基于体系结构的无线局域网安全弱点研究

发布时间：2018-04-27 15:44

本文选题：WLAN安全 + 全频道干扰机　；参考：《天津大学》2014年博士论文

【摘要】：无线局域网由于无线信号的广播本质和其应用的网络协议及机制的设计缺陷，安全性问题日益突出。论文以无线局域网的安全性评估为目标，并从无线局域网的网络体系入手进行了弱点发现和安全性分析。对安全强度要求较高的无线局域网的安全防护提供决策支持。研究成果包括以下几个方面：在物理和MAC层，针对传统全频道干扰需利用单一频道干扰机进行相对费时的多次频道跳转，设计了干扰半径可变的全频道IEEE802.11g干扰机(ARJ)，ARJ利用非交叠信道的邻频干扰作用，仅在一个固定频道上便可实现对全频道的干扰覆盖。基于引入信道比特错误率的分布式协调功能的马尔科夫链模型，证明了ARJ可使干扰半径内的节点有效吞吐率降低到零。通过模拟场景验证了干扰半径的可调性，验证了干扰半径与发射功率成正比，与信道距离成反比并给出相关定义。通过设计的大量真实实验进一步验证ARJ的正确性并在实验中分析了干扰频度的设置以及其他因素对干扰半径的影响。在密钥管理层，针对现有的基于单核CPU的WPA/WPA2-PSK暴力破解方法的缺点，提出了分布式多核CPU加GPU的并行破解方法——DMCG。DMCG利用多台计算机的多核CPU和GPU形成多个计算核心并行破解。使用着色Petri网模型证明了WPA/WPA2握手协议存在可达的不安全状态据此可发动暴力破解攻击。提出改进的阿姆达尔法则分析了暴力破解上限。针对DMCG的GPU云计算扩展，提出可应用于不同类型超级计算中心的蒲公英计算模型。实验结果表明，DMCG可使破解速度提高3到4个数量级。同时分析了显卡参数对于破解速度的影响并基于层次分析法对DMCG方法中如何选择显卡提供决策支持。在认证层，针对IEEE802.1X的EAP认证机制的各种攻击如降质攻击，中间人攻击等进行了非形式化分析，并给出了改进建议。针对Wi-Fi联盟的WPS协议使用着色Petri网模型证明WPS协议存在可达的不安全状态据此可发动暴力破解攻击，当有干扰机存在时，破解成功概率接近1，提出的改进协议使破解成功概率下降到3/108。针对WAPI认证机制，分析了已知的针对WAI协议的攻击方法和相应改进协议WAI'。使用着色Petri网模型证明WAI'中单播密钥协商子协议存在安全漏洞，，提出了改进协议WAI'-E。使用CK模型证明WAI'-E协议是具有完美前向保密性的会话密钥安全的协议，同时其安全性独立于证书的认证过程。
[Abstract]:Due to the broadcast nature of wireless signals and the design defects of network protocols and mechanisms used in wireless local area networks (WLAN), the security problems become increasingly prominent. This paper aims to evaluate the security of WLAN, and analyzes the security of WLAN from the point of view of WLAN network architecture. Provide decision support for the security protection of WLAN with high security intensity. The results of the study include the following: In the physical and MAC layers, aiming at the traditional full-channel interference which needs to use a single channel jammer to perform a relatively time-consuming multi-channel jump, a full-channel IEEE802.11g jammer with variable interference radius is designed to utilize the adjacent frequency interference effect of non-overlapping channel. Interference coverage of the entire channel can be achieved only on one fixed channel. Based on the Markov chain model of distributed coordination function with channel bit error rate, it is proved that ARJ can reduce the effective throughput of nodes in interference radius to zero. The tunability of the interference radius is verified by the simulation scene. It is verified that the interference radius is proportional to the transmit power and inversely proportional to the channel distance and the relevant definition is given. The correctness of ARJ is further verified by a large number of real experiments designed. In the experiment, the influence of interference frequency and other factors on the interference radius is analyzed. At key management level, aiming at the shortcomings of the existing WPA/WPA2-PSK brute force cracking method based on single core CPU, a distributed multi-core CPU and GPU parallel cracking method is proposed. DMCG.DMCG uses the multi-core CPU and GPU of multiple computers to form multiple computing cores parallel cracking. By using colored Petri net model, it is proved that the WPA/WPA2 handshake protocol has a reachable insecure state, which can be used to launch a brute force cracking attack. An improved Amdal law is proposed to analyze the upper limit of brute force cracking. This paper presents a dandelion computing model which can be applied to different supercomputing centers for DMCG's GPU cloud computing extension. The experimental results show that DMCG can improve the decoding speed by 3 to 4 orders of magnitude. At the same time, the influence of graphics card parameters on the decoding speed is analyzed, and the decision support of how to select graphics card in DMCG method is provided based on the analytic hierarchy process (AHP). In the authentication layer, various attacks of IEEE802.1X 's EAP authentication mechanism, such as degradation attacks and man-in-the-middle attacks, are analyzed in a non-formal way, and suggestions for improvement are given. The WPS protocol of Wi-Fi alliance uses colored Petri net model to prove the existence of reachable unsafe state of WPS protocol, according to which it can launch a brute force cracking attack, when there is a jamming machine, The probability of success is close to 1, and the proposed improved protocol reduces the probability of success to 3 / 108. Aiming at the authentication mechanism of WAPI, the known attack methods against WAI and the corresponding improved protocols are analyzed. Using colored Petri net model to prove the security vulnerability of unicast key agreement subprotocol in WAI', an improved protocol WAII-E is proposed. The CK model is used to prove that the WAI'-E protocol is a session key secure protocol with perfect forward confidentiality, and its security is independent of the certificate authentication process.
【学位授予单位】：天津大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TN925.93

【参考文献】