WLAN网络加密认证体系..doc

摘要 无线局域网具有有线网无可替代的优势，随着它的应用范围越来越广，安全问题也受到极大的关注。现今市场上，无线局域网（WLAN）的主流技术是IEEE802.11系列标准，但在安全技术方面存在着严重的漏洞，无法提供可靠的安全性。本课题作为863项目“无线局域网安全技术”的一部分，深入研究了WLAN安全认证的关键技术。 IEEE802.1X为WLAN认证提供了基本框架，支持EAPOL协议和RADIUS作为后端服务器，加强了安全认证功能。同时，802.1X认证可以与RSN的密钥管理系统相结合，在认证成功之后，进行动态地生成密钥，为数据加密提供更高的安全性。 论文首先介绍了无线局域网的背景知识和安全认证的关键技术，然后详细讨论了RADIUS相关协议，包括认证、扩展认证、计费等协议，并整理了相关属性的应用。论文接着介绍了RSN的密钥管理系统，详细讨论了四步握手的密钥协商机制及EAPOL-Key消息的封装。 在实现部分，论文分析和整理了RADIUS与802.1X如何相结合，详细介绍了RADIUS服务器在WLAN中的实现。接着介绍了WLAN安全认证和密钥管理系统的实现方案，在Linux环境下用C语言编程，实现接入点的认证和密钥管理功能，并对其中的关键技术包括网络编程、进程间通信、AP的多用户管理等做了详细的介绍。最后，对自己的工作做了总结，并提出展望。 【关键词】无线局域网 认证 密钥管理 802.1X EAP RADIUS 四步握手 ABSTRACT With the great development of WLAN in recent years, its security has been also more focused on. As IEEE802.11, which is the major standard in WLAN market now, has great security leak, it cannot provide enough security. This paper, which is the part of the 863 project “WLAN security technique”, studies the essential authentication technique of WLAN security. IEEE802.1X provides the authentication standard for WLAN. Supporting the EAPOL protocol and RADIUS as the backend server in authentication system, 802.1X can enhance the authentication of users. Meanwhile, after succeeding in authentication, 802.1X together with the key management system of RSN, can provide the dynamic key generation to enhance the security of data encryption. In this paper, the basic knowledge of WLAN and essential technique of authentication are introduced firstly. Then the paper discussed the protocol of RADIUS, including RADIUS, RADIUS Extensions, RADIUS Accounting and etc. Next, the key management system of RSN is introduced. The paper analyzes four-way-handshake key negotiation and the encapsulation of EAPOL-Key messages. In the part of implementation, I analyze how RADIUS works with 802.1X and complete RADIUS as backend server in WLAN including setup, configuration, management and etc. Then the project of authentication and key management system is discussed