WLAN无线局域网安全性分析和研究.pdf

WLAN无线局域周安全性分析与研究 摘要 众所周知，无线局域网中的WEP加密机制并不能够为无线用户提供足够的 安全保护。因此，自无线局域网开始商业应用之时，安全问题就成为了限制其进 一步发展的主要制约因素。许多潜在的用户对于WI_AN技术所带来的灵活性十 分感*趣，但却由于不能够得到可靠的安全保护而对是否采用WLAN系统犹豫 不决。 为了使WLAN技术从这种被动局面中解脱出来，IEEE 802．11的工作组致力 于制订新一代安全标准，以增强WLAN的数据加密和认证性能。 本文对IEEE802．11无线局域网安全机制进行研究。对IEEE802．11无线局域 网安全机制进行深入的分析。 首先本文介绍了无线局域网的几种标准，主要介绍了IEEE802．11标准的网 络拓扑结构。随后介绍了IEEE802．11标准的介质访问控制层和它的认证和加密 的安全机制，分析了IEEE802．11的有线等价协议WEP加密机制、RC4算法及其 数据完整性算法，指出了其在安全方面的漏洞、给出了改进的对策，最后对WPA 中的EAP认证、TKIP加密协议进行了分析，提出了WPA中潜在的问题。 关键词：无线局域网、有线等价协议、RCA、TKIP、认证、加密 昆明理工大学硕士论文 1 WLAN无线局域f59安全性分析与研究 Abstract 皿eⅡ呢E 802．11 standard defines the encapsulation of 802．11 data frames．The goal the level of a wired network． Wired Equivalent Pdvacy，or WEP, of WEP is to provide data privacy to The 802．11 design community generally concedes that the WEP encapsulation fails to meet its design goal，but widely attributes this failure to WEP’s use of 40_bit RC4 as its encryption mechanism．Even at this late date，it is still repeatedly suggested， asserted，and assumed that WEP could meet its design goal by migrating from 40-bit t0 104．or 128一bit RCA kcys instead． This report seeks dispel this notion once and for all：it is infeasible to achieve privacy with the WEP encapsulation by simply increasing key size．The submission reports easily implemented,practical attacks against WEP that succeed regardless of the key size or the cipher．In particular,勰currently defined．WEP’s usage of encryption is a fundamentally unsound construction；the WEP encapsulation remains insecure whether its key length is 1 bit or 1000 or any other size whatsoever,and the sanle remains true when any other stream cipher replaces RCA．The weakness stems faom WEP’S usage of its initialization vector．This vulnerability prevents the WEP encapsulation from providing a meaningful notion ofprivacy at any key size． WPA greatiy increases the level of over-the-air data protection and aCCesS control on existing Wi—Fi networks．It addresses all known weaknesses of Wked Equivalent Pr