本文選題：802.11無線局域網(wǎng)　切入點(diǎn)：數(shù)據(jù)鏈路層　出處：《電子科技大學(xué)》2015年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著無線局域網(wǎng)(Wireless Local Area Network,WLAN)的廣泛應(yīng)用,其安全性成為了人們重點(diǎn)關(guān)注和研究的問題。網(wǎng)絡(luò)安全有兩層含義:網(wǎng)絡(luò)接入安全和數(shù)據(jù)加密安全。其中網(wǎng)絡(luò)接入安全是實(shí)現(xiàn)網(wǎng)絡(luò)安全的第一道防線,而網(wǎng)絡(luò)接入的安全性又是通過認(rèn)證協(xié)議來保障的。802.11協(xié)議是最常用的WLAN通信標(biāo)準(zhǔn),但由于無線信道的開放性特點(diǎn),802.11協(xié)議的認(rèn)證環(huán)節(jié)存在著許多漏洞。802.1X中定義的EAP認(rèn)證協(xié)議為802.11 WLAN在數(shù)據(jù)鏈路層提供了較高強(qiáng)度的網(wǎng)絡(luò)接入保護(hù),但在應(yīng)用過程中仍然暴露出不少的安全缺陷。本文針對幾種常見的EAP方法,在充分分析協(xié)議認(rèn)證原理的基礎(chǔ)上,研究協(xié)議所存在的漏洞并提出相應(yīng)的攻擊方法。本文一方面借助協(xié)議狀態(tài)機(jī)在Linux平臺(tái)上對MD5、OTP和PEAP三種協(xié)議的合作方認(rèn)證過程進(jìn)行了仿真實(shí)現(xiàn);另一方面,建立認(rèn)證協(xié)議漏洞的攻擊模型,在攻擊方對合作方認(rèn)證協(xié)議未知的情況下,通過仿真驗(yàn)證了MD5、OTP和PEAP協(xié)議攻擊方法和攻擊模型的可行性。本文主要完成了以下工作:1)對常見EAP協(xié)議按照基于密碼保護(hù)/基于證書保護(hù)和單向認(rèn)證/雙向認(rèn)證兩個(gè)層次進(jìn)行分類,并對各類協(xié)議的特征和漏洞進(jìn)行總結(jié)和梳理;2)對MD5、OTP和PEAP協(xié)議的的漏洞進(jìn)行了分析,提出了相應(yīng)的攻擊方法和攻擊流程,并對攻擊條件的可行性進(jìn)行了分析;3)建立了認(rèn)證系統(tǒng)攻擊模型,攻擊模型由六大模塊構(gòu)成:數(shù)據(jù)捕獲模塊、幀過濾模塊、認(rèn)證協(xié)議識(shí)別模塊、協(xié)議攻擊模塊、數(shù)據(jù)發(fā)送模塊和EAP方法庫模塊。本文定義了各個(gè)模塊的功能,并設(shè)計(jì)了攻擊流程;4)根據(jù)MD5、OTP和PEAP協(xié)議的認(rèn)證流程,設(shè)計(jì)了認(rèn)證協(xié)議狀態(tài)轉(zhuǎn)移圖,由狀態(tài)轉(zhuǎn)移圖在Linux平臺(tái)上實(shí)現(xiàn)合作方的認(rèn)證過程,并根據(jù)協(xié)議漏洞和EAP攻擊模型設(shè)計(jì)了攻擊系統(tǒng)并在Linux平臺(tái)上實(shí)現(xiàn)。
[Abstract]:With the wide application of WLAN (Wireless Local Area Network), Network security has two meanings: network access security and data encryption security, among which network access security is the first line of defense to realize network security. The security of network access is guaranteed by authentication protocol. 802.11 protocol is the most commonly used WLAN communication standard. However, due to the openness of wireless channel, there are many vulnerabilities in the authentication of 802.11 protocol. The EAP authentication protocol defined in 802.1X provides a high degree of network access protection for 802.11 WLAN in the data link layer. However, many security defects are still exposed in the process of application. Based on the analysis of the principle of protocol authentication, this paper aims at several common EAP methods. On the one hand, this paper uses protocol state machine to simulate the authentication process of MD5OTP and PEAP on Linux platform; on the other hand, The attack model of authentication protocol vulnerability is established. When the authentication protocol of the attacking party is unknown to the partner, The feasibility of attack method and attack model of MD5OTP and PEAP protocol is verified by simulation. This paper mainly completes the following work: 1) the common EAP protocol is protected according to password protection / certificate based protection and one-way authentication / bidirectional authentication. Is classified into three levels, The characteristics and vulnerabilities of all kinds of protocols are summarized and combed. (2) the vulnerabilities of MD5OTP and PEAP protocols are analyzed, and the corresponding attack methods and attack flow are put forward. The attack model is composed of six modules: data capture module, frame filter module, authentication protocol identification module, protocol attack module. Data sending module and EAP method library module. This paper defines the functions of each module, and designs the attack flow chart. According to the authentication flow of MD5OTP and PEAP protocol, the state transition diagram of authentication protocol is designed. The authentication process of the partner is implemented on Linux platform by state transition diagram. According to the protocol vulnerability and EAP attack model, the attack system is designed and implemented on the Linux platform.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TN925.93

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 王小軍;陸建德;;基于802.11i四次握手協(xié)議的攻擊分析與改進(jìn)[J];計(jì)算機(jī)工程;2007年03期

2 周賢偉;劉寧;覃伯平;;IEEE 802.1x協(xié)議的認(rèn)證機(jī)制及其改進(jìn)[J];計(jì)算機(jī)應(yīng)用;2006年12期

3 趙新輝,李祥;捕獲網(wǎng)絡(luò)數(shù)據(jù)包的方法[J];計(jì)算機(jī)應(yīng)用研究;2004年08期

相關(guān)碩士學(xué)位論文 前1條

1 李登;WLAN快速接入認(rèn)證機(jī)制研究與實(shí)現(xiàn)[D];西安電子科技大學(xué);2012年

，

本文編號(hào)：1612212