ieee802.1x網(wǎng)絡訪問認證技術(shù)的攻擊應對策略

1、湖南大學碩士學位論文IEEE802.1x網(wǎng)絡訪問認證技術(shù)的攻擊應對策略姓名：周輝申請學位級別：碩士專業(yè)：計算機軟件與理論指導教師：謝冬青20070413IEEE802.1x 網(wǎng)絡訪問認證技術(shù)的攻擊應對策略 II Abstract Nowadays, WLAN mostly based on the standard of the IEEE802.11, however, numerous works indicated that the

2、re are some security issues such as lack of mutual authentication and weak key. In view of the current security issues on the WLAN, IEEE802.1x introduce access-control-protocols based on ports to enhance access control a

3、nd the strength of authentication. But its authentication mechanism is also one-way, and it’s easy to suffer Man-In-The-Middle (MITM) Attack, Session Hijacking and denial of service. So it’s meaningful to the improvement

4、 and application of the WLAN, by develop the authentication method of the IEEE802.1x and offer more powerful security system. Firstly, by introducing the protocol of IEEE802.11, this article analyzed the secure service,

5、weakness of authentication and the flaw of encryption. Then the author presented many problems in IEEE802.1x (Absence of mutual authentication, lack of field of the extended authenticate protocol, the flaw of the authent

6、icate mechanism and the authenticator state machine loose coupling), and discussed MITM Attack, Session Hijacking and denial of service. It is tested that above of attacks can be performed by simulated attack tests. Seco

7、ndly, to cope with the three kinds of attacks, three solutions are proposed, which include: ①Reduce the denial of service by the center manager assisting authenticator server; ②Decrease the frequency of MITM Attack by mo

8、difying format of response message; ③reduce Session Hijacking by rejecting all MAC message for disconnection when the authentication is association. Finally, the results show: the way that copes with denial of service ca

9、n distribute the resource more reasonable and control the resource consumption in the smallest range; the way that copes with MITM Attack can prevent MITM connection; the way that copes with Session Hijacking can avoid e

10、xisting Session Hijacking by restricting state machine transfer and perfecting format of the EAPOL frame. The improving solutions remedy the flaw of absence of mutual authentication in IEEE802.1x, design central manager