校园无线局域网的安全性研究

介绍了校园无线局域网的优势和问题所在.分析了WLAN(Wireless Local Area Network)IEEE802.11系列安全协议的工作方式,和各自的缺陷.提出了利用Linux内核空间下的Neffilter框架,动态加载IPSec处理模块的方法,构建了一个IPSec VPN网关,以解决无线网络的安全问题,同时也能实现在线实时的信息交换和共享.     

基于RTP/RTCP的音视频WiFi传输系统的设计

本系统设计了一个无线WiFi音视频传输方案,可用于视频监控,视频教学,旅游导游等领域.系统采用i.MX27多媒体处理器,WiFi模块采用基于IEEE802.11b的无线协议,流媒体传输采用RTP/RTCP协议,视频的编解码采用成熟的MPEG4标准,实现基于2.4GHz无线网络传输的音频流和视频流数据的传输.实现了音视频的WiFi传输,在接收端音视频还原流畅.     

基于IEEE802.11b协议的无线网络组建

介绍了基于IEEE802.11b协议的低成本双机互联无线网络的组建方法。基于该方法组建的双机无线网络成本低廉,同时实现计算机的文件共享、打印机共享和Internet连接共享。     

基于CDMA无线信道的TCP 与UDP协议性能研究*

以吞吐率和有效因子为性能指标,分别就 i．i．d和相关无线信道模型对 TCP和 UDP协议进行了研究．虽然 UDP协议获得了TCP协议吞吐率性能的上界,但低时延、大拥塞控制窗口和信道相关性也有助于 TCP协议吞吐率逼近 UDP协议;对于有效因子性能,TCP协议性能更优．分析结果表明,拥塞控制窗口对于 TCP协议的有效因子和吞吐率2个性能指标的影响相互矛盾,因而窗口大小需要根据具体的应用进行取舍．     

认知无线电网络MAC接入性能分析

认知无线电网络中授权用户享有频谱的优先使用权,一旦授权用户出现认知,用户必须中断正使用的频谱,造成正在传输的MAC帧丢失,认知无线电网络直接采用现有的IEEE802.11 DCF协议,无法解决由于中断引发的认知用户MAC帧丢失问题,当认知用户再次获得频谱接入机会时,将重新竞争接入,导致频谱切换延时较大.为解决该问题,本文改进了IEEE 802.11 DCF协议,提出增加冻结缓存机制,以此解决用户信道切换的延时较大问题.当无线链路出现中断时,改进的DCF协议通过冻结节点,中断当前计时器并缓存当前状态信息,认知用户和基站之间链路一旦恢复则继续传输中断前的MAC帧,从而避免了认知用户的重新竞争接入.仿真结果表明改进的DCF协议在频谱切换时能增大接入吞吐量,减小接入延时,提高了DCF机制在认知网络中的应用性能.     

高速公路场景下基于C-V2X和IEEE802.11p的V2V通信性能对比

为了研究高速公路场景下C-V2X和IEEE 802.11p的V2V通信性能的不同表现,通过SUMO与OMNET++联合仿真对比研究不同车辆速度与数量对通信性能的影响。实验结果表明:IEEE 802.11p和C-V2X均满足安全应用的时延要求,而C-V2X在丢包率方面优于IEEE 802.11p。     

基于OPNET的分布式WLAN网络性能仿真研究

介绍了无线局域网的基本概念以及它的一些优缺点,分析了无线局域网中IEEE 802.11系列标准。基于网络仿真平台OPNET,构建了分布式无线局域网网络模型、节点模型和进程模型。为了优化网络性能,通过设置不同的网络参数(包括速率、信息包分组大小),对IEEE 802.11系列标准下的无线局域网网络性能进行了分析研究,减小了网络时延和丢包率,提高了系统吞吐量。对今后无线局域网部署中IEEE802.11系列标准的选择以及参数的设置有着重要的参考价值。     

基于NTRU公钥算法的安全OSPF协议研究

OSPF是一种典型的链路状态路由协议,是当前局域网中最常用的路由协议之一.文中简要介绍了OSPF协议的网络安全需求,提出了新的安全OSPF路由协议SOSPF,其中使用加密速度更快的公钥加密算法NTRU来实现OSPF协议的数字签名.采用NS-2平台对其进行仿真,并进行性能和安全性分析.     

