] Scott Fluhrer, ItsikMantin, Adi Shamir. "Weakness in the Scheduling Algorithm of Rc4," Internet Draft, 2000. 8
[13] Arbaugh, W. A., Shankar N., Wan. Y. C. J. "Your 802. 11 Wireless has No Clothes," Internet Draft, 2001. 3
[14] Borisov, N., Goldberg, I., Wagner, D. "Intercepting Mobile Communications: The Insecurity of 802. 11, " Internet Draft, 2001. 11
[15] Mahan, R. N. "Security in Wireless Networks, " Internet Draft, 2001. 11
[16] Borisov, N. , Goldberg I, Wangr D. "Security of the WEP Algorithm, " Internet Draft, 2001. 3
[17] Szacik, B. "HomeRF: Wireless with Security, for the Rest of Us, " Internet Draft, 2001. 5
[18] Abdul-Rahman A. , Hailes S. "Security Issues in Mobile Systems, " Internet Draft, 1995. 11
[19] Lough, D. L. , Blankenship, T. K. , Krizman K. J. "A Short Tutorial on Wireless LANs and IEEE 802. 11, " Internet Draft, 1997
[20] El-Ouazzane, R. , Kurtz, M. "Home Networking: Connectivity in the last 100 yards," Texas Instruments, White papers, 2001. 8
[21] Carney W. "IEEE 802. 11g: New Draft Standard Clarifies Future of Wireless LAN, " Texas Instruments, Wireless Networking , White papersm, 2002
[22] Cisco systems. "Cisco Aironet 350 Series Wireless LAN Security," Internet Draft, 2001. 11
[23] B. Schneier. Applied Cryptography, 2nd Addition. Wiley, 1997
[24] A. J. Menezes, P. C. van Orschot, S. A. Vanstone. Handbook of Applied Cryptography. CRC, 1996
[25] S. Kent, R. Atkinson. Security Architecture for the Internet Protocol, RFC 2401, 1998. 11
[26] J. Daemon, V. Rijmen. "AES Proposal: Rijndael, " Internet Draft, 1999. 9
[27] P. Rogaway, D. Coppersmith. "A Software-Oriented Encryption Algorithm, " in Fast Software Encryption, Cambridge Security Workshop, Springer-Verlag, 1994
[28] A. Roos. "A Class of Weak Keys in the RC4 Stream Cipher, " Internet Draft, 1995. 9
[29] P. Rogaway. "OCB Mode: Parallelizable Authenticated Encryption, " Internet Draft, 2000. 10
[2] Sultan Weatherspoon. "Overview of IEEE 802. 11b Security. Network Communications Group, " Intel Corporation, 2002. 3
[3] Jesse R. Walker, Intel Corporation. "Unsafe at any key size; An analysis of the WEP encapsulation," IEEE 802. 11-00/362, 2000. 10
[4] Mihir Bellare, John Black, Ted Krovetz. "OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption, " Internet Draft, 2002. 1
[5] Joan Daemen, Vincent Rijmen. "AES Proposal: Rijndael, " Internet Draft, 1999. 9
[6] Peter T.Davis,Craig R.McGuffin.无线局域网-技术、问题和策略.北京:电子工业出版社,1995. 10
[7] Nikita Borisov, Ian Goldberg, David Wagner. " (In) Security of the WEP algorithm," Internet Draft, 2001. 6
[8] Arbaugh, W. A., Shankar N., and Wan. Y. C. J. "Your 802. 11 Wireless has No Clothes," Internet Draft, 2001. 3
[9] Nikita Borisov, Ian Goldberg, David Wagner. "Intercepting Mobile Communications-The insecurity of 802. 11, " Internet Draft, 2001. 6
[10] Jesse R. Walker, Intel Corporation. Unsafe at any key size; An analysis of the WEP encapsulation, doc:IEEE 802. 11-00/362, 2000. 10
[11] Sultan Weatherspoon, Network Communications Group, Intel Corporation. "Overview of IEEE 802. 11b Security, " Internet Draft, 2002. 3
[12] Scott Fluhrer, ItsikMantin, Adi Shamir. "Weakness in the Scheduling Algorithm of Rc4," Internet Draft, 2000. 8
[13] Arbaugh, W. A., Shankar N., Wan. Y. C. J. "Your 802. 11 Wireless has No Clothes," Internet Draft, 2001. 3
[14] Borisov, N., Goldberg, I., Wagner, D. "Intercepting Mobile Communications: The Insecurity of 802. 11, " Internet Draft, 2001. 11
[15] Mahan, R. N. "Security in Wireless Networks, " Internet Draft, 2001. 11
[16] Borisov, N. , Goldberg I, Wangr D. "Security of the WEP Algorithm, " Internet Draft, 2001. 3
[17] Szacik, B. "HomeRF: Wireless with Security, for the Rest of Us, " Internet Draft, 2001. 5
[18] Abdul-Rahman A. , Hailes S. "Security Issues in Mobile Systems, " Internet Draft, 1995. 11
[19] Lough, D. L. , Blankenship, T. K. , Krizman K. J. "A Short Tutorial on Wireless LANs and IEEE 802. 11, " Internet Draft, 1997
[20] El-Ouazzane, R. , Kurtz, M. "Home Networking: Connectivity in the last 100 yards," Texas Instruments, White papers, 2001. 8
[21] Carney W. "IEEE 802. 11g: New Draft Standard Clarifies Future of Wireless LAN, " Texas Instruments, Wireless Networking , White papersm, 2002
[22] Cisco systems. "Cisco Aironet 350 Series Wireless LAN Security," Internet Draft, 2001. 11
[23] B. Schneier. Applied Cryptography, 2nd Addition. Wiley, 1997
[24] A. J. Menezes, P. C. van Orschot, S. A. Vanstone. Handbook of Applied Cryptography. CRC, 1996
[25] S. Kent, R. Atkinson. Security Architecture for the Internet Protocol, RFC 2401, 1998. 11
[26] J. Daemon, V. Rijmen. "AES Proposal: Rijndael, " Internet Draft, 1999. 9
[27] P. Rogaway, D. Coppersmith. "A Software-Oriented Encryption Algorithm, " in Fast Software Encryption, Cambridge Security Workshop, Springer-Verlag, 1994
[28] A. Roos. "A Class of Weak Keys in the RC4 Stream Cipher, " Internet Draft, 1995. 9
[29] P. Rogaway. "OCB Mode: Parallelizable Authenticated Encryption, " Internet Draft, 2000. 10
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |