Method and system for assessing wireless local area network

Abstract

The invention provides a method for assessing a wireless local area network, comprising the following steps: a mobile station generates a temporary public key (px) and a temporary private key (sx), and the px and a digital certificate of the mobile station are sent to network side equipment; the network side equipment identifies and recognizes the mobile station and then generates a temporary public key (py) and a temporary private key (sy), and then the network side equipment uses the py and the sy for elliptic curve diffie-hellman (ECDH) calculation so as to generate a key seed and then sends the py to the mobile station; and the mobile station uses the sx and the py for ECDH calculation so as to generate a key seed which is the same as the key seed generated by the network side equipment and then negotiates with the network side equipment by using the key seeds so as to generate a conversation key. The invention also provides a system for assessing the wireless local area network, comprising the mobile station and the network side equipment. The invention combines the advantages of the public key encryption technology and the symmetric key encryption technology and can solve the problems of the identification and the reorganization of both the mobile station and the network side equipment and safety of the encryption of the communication link.

Description

technical field [0001] The invention relates to the field of wireless local area networks, in particular to a method and system for accessing a wireless local area network. Background technique [0002] Wireless local area network is defined by a series of international standard specifications, and the security part defines the Wired Equivalent Protocol (WEP), Wi-Fi (Wireless Fidelity, Wireless Fidelity) Protected Access , referred to as WPA) and other security mechanisms, WEP itself has security risks, WPA has made improvements to the shortcomings of WEP, but the core part of WPA Temporal Key Integrity Protocol (Temporal Key Integrity Protocol, referred to as TKIP) has introduced a compensation Vulnerabilities with relatively low security level, that is, when an error frame is found in the message integrity check, it is considered an active attack and the wireless LAN is closed, which introduces the possibility of a denial of service attack. IEEE802.11i newly introduces th...

AI Technical Summary

Problems solved by technology

[0002] Wireless local area network is defined by a series of international standard specifications, and the security part defines the Wired Equivalent Protocol (WEP), Wi-Fi (Wireless Fidelity, Wireless Fidelity) Protected Access , referred to as WPA) and other security mechanisms, WEP itself has security risks, WPA has made improvements to the shortcomings of WEP, but the core part of WPA Temporal Key Integrity Protocol (Temporal Key Integrity Protocol, referred to as TKIP) has introduced a compensation Vulnerabilities with relatively low security level, that is, when the message integrity checks to an error frame, it is considered an active attack and the wireless LAN is closed, which introduces the possibility of denial of service attacks

IEEE802.11i newly introduces the data encryption mechanism TKIP and counter mode and Cipher Block Chain Message Authentication Code Protocol (Counter Mode with Cipher Block Chaining Message, referred to as CCMP). This type of security mechanism is backward compatible or partially includes WEP, so There are also hidden dangers

Images