基于近场通信认证的无线局域网无线接入协议的安全性设计

doi:10.11772/j.issn.1001-9081.2016.05.1236

计算机应用 ›› 2016, Vol. 36 ›› Issue (5): 1236-1245.DOI: 10.11772/j.issn.1001-9081.2016.05.1236

基于近场通信认证的无线局域网无线接入协议的安全性设计

李云^1,2, 陈庞森³, 孙山林¹

1. 桂林航天工业学院电子信息与自动化学院, 广西桂林 541004;
2. 天津大学电子信息工程学院, 天津 300072;
3. 桂林电子科技大学信息与通信学院, 广西桂林 541004

收稿日期:2015-09-23 修回日期:2015-11-10 出版日期:2016-05-10 发布日期:2016-05-09
通讯作者: 李云
作者简介:李云(1978-),女,广西南宁人,博士研究生,主要研究方向:水下传感网络、认知网络;陈庞森(1990-),男,四川内江人,硕士研究生,主要研究方向:移动通信系统;孙山林(1973-),男,河南邓州人,教授,博士,主要研究方向:无线通信系统、光微波通信系统。
基金资助:
国家自然科学基金资助项目(61162003);广西自然科学基金资助项目(2015GXNSFAA139298);桂林航天工业学院自然科学基金资助项目(YJ1403)。

Security analysis and implementation for wireless local area network access protocol via near field communication authentication

LI Yun^1,2, CHEN Pangsen³, SUN Shanlin¹

1. College of Electronic Information and Automation, Guilin University of Aerospace Technology, Guilin Guangxi 541004, China;
2. College of Electronic Information Engineering, Tianjin University, Tianjin 300072, China;
3. College of Information and Communication, Guilin University of Electronic Technology, Guilin Guangxi 541004, China

Received:2015-09-23 Revised:2015-11-10 Online:2016-05-10 Published:2016-05-09
Supported by:
This work is partially supported by National Natural Science Foundation of China (61162003), the Natural Science Foundation of Guangxi (2015GXNSFAA139298), the Natural Science Foundation of Guilin University of Aerospace Technology (YJ1403).

摘要/Abstract

摘要： 针对基于近场通信(NFC)认证的无线局域网(WLAN)无线接入协议点对点通信模式存在的问题,如明文传输、用户接入匿名性、数据易于被窃听、易于被篡改等,提出基于NFC认证的WLAN无线接入协议安全性的设计。该协议采用Diffie-Hellman密钥交换算法与第二代安全散列算法(SHA)建立安全隧道来完成随机信息的交换;采用椭圆曲线数字签名算法来消除用户的匿名性。从协议需求分析、架构设计与协议时序步骤三个方面入手,给出了一个计算机上的原型实现。通过有色Petri网(CPN)建模,实验仿真结果表明:基于NFC认证的WLAN接入协议对于无线局域网的非法接入攻击与窃听攻击有着良好的抵抗效果。

关键词: 近场通信, 无线局域网, 有色Petri网, 椭圆曲线数字签名算法

Abstract: Aiming at the problems existing in point-to-point communication model of Wireless Local Area Network (WLAN) protocol via Near Field Communication (NFC) authentication, such as plaintext transferring, user's anonymous access, data being easily tapped and tampered, a security design of WLAN protocol via NFC was put forward. The security tunnel was built using Diffie-Hellman key exchange algorithm and second generation Secure Hash Algorithm (SHA) to transfer the random information, and the user's anonymity was eliminated using Elliptic Curve Digital Signature Algorithm (ECDSA). A prototype implementation on computer was given from requirement analysis, architecture design and sequence steps of the protocol. The experimental results by using Colored Petri Net (CPN) modeling show that the proposed protocol can execute stably and deal with the unauthorized access and eavesdropping problems of WLAN.

Key words: Near Field Communication (NFC), Wireless Local Area Network (WLAN), Colored Petri Net (CPN), Elliptic Curve Digital Signature Algorithm (ECDSA)

中图分类号:

TP393.08

李云, 陈庞森, 孙山林. 基于近场通信认证的无线局域网无线接入协议的安全性设计[J]. 计算机应用, 2016, 36(5): 1236-1245.

LI Yun, CHEN Pangsen, SUN Shanlin. Security analysis and implementation for wireless local area network access protocol via near field communication authentication[J]. Journal of Computer Applications, 2016, 36(5): 1236-1245.

参考文献

[1] 李兴华, 尚昭辉, 杨丹, 等.利用无线物理层密钥增强802.11i的安全性[J].江苏大学学报(自然科学版), 2013, 34(4):416-421.(LI X H, SHANG Z H, YANG D, et al. Security enhancement of 802.11i by wireless physical layer key[J]. Journal of Jiangsu University (Natural Science Edition), 2013, 34(4):416-421.)
[2] 陈卓, 金豪, 张正文.一种无线局域网多安全域间的密钥共识协议[J].计算机应用, 2006, 26(9):2121-2123.(CHEN Z, JING H, ZHANG Z W. Multi-domain key agreement protocol for WLAN[J]. Journal of Computer Applications, 2006, 26(9):2121-2123.)
[3] 丰江帆, 王倩, 刘兆宏.无线局域网环境下的图书馆定位系统研究与实现[J].现代图书情报技术, 2012(4):79-83.(FENG J F, WANG Q, LIU Z H. Research and implement of library positioning system in wireless LAN environment[J]. New Technology of Library and Information Service, 2012(4):79-83.)
[4] 李勤, 张浩军, 杨峰, 等. 无线局域网安全协议的研究和实现[J]. 计算机应用, 2005, 25(1):160-162.(LIN Q, ZHANG H J, YANG F, et al. Study and implementation of security protocols for wireless local network[J]. Journal of Computer Applications, 2005, 25(1):160-162.)
[5] 刘永磊, 金志刚.无线局域网WPS安全性分析[J].计算机工程与应用, 2013, 49(21):87-89.(LIU Y L, JIN Z G. Analysis of WPS security in WLAN[J]. Computer Engineering and Applications, 2013, 49(21):87-89.)
[6] 刘安, 金志刚, 王颖.MACH:针对WLAN中WPS认证高速攻击方案[J].计算机应用研究, 2014, 31(8):2488-2496.(LIU A, JIN Z G, WANG Y. MACH:hight-speed cracking scheme to WPS authentication mechanism if WLAN[J]. Application Research of Computers, 2014, 31(8):2488-2496.)
[7] 吴国凤, 胡德启, 王培东.RC4算法引起的WEP协议安全性的研究与改进[J].合肥工业大学学报, 2012, 35(5):617-620.(WU G F, HU D Q, WANG P D. Research and improvement in the security of WEP protocol based on RC4 algorithm[J]. Journal of Hefei University of Technology, 2012, 35(5):617-620.)
[8] 刘永磊, 金志刚, 陈喆, 等.wpa/wpa2-psk高速暴力破解器的设计和实现[J].计算机工程, 2011, 37(10):125-127.(LIU Y L, JIN Z G, CHEN Z, et al. Design and implementation of high-speed brute forcer for wap/wap2-psk[J]. Computer Engineering, 2011, 37(10):125-127.)
[9] 周超, 周城, 郭亮.IEEE 802.1X的安全性分析及改进[J].计算机应用, 2011, 31(5):1265-1270.(ZHOU C, ZHOU C, GUO L. Security analysis and improvement of IEEE 802.1X[J]. Journal of Computer Applications, 2011, 31(5):1265-1270.)
[10] 王鹃, 唐西铭, 王勇, 等.一种基于手机令牌和NFC技术的身份认证系统[J].武汉大学学报(理学版), 2013, 59(5):403-410.(WANG J, TANG X M, WANG Y, et al. An identity authentication system based on mobile-token and NFC technology[J]. Journal of Wuhan University (Natural Science Edition), 2013, 59(5):403-410.)
[11] 孙权.一种基于NFC的安全非接触式跨行取款系统[J].计算机应用与软件, 2015, 32(8):76-79.(SUN Q. A secure contactless cross-bank ATM withdrawals system based on NFC[J]. Computer Applications and Software, 2015, 32(8):76-79.)
[12] ECMA. Near field communication-interface and protocol (NFCIP-1):ECMA 340-2004[S]. 2nd ed.[S. l.]:ECMA, 2004.
[13] HASELSTEINER E, BREITFUB K. Security in Near Field Communication (NFC)[EB/OL].[2010-10-10]. http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf.

[1]	韦春玲, 王步飞. 基于WLAN接收信号强度特征的室内活动识别[J]. 计算机应用, 2017, 37(5): 1326-1330.
[2]	王续乔, 王瑾琨. 基于D-S证据理论的室内组合定位算法[J]. 计算机应用, 2017, 37(4): 1198-1201.
[3]	张呈钰, 王让定, 姚灵, 傅松寅, 左富强, 高旗飞, 蒋铭. 移动支付近场通信智能水表系统[J]. 计算机应用, 2017, 37(1): 166-169.
[4]	王静, 高泽华, 高峰, 潘翔. 无线局域网中一种改进的频域信道竞争机制[J]. 计算机应用, 2015, 35(2): 317-321.
[5]	叶翔徐展胡翔刘丹. 低成本有源RFID双向认证加密方案[J]. 计算机应用, 2014, 34(2): 456-460.
[6]	杜久升陈宜金侯争. 针对Kriging插值结果的空间查询方法[J]. 计算机应用, 2013, 33(03): 871-873.
[7]	吴燕玲张丽娟潘玉茹. VoWLAN中基于TDMA的QoS机制的研究[J]. 计算机应用, 2011, 31(01): 215-218.
[8]	曾锐畦方旭明祝建建. 自适应门限的异构无线网络预切换机制[J]. 计算机应用, 2011, 31(01): 198-201.
[9]	许友哲李德润陈盛常华. 基于嵌入式系统的智能灭火车模型[J]. 计算机应用, 2010, 30(2): 560-563.
[10]	黄景廉. WLAN跨层链路自适应机制[J]. 计算机应用, 2009, 29(2): 518-520.
[11]	于骊史子博舒炎泰马懋德. 调度和拥塞控制相结合的无线网络资源分配模型[J]. 计算机应用, 2009, 29(2): 487-490.
[12]	鲍彦茹舒炎泰张亮. 一种无线局域网DCF扩展算法——ExDCF[J]. 计算机应用, 2008, 28(3): 564-567.
[13]	马涛单洪. 无线局域网安全量化评估方法与系统设计研究[J]. 计算机应用, 2008, 28(2): 412-414,.
[14]	陈伟俞雷张迎周. 802.11协议中RTS/CTS机制的安全漏洞分析[J]. 计算机应用, 2008, 28(12): 3183-3186.
[15]	冯慧芳舒炎泰. 无线局域网业务流预报方法比较[J]. 计算机应用, 2008, 28(11): 2753-2755.

基于近场通信认证的无线局域网无线接入协议的安全性设计

Security analysis and implementation for wireless local area network access protocol via near field communication authentication

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics