In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities o...In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities of WAI' were found out. The improvement of WAI' was made and a new protocol called WAI' - E was proposed. The WAI' -E was combined with the key exchange mechanism of Diffie-HeUman based on el- liptic curve cryptography. Moreover, by using CK mode, it is the fact that WAI'-E was SK-secure with PFS and was nrovided with inde^nendant sacuritv ,f cartifient~ mlthentientinn wn~ nravgd展开更多
Based on thorough researches on the Chinese wireless local area network (WLAN) security standard, i. e., WLAN authentication and privacy infrastructure (WAPI), the security of the authentication access process is ...Based on thorough researches on the Chinese wireless local area network (WLAN) security standard, i. e., WLAN authentication and privacy infrastructure (WAPI), the security of the authentication access process is analyzed with the CK (Canetti-Krawczyk) model and the BAN (Burrows-Abadi- Needham) logic. Results show that it can achieve the alleged authentication and key negotiation goals. Besides those alleged, further analyses indicate that the authentication access process can satisfy other security requirements, such as mutual identity authentication, mutual key control, key confirmation, message integrity check, etc. If the used elliptic curve encryption algorithm and the hash algorithm are secure enough, the protocol can efficiently realize mutual authentication between STAs (station) and APs (access point). Therefore, WAPI can be applied to replace the security mechanism used in the original WLAN international standard to enhance its security.展开更多
文摘In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities of WAI' were found out. The improvement of WAI' was made and a new protocol called WAI' - E was proposed. The WAI' -E was combined with the key exchange mechanism of Diffie-HeUman based on el- liptic curve cryptography. Moreover, by using CK mode, it is the fact that WAI'-E was SK-secure with PFS and was nrovided with inde^nendant sacuritv ,f cartifient~ mlthentientinn wn~ nravgd
基金The National Basic Research Program of China(973Program) (No.G1999035805)the Natural Science Foundation of ShannxiProvince (No.2007F37)China Postdoctoral Science Foundation (No.20060401008,20070410376).
文摘Based on thorough researches on the Chinese wireless local area network (WLAN) security standard, i. e., WLAN authentication and privacy infrastructure (WAPI), the security of the authentication access process is analyzed with the CK (Canetti-Krawczyk) model and the BAN (Burrows-Abadi- Needham) logic. Results show that it can achieve the alleged authentication and key negotiation goals. Besides those alleged, further analyses indicate that the authentication access process can satisfy other security requirements, such as mutual identity authentication, mutual key control, key confirmation, message integrity check, etc. If the used elliptic curve encryption algorithm and the hash algorithm are secure enough, the protocol can efficiently realize mutual authentication between STAs (station) and APs (access point). Therefore, WAPI can be applied to replace the security mechanism used in the original WLAN international standard to enhance its security.