An Improved Method for Enhancing the Security of WAPI

doi:10.3969/j.issn.1671-1122.2015.08.008

Abstract

Abstract:

WAPI is an authentication and encryption security protocol of GB 15629.11, the Chinese WLAN standard. This paper introduces the background and working principle of WAPI standard, analyzes the WAPI security defects in the process of identity authentication and key agreement, and improves the defects above. In the process of identity authentication, the new protocol not only authenticate the legitimacy of user certificate, but also authenticate the user has the corresponding private key; in the process of key agreement, the new protocol apply key exchange protocol——MTI to the key exchange process, and improve the safety of key exchange. This paper lists the key process of the improved WAI identity authentication interaction, and gives the security analysis. On the basis of the improved WAPI, we put forward a mobile terminal solution taking advantage of the independent security medium (mobile phone using SD-Key as security medium, PAD using the USB-Key as security medium). Compared with the national standard, modified WAPI has been greatly improved in terms of safety. In the standardization of WAPI products, the enhanced mobile terminal solutions proposed in this paper has great reference significance to improving the WAPI standard security.

Key words: WAPI, identity authentication, key agreement, independent security medium, mobile terminal

CLC Number:

TP309

Xue HU, Hua-min FENG, Ying-ya CHEN, Yang-yang WU. An Improved Method for Enhancing the Security of WAPI[J]. Netinfo Security, 2015, 15(8): 47-52.

Figures/Tables 5

References 13

[1]	张帆,马建峰. 自验证公钥的WAPI认证及密钥协商机制[C]//第十六届全国抗恶劣环境计算机学术年会. 福建,2006.
[2]	李兴华,马建峰. WAPI实施方案中的密钥协商协议的安全性分析[J]. 计算机学报,2006,29(4):576-580.
[3]	林秀春,全春来,王清理. 基于效率提高和安全性完善的WAPI标准改进实现[J]. 计算机工程与设计,2006,27(3):449-450.
[4]	铁满霞,李建东,王育民. WAPI证书鉴别协议的改进及性别分析[C]//2007信息与通信工程、电子科学与技术、计算机科学与技术、机械工程全国博士生学术论坛. 西安,2007.
[5]	谭国宏. 无线局域网认证机制的研究[D]. 南京:江苏大学,2008.
[6]	秦兴桥,赵龙. WAPI安全性分析与改进[J]. 光盘技术,2007,(1):32-33.
[7]	PANG L J,LI H X,WANG Y M.Security analysis of newly ameliorated WAPI protocol[J]. Journal of Southeast University:english Edition, 2008, 24(1): 25-28.
[8]	杨寅春,张世明,张瑞山,等. WAPI安全机制分析[J]. 计算机工程,2005,31(10):135-136.
[9]	张帆,马建峰. WAPI认证机制的性能和安全性分析[J]. 西安电子科技大学学报:自然科学版,2005,32(2):210-215.
[10]	ZHAO F W, DESILVA C J S. Use Of The Laplacian Of Gaussian Operator In Prostate Ultrasound Image Processing[C]//Proceedings of the 20th Annual International Conference of the IEEE, Hong Kong, 1998, 2: 812-815.
[11]	林沛,胡建军,李恒杰. 一种改进的MTI认证密钥协商协议[J]. 自动化与仪器仪表,2013,(6):132-133.
[12]	李慧贤,蔡皖东,庞辽军. WAPI接入鉴别协议WAI的安全性分析和验证[J]. 计算机工程,2008,34(3):163-164.
[13]	丁清,朱敏,闫二辉. 一种安全高效的WAPI改进策略[J]. 计算机工程,2012,38(3):153-155.

[1]	Xiaofen LIU, Xiaofeng CHEN, Guiren LIAN, Song LIN. Authenticated Multiparty Quantum Secret Sharing Protocol with d-level Single Particle [J]. Netinfo Security, 2020, 20(3): 51-55.
[2]	Fuyou ZHANG, Qiongxiao WANG, Li SONG. Research on Unified Identity Authentication System Based on Biometrics [J]. Netinfo Security, 2019, 19(9): 86-90.
[3]	Ruiying CHEN, Zemao CHEN, Hao WANG. Design and Optimization of Security Monitoring and Controlling Protocol in Industrial Control Systems [J]. Netinfo Security, 2019, 19(2): 60-69.
[4]	Shun ZHANG, Zhangkai CHEN, Fengyu LIANG, Runhua SHI. A Quantum Identity Authentication Based on Bell State [J]. Netinfo Security, 2019, 19(11): 43-48.
[5]	Tao LI, Junxian SHI, Aiqun HU. Signature Verification Based Legality Discrimination Technology for Mobile Terminal APPs [J]. Netinfo Security, 2019, 19(11): 56-62.
[6]	Qingfeng CHENG, Zhanjing RUAN, Ruijie ZHANG. Analysis of Three Pairing-free Authenticated Key Agreement Protocols [J]. Netinfo Security, 2019, 19(1): 16-26.
[7]	Jin WANG, Xiao YU, Chang LIU, Bo ZHAO. A Remote Attestation Scheme for Intelligent Mobile Terminal Based on SDKey in Smart Grid Environment [J]. Netinfo Security, 2018, 18(7): 1-6.
[8]	Wei HU, Qiuhan WU, Shengli LIU, Wei FU. Design of Secure eID and Identity Authentication Agreement in Mobile Terminal Based on Guomi Algorithm and Blockchain [J]. Netinfo Security, 2018, 18(7): 7-9.
[9]	Lin YOU, Jiahao LIANG. Research on Secure Identity Authentication Based on Homomorphic Encryption and Biometric [J]. Netinfo Security, 2018, 18(4): 1-8.
[10]	Ziwen SUN, Fu LI. Gesture Authentication Method Based on HMM and D-S Evidence Theory [J]. Netinfo Security, 2018, 18(10): 17-23.
[11]	Baoyuan KANG, Jiaqiang WANG, Dongyang SHAO, Chunqing LI. A Secure Authentication and Key Agreement Protocol for Heterogeneous Ad Hoc Wireless Sensor Networks [J]. Netinfo Security, 2018, 18(1): 23-30.
[12]	Man ZHAN, Hequn XIAN, Shuguang ZHANG. Research on Identity Authentication Technology Based on Gravity Sensor [J]. Netinfo Security, 2017, 17(9): 58-62.
[13]	Kaili ZHAO, Danyi LI, Qiang LI, cunqing MA. Implementation of Identity Authentication Scheme Based on Smart Mobile Cryptographic Module [J]. Netinfo Security, 2017, 17(9): 107-110.
[14]	Jian ZHOU, Liyan SUN, Aihua DUAN, Wenjun SHI. Regional Autonomous Identity Authentication Management Scheme for Space Self-organized Networks [J]. Netinfo Security, 2017, 17(8): 45-52.
[15]	SHI Jinjing, CHENG Jiajing, CHEN Hui, ZHOU Fang. Quantum Key Agreement Protocol Based on Bell Measurement and Three-particle Entanglement [J]. 信息网络安全, 2017, 17(6): 56-61.