Keywords: wireless local area network; Standard; Security; trend
Wireless LAN is essentially a network interconnection technology. Wireless LAN uses radio waves instead of twisted pair, coaxial cable and other equipment, which saves the trouble of wiring and is flexible in networking. Wireless local area network is the product of the combination of computer network and wireless communication technology. It can not only meet the network access requirements of various portable computers, but also realize the functions of computer local area network remote access, fax, email and so on. As a means of network access, wireless local area network technology can be quickly applied to situations that need networking and roaming between networks, and provide strong network support for data processing nodes that are difficult to set up wired soil and are far away. Therefore, wireless LAN has been widely used in military, petrochemical, medical management, factory workshop, inventory control, exhibition and conference, financial services, tourism services, mobile office systems and other industries, and has become one of the emerging development trends of wireless communication and Internet technology. The biggest advantage of WLAN is the mobility of network interconnection, which can greatly improve the timeliness and effectiveness of users' access to information and overcome the inconvenience caused by wired restrictions. However, due to the great openness of WLAN application, the data transmission range is difficult to control, so WLAN will face more serious security problems.
1. Overview of WLAN security development
After the publication of WLAN 802. 1 1b, it quickly became the de facto standard. Unfortunately, since its birth, its security protocol WEP has been questioned by people. Borisov, Goldberg and Wagner of the University of California, Berkeley first published papers to point out the design errors in WEP protocol, and then information security researchers published a large number of papers to discuss the security defects in WEP protocol in detail, and cooperated with engineers and technicians to decipher the wireless transmission data encrypted by WEP protocol in the experiment. Now hardware devices that can intercept wireless transmission data can be bought on the market, and hacker software that can decrypt intercepted data can also be downloaded online. It is well known that WEP is unsafe. People expect a qualitative change in the security of WEP, and a new and enhanced WLAN security standard appears [1].
China began to formulate WLAN security standards on 200 1. Through the joint efforts of xidian university, Xi University of Posts and Telecommunications, Xidian Jietong Wireless Network Communication Co., Ltd. and other institutions and enterprises, WAPI, the wireless authentication and security infrastructure, was formulated for more than two years and became a national standard, which was implemented in June 2003. WAPI uses public key technology to verify whether the mobile terminal and the access point hold legal certificates in the presence of a trusted third party, so as to achieve the purposes of two-way authentication, access control, session key generation, and secure communication. The basic architecture of WAPI consists of mobile terminals, access points and authentication service units, which is similar to the basic authentication architecture in the security draft formulated by the 802. 1 1 working group. At the same time, China's cryptographic algorithms are generally not open, although the WAPI standard has been published publicly, but the academic and engineering circles have not yet discussed its security [2].
The draft of enhanced security also set the basic security framework more than two years later. During this period, the meeting will be held at least once a month, and the documents of the meeting can be downloaded from the internet, from which some interesting phenomena can be seen, such as AES-OCB algorithm. At first, the working group decided to use this algorithm as a security algorithm for future WLAN. A year later, it proposed another algorithm, with CCMP as the default and AES-OSB as the default. After half a year, it proposed CCMP as the default and AES-OCB as the candidate. After a few months, it simply decided to use AES-OCB. There are many other examples. From this development process, we can understand all aspects of WLAN security standards more clearly, which is beneficial to the research of WLAN security [3][4].
2. The security necessity of WLAN
Wireless local area network brings great convenience to users, but there are also many security problems. Because WLAN transmits data in the air by radio waves, it can't protect communication security by protecting communication lines like wired networks, so almost any WLAN user in the coverage area of the data sender can access these data, and it is impossible to transmit the data transmitted by WLAN to only one target receiver. Firewall has no influence on network communication through radio waves, and anyone can intercept and insert data within sight. Therefore, although the application of wireless network and WLAN expands the freedom of network users, the installation time is short, and it is flexible and economical when adding users or changing the network structure, and it can provide full-function roaming service within the wireless coverage. However, this freedom also brings new challenges, including security. Wireless LAN must consider three security elements: information confidentiality, authentication and access control. If these three elements are all right, it can not only protect the information in transmission from harm, but also protect the network and mobile devices from harm. The difficulty lies in how to use an easy-to-use solution and obtain these three security elements at the same time. Some latest technical research reports abroad point out that attacks and eavesdropping incidents against the most widely used standard 802. 1 1bWLAN are becoming more and more frequent [5], so the security research of WLAN, especially the widely used IEEE802. 1 1WLAN, finds its possible security defects and studies the corresponding ones.
Compared with wired network, the natural characteristics of wireless transmission in WLAN make its physical security much more fragile, so we should first strengthen this security.
In actual communication, devices in WLAN are hop-by-hop. Either the user equipment sends data to the access equipment, and the access equipment forwards meals, or the two user equipments communicate directly. Each communication method can use link layer encryption to achieve at least the same security as wired connection. The wireless signal may be intercepted, but if the data carried by the wireless signal is changed into ciphertext, and the encryption strength is high enough, it is unlikely that the listener can obtain useful data. In addition, the wireless signal may be modified or forged, but if some redundant data generated by the data and some secret held by the user are added to the data carried by the wireless signal, so that the receiver can detect that the data has been modified, then the modification of the wireless signal will be futile. The uniqueness of the secret will also make it extremely unlikely that forged data will be mistaken for legitimate data.
In this way, through data encryption and data integrity check, physical security protection similar to wired network can be provided for wireless LAN. For the host in WLAN, when faced with virus threat, we can adopt the most advanced anti-virus measures and the latest anti-virus tools to add a security shell to the system, such as installing a virus card in hardware form to prevent viruses, or installing software to detect system anomalies in real time. PC, notebook computer and other devices have been fighting viruses for thousands of years. How to fight viruses for wireless devices in the next step is still a field to be developed.
For DOS attack or DDOS attack, you can add a gateway to intercept malicious data outside the network by packet filtering or other routing settings; By hiding the IP address of the access device from the external network, the risk can be reduced. For internal malicious users, it is necessary to find out malicious users through audit analysis, network security detection and other means, supplemented by other management means to prevent internal attacks. The threat of hardware loss requires that hardware devices and users must be bound by some secret or biometric means, and the authentication of users must be based on the identity of users rather than hardware. For example, it is not appropriate to authenticate users with MAC addresses [5].
In addition to the above possible requirements, according to different users, there will be different security requirements. For users with high security requirements, there may be undeniable requirements for transmitting data, anti-leakage measures for data entering and leaving WLAN, and rapid recovery after WLAN paralysis. Therefore, the security system of WLAN can't provide all security guarantees, and can only provide security services and build a secure network according to the specific needs of users and other security systems.
When considering cooperation with other security systems, WLAN security will be limited to providing data confidentiality services, data integrity services, providing identity recognition framework and access control framework, completing user authentication and authorization, information transmission security and other security services. Anti-virus, anti-leakage, undeniable data transmission and reducing the risk of DoS attacks will all be realized in cooperation with other security systems in a specific network configuration.
3.WLAN security risks
Security risk refers to the threat faced by resources in wireless LAN. The resources of WLAN include data transmitted over wireless channels and hosts in WLAN.
3. 1 Threats to data transmitted over wireless channels
Because radio waves can bypass obstacles and propagate outward, signals in WLAN can be heard without being detected in a certain coverage area. This is the same as listening to the radio. Within the coverage of the broadcasting tower, people can listen to the radio at any time. If the radio is more sensitive, they can hear the signal from the transmitting station farther away. Of course, the reception of wireless signals in WLAN is not as simple as that in the radio, but as long as there are corresponding devices, the signals in WLAN can always be received, and the data package can be opened according to the signal packaging format to read the data content [6].
In addition, as long as the data packet is encapsulated in the format specified by WLAN, it can also be read by other devices when it is sent on the network. In addition, if some signal interception techniques are used, the data packet can be intercepted, modified and then retransmitted without the knowledge of the receiver of the data packet.
Therefore, the data transmitted on the wireless channel may be intercepted, modified and forged, which will greatly interfere with the normal communication of the wireless network and may cause economic losses.
3.2 Threats to Hosts in WLAN
Wireless local area network (WLAN) is a network formed by connecting multiple hosts through wireless technology. Attacks on the host may appear in the form of viruses. In addition to the viruses currently popular on wired networks, there may also be wireless viruses specifically targeting mobile devices in WLAN, such as mobile phones or PDA. When the wireless LAN is connected with the wireless WAN or wired Internet, the threat of wireless virus may be aggravated.
Access devices in WLAN may suffer from denial of service attacks from external networks or intranets. When WLAN is connected to the external network, if the IP address is directly exposed to the external network, then the Dog or DDoS for this IP will make the access device unable to complete the normal service, resulting in network paralysis. When malicious users access the network, by constantly sending junk data or taking advantage of some loopholes in the IP layer protocol, the access equipment will work slowly or collapse due to resource exhaustion, resulting in system confusion. User equipment in wireless local area network has certain mobility, and its value is usually high, which has the negative effect that user equipment is easily lost. The loss of hardware equipment will invalidate hardware-based identification, and all data in hardware equipment may be leaked.
In this way, the operating system of the host in the wireless LAN is facing the challenge of virus, the access device is facing the threat of denial of service attack, and the user equipment should consider the consequences of loss.
4.WLAN security
Wireless LAN and wired LAN are closely combined and have become the mainstream products in the market. In WLAN, data transmission is broadcast in the air by radio waves, so data can be received by any WLAN terminal within the coverage of the transmitter. Installing a WLAN is like installing an Ethernet interface anywhere. Therefore, users of WLAN are mainly concerned about network security, including access control and encryption. Unless WLAN can provide the same security and management capabilities as wired LAN, people still have concerns about using WLAN.
4. Security of1IEEE 802.11b standard
The IEEE 802. 1 1b standard defines two methods to realize access control and encryption of WLAN: system ID(SSID) and wired peer-to-peer encryption (WEP)[7][8].
4. 1. 1 authentication
When a site establishes a network connection with another site, it must first pass the authentication. The station performing authentication sends a management authentication frame to the corresponding station. The IEEE 802. 1 1b standard defines two authentication services in detail: one is open system authentication, which is the default authentication mode of 802.1b. This authentication method is very simple and consists of two steps: first, the station that wants to authenticate another station sends an authentication management frame containing the identity of the sending station; Then, the receiving station sends back a frame to remind it whether it recognizes the identity of the authentication station. A * * * shared key authentication: This authentication assumes that each site receives a secret * * * shared key through a secure channel independent of the 802. 1 1 network, and then these sites pass the * * * shared key encryption authentication, and the encryption algorithm is wired equivalent encryption (WEP).
4. 1 .2 WEP
IEEE 802. 1 1b specifies an optional encryption method, which is called wired peer-to-peer encryption, namely WEP. WEP provides a secure method for data flow in WLAN. WEP is symmetric encryption, and the encryption and decryption keys and algorithms are the same. The goal of WEP is: access control: to prevent unauthorized users without correct WEP keys from accessing the network.
Encryption: the data stream is protected by encryption, and only users with correct WEP keys are allowed to decrypt it.
The IEEE 802. 1 1b standard provides two WEP encryption schemes for WLAN. The first scheme can provide four default keys for all terminals to enjoy all access points and client adapters in a subsystem. When the user obtains the default key, he can communicate with all users in the subsystem safely. The problem with the default key is that when it is widely distributed, it may compromise security. In the second scheme, a key table for contacting other users is established in each client adapter. This scheme is more secure than the first scheme, but with the increase of the number of terminals, it is difficult to assign keys to each terminal.
4.2 Factors affecting safety [9][ 10]
4.2. 1 hardware equipment
In the existing WLAN products, the common encryption method is to statically assign a key to the user, which is either stored on the disk or stored in the memory of the WLAN client adapter. In this way, owning the customer adapter will have the MAC address and WEP key and can be used to access the access point. If multiple users * * * share a client adapter, these users actually * * * share the MAC address and WEP key.
When the customer adapter is lost or stolen, legal users can't access it without MAC address and WEP key, but illegal users can. It is impossible for the network management system to detect this problem, so the user must inform the network administrator immediately. After receiving the notification, the network administrator must change the security table and WEP key for accessing the MAC address, and recode the static encryption key for the lost or stolen customer adapter using the same key. The more clients, the more WEP keys are re-encoded.
Wrong access point
Ieee 802. 1 1b * * A key authentication table that enjoys one-way authentication instead of two-way authentication. The access point authenticates the user, but the user cannot authenticate the access point. If a fake access point is placed in WLAN, it can hijack the client adapter of a legitimate user for denial of service or attack.
Therefore, users and authentication servers need to authenticate each other, and each party can prove that they are legal within a reasonable time. Because users and authentication servers communicate through access points, access points must support mutual authentication. Mutual authentication makes it possible to detect and isolate counterfeit access points.
Other security issues
Standard WEP supports encryption for each group, but does not support authentication for each group. Hackers can reconstruct the data stream from the response and transmitted data packets to form deceptive data packets. The way to reduce this security threat is to change the WEP key frequently. By monitoring the control channel and data channel of EEE802. 1 1 b, hackers can get the following information: MAC address of client and access point, MAC address of internal host, online time. Hackers can use this information to study the detailed information provided to users or devices. In order to reduce this hacking activity, the terminal should use the WEP key of each cycle.
4.3 Complete security solution
The complete security scheme of WLAN is based on IEEE802. 1 1b ratio. It is a standard and open security scheme, which can provide users with the strongest security and ensure effective centralized management from the control center. Its core part is:
Extensible Authentication Protocol (EAP) is an extension of Remote Authentication Dial-in User Service (RADIUS). The wireless client adapter can communicate with the RADIUS server.
When WLAN implements security scheme, the stations in BSS can only be combined with access points after being authenticated. When the site enters the user name and password in the network login dialog box, the client and the RADIUS server (or other authentication servers) perform two-way authentication, and the client authenticates by providing the user name and password. Then, the RADIUS server and the user server determine the WEP key used by the client during the current login. All sensitive information (such as passwords) should be encrypted to avoid attacks.
The authentication process of this scheme is that a station should be connected to an access point. Unless the site successfully logs into the network, the access point will prohibit the site from using network resources. Users enter user names and passwords in network login dialogs and similar structures. Use IEEE802. Lx protocol, the site and RADIUS server authenticate each other through the access point on the wired LAN. You can use one of several authentication methods.
After mutual authentication is successfully completed, RADIUS server and users determine a WEP key to distinguish users and provide users with an appropriate level of network access. In this way, it provides almost the same security for each user as wired switching. The user loads this key and uses it during login.
The WEP key sent by RADIUS server to users is called periodic key. The access point encrypts its broadcast key with the time key and sends the encrypted key to the user, who decrypts it with the time key. Users and access points activate WEP and communicate using broadcast keys for the rest of this period.
Network security refers to preventing the loss, destruction and improper use of information and resources. Both wired and wireless networks must be protected from physical damage, eavesdropping, illegal access and various internal (legitimate user) attacks.
The area covered by wireless network data may exceed the area physically controlled by an organization, so there is the possibility of electronic damage (or interference). Wireless network has various inherent security mechanisms, and its code cleaning and mode jumping are random. In the whole transmission process, the frequency band and modulation are constantly changing, and irregular techniques are used in timing and decoding.
Is an optional encryption algorithm and the provisions of IEEE 802. 1 1 require that wireless networks are at least as secure as wired networks (without encryption technology). Among them, authentication provides access control and reduces illegal use of the network, while encryption can reduce sabotage and eavesdropping. At present, besides the basic WEP security mechanism, more security mechanisms are emerging and developing [12].
5. The development trend of WLAN security technology
At present, the development of WLAN is very strong, but the real application prospect is not very clear. Mainly manifested in: first, real security; Second, the future development direction of technology; Thirdly, what is the better application mode of WLAN? Fourthly, besides PCMCIA card and PDA, is there a better form of WLAN terminal? Fifth, the market size of WLAN. It seems that the real take-off of WLAN is not your own business [13].
Wireless LAN also needs to interact with other mature networks to achieve mutual benefit. Europe is the world of GSM network, and the rise of WLAN makes them start to consider the interworking between WLAN and 3G. Their complementary advantages will surely make the integration of WLAN and WAN develop rapidly. At present, ZTE has realized the interworking between WLAN and CI}IVIA system in China, and the interworking between WLAN using ZTE equipment and GSM/GPRS system has also put forward a solution, which will surely become wider and wider.
Security issues in interoperability are bound to bear the brunt. The WLAN working group of IEEE has decided to include EAP-SIIVI in the WLAN security standard series, and the authentication standard EAP-AID interworking with 3G has also become the focus of discussion.
The interworking of wireless networks is now a trend. 802. 1 1 Working Group A new WIG (Wireless Interconnection Working Group) was established to achieve interoperability among existing wireless local networks that meet the standards formulated by ETSI, IEEE and MMAC. In addition, 3GPP also gives two drafts of WLAN and 3G interworking, and defines the basic requirements, models and frameworks of interworking. There is also a document of Ericsson company which gives the realization of interworking between WLAN and G 1VIS/GPRS on the basis of the existing network.
