基于接入控制器模式的公共无线局域网安全体系设计

The design on the security architecture of public WLAN based on access controller mode

公共无线局域网面临网络安全、用户数据保护、身份认证、移动管理及网络服务等多方面的挑战。将现有的公共无线局域网分为WISP-owned,Operator-owned以及for Enterprise 3种类型,并分别讨论了各种类型的特征及其架构。在此基础上提出一种基于接入控制器模式的通用安全体系,可应用于目前大多数类型的公共无线局域网。提出了一种802.1X和Web认证的混合型认证协议,该协议在进行Web认证时将利用802.1X协商后产生的密钥进行,可有效地抵抗窃取服务、基站伪装、消息窃听等攻击,并与现有公共无线局域网Web认证相兼容。

The security problem, such as network security, user data protection, authentication, mobile management and network services are becoming more and more important in Public WLAN. This paper focuses on the design research of the PWLAN security architecture. A security model based on access controller is proposed in this paper. Furthermore, a compound 802.1X and Web authentication scheme is provided to ensures cryptographically protected access while preserving pre -existing public WLAN payment models.