2007年7月专题——无线安全(合集已可下载)

7421 回帖	4万积分	1万在线时间

无线论坛管理员

注册时间: 2004-10-2

金币: 35286 个

威望: 404 个

荣誉: 114 个

发消息

累计签到：119 天
连续签到：3 天
[LV.200]无线新星

发表于 2007-7-15 13:40

专题导语       每次写专题导语都是凭着感觉一口气写完再回头修改，而本期专题导语却着实让人挠头，非不能写而是难于表达心中对它的感觉。       几年前无线安全的悲观情绪一度影响人们对Wi-Fi的信心，到处充斥着WEP的硝烟，后来的WAPI事件更成为以国家意志为手段的标准化进程中的标竿事件。万物更新周而复始，没有任何事物能阻止无线通讯技术的发展，在过去三年里，无线局域网走进了千家万户，无线城市开始在全球部分发达的经济地区诞生。虽然不断遭人诟病的无线安全却也未能阻滞技术的飞速发展，人类追求幸福的速度没有因这一瑕疵而放慢脚步。       从WEP到802.11i，技术创新实际上在掩盖无线安全的软肋。没有完美的安全技术。要衡定安全界限，那要看其所创造的社会价值与社会危害来对比，人类先天的安全忧患意识在过去的一百年时间里避免了灭绝的灾难，不能以无线安全来要挟技术的革新。       本期专题有基础理论的各种无线安全技术介绍，也有破解攻击的技术理论，重点有802.11i及WAPI相关的论文，Anywlan一直坚持紧跟无线技术进步的步伐——即使难于去超越它。专题以中文资料为主，希望能对投身于无线安全研究的同仁们和关心无线安全的朋友们有所帮助。无线安全专题合集，共116页，PDF格式。

游客，如果您要查看本帖隐藏内容请回复

转载请注明本站！<a href="http://forum.anywlan.com/dispbbs.asp?boardID=7&ID=5491&page=1" target="_blank">2007年Anywlan专题索引</a><a href="http://forum.anywlan.com/dispbbs.asp?boardID=7&ID=1425&page=1" target="_blank">2006年Anywlan专题索引</a><a href="http://www.anywlan.com/ShowSpecial.asp?SpecialID=13">无线安全专题页面。</a>

[此贴子已经被作者于2007-8-9 22:42:04编辑过]

无线, 专题

本帖子中包含更多资源

您需要登录才可以下载或查看，没有账号？注册

相关帖子

7421 回帖	4万积分	1万在线时间

无线论坛管理员

注册时间: 2004-10-2

金币: 35286 个

威望: 404 个

荣誉: 114 个

发消息

累计签到：119 天
连续签到：3 天
[LV.200]无线新星

发表于 2007-7-15 13:41

<a href="http://forum.anywlan.com/dispbbs.asp?boardid=4&id=5975&star=1&page=1">1.WAPI鉴别与保密基础架构的研究</a>本文讨论了中国无线局域网标准WAPI的03版本和06版本，详细比较分析了二者在实现无线鉴别协议和密钥协商协议中的安全属性，指出06版在部分解决03版安全缺陷的同时，又引入新的问题，文章最好建议可引入快速认证思想提高协议效率。<a href="http://forum.anywlan.com/dispbbs.asp?boardID=4&ID=5976&page=1">2.WAPI接入鉴别过程的形式化分析与验证</a>摘要：WAPI协议是我国自行制定的无线局域网国家标准。该文在研究WAPI接入鉴别过程的基础上，使用BAN逻辑对其进行了形式化的分析和验证，证明了接入鉴别过程能够达到信息安全所要求的身份认证、数据完整性和机密性目标。 关键词：WAPI；接入鉴别；密钥协商<a href="http://forum.anywlan.com/dispbbs.asp?boardID=4&ID=5983&page=1">3.基于802.11i四次握手协议的攻击分析与改进</a> <span class="highLight" id="ctl00_MasterContentPlaceHolder_AbstractLabel" title="回顾与分析了无线局域网的新一代安全标准IEEE 802.11i与四次握手协议.结合对实际协议的分析,指出四次握手协议的缺陷及可能带来的攻击,针对802.11i建议的方案及其局限性和仍然可能存在的攻击,提出了TPTK随机丢弃队列、消息1身份认证的改进设计,并对改进设计进行了验证与分析.">Analysis and Improvement Against the Attack on 4-way Handshaking Protocol of 802.11i回顾与分析了无线局域网的新一代安全标准IEEE 802.11i与四次握手协议.结合对实际协议的分析,指出四次握手协议的缺陷及可能带来的攻击,针对802.11i建议的方案及其局限性和仍然可能存在的攻击,提出了TPTK随机丢弃队列、消息1身份认证的改进设计,并对改进设计进行了验证与分析.<a href="http://www.anywlan.com/Article/2006/200612/1455.html">4.宽带接入网络的安全</a>摘要：宽带接入网络的技术发展迅速，其应用也越来越广泛，但是安全问题也伴随着它的发展成为大家越来越关心的问题。在接入网环境下，用户、接入设备和网络都面临着各种威胁，特别是来自用户侧的威胁。针对当前网络中出现的问题，可以采用端口定位、媒体访问控制(MAC)地址防欺骗、非法业务监测等技术和方案加以解决。 关键词：宽带接入；安全；宽带接入远程服务；接入节点；DSL接入复用器 <a href="http://www.anywlan.com/Article/2007/200707/2449.html">5.无线局域网安全技术研究与测试</a>随着无线局域网应用的日益广泛，其安全问题也越来越受到人们的关注。对于有线网络，数据通过电缆传输到特定的目的地，通常在物理链路遭到破坏的情况下，数据才有可能泄露；而无线局域网中，数据是在空中传播，只要在无线接入点（AP）覆盖的范围内，终端都可以接收到无线信号，无线接入点（AP）不能将信号定向到一个特定的接收设备，因此无线局域网的安全问题显得尤为突出。<a href="http://www.anywlan.com/documents/2007/504.html">6.WAPI实施指南</a>推荐，中文共145页，由于篇幅，下面的目录省去了二级目录，详情请点击标题进入查看。1 概述 2 规范性引用文件.... 1 3 术语和定义........ 2 4 缩略语............ 4 5 安全.............. 5 5.1 关联与状态...... 5 5.2 无线局域网鉴别与保密基础结构 WAPI .............. 14 5.3 MAC 数据平面结构................................ 47 6 WAPI 相关的服务原语定义........................... 48 6.1 链路验证....... 48 6.2 解除链路验证... 50 6.3 关联........... 51 6.4 重新关联....... 53 6.5 解除关联....... 55 6.6 设置WPI 密钥... 56 6.7 删除WPI 密钥... 57 6.8 STAKey 的建立.. 58 6.9 设置保护....... 59 6.10 保护帧的丢弃.. 60 6.11 扫描.......... 60 附录 A （规范性附录）与WAPI 有关的协议实现一致性声明（PICS）形式表 附录 B （规范性附录） MIB 的ASN.1 编码 附录 C （资料性附录）消息鉴别算法和密钥导出算法的参考实现及测试向量 C.2.2 测试向量 图1 状态转换图 图2 基础结构模式下安全关联的建立 略。。。。。。。。 图49 工作模式 图50 WPI-SMS4 的MPDU 封装结构 图51 完整性校验数据 图52 MAC 数据平面结构 表1 信标帧体 表2 关联请求帧体. 表3 重新关联请求帧体 略。。。。。。。。 表8 鉴别和密钥管理套件 表9 密码套件 表10 密码套件<a href="http://www.anywlan.com/Article/2007/200707/2495.html">7.基于LEAP认证机制的安全无线局域网</a><a href="http://www.anywlan.com/Article/UploadFiles/200707/20070714193512156.gif" target="_blank"></a>摘要：本文详细阐述了无线局域网存在的安全问题，通过分析WEP协议存在的安全漏洞，以及802.1X实现中可能的隐患，提出用LEAP认证协议解决WLAN中安全问题的措施与方案，极大地提高了网络的安全性。 关键词：无线局域网；802.1x协议；Radius；LEAP协议 <a href="http://www.anywlan.com/Article/2007/200707/2496.html">8.无线PKI技术及其实现</a>摘要：无线数据服务在银行、证券、商务、贸易等方面的应用越来越广泛，迫切需要更加完善的无线公钥基础设施(PKI)以保障服务的安全性。为此文章对无线PKI及相关技术进行了讨论，分析了无线PKI在无线应用协议(WAP)安全中所起的作用，介绍了WAP标识模块、无线PKI证书格式、公钥算法和分布式签名算法等无线PKI的关键技术，并进行了无线PKI技术应用实践。 关键词：无线公钥基础设施；无线应用协议；安全；公钥算法 <a href="http://www.anywlan.com/Article/2007/200707/2500.html">9.增强的无线局域网安全技术分析</a>摘要：文章介绍了无线局域网安全技术的现状，对IEEE 802.11i草案中有关认证、密钥管理、加密等方面的增强的无线局域网安全技术进行了分析，提出了基于IPsec(IP安全)的VPN安全解决方案。 关键词：增强的无线局域网安全技术/认证/加密/密钥管理<a href="http://www.anywlan.com/documents/2007/501.html">10.中小企业对无线需不同安全策略</a>无线网络技术已经让企业可以大幅度的扩展PC利用度——特别是对那些流动性很高的雇员来说，比如保健行业，销售人员以及制造业，等等。实际上，在过去的时间里，我们已经讲述过如何部署一个具有弹性的无线局域网（WLAN），从而接入笔记本电脑，手持电脑，以及所在位置难以部署网线的桌面电脑。<a href="http://www.anywlan.com/documents/2007/499.html">11.无线局域网安全技术研究与测试</a>随着无线局域网应用的日益广泛，其安全问题也越来越受到人们的关注。对于有线网络，数据通过电缆传输到特定的目的，通常在物理链路遭到破坏的情况下，数据才有可能泄露；而无线局域网中，数据是在空中传播，只要在无线接入点（AP）覆盖的范围内，终端都可以接收到无线信号，无线接入点（AP）不能将信号定向到一个特定的接收设备，因此无线局域网的安全问题显得尤为突出。<a href="http://www.anywlan.com/documents/2007/500.html">12.用ARM 和FPGA实现无线局域网的安全接入</a>摘要：无线局域网安全标准的发展对AP(access point)实现提出了更高的要求。本文通过分析几种新型WLAN安全标准的特点．设计了一种基于Samsung公司的$3C2510微处理器的硬件系统．用于实现WIJAN的安全接入。针对AP系统密码运算能力不够的瓶颈．在硬件系统中增加了密码协处理器该密码协处理器用FPGA芯片实现．具有良好的可扩展性．较好的解决了这个问题。 关键字：无线局域网；密码协处理器；现场可编程门阵列；嵌入式系统<a href="http://www.anywlan.com/documents/2007/497.html">13.考量无线设备驱动程序安全性</a>无线设备已经彻底改变了我们的工作方式，同时它们也要求有更好的安全通讯措施来保护自己。不幸的是，这也给了黑客们一些新的机会，让他们可以尝试为自己谋取私利或者传播自己的声名。<a href="http://www.anywlan.com/documents/2007/498.html">14.无线传感器网络的威胁模型与安全机制研究</a>摘要: 针对现有攻击方式的划分有重叠和交叉, 以及防御机制缺少总体描述等问题, 在分析攻击者实施攻击思路的基础上, 建立了无线传感器网络路由协议的威胁模型。根据不同攻击者的特点而采取不同的防御策略,提出其路由协议的宏观安全机制和设计安全路由的研究设想。 关键词: 无线传感器网络; 网络安全; 威胁模型; 安全机制<a href="http://www.anywlan.com/Article/2007/200707/2497.html">15.移动Ad Hoc网络中的安全问题</a>摘要：移动自组网(Mobile Ad Hoc Network)是一种无基础设施的无线网络，由于它具有开放的媒质、分布式的合作、动态的拓扑结构和受限的网络能力等特点，所以特别容易受到攻击。为此文章结合移动Ad Hoc网络的特点分析了移动Ad Hoc网络面临的安全威胁，并对移动Ad Hoc网络的安全路由和安全报文传送问题进行了详细讨论。 关键词：自组网；安全威胁；安全路由；安全报文传送<a href="http://www.anywlan.com/documents/2007/521.html">16.基于WAPI 的无线局域网运营解决方案</a>摘要：本文在研究了无线局域网鉴别与保密基础结构（WAPI）的前提下，针对目前运营的WLAN 网络的不安全性，提出了基于WAPI 的无线局域网运营解决方案。此方案将WLAN 高速数据接入能力、WAPI 高安全性与移动通信网的广域覆盖和漫游能力结合起来，不需要对现有的WLAN 网络做太多改变就可以提供宽带、安全的服务。 关键词：WAPI， WLAN，漫游<a href="http://www.anywlan.com/documents/2007/522.html">17.基于WAPI 的解决用户漫游认证问题的研究</a>摘要：本文通过研究WAPI 网络的安全特征，提出了新的概念——全网唯一的根认证服务器RASU，该服务器通过为所有的鉴别服务单元ASU 颁发RASU 公钥证书，以实现WAPI网络中的用户对当地网络的信任和不同地区的WAPI 网络间的互相信任问题。 关键词：WAPI，安全，ASU，RASU<a href="http://www.anywlan.com/documents/2007/523.html">18.校园无线漫游认证机制安全与802.1x PEAP TTLS 环境建置</a>802.1x EAP-PEAP/TTLS 是兩種頗被看好的無線認證機制，同時兼具線了方便使用與安全特性。EAP 屬於網路第二層的協定，因此也衍生了IP 無法正確記錄的問題，PEAP/TTLS 的身份隱匿機制更讓管理者難以去追查使用者身份，加上跨校無線漫遊機制的建置，讓相關問題也更為複雜。本文介紹跨校無線漫遊環境常見的無線網路認證環境以及身份認證機制的比較，並且以PEAP/TTLS 協定為主，介紹可能發生的問題以及相關的處置方式，可作為各界在建置無線網路漫遊認證環境時的參考。 關鍵詞：無線漫遊、802.1x、PEAP/TTLS 、憑證

[此贴子已经被作者于2007-7-23 21:51:34编辑过]

7421 回帖	4万积分	1万在线时间

无线论坛管理员

注册时间: 2004-10-2

金币: 35286 个

威望: 404 个

荣誉: 114 个

发消息

累计签到：119 天
连续签到：3 天
[LV.200]无线新星

发表于 2007-7-15 13:41

<a href="http://forum.anywlan.com/dispbbs.asp?boardid=4&id=5994&star=1&page=1">19.绘制一个安全的网络——使用地图来进行无线安全检测</a>对于有线网络。我们有多种方法和工具进行管理和检测；而在无线网络管理方面。很多人都是新手。如何对周围的无线网络信号进行检测呢?可以一目了然地看到无线网络的分布情况吗?您的无线网络是安全的吗?阅读本文。您可以得到一些帮助。<a title="" href="http://forum.anywlan.com/dispbbs.asp?boardid=4&id=5993&star=1&page=1">20.无线网络安全指南：Cisco EAP-FAST验证入门</a>       对于系统管理员和企业CIO来说，企业无线局域网的安全问题一直是他们关注的重心。今天我们将向大家介绍Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST)，即通过安全隧道灵活验证的EAP方式。<a href="http://forum.anywlan.com/dispbbs.asp?boardid=4&id=5993&star=1&page=1">21.无线网络安全指南：IAS RADIUS实现无线网络验证（上、下）</a>       对于系统管理员和企业CIO来说，企业无线局域网的安全问题一直是他们关注的重心。本文介绍如何配置Windows Server 2003中附带的IAS RADIUS 服务器，实现无线网络验证。22<a href="http://forum.anywlan.com/dispbbs.asp?boardid=4&id=5993&star=1&page=1">.无线网络安全指南：LEAP验证</a>       对于系统管理员和企业CIO来说，企业无线局域网的安全问题一直是他们关注的重心。本文将向大家介绍轻量级可扩展身份验证协议 (LEAP)的有关知识。LEAP是 Cisco Systems公司开发的专用协议，用来解决WEP中存在的诸多安全问题。23<a href="http://forum.anywlan.com/dispbbs.asp?boardid=4&id=5993&star=1&page=1">.无线网络安全指南：PEAP验证</a>        对于系统管理员和企业CIO来说，企业无线局域网的安全问题一直是他们关注的重心。本文将向大家介绍Protected Extensible Authentication Protocol (PEAP) Authentication，这是一种基于密码的验证协议，可以帮助企业实现简单安全的验证功能。24<a href="http://forum.anywlan.com/dispbbs.asp?boardid=4&id=5993&star=1&page=1">.无线网络安全指南：Windows Wireless Client手动部署PEAP</a>对于系统管理员和企业CIO来说，企业无线局域网的安全问题一直是他们关注的重心。本文将向大家介绍如何使用Windows自带的无线网络客户端工具Windows Wireless Client。<a href="http://forum.anywlan.com/dispbbs.asp?boardid=4&id=5993&star=1&page=1">25.无线网络安全指南：Windows下手动部署根证书</a>本文教大家如何在Windows环境下手动部署根验证证书。26<a href="http://forum.anywlan.com/dispbbs.asp?boardid=4&id=5993&star=1&page=1">.无线网络安全指南：为RADIUS服务器建立自签名证书</a>本文介绍自签名数字证书，帮助那些不愿意花钱购买CA机构颁发的证书的企业也可以搭建RADIUS服务器。<a href="http://forum.anywlan.com/dispbbs.asp?boardid=4&id=5993&star=1&page=1">27.无线网络安全指南：自动部署根证书</a>本文向大家介绍如何利用Windows活动目录向全体用户的证书信任列表（CTL）中添加根证书。<a href="http://www.anywlan.com/documents/2007/524.html">28.一个无线安全网关的设计和实现</a>摘要作为传统局域网的补充和扩展，IEEE802.11得到了迅猛的发展，与此同时无线网络的安全问题得到了广泛的关注。网络安全研究者已经达成共识:无线网络提供了到原有布线网络的入口，和Interact述了一个无线安全网关，它提供多种灵活的安全机制，包括用户认证、授权和加密一样，无线网络要当作不信任源来看待。本文描网络管理人员可以选择其中某一种或者多种机制来实现其安全策略，而对客户端的要求很少，一般除操作系统自带的软件(包括浏览器,IPser)外不需要安装新的客户方软件。这使得无线安全网关非常适合用于提供公共的无线接入。关键词：IEEE802.11 无线安全网关, 用户认证<a href="http://www.anywlan.com/documents/2007/526.html">29.揭密无线网络访问和802.1x安全性的疑惑</a>        无线网络的开放性为网络管理员和用户增加了不确定性。网络管理员希望只允许授权用户访问其网络，而用户则需要确保自己访问的是恰当的网络。本文深入讨论了典型的无线局域网客户登录过程以及 802.1x 和 EAP 验证过程。       网络管理员和网络用户都关心网络访问权限和安全性。网络管理员希望确保请求访问网络的客户端确实是其本身——是已授权用户而非冒名顶替的用户。而网络用户所希望的是当笔记本电脑连接到无线网络时，他确实连接到了自己的网络——而不是由黑客建成，用于收集用户信息的假冒网络。对网络管理员和用户来说，他们最基本的需要是对网络的信任。<a href="http://www.anywlan.com/documents/2007/527.html">30.可证明安全的基于802.11i的漫游认证协议</a>摘要：随着802．11无线局域网的发展，漫游已经成为它的重要场景．身份认证是保证网络安全的重要措施之一，802．11 WI AN 中现有的认证协议不能有效地支持漫游．作者提出的基于DH交换的认证协议，不仅满足了漫游对认证协议的特殊要求：身份保护和认证时延，而且具有可证明的安全性和必需的安全性质．关键词：无线局域网；漫游；身份保护；可证明安全<a href="http://www.anywlan.com/documents/2007/528.html">31.无线局域网WEP协议安全隐患分析</a>摘要：近年来，无线局域网技术和市场都有了突飞猛进的发展。而随着IEEE802．11无线局域网的普及，网络的安全性问题也正在变得151益严峻。WEP协议是IH~．F802．11标准规定的数据加密机制。WEP虽然提供了64位和128位长度的密钥机制，但是它仍然存在许多缺陷。文中详细分析了WEP加密和解密的原理，从3个方面说明了WEP存在的安全隐患，并依次讨论了各安全隐患所对应的解决方案。 关键词：无线局域网；有线等效加密；IV碰撞；网络安全<a href="http://www.anywlan.com/documents/2007/530.html">32.无线局域网安全加密算法的研究</a>摘要：本文主要对目前常见的对无线局域网（WLAN）标准IEEE 802.11 进行安全加密的算法WEP 进行了研究，研究表明WEP 协议存在一些严重的安全漏洞，因此也出现了一系列攻击方法，尤其是目前公认最有效的攻击RC4 的FMS 方法，最后针对WEP 的弱点提出了相应的改进建议和措施。 关键词：无线局域网，WEP，RC4 加密算法，IV 向量，FMS 方法<a href="http://www.anywlan.com/documents/2007/529.html">33.无线局域网安全和中国产业发展</a>摘要阐述了宽带IP网络的发展趋势，介绍了我国无线局域网领域的产业发展和标准化情况。并在介绍无线局域网现有标准和相应市场情况的基础上，着重对无线局域网中的安全问题进行了讨论。 关键词无线局域网安全产业发展标准化Abstract: This paper describes thedevelopment trend of broadband IP network firstly. Based on the introduction to current specifications of WLAN and associated market actualities, the security problem of WLAN is discussed. Finally, industry development and standardization process of WLAN i n China a re presented.<a href="http://www.anywlan.com/documents/2007/531.html">34.基于802.1X的内网安全管理系统认证模块设计</a> Design of Authentication Model of Intranet Security Management System摘要：介绍了802.1X协议的体系结构及其工作机制和原理，提出了一种将802.1X集成到现有的内网安全管理系统中实现认证功能的设计方案，该方案支持利用第三方802.1X客户端模块和任何兼容标准RADIUS协议的RADIUS服务器，可以最大限度地利用现有802.1X认证系统。 关键词：802.1X协议；安全认证；内网安全管理系统 【Abstract】This paper analyzes the security protocol of IEEE 802.1X framework and its working principle. It gives a designing scheme ofincorporating 802.1X into the authentication model of the Intranet security management system. This design scheme can support the usage of clientmodel of 802.1X of the third party and RADIUS Servers that are compatible to standard RADIUS protocol.35.PKI在3G网络中的应用(合集提供）摘要：本文主要了如何在3G的接入网端无线PKI来实现用户身份的机密性。因为用户的身份数据是敏感的，需要很好的给予保护。身份机密性包括：用户身份机密，用户位置机密，用户的不可跟踪性。首先概要介绍了无线PKI的基本知识，证书的版本以及获取方式。然后介绍了PKI环境下的认证方式。紧接着叙述了现有的3G接入网的安全架构和一些相关的安全技术，如完整性保护，加密保护和认证和密钥协商。最后基于无线PKI环境下实体认证方案和现有的3G中的身份机密实现措施，经过改进给出了一种新的基于公钥体制下的用于实现身份机密性的具体方案。 <span lang="EN-US" style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: "Tahoma","sans-serif"; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">36.WLAN<span style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: 宋体; mso-bidi-font-size: 11.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-ascii-font-family: Tahoma; mso-hansi-font-family: Tahoma; mso-bidi-font-family: Tahoma;">中<span lang="EN-US" style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: "Tahoma","sans-serif"; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">802.1x<span style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: 宋体; mso-bidi-font-size: 11.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-ascii-font-family: Tahoma; mso-hansi-font-family: Tahoma; mso-bidi-font-family: Tahoma;">协议的安全和应用研究(合集提供）<span style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: 宋体; mso-bidi-font-size: 11.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-ascii-font-family: Tahoma; mso-hansi-font-family: Tahoma; mso-bidi-font-family: Tahoma;">摘要首先分析了802.11无线局域网的组网原理和基本安全手段，重点讨论了广泛应用的安全协议―IEEE 802.1x认证协议，最后简单地介绍了IEEE 802.1x协议的特点、应用和发展方向。<span style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: 宋体; mso-bidi-font-size: 11.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-ascii-font-family: Tahoma; mso-hansi-font-family: Tahoma; mso-bidi-font-family: Tahoma;">关键词无线局域网，802.1x，认证服务器，安全协议，WAPI<span style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: 宋体; mso-bidi-font-size: 11.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-ascii-font-family: Tahoma; mso-hansi-font-family: Tahoma; mso-bidi-font-family: Tahoma;">37.无线局域网安全协议分析(合集提供）<span style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: 宋体; mso-bidi-font-size: 11.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-ascii-font-family: Tahoma; mso-hansi-font-family: Tahoma; mso-bidi-font-family: Tahoma;">     802.11i协议包括WPA和RSN两部分。WPA我们在前面已经作了详述。RSN是接入点与移动设备之间的动态协商认证和加密算法。802.11i的认证方案是基于802.1x和EAP，加密算法是AES。动态协商认证和加密算法使RSN可以与最新的安全水平保持同步，不断提供保护无线局域网传输信息所需要的安全性。<span style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: 宋体; mso-bidi-font-size: 11.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-ascii-font-family: Tahoma; mso-hansi-font-family: Tahoma; mso-bidi-font-family: Tahoma;">38.用Hash锁方法解决RFID的安全与隐私问题(合集提供）<span style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: 宋体; mso-bidi-font-size: 11.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-ascii-font-family: Tahoma; mso-hansi-font-family: Tahoma; mso-bidi-font-family: Tahoma;">摘要提出一种解决RFID安全与隐私问题的方法。它是在随机控制Hash锁方法基础上的一种改进方法，解决了位置隐私和中间人攻击问题；与定控制和随机Hash锁方法相比，具备相同的安全级水平，同时降低计算负载，适合于大量射频标签的场合。<span style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: 宋体; mso-bidi-font-size: 11.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-ascii-font-family: Tahoma; mso-hansi-font-family: Tahoma; mso-bidi-font-family: Tahoma;">39.宽带接入网络的安全
(合集提供） Security of Broadband Access Networks <span style="FONT-SIZE: 10.5pt; COLOR: #222222; FONT-FAMILY: 宋体; mso-bidi-font-size: 11.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-ascii-font-family: Tahoma; mso-hansi-font-family: Tahoma; mso-bidi-font-family: Tahoma;">摘要：宽带接入网络的技术发展迅速，其应用也越来越广泛，但是安全问题也伴随着它的发展成为大家越来越关心的问题。在接入网环境下，用户、接入设备和网络都面临着各种威胁，特别是来自用户侧的威胁。针对当前网络中出现的问题，可以采用端口定位、媒体访问控制(MAC)地址防欺骗、非法业务监测等技术和方案加以解决。 关键词：宽带接入；安全；宽带接入远程服务；接入节点；DSL接入复用器

[此贴子已经被作者于2007-7-29 1:04:38编辑过]

Anywlan官方QQ群

7421 回帖	4万积分	1万在线时间

无线论坛管理员

注册时间: 2004-10-2

金币: 35286 个

威望: 404 个

荣誉: 114 个

发消息

累计签到：119 天
连续签到：3 天
[LV.200]无线新星

发表于 2007-7-15 13:41

英文资料40.<a href="http://www.anywlan.com/documents/2007/494.html">An OnDemand Secure Routing Protocol Resilient to Byzantine Failures</a>ABSTRACT：An ad hoc wireless network is an autonomous self-organizing system of mobile nodes connected by wireless links where nodes not in direct range can communicate via intermediate nodes. A common technique used in routing protocols for ad hoc wireless networks is to establish the routing paths ondemand, as opposed to continually maintaining a complete routing table. A signi cant concern in routing is the ability to function in the presence of byzantine failures which include nodes that drop, modify, or mis-route packets in an attempt to disrupt the routing service. We propose an on-demand routing protocol for ad hoc wireless networks that provides resilience to byzantine failures caused by individual or colluding nodes. Our adaptive probing technique detects a malicious link after log n faults have occurred, where n is the length of the path. These links are then avoided by multiplicatively increasing their weights and by using an on-demand route discovery protocol that nds a least weight path to the destination.41.<a href="http://www.anywlan.com/Article/2007/200707/2501.html">Wireless Attacks and Penetration Testing</a>无线攻击和渗透测试技术的介绍性文章。42.<a href="http://www.anywlan.com/Article/2007/200707/2502.html">Wireless Honeypot Countermeasures</a>无线蜜罐技术的介绍性文章。43.<a href="http://www.anywlan.com/documents/2007/520.html">Wireless 802.11 LAN Security Understanding the Key Issues</a>The rapid deployment of wireless LANs is testimony to the inherent benefits of this technology. Unfortunately, most wireless deployments are, at this time, fundamentally insecure. This is not an exaggeration. Based on our work with a wide range of organizations, it is an accurate assessment of the reality of the current state of the security of wireless 802.11-based environments. This situation is caused by two overarching problems. First, the technology itself is new and immature. Second, the technology is deceptively simple. Deploying a wireless environment is fundamentally easy. Deploying a wireless environment that meets the requirements of your existing security policies, while minimizing business risk, is not. It can be done, but requires substantial planning and a commitment to address a number of significant architectural,implementation, and operational issues. Wireless LAN deployment has clearly not yet reached its potential. But, the pundits are wrong on one essential point. They look at the deficiencies of the technology and think that organizations shouldn’t be deploying it yet. The pundits miss the plain fact that rganizations are deploying it anyway. Further, wireless LANs are a stealth technology. Most IT departments in large organizations are significantly underestimating how much wireless has already been installed by enterprising departments as well as individuals. While there is no substitute for practical experience with a new technology, this brief white paper is intended to help you understand the breadth of issues that need to be dealt with and to offer advice on how to avoid some of the most common mistakes. Let’s take a look at some of the security issues.44.<a href="http://www.anywlan.com/documents/2007/514.html">Fixing WEP Robust Security Networks with 802.11i</a>Soon after the huge success of Wireless LANs their lack of security became obvious. After several years, nally an industry standard, IEEE 802.11i, has been completed to provide robust security.This essay outlines the basics of Wireless LANs and describes the mechanisms for authentication,key management, integrity protection and con dentiality in robust security networks.45.<a href="http://www.anywlan.com/documents/2007/519.html">Wireless Local Area Network (WLAN) Security_802.11i</a>Wireless Networks are growing at an explosive rate. Along with the growth, come the security problems. Wireless networks are easy to break into due to the broadcast nature of the medium. IEEE 802.11 standard has made significant steps in providing a comprehensive solution to make the security of wireless networks comparable to wired networks. Current IEEE 802.11a, b, g standards use WEP protocol which has a lot of known flaws and even the interim security solution, WPA, does not meet the requirements for some users. Hence IEEE is has developed a new standard, IEEE 802.11.i that includes the WPA and RSN protocols. This paper describes the WEP & WPA protocols and different vulnerabilities of these standards. It then gives an overview of IEEE 802.11i standard, showing how the new 802.11 addendum plans to solve the wireless network security problem.46.<a href="http://www.anywlan.com/documents/2007/515.html">IEEE 802.11i Standard Improves Wireless LAN Security</a>目录： IEEE 802.11I STANDARD IMPROVES WIRELESS LAN SECURITY OVERVIEW: THE PLANET IS GOING WIRELESS FUNDAMENTAL WIRELESS SECURITY CHALLENGES ORIGINAL 802.11 SECURITY WAS FLAWED 802.11I TAKES STEPS TO IMPROVE SECURITY INDEPENDENT REVIEW CHALLENGES AHEAD ENCOURAGING WORLDWIDE ACCEPTANCE SUMMARY AUTHOR BIO 47.<a href="http://www.anywlan.com/documents/2007/517.html">Security Analysis and Improvements for IEEE 802.11i</a>This paper analyzes the IEEE 802.11i wireless networking standard with respect to data confidentiality, integrity, mutual authentication, and availability. Under our threat model, 802.11i appears to provide effective data confidentiality and integrity when CCMP is used. Furthermore, 802.11i may provide satisfactory mutual authentication and key management, although there are some potential implementation oversights that may cause severe problems. Since the 802.11i design does not emphasize availability, several DoS attacks are possible. We review the known DoS attacks on unprotected management frames and EAP frames, and discuss ways of mitigating them in 802.11i. The practicality of a DoS attack against Michael MIC Failure countermeasure is discussed and improvements are proposed. Two new DoS attacks and possible repairs are identified: RSN IE Poisoning and 4-Way Handshake Blocking. Finally some tradeoffs in failure-recovery strategies are discussed and an improved variant of 802.11i is proposed to address all the discussed vulnerabilities.48.<a href="http://www.anywlan.com/documents/2007/516.html">Secure Authentication System for Public WLAN Roaming</a>A serious impediment for seamless roaming between independent wireless LANs (WLANs) is how best to confederate the various WLAN service providers, each having different trust relationships with individuals and each supporting their own authentication schemes which may vary from one provider to the next. We have designed and implemented a comprehensive single sign-on (SSO) authentication architecture that confederates WLAN service providers through trusted identity providers. Users select the appropriate SSO authentication scheme from the authentication capabilities announced by the WLAN service provider, and can block the exposure of their privacy information while roaming. In addition, we have developed a compound layer 2 and Web authentication scheme that ensures cryptographically protected access while preserving pre-existing public WLAN payment models. Our experimental results, obtained from our prototype system, show the total authentication delay are well within 2 seconds. This is dominated primarily by our use of industrystandard XML-based protocols, yet are still small enough for practical use.49.<a href="http://www.anywlan.com/documents/2007/518.html">TinySec: A Link Layer Security Architecture for Wireless Sensor Networks</a>50.<a href="http://www.anywlan.com/documents/2007/525.html">家居无线网络的安全</a>Introduction to Wireless Network Wireless LAN Security Risks Wireless LAN Basic Defense Strategies

[此贴子已经被作者于2007-7-29 1:07:23编辑过]

7421 回帖	4万积分	1万在线时间

无线论坛管理员

注册时间: 2004-10-2

金币: 35286 个

威望: 404 个

荣誉: 114 个

发消息

累计签到：119 天
连续签到：3 天
[LV.200]无线新星

发表于 2007-7-15 13:41

无线安全书籍<a href="http://www.anywlan.com/documents/2007/532.html">51.802.11i (How we got here and where are we headed)</a>Abstract This paper will focus on the current IEEE1 802.11i standard and the components that comprise the standard. It will show how the standard ensures the integrity of the CIA triad in an effort to restore confidence in corporate WLANs. The Confidentiality, Integrity, and Availability triad is often taken for granted, but it is the criteria that any security infrastructure should meet. I believe that corporate WLAN implementations have been curtailed due to the lack of a truly secure standard. Perhaps a better word than curtailed is underutilized. I believe corporations have found a place for WLANs, but due to their lack of standardized and reliable security, they are not being used to their fullest potential. While some work has been done to remediate some of the shortcomings of WEP by both individual vendors and the Wi-Fi Alliance2, the IEEE has responded to the need for a formal standard. The committee has taken "best-of-breed" authentication, encryption, and authorization standards and has combined them to create what are to be called Robust Secure Networks or RSNs. The implementation recommendations in this paper will focus on enterprise implementations of the 802.11i standard while looking into the past deficiencies of WLAN security and attempts to remediate them<a href="http://www.anywlan.com/documents/2007/533.html">52.Wireless Network Security: 802.11, Bluetooth,and Handheld Devices</a>美国国家标准和技术研究所（NIST）发表的无线网络安全的802.11、蓝牙和手持设备（SP800-48）的PDF文档。共119页<a href="http://www.anywlan.com/documents/2007/534.html">53.Establishing Wireless Robust Security Networks</a>共162页 Table of Contents 1. Introduction 2. Overview of Wireless Networking 3. Overview of IEEE 802.11 Security 4. Security Framework for Robust Security Networks 5. Robust Security Networks Principles of Operation 6. Extensible Authentication Protocol 7. FIPS and WLAN Product Certifications 8. WLAN Security Best Practices 9. Case Studies 10. Summary of Concepts and Recommendations<a href="http://www.anywlan.com/documents/2007/535.html">54.Wireless.Hacking.Projects.for.Wi-Fi.Enthusiasts</a>共369页，对无线攻击感兴趣的朋友值得一看。 Part I Introduction to Wireless Hacking Chapter 1 A Brief Overview of the Wireless World Chapter 2 SoCalFreeNet.org: Building Large Scale Community Wireless Networks Chapter 3 Securing Our Wireless CommunityPart II Hacking Projects Chapter 4 Wireless Access Points Chapter 5 Wireless Client Access DevicesPart III Software Projects Chapter 6 Wireless Operating Systems Chapter 7 Monitoring Your Network Chapter 8 Low-Cost Commercial Options Chapter 9 Mesh NetworkingPart IV Antennas and Outdoor Enclosure Projects Chapter 10 Antennas Chapter 11 Building Outdoor Enclosures and Antenna Masts Chapter 12 Solar-Powered Access Points and RepeatersAppendix A Wireless 802.11 Hacks<a href="http://www.anywlan.com/documents/2007/536.html">55.Internet and Wireless Security</a>The chapters of this volume are grouped into a number of topical areas — demonstrating that the security canon is a very varied one. As Chris Earnshaw so rightly highlighted in his preface, getting the appropriate security built into new products, systems and services is fundamental to a rosy Internet future. We highlight a number of the vital issues to address as part of that process. Chapter 1 reminds us of the importance of securing the infrastructure. Only when this has been done can the applications which run on it be deployed with any confidence from a security perspective. The next two chapters introduce functionality which is starting to play an important part in the application security story. XML, the next-generation of HTML, is now viewed as the standard way information will be exchanged in environments that do not share common platforms. Special purpose XML languages and standards are practically announced daily. Chapter 2 describes XML digital signatures and XML encryption, while Chapter 3 explains how these can be used to provide Web-based security services. An even newer idea is SecML, the Security Modelling Language. As systems become more complex, so the task of designing an appropriate security model becomes ever more challenging. Chapter 4 introduces a new approach which may help in this task. XML will be an increasingly important technology underpinning public key infrastructures (PKIs). Chapter 5 tells us what else is new in this area. Chapter 6 shows us how both XML and PKI can be used in constructing an archival service for high-value data. This is one of a number of value-added services we expect to see deployed in the medium term. It is now well-known that public key cyptography was invented by CESG several years prior to its parallel invention as Diffie-Hellman and RSA. A somewhat different approach to those models is an identifier-based public key ryptography. By a neat reversal, Shamir (the S in RSA) first proposed the concept but the first practical solution was invented by CESG. Chapter 7 gives an overview of that system. We turn now to the wireless world where authentication and confidentiality are prerequisites for a commercial service. Chapter 8 leads us through the evolving 3G standards, and highlights the possibility that a non-PKI-based approach may prevail. An alternative view, based on what has been happening in the WAP Forum, is presented in Chapter 9. Another wireless service is TETRA, the digital trunked radio standard. An enhanced version is being deployed now in the UK, initially in the emergency services market. Chapter 10 explains how security is handled in this service. Our next area is IP data networks and particularly virtual private networks. Chapter 11 explains how the adoption of the IPsec standard enables this to be done securely. Chapter 12 puts this into a real-world business context with its description of BT Ignite's virtual private data network service and its development. Evolution towards integrated global networks makes all operators and users of their networks equally exposed to malicious attacks. Such attacks can be mounted almost anywhere in the world by individual crackers or even by an agency of a rogue state. Chapter 13 describes how BT's Information Assurance Programme deals with this enhanced threat. Identification, authentication and access issues underpin all of these areas. Chapter 14 shows how biometrics or 'something you are' can help in conjunction with 'something you know' (a password or PIN) and 'something you have' (a token). BTexact Technologies and University College, London are collaborating in a study to determine how computer users manage their passwords now, and how to help users manage them more securely in the future. Many of the problems are well known to people in the security world — large numbers of passwords have to be memorised (average of 16), with users mostly writing them down, and lax attitudes to their security leading to insecure ways of working in general. Based on this research, Chapter 15 presents an alternative approach to improving access control. Finally, Chapter 16 reminds us that to ensure good security we must manage the problem systematically. It describes how BS 7799 (ISO 17799), the Standard for Information Security Management, can be applied to achieve such a result. In conclusion, we would like to thank all of the authors for their excellent contributions to this book. We believe that the end result will enable you to understand more fully what a great deal there is to worry about when you try to construct an appropriately secure network or system, and how you start going about addressing those concerns.<a href="http://www.anywlan.com/documents/2007/537.html">56.Wi-Fi Security</a>Chapter 1 Introduction to Wireless LAN Security Standards Chapter 2 Technology Chapter 3 Wireless LAN Security Factors Chapter 4 Issues in wireless Security Chapter 5 The 802.11 Standard Defined Chapter 6 802.11 Security Infrastructure Chapter 7 802.11 Encryption: Wired Equivalent Chapter 8 Unauthorized Access and Privacy Chapter 9 Open System Authentication Chapter 10 Direct Sequence Spread Spectrum Chapter 11 Wi-Fi Equipment Issues Chapter 12 Cross-Platform Wireless User Security Chapter 13 Security Breach Vulnerabilities Chapter 14 Access Control Schemes Chapter 15 Wireless Laptop Users (PC and Mac) Chapter 16 Administrative Security Chapter 17 Security Issues for Wireless Applications (Wireless PDAs) Chapter 18 The Future of Wi-Fi Security?<a href="http://www.anywlan.com/documents/2007/538.html">57.Building Secure Wireless Networks with 802.11</a>Part I: Introduction to Wireless Local Area Networks (LANs) Chapter 1: Networking Basics. Chapter 2: Wireless LANs Chapter 3: The Institute of Electrical and Electronics Engineers (IEEE) 802.11 Standards Chapter 4: Is Wireless LAN Right for You? Part II: Secure Wireless LANs Chapter 5: Network Security Chapter 6: Securing the IEEE 802.11 Wireless LANs Part III: Building Secure Wireless LANs Chapter 7: Planning Wireless LANs Chapter 8: Shopping for the Right Equipment Chapter 9: Equipment Provisioning and LAN Setup Chapter 10: Advanced 802.11 Wireless LANs Part IV: Troubleshooting and Keeping Your Wireless LAN Secure Chapter 11: Troubleshooting Wireless LANs Chapter 12: Keeping Your Wireless LAN Secure<a href="http://www.anywlan.com/documents/2007/539.html">59.802.11 Security</a>O'Reilly出版，共204页。 Part I: 802.11 Security Basics Chapter 1. A Wireless World Chapter 2. Attacks and Risks Part II: Station Security Chapter 3. Station Security Chapter 4. FreeBSD Station Security Chapter 5. Linux Station Security Chapter 6. OpenBSD Station Security Chapter 7. Mac OS X Station Security Chapter 8. Windows Station Security Part III: Access Point Security Chapter 9. Setting Up an Access Point Part IV: Gateway Security Chapter 10. Gateway Security Chapter 11. Building a Linux Gateway Chapter 12. Building a FreeBSD Gateway Chapter 13. Building an OpenBSD Gateway Chapter 14. Authentication and Encryption Chapter 15. Putting It All Together由于时间关系，无线安全书籍只挑选了9本给大家，虽然是英文的多，不过如能潜下心来读书，相信所获不菲。其余无线安全书籍有机会再放出来罢。

[此贴子已经被作者于2007-7-30 19:06:25编辑过]