ieee802.1x網(wǎng)絡(luò)訪問(wèn)認(rèn)證技術(shù)的攻擊應(yīng)對(duì)策略

1、湖南大學(xué)碩士學(xué)位論文IEEE802.1x網(wǎng)絡(luò)訪問(wèn)認(rèn)證技術(shù)的攻擊應(yīng)對(duì)策略姓名：周輝申請(qǐng)學(xué)位級(jí)別：碩士專(zhuān)業(yè)：計(jì)算機(jī)軟件與理論指導(dǎo)教師：謝冬青20070413IEEE802.1x 網(wǎng)絡(luò)訪問(wèn)認(rèn)證技術(shù)的攻擊應(yīng)對(duì)策略 II Abstract Nowadays, WLAN mostly based on the standard of the IEEE802.11, however, numerous works indicated that the

2、re are some security issues such as lack of mutual authentication and weak key. In view of the current security issues on the WLAN, IEEE802.1x introduce access-control-protocols based on ports to enhance access control a

3、nd the strength of authentication. But its authentication mechanism is also one-way, and it’s easy to suffer Man-In-The-Middle (MITM) Attack, Session Hijacking and denial of service. So it’s meaningful to the improvement

4、 and application of the WLAN, by develop the authentication method of the IEEE802.1x and offer more powerful security system. Firstly, by introducing the protocol of IEEE802.11, this article analyzed the secure service,

5、weakness of authentication and the flaw of encryption. Then the author presented many problems in IEEE802.1x (Absence of mutual authentication, lack of field of the extended authenticate protocol, the flaw of the authent

6、icate mechanism and the authenticator state machine loose coupling), and discussed MITM Attack, Session Hijacking and denial of service. It is tested that above of attacks can be performed by simulated attack tests. Seco

7、ndly, to cope with the three kinds of attacks, three solutions are proposed, which include: ①Reduce the denial of service by the center manager assisting authenticator server; ②Decrease the frequency of MITM Attack by mo

8、difying format of response message; ③reduce Session Hijacking by rejecting all MAC message for disconnection when the authentication is association. Finally, the results show: the way that copes with denial of service ca

9、n distribute the resource more reasonable and control the resource consumption in the smallest range; the way that copes with MITM Attack can prevent MITM connection; the way that copes with Session Hijacking can avoid e

10、xisting Session Hijacking by restricting state machine transfer and perfecting format of the EAPOL frame. The improving solutions remedy the flaw of absence of mutual authentication in IEEE802.1x, design central manager