摘要
分析无线局域网近年来的发展特点及其在安全方面存在的不足。针对802.11中安全协议的不足,自主设计开发了嵌入MAC层的802.11自主安全接口模块。在详细分析802.11相关源代码的基础上,通过套接字缓冲区机制与内核模块机制实现可动态加载的内核模块。在模块中透明实现可自主扩展密钥的数据加密算法、基于HMAC-MD5的数据完整性校验算法以及密钥的专用设备存储与实时更新管理功能。最后,利用自主安全接口模块搭建了实际环境下的安全WLAN系统并对系统安全功能及性能进行了定性、定量两个方面的测试。测试结果表明加载自主安全接口模块后的WLAN系统实现了自主的安全增强功能,在性能上也取得了较好的结果(吞吐率/传输速率损失控制在15%以内)。
In this paper, first we analyse the characteristic of WLAN development in recent years and its shortages in security aspect. Ai- ming at the deficiency in 802.11 security protocol, we independently design and develop an 802.11 autonomous security interface module em- bedded into MAC layer. Based on elaborately analysing the corresponding source code of 802.11 protocol, we implement the dynamically loadable kernel module through socket buffer mechanism and kernel module mechanism. In the module, we transparently achieve the data en- cryption algorithm which can autonomously expand the key, the HMAC-MD5-based data integrity verification algorithm, and the functions of the keys' special device storage and real time update and management. At last, by using the autonomous security interface module, we con- strnct a secure WLAN system in practical environment and test both the security function and the performance of it from qualitative and quanti- tative aspects. Test result shows that the WLAN system with the autonomous secure interface module loaded realises the autonomous security enhancement function, and gains better result in performance as well (the throughput and transmission rate have the losses less than 15% ).
出处
《计算机应用与软件》
CSCD
北大核心
2013年第7期4-7,共4页
Computer Applications and Software
基金
国家自然科学基金项目(61070201)
