In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities o...In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities of WAI' were found out. The improvement of WAI' was made and a new protocol called WAI' - E was proposed. The WAI' -E was combined with the key exchange mechanism of Diffie-HeUman based on el- liptic curve cryptography. Moreover, by using CK mode, it is the fact that WAI'-E was SK-secure with PFS and was nrovided with inde^nendant sacuritv ,f cartifient~ mlthentientinn wn~ nravgd展开更多
无线局域网(Local Area Network,LAN)是一种部署方便的高速无线接入技术,能够利用各种信息传输网络进行实时监控、远程定位、历史记录、智能故障分析及预警等安全服务,面向物联网内的所有对象通过云系统进行监控、管理、分析和处理。基...无线局域网(Local Area Network,LAN)是一种部署方便的高速无线接入技术,能够利用各种信息传输网络进行实时监控、远程定位、历史记录、智能故障分析及预警等安全服务,面向物联网内的所有对象通过云系统进行监控、管理、分析和处理。基于互联网探讨基于无线局域网鉴别和保密基础结构(Wireless LAN Authentication and Privacy Infrastructure,WAPI)的无线网络接入终端的设计,对WAPI国家安全标准进行详细的分析和阐述,并基于WAPI技术的信息交换机制和保密结构阐述其安全通信功能,从无线网络接入终端的总体设计、硬件设计和软件设计等不同层面入手,搭建基于WAPI的无线网络接入终端系统,确保系统的安全性和稳定性。展开更多
Based on thorough researches on the Chinese wireless local area network (WLAN) security standard, i. e., WLAN authentication and privacy infrastructure (WAPI), the security of the authentication access process is ...Based on thorough researches on the Chinese wireless local area network (WLAN) security standard, i. e., WLAN authentication and privacy infrastructure (WAPI), the security of the authentication access process is analyzed with the CK (Canetti-Krawczyk) model and the BAN (Burrows-Abadi- Needham) logic. Results show that it can achieve the alleged authentication and key negotiation goals. Besides those alleged, further analyses indicate that the authentication access process can satisfy other security requirements, such as mutual identity authentication, mutual key control, key confirmation, message integrity check, etc. If the used elliptic curve encryption algorithm and the hash algorithm are secure enough, the protocol can efficiently realize mutual authentication between STAs (station) and APs (access point). Therefore, WAPI can be applied to replace the security mechanism used in the original WLAN international standard to enhance its security.展开更多
文摘In this paper, the current known attack methods against WAI and the improvements of WAI called WAI' were analyzed. Through analyzing the unicast key agreement protocol in the WAI' by CPN model, the vulnerabilities of WAI' were found out. The improvement of WAI' was made and a new protocol called WAI' - E was proposed. The WAI' -E was combined with the key exchange mechanism of Diffie-HeUman based on el- liptic curve cryptography. Moreover, by using CK mode, it is the fact that WAI'-E was SK-secure with PFS and was nrovided with inde^nendant sacuritv ,f cartifient~ mlthentientinn wn~ nravgd
文摘无线局域网(Local Area Network,LAN)是一种部署方便的高速无线接入技术,能够利用各种信息传输网络进行实时监控、远程定位、历史记录、智能故障分析及预警等安全服务,面向物联网内的所有对象通过云系统进行监控、管理、分析和处理。基于互联网探讨基于无线局域网鉴别和保密基础结构(Wireless LAN Authentication and Privacy Infrastructure,WAPI)的无线网络接入终端的设计,对WAPI国家安全标准进行详细的分析和阐述,并基于WAPI技术的信息交换机制和保密结构阐述其安全通信功能,从无线网络接入终端的总体设计、硬件设计和软件设计等不同层面入手,搭建基于WAPI的无线网络接入终端系统,确保系统的安全性和稳定性。
基金The National Basic Research Program of China(973Program) (No.G1999035805)the Natural Science Foundation of ShannxiProvince (No.2007F37)China Postdoctoral Science Foundation (No.20060401008,20070410376).
文摘Based on thorough researches on the Chinese wireless local area network (WLAN) security standard, i. e., WLAN authentication and privacy infrastructure (WAPI), the security of the authentication access process is analyzed with the CK (Canetti-Krawczyk) model and the BAN (Burrows-Abadi- Needham) logic. Results show that it can achieve the alleged authentication and key negotiation goals. Besides those alleged, further analyses indicate that the authentication access process can satisfy other security requirements, such as mutual identity authentication, mutual key control, key confirmation, message integrity check, etc. If the used elliptic curve encryption algorithm and the hash algorithm are secure enough, the protocol can efficiently realize mutual authentication between STAs (station) and APs (access point). Therefore, WAPI can be applied to replace the security mechanism used in the original WLAN international standard to enhance its security.