无线局域网低时延切换的一种两级认证方法

IEEE 802.11无线局域网已得到了广泛的部署.在无线局域网中,终端移动时经常发生切换,需要进行安全认证,这导致较长的处理时延,降低了服务质量.目前的认证方法,如AAA和IEEE 802.1x,不能支持低时延切换.本文提出了一种两级认证方法,移动终端在快速切换协议中可以执行认证.在漫游到新域之前从目标接入点获取一个临时身份,通过使用该临时身份继续认证快速接入.移动终端在短时间内必须执行再认证,以便完成正常的认证过程,否则,认证接入将被终止.仿真结果表明,本文提出的两级认证方法在切换过程中显著地减少了切换时延和丢包率.     

一种基于Hash的RFID双向认证协议

分析了RFID系统中存在的安全问题,剖析了目前比较有代表性的基于Hash的RFID认证协议,提出了一种改进的基于Hash的双向认证协议HAsH-IMAP.该协议可以有效解决非法访问、重放攻击、标签失效等问题.通过其安全性能分析以及各协议的存储开销、计算开销和安全性能对比分析,说明了本协议具有高效的性能和良好的安全性.     

Formal analysis of authentication in 802.11i

Authentication is the basis of the security of IEEE 802.11i standard. The authentication process in 802.11i involves two important protocols: a 4-way handshake and a group key handshake. A formal analysis of authentication in 802.11i is given via a belief multisets formalism. The analysis shows that the 4-way handshake and the group key handshake may provide satisfactory mutual authentication, key management, and issue of a new group temporal key from an access point to a user device, under the guarantee of mutual possession of a confidential pairwise master key. The analysis also shows that there exists a denial of service attack in the 4-way handshake and some seeming redundancies are useful in the protocol implementation.     

Some remarks on the TKIP key mixing function of IEEE 802.11i

Temporal key integrity protocol (TKIP) is a sub-protocol of IEEE 802.11i. TKIP remedies some security flaws in wired equivalent privacy (WEP) protocol. TKIP adds four new algorithms to WEP: a message integrity code (MIC) called Michael, an initialization vector (IV) sequencing discipline, a key mixing function and a re-keying mechanism. The key mixing function, also called temporal key hash, de-correlates the IVs from weak keys. Some cryptographic properties of the substitution box (S-box) used in the key mixing function are investigated in this paper, such as regularity, avalanche effect, differ uniform and linear structure. Moen et al pointed out that there existed a temporal key recovery attack in TKIP key mixing function. In this paper a method is proposed to defend against the attack, and the resulting effect on performance is discussed.     

Secure Authentication of WLAN Based on Elliptic Curve Cryptosystem

The security of wireless local area network (WLAN) becomes a bottleneck for its further applications. At present, many standard organizations and manufacturers of WLAN try to solve this problem. However, owing to the serious secure leak in IEEE802.11 standards, it is impossible to utterly solve the problem by simply adding some remedies. Based on the analysis on the security mechanism of WLAN and the latest techniques of WLAN security, a solution to WLAN security was presented. The solution makes preparation for the further combination of WLAN and Internet.     

Influence of Error-prone Channel on the Performance of IEEE 802.11 WLAN Utilizing RTS/CTS Handshaking

A comprehensive study was presented for WLAN 802.11b using error-prone channel. It was theoretically and numerically evaluated the performance of three different network sizes with the bit rates that available in 802.11b protocol. Results show that throughput does not change with the size of the network for wide range of bit error rates (BERs) and the channel bit rates play a significant role in the main characteristics of the network. A comprehensive explanation has given for the phenomenon of the packet delay suppression at relatively high level of BERs in view of the size of the networks and the BERs. The effect length of the transmitting packets is also investigated.     

A Provably Secure Asynchronous Proactive RSA Scheme

The drawback of the first asynchronous proactive RSA scheme presented by Zhou in 2001, is that the security definition and security proof do not follow the approach of provable security. This paper presented a provably secure asynchronous proactive RSA scheme, which includes three protocols： initial key distribution protocol, signature generation protocol and share refreshing protocol. Taken these protocols together, a complete provably secure proactive RSA scheme was obtained. And the efficiency of the scheme is approximate to that of the scheme of Zhou.