��߾��ȫ��о��(2)_�й�IT��ά��www.cnitom.com

3��߾��ȫ��׼��

3.1IEEE802.11��ȫ��׼��WEP

IEEE802.11��׼ͨ��߶Եȱ��Э��WEP��WiredEquivalentPrivacy��ʵ��֤��ݼ��ܣ��֤ģʽ��Open Authentication��Shared Key Authentication��֡�WEPʹ��RSA Data Security��˾��Ron Rivest��RC4��м��ܡ��һ�ֶԳƵ��룬֧�ֿɱ䳤�ȵ��Կ��

��о��RC4��Կ�㷨��ȱ�ݡ��WEP��ʵʩ��RC4ѡ��24λ��ʼ��IV��InitialVector��Ҳ��ܶ�̬ר�ü��Կ��Щȱ��ʹ��WEP��802.11��֡�ж��ʵ��Ӧ�á��͵�FMS��Ѿ��ܹ��100��Ӷ��þ�̬WEP��Կ��802.11�е�WEP��ȫ��ܹ�Ϊ��û��ṩ�㹻�İ�ȫ��

3.2IEEE802.11i��WPA��ȫ��׼

Ϊ��ʹWLAN��ֱ��н��ѳ��IEEE802.11i��ƶ��һ��ȫ��׼��Ҫ��ܼ��TKIP��TemporalKeyIntegrity Protocol��AES��Advanced Encryption Standard��Լ��֤Э��IEEE802.1x��

��֤��档IEEE802.11i��802.1x��ƣ�ʵ��߾��֤��Կ��ͨ��EAP-Key��ֹ��Կ��ֹ��̣��¼��Կ��ʵ��802.11i�ж��³��ȫ��磨RobustSecurityNetwork��RSN��Ҫ��

��ݼ��ܷ��棬IEEE802.1li��TKIP��TemporalKeyIntegrity Protocol��CCMP��Counter-Mode/CBC-MAC Protocol��WRAP��Wireless Robust Authenticated Protocol��ּ��ܻ��ơ�

һ��棬TKIP��չ��48λIV��IV˳��Կ��Ϻ��KeyMixingFunction��طű��ƺ�Michael��Ϣ��Դ��루��ȫ��MIC�룩��4��İ�ȫ��ʩ��WEP�д��ڵİ�ȫ©��˰�ȫ�ԡ��Ŀǰ��֪�Ĺ��ԣ�TKIP�ǰ�ȫ�ġ��һ��棬TKIP��޸�WEPӲ��ģ�飬ֻ��޸��Ҳ��кܴ�ı��ԡ��ˣ��TKIP��WEP�Ǻ��ġ�

��TKIP�ǻ��RC4�ģ�RC4�ѱ��ִ��⣬��ܽ�󻹻ᱻ��⡣��⣬RC4һ��㷨��ӽ��ܲ��ֻ�Ǽ򵥵��㣬��߻��¾��һ��ľ��ԣ��TKIPֻ��Ϊһ�ֶ��ڵĽ��

��⣬802.11��AESʹ�õļ��ģʽCCM��OCB��ģʽ�Ļ��Ϲ��CCMP��WRAP��Э�顣CCMP��ƻ��AES��AdvancedEncryptionStandard��㷨��CCM��Counter-Mode/CBC-MAC��֤��ʽ��ʹ��WLAN�İ�ȫ�̶ȴ��ߡ��ʵ��RSN��ǿ��Ҫ��AES��Ӳ��Ҫ��Ƚϸߡ��CCMP�޷�ͨ��豸�Ļ��Ͻ��ʵ�֡�WRAP��ǻ��AES��㷨��OCB��OffsetCode book��

��г��WLAN��ȫ��ʮ�ֽ��ȣ��IEEE802.11i��׼��ȷ��ǰ��Wi-Fi��ƶ��WPA��Wi-FiProtectedAccess��׼��Ϊ��WEP��802.11i��ɵ��߰�ȫ��׼��WPA��IEEE802.11i��һ��Ӽ��ľ��IEEE802.1x��TKIP��

3.3�й��߾��ȫ��׼��WAPI

WAPI��߾��ͱ��ܻ��ṹ��WLANAuthenticationandPrivacy Infrastructure��й��Ωһ�Ϸ��缼��׼��WAPI��ù��ίԱ��칫��׼�Ĺ��Կ��Ƶ��Բ��㷨��Կ��Ƶķ��㷨��ʵ��豸��ݼ��·��֤��ʿ��ƺ��û��Ϣ��ߴ��״̬�µļ��ܱ��ּ�ڳ��ŤתĿǰWLAN��ö��ְ�ȫ��Ʋ��һ��ݵ��״��Ӹ��Ͻ��ȫ��ͼ��⡣��֤�Ͱ�ȫ��ʹWAPI�ǳ��ʺ��Ӫ�̵�PWLAN��Ӫ��

