信息网络安全 ›› 2015, Vol. 15 ›› Issue (8): 47-52.doi: 10.3969/j.issn.1671-1122.2015.08.008

• 技术研究 • 上一篇    下一篇

一种增强WAPI安全性的改进方法

胡雪1(), 封化民1,2, 陈迎亚1, 吴阳阳1   

  1. 1.北京电子科技学院,北京 100070
    2.西安电子科技大学通信工程学院,陕西西安 710071
  • 收稿日期:2015-07-08 出版日期:2015-08-01 发布日期:2015-08-21
  • 作者简介:

    胡雪(1990-),男,山东,硕士研究生,主要研究方向:无线网络安全;封化民(1963-),男,陕西,教授,博士,主要研究方向:信息安全、密码学;陈迎亚(1990-),女,河北,硕士研究生,主要研究方向:无线网络接入协议;吴阳阳(1990-),女,山东,硕士研究生,主要研究方向:无线网络态势感知。

  • 基金资助:
    国家自然科学基金[61103210];中央高校基本科研业务费专项资金[2015XS1-LB,2820154]

An Improved Method for Enhancing the Security of WAPI

HU Xue1(), FENG Hua-min1,2, CHEN Ying-ya1, WU Yang-yang1   

  1. 1.Beijing Electronic Science and Technology Institute, Beijing 100070, China
    2.Communication Engineering Institute, Xidian University, Xi’an Shanxi 710071, China
  • Received:2015-07-08 Online:2015-08-01 Published:2015-08-21

摘要:

WAPI是中国无线局域网国家标准GB 15629.11中提出的用来实现无线局域网鉴别和加密的机制。文章介绍了WAPI标准产生的背景和工作原理,分析指出了中国无线局域网国家标准WAPI在身份认证和密钥协商过程存在的安全缺陷,并针对文中提出的缺陷做出相应的改进。身份认证过程中,改进的方案不仅认证用户证书的合法性,还认证用户是否拥有对应的私钥;在密钥协商阶段,将密钥交换协议——MTI应用到密钥交换过程,提高了密钥交换的密码学安全性。文章列出改进的WAI鉴别基础结构关键交互过程,并给出了详细的安全性分析。文章在改进的WAPI基础上,提出了一种结合独立安全介质(手机为SD-Key、PAD为USB-Key)的移动终端方案。相对于原国家标准,改进的WAPI安全性有了很大提升。文章提出的增强移动终端方案对提高WAPI标准产品化过程中的安全性有较大借鉴意义。

关键词: WAPI, 身份认证, 密钥协商, 独立安全介质, 移动终端

Abstract:

WAPI is an authentication and encryption security protocol of GB 15629.11, the Chinese WLAN standard. This paper introduces the background and working principle of WAPI standard, analyzes the WAPI security defects in the process of identity authentication and key agreement, and improves the defects above. In the process of identity authentication, the new protocol not only authenticate the legitimacy of user certificate, but also authenticate the user has the corresponding private key; in the process of key agreement, the new protocol apply key exchange protocol——MTI to the key exchange process, and improve the safety of key exchange. This paper lists the key process of the improved WAI identity authentication interaction, and gives the security analysis. On the basis of the improved WAPI, we put forward a mobile terminal solution taking advantage of the independent security medium (mobile phone using SD-Key as security medium, PAD using the USB-Key as security medium). Compared with the national standard, modified WAPI has been greatly improved in terms of safety. In the standardization of WAPI products, the enhanced mobile terminal solutions proposed in this paper has great reference significance to improving the WAPI standard security.

Key words: WAPI, identity authentication, key agreement, independent security medium, mobile terminal

中图分类号: