基于PKI的无线局域网身份认证改进方案的研究

Research on the Improved Solution of PKI-Based Wireless Local Area Network Identity Authentication

针对无线局域网安全保障的需求,提出了基于PKI的无线局域网身份认证改进方案。该方案采用数字证书实现双向身份认证机制,使用会话密钥、临时密钥和私钥的三级密钥机制,解决了单向身份认证机制所引起的诸如拒绝服务攻击和插入中间人攻击等问题。方案性能分析表明基于公钥密码体系的认证系统与有线等价保密协议机制的安全性相比,提供了更好的安全性保障。

For the requirement of security safeguards of wireless local area network, an improved solution for wireless local area network identity authentication is proposed in light of PKI. By using two-way digital certificate identity authentication mechanism and 3-level cipher key mechanism including session key, temporary key and private key, the proposed solution can solve some problems induced by one-way identity authentication, such as denial of service attacks, insert middleman attacks etc.. Performance analysis of the proposed solution shows that the public key cryptography based authentication system has better security safeguards than wired equivalent privacy protocol.