WAPI��߾��ṹ��WLANAuthenticationInfrastructure��WAI��߾��ܻ��ṹ��WLANPrivacy Infrastructure��WPI��ɣ�WAI��WPI�ֱ�ʵ�ֶ��û��ݵļ��ͶԴ��ݵļ��ܡ��У�WAI��ù��Կ��ƣ��ù�Կ֤��WLANϵͳ�е�STA��AP��֤��WAI��һ��Ϊ��֤��ԪASU��Authentication Service Unit��ʵ�壬��ڹ��Ϣ��Ҫ��֤�飨��֤��Ĳ��䷢��͸��£��֤��֤��䷢�ߣ�ASU��Ĺ�Կ��ǩ��Լ�֤��ߵĹ�Կ��ǩ��ǩ��õ��WAPI��е��Բ��ǩ��㷨��豸��ƾ֤��WPI��öԳ��㷨ʵ�ֶ�MAC��MSDU�ļӡ��ܲ��

WAPI��ϵͳ��ƶ��ն�MT��MobileTerminal��AP��֤��ԪASU��ɣ��У�ASU��֤��CA��CertificateAuthority��Ĺ��ܣ��֤��ķ��š��֤��ȣ��ƶ��ն�MT��AP�϶��װ��ASU��ŵĹ�Կ֤�飬��Ϊ�Լ��ƾ֤��MT��¼��߽��APʱ��ʹ�û��֮ǰ��ͨ��ASU��˫��֤��֤�Ľ��ֻ�г��кϷ�֤��ƶ��ն�MT��ܽ��кϷ�֤��߽��AP��Է�ֹ�Ƿ��ƶ��ն�MT��AP��粢ռ��Դ��һ��Է�ֹ�ƶ��ն�MT��¼��Ƿ�AP��Ϣй©��

4��߾��ȫ��

��Ӫ��߾��ȫ��ϵͳ��Ҫ��豸��

��վ��Station��STA��

��վSTA��߾��е��·�ն��豸��ͨ��ýӿڽ��Ƕ�뵽��ն��豸�У��PC��PDA��ֳ�ʽ�ն��豸��

��㣨AccessPoint��AP��

��߽��AP��ͨ��׼�Ŀ��нӿ�Э��STAͨ�ţ��ͨ��ݵķַ��Ӷ��ﵽ��Ļ�ͨ��

��AccessController��AC��

��AC�൱��߾��봫��֮��أ��Բ�ͬAP��ݽ��ҵ��ۣ��֮��ҵ��ݷַ��ͬAP��⻹��û��Ľ��֤��ܣ�ִ��AAA��ܡ�

��AAA��

AAA��ʵ��֤��Ȩ�ͼƷѣ�AAA��Authentication��Authorization&Accounting��ܵ��֤��û��֤��Ϣ��ԣ��յ��֤��ʱ��֧��ݿ��ж��û��ݵĲ�ѯ��֤��ɺ��Ȩ��û��Ϣ��Ȩ�û��в�ͬ��ԡ��Ʒѷ��û��Ʒ��Ϣ�Ĵ��û�ǩԼ��Ϣ�еļƷ��ԣ�ʵ��Ԥ��ѡ��󸶷�ҵ��ȡ�

Ŀǰ��AAA��ҪΪ֧��RadiusЭ��ķ��δ��Բ��DiameterЭ�顣

��Portal��

Portal��Ż��AC��Ϲ�ͬ��߾��û��Ż��վҳ��ͣ��ṩPortalҵ��

��

��Ҫ��ʵ��߾��ܣ��ù��Ϲ��ܹ��ȫ��ȡ�

��ϵͳ��Ҫ��ȵ��߾��ͺ�̨�ķ��ϵͳ��ɣ��У��Ҫ�ɽ��AP�ͽ��AC��ɣ��̨��ϵͳ��֤��Ʒѡ�Ӧ�÷��ܵȹ��ܡ�ͬʱ��Ŀǰ��ڻ��ߺ��SIM��֤��ϵͳ�л��Ȩ��AS��û��ݿ�HLR/Auc��֤��ĵ��Ҫ�豸��Radius��洢�û��Ϣ��û��֤�ͼ�Ȩ�ȹ��ܡ��Ʒ��Ҫ��û��ļƷѹ��ܡ�Ӧ�÷��Ϊ�û��ṩWWW��FTP�ȶ��Ӧ�÷��ʵ��߾��á��ȫ��ܵȶ෽��Ĺ��߾��Ŀɿ��С�

5��

��߾��Ŀǰ����չʱ�ڣ��߾��İ�ȫ��Ҳ��ҵ��Ϊ��ע�Ľ��֮һ��ֻ��е��߾��ȫ��ܻ��ϣ��صĹؼ��һ��ǿ�ġ��㹻��ȫ�Ե��߾��ƶ��߾��ʵ��Ӧ�ã��ҵ��ص��Ҫ��е�ʹ�á�Ҳֻ��߾��ܰ�ȫ˳��硢��3G��ʵ�ֻ��ͨ��޴��Ǳ��

���߾�������ȫ�����о������(2)

��߾��ȫ��о��(2)