The establishment of different types of WLAN interworking standards enables users to access WLAN with the same equipment. The interworking between 3G and WLAN enables users to register with operators and access anywhere. Of course, while users enjoy the above convenience, operators or manufacturers will inevitably make profits, and profit-driven is the fundamental driving force of this interoperability trend. In order to achieve interoperability security, there are the following requirements: support for traditional wireless LAN devices, minimal impact on client devices (such as client software), minimal requirements for operators to manage and maintain client software, support for existing UICC cards, no need to change the cards, and no transmission of sensitive data, such as long-term keys stored in UICC cards. The authentication interface of UICC card should be a challenge-response mode based on this key. The security level of users accessing WLAN should be the same as that of 3 GPP access, and two-way authentication should be supported. The selected authentication scheme should consider the authorized service and support the key distribution method of WLAN accessing NW. The authentication mechanism selected for interworking between WLAN and 3GPP should at least provide the security level of 3GPP system authentication. The reconnection of WLAN should not endanger the reconnection of 3GPP system. The authentication mechanism selected by WLAN should support the negotiation of session key materials, and the selected key negotiation and key distribution mechanism should be able to prevent man-in-the-middle attacks. That is to say, the middleman can't get the session key material, and WLAN technology should ensure that the connection established between WLAN UE and WLAN AN after specific authentication can use the generated key material to ensure integrity. All long-term security elements used for user and network authentication should be stored in UICC card [14].
For interworking in the case of non-roaming, this situation means that the hotspot area accessed by users is within the home network range of 3GPP. Simply put, it is the case that the user registers with the operator and then accesses the hotspot in the local network of the operator. The functions of WLAN and 3G network security units are as follows: UE (user equipment), 3G-AAA (authentication, authorization and accounting server of mobile network), HSS (home service server), CG/CCF (payment gateway/payment and collection function) and OCS (online charging system).
In the case of roaming and interworking, 3G network is a global network. With the global nature of 3G network, WLAN roaming can also be realized. In the case of roaming, the common method is to separate the home network from the visiting network, and the AAA service of the home network acts as an authentication agent to find the home network registered by the user.
In the interworking between WLAN and 3G, there are the following authentication requirements: The authentication process begins when the user equipment is connected to WLAN. Using EAP method, the user ID based on USIM and AKA-Challenge message are encapsulated in sequence. Perform specific authentication between the user equipment and the 3GPAAA server. The AKA procedure is followed, but the difference is that the authentication server should check whether the user can access the WLAN.
The above interworking scheme requires the client to have a network card that can access the wireless LAN, and at the same time realize the function of USIM or SIM. The service network requires to modify the user authority table and increase the judgment on the access authority of wireless local area network.
The rise of WLAN makes people begin to consider the interworking between WLAN and 3G, and their complementary advantages will surely make the integration of WLAN and WAN develop rapidly. At present, ZTE has realized the interworking between WLAN and CDMA system in China, and put forward a solution for the interworking between WLAN and GSM/GPRS system using ZTE equipment. This road is bound to get wider and wider.
References:
[1] Guo Feng, Zeng Xingwen, Liu Naian, WLAN, Electronic Industry Press, 1997.
[2] Feng Xisheng, Zhu Rong, Wireless Data Communication 1997
[3] You Zhenya, Modern Computer Network Course, Electronic Industry Press, 1999.
[4] Liu Yuan 'an, Broadband Wireless Access and WLAN, Beijing University of Posts and Telecommunications Press, 2000.
[5] Wu, Key Technologies in Mobile Communication, Beijing University of Posts and Telecommunications Press, 2000.
[6] Zhang, Contemporary Network Technology, Tsinghua University Publishing House, 2000.
[7] Niu Wei, Guo Shize and Wu Zhijun. Wireless LAN, People's Posts and Telecommunications Press, 2003.
[8] Jeffrey Mai, Wireless Network Design, translated by Mo Rongrong, Machinery Industry Press, 2002.
[9] Jill Held, "Building a Wireless LAN", Shen Jinlong, People's Posts and Telecommunications Publishing House, 2002.
[10] Christian Barnes et al., Wireless Network Security Protection, translated by Lin Sheng et al., Machinery Industry Press .2003.
[1 1] Juha Heiskala et al., OFDM wireless LAN, translated by Chang et al., Electronic Industry Press, 2003.
[12] Eric Ouellet et al., Building Cisco Wireless LAN, translated by Zhang Ying, Science Press, 2003.
Please refer to me if you need originality.