无线通信网认证系统漏洞的分析与研究

发布时间：2018-03-14 17:28

本文选题：802.11无线局域网　切入点：数据链路层　出处：《电子科技大学》2015年硕士论文　论文类型：学位论文

【摘要】：随着无线局域网(Wireless Local Area Network,WLAN)的广泛应用,其安全性成为了人们重点关注和研究的问题。网络安全有两层含义:网络接入安全和数据加密安全。其中网络接入安全是实现网络安全的第一道防线,而网络接入的安全性又是通过认证协议来保障的。802.11协议是最常用的WLAN通信标准,但由于无线信道的开放性特点,802.11协议的认证环节存在着许多漏洞。802.1X中定义的EAP认证协议为802.11 WLAN在数据链路层提供了较高强度的网络接入保护,但在应用过程中仍然暴露出不少的安全缺陷。本文针对几种常见的EAP方法,在充分分析协议认证原理的基础上,研究协议所存在的漏洞并提出相应的攻击方法。本文一方面借助协议状态机在Linux平台上对MD5、OTP和PEAP三种协议的合作方认证过程进行了仿真实现;另一方面,建立认证协议漏洞的攻击模型,在攻击方对合作方认证协议未知的情况下,通过仿真验证了MD5、OTP和PEAP协议攻击方法和攻击模型的可行性。本文主要完成了以下工作:1)对常见EAP协议按照基于密码保护/基于证书保护和单向认证/双向认证两个层次进行分类,并对各类协议的特征和漏洞进行总结和梳理;2)对MD5、OTP和PEAP协议的的漏洞进行了分析,提出了相应的攻击方法和攻击流程,并对攻击条件的可行性进行了分析;3)建立了认证系统攻击模型,攻击模型由六大模块构成:数据捕获模块、帧过滤模块、认证协议识别模块、协议攻击模块、数据发送模块和EAP方法库模块。本文定义了各个模块的功能,并设计了攻击流程;4)根据MD5、OTP和PEAP协议的认证流程,设计了认证协议状态转移图,由状态转移图在Linux平台上实现合作方的认证过程,并根据协议漏洞和EAP攻击模型设计了攻击系统并在Linux平台上实现。
[Abstract]:With the wide application of WLAN (Wireless Local Area Network), Network security has two meanings: network access security and data encryption security, among which network access security is the first line of defense to realize network security. The security of network access is guaranteed by authentication protocol. 802.11 protocol is the most commonly used WLAN communication standard. However, due to the openness of wireless channel, there are many vulnerabilities in the authentication of 802.11 protocol. The EAP authentication protocol defined in 802.1X provides a high degree of network access protection for 802.11 WLAN in the data link layer. However, many security defects are still exposed in the process of application. Based on the analysis of the principle of protocol authentication, this paper aims at several common EAP methods. On the one hand, this paper uses protocol state machine to simulate the authentication process of MD5OTP and PEAP on Linux platform; on the other hand, The attack model of authentication protocol vulnerability is established. When the authentication protocol of the attacking party is unknown to the partner, The feasibility of attack method and attack model of MD5OTP and PEAP protocol is verified by simulation. This paper mainly completes the following work: 1) the common EAP protocol is protected according to password protection / certificate based protection and one-way authentication / bidirectional authentication. Is classified into three levels, The characteristics and vulnerabilities of all kinds of protocols are summarized and combed. (2) the vulnerabilities of MD5OTP and PEAP protocols are analyzed, and the corresponding attack methods and attack flow are put forward. The attack model is composed of six modules: data capture module, frame filter module, authentication protocol identification module, protocol attack module. Data sending module and EAP method library module. This paper defines the functions of each module, and designs the attack flow chart. According to the authentication flow of MD5OTP and PEAP protocol, the state transition diagram of authentication protocol is designed. The authentication process of the partner is implemented on Linux platform by state transition diagram. According to the protocol vulnerability and EAP attack model, the attack system is designed and implemented on the Linux platform.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TN925.93

【参考文献】