摘要
针对WAPI协议的资源消耗攻击能够耗尽接入点(AP)的资源,提出一种新的基于Client-puzzle的WAPI认证协议抗拒绝服务攻击方案。分析了WAPI协议中的关联和认证过程存在的关键问题;利用subset sum构造puzzle以及将Subset sum puzzle应用于WAPI协议中;从计算量、Granularity特性、Non-parallelization特性和抗DoS攻击能力等方面分析所提出方案的效果。该方案能够很好地保证客户端和无线接入点之间资源的平衡,降低了资源消耗型无线网络攻击和潜在的拒绝服务攻击,增强了WAPI无线网络的抗拒绝服务攻击的能力。
Resource depletion attack against WAPI protocol exhausts access point(AP) resources.A novel client-puzzle-based DoS-resistant scheme of WAPI is proposed to strengthen the DoS-resistant ability of WAPI wireless networks.Firstly,analysing the key issue of the association and certification process in the WAPI protocol.Secondly,constructing puzzle by subset sum and applying the subset sum puzzle in WAPI protocol.Finally,analyzing the scheme's effectiveness from computation Granularity,Non-parallelization and anti-DoS attack capability.This scheme keeps a better resource balance between the AP and sta,reduces the affection of resource depletion attack and the potential DoS attack,and enhances the WAPI wireless network against denial of service attack capability.
出处
《桂林电子科技大学学报》
2012年第1期35-39,共5页
Journal of Guilin University of Electronic Technology
基金
六安市定向委托皖西学院市级重点研究项目(2010LWA004)
国家自然科学基金(60963024)
广西自然科学基金(0991079)
关键词
拒绝服务
无线网络安全
关联认证
denial of service
wireless network security
access authentication