An Improved Method for Enhancing the Security of WAPI

doi:10.3969/j.issn.1671-1122.2015.08.008

Abstract

Abstract:

WAPI is an authentication and encryption security protocol of GB 15629.11, the Chinese WLAN standard. This paper introduces the background and working principle of WAPI standard, analyzes the WAPI security defects in the process of identity authentication and key agreement, and improves the defects above. In the process of identity authentication, the new protocol not only authenticate the legitimacy of user certificate, but also authenticate the user has the corresponding private key; in the process of key agreement, the new protocol apply key exchange protocol——MTI to the key exchange process, and improve the safety of key exchange. This paper lists the key process of the improved WAI identity authentication interaction, and gives the security analysis. On the basis of the improved WAPI, we put forward a mobile terminal solution taking advantage of the independent security medium (mobile phone using SD-Key as security medium, PAD using the USB-Key as security medium). Compared with the national standard, modified WAPI has been greatly improved in terms of safety. In the standardization of WAPI products, the enhanced mobile terminal solutions proposed in this paper has great reference significance to improving the WAPI standard security.

Key words: WAPI, identity authentication, key agreement, independent security medium, mobile terminal

CLC Number:

TP309

HU Xue, FENG Hua-min, CHEN Ying-ya, WU Yang-yang. An Improved Method for Enhancing the Security of WAPI[J]. Netinfo Security, 2015, 15(8): 47-52.

Figures/Tables 5

References 13

[1]	张帆,马建峰. 自验证公钥的WAPI认证及密钥协商机制[C]//第十六届全国抗恶劣环境计算机学术年会. 福建,2006.
[2]	李兴华,马建峰. WAPI实施方案中的密钥协商协议的安全性分析[J]. 计算机学报,2006,29(4):576-580.
[3]	林秀春,全春来,王清理. 基于效率提高和安全性完善的WAPI标准改进实现[J]. 计算机工程与设计,2006,27(3):449-450.
[4]	铁满霞,李建东,王育民. WAPI证书鉴别协议的改进及性别分析[C]//2007信息与通信工程、电子科学与技术、计算机科学与技术、机械工程全国博士生学术论坛. 西安,2007.
[5]	谭国宏. 无线局域网认证机制的研究[D]. 南京:江苏大学,2008.
[6]	秦兴桥,赵龙. WAPI安全性分析与改进[J]. 光盘技术,2007,(1):32-33.
[7]	PANG L J,LI H X,WANG Y M.Security analysis of newly ameliorated WAPI protocol[J]. Journal of Southeast University:english Edition, 2008, 24(1): 25-28.
[8]	杨寅春,张世明,张瑞山,等. WAPI安全机制分析[J]. 计算机工程,2005,31(10):135-136.
[9]	张帆,马建峰. WAPI认证机制的性能和安全性分析[J]. 西安电子科技大学学报:自然科学版,2005,32(2):210-215.
[10]	ZHAO F W, DESILVA C J S. Use Of The Laplacian Of Gaussian Operator In Prostate Ultrasound Image Processing[C]//Proceedings of the 20th Annual International Conference of the IEEE, Hong Kong, 1998, 2: 812-815.
[11]	林沛,胡建军,李恒杰. 一种改进的MTI认证密钥协商协议[J]. 自动化与仪器仪表,2013,(6):132-133.
[12]	李慧贤,蔡皖东,庞辽军. WAPI接入鉴别协议WAI的安全性分析和验证[J]. 计算机工程,2008,34(3):163-164.
[13]	丁清,朱敏,闫二辉. 一种安全高效的WAPI改进策略[J]. 计算机工程,2012,38(3):153-155.

[1]	HUANG Wangwang, ZHOU Hua, WANG Daiqiang, ZHAO Qi. Design of Reconfigurable Key Security Authentication Protocol for IoT Based on National Cryptography SM9 [J]. Netinfo Security, 2024, 24(7): 1006-1014.
[2]	ZHANG Xiaojun, ZHANG Nan, HAO Yunpu, WANG Zhouyang, XUE Jingting. Three-Factor Authentication and Key Agreement Protocol Based on Chaotic Map for Industrial Internet of Things Systems [J]. Netinfo Security, 2024, 24(7): 1015-1026.
[3]	LIU Yidan, MA Yongliu, DU Yibin, CHENG Qingfeng. A Certificateless Anonymous Authentication Key Agreement Protocol for VANET [J]. Netinfo Security, 2024, 24(7): 983-992.
[4]	ZHAI Peng, HE Jingsha, ZHANG Yu. An Identity Authentication Method Based on SM9 and Blockchain in the IoT Environment [J]. Netinfo Security, 2024, 24(2): 179-187.
[5]	ZHANG Min, FENG Yongqiang, XU Chunxiang, ZHANG Jianhua. Research on Multi-Factor Authenticated Key Agreement Protocol for Smart Home Networks [J]. Netinfo Security, 2024, 24(1): 133-142.
[6]	ZHANG Min, XU Chunxiang, ZHANG Jianhua. Research on Authentication Key Agreement Protocol Based on Multi-Factor in Internet of Drones [J]. Netinfo Security, 2022, 22(9): 21-30.
[7]	WANG Shushuang, MA Zhaofeng, LIU Jiawei, LUO Shoushan. Research and Implementation of Cross-Chain Security Access and Identity Authentication Scheme of Blockchain [J]. Netinfo Security, 2022, 22(6): 61-72.
[8]	SHEN Yan, YAO Mengmeng. Research on Formal Analysis Based on Event of Group Key Agreement Protocol [J]. Netinfo Security, 2022, 22(5): 30-36.
[9]	WU Kehe, CHENG Rui, JIANG Xiaochen, ZHANG Jiyu. Security Protection Scheme of Power IoT Based on SDP [J]. Netinfo Security, 2022, 22(2): 32-38.
[10]	WU Kehe, CHENG Rui, ZHENG Bihuang, CUI Wenchao. Research on Security Communication Protocol of Power Internet of Things [J]. Netinfo Security, 2021, 21(9): 8-15.
[11]	SHEN Zhuowei, GAO Peng, XU Xinyu. Design of DDS Secure Communication Middleware Based on Security Negotiation [J]. Netinfo Security, 2021, 21(6): 19-25.
[12]	WANG Jian, ZHAO Manli, CHEN Zhihao, SHI Bo. An Authentication Scheme for Conditional Privacy Preserving Based on Pseudonym in Intelligent Transportation [J]. Netinfo Security, 2021, 21(4): 49-61.
[13]	LI Tong, ZHOU Xiaoming, REN Shuai, XU Jian. Light-weight Mutual Authentication Protocol for Mobile Edge Computing [J]. Netinfo Security, 2021, 21(11): 58-64.
[14]	XIAO Shuai, ZHANG Hanlin, XIAN Hequn, CHEN Fei. A Password Authentication Key Agreement Protocol for IoT Devices [J]. Netinfo Security, 2021, 21(10): 83-89.
[15]	DONG Qiang, LUO Guoming, SHI Hongkui, ZHANG Yongyue. Research on Authentication and Key Agreement Method of IMS-based Mobile Communication Private Network [J]. Netinfo Security, 2021, 21(1): 88-96.