摘要
主流的无线局域网协议Wi-Fi存在较多安全问题,而安全协议WAPI则存在不易部署的问题。文中结合Wi-Fi的易用性和WAPI安全性,提出了一种基于Wi-Fi/WAPI的可信接入方案。方案首先构建一个相对安全的Wi-Fi网络,用于终端用户身份验证及证书下载;为增加安全性,对证书进行MAC绑定和有效时间设定;用户终端正确安装合法有效的WAPI证书后,再接入可信的WAPI网络进行安全通信。在真实的无线局域网环境中对提出的方案进行了部署,验证了方案的可行性和有效性。
The popular wireless LAN protocol Wi-Fi has safety problem while security protocol WAPI is not easy to deploy. With the combination of Wi-Fi's ease of use and WAPI security,a trusted access scheme based on Wi-Fi/WAPI is proposed. Firstly a relatively secure Wi-Fi network is built for enduser authentication and certificate download; to increase the security of certificate MAC binding and effective time setting are used; after installing the valid WAPI certificate correctly,the end-user can access the trusted WAPI network for secure communication. In the real wireless LAN environment,the proposed scheme is deployed to verify its viability and effectiveness.
作者
韩颖铮
邓国强
HAN Ying-zheng,DENG Guo-qiang(Network Engineering and Research Center,South China University of Technology,Guangzhou 510640,C h in a)
出处
《信息技术》
2018年第4期50-52,57,共4页
Information Technology
基金
发改委下一代互联网技术研发产业化和规模商用专项(CNGI-12-03-027)
广东省省级科技计划项目(2015A030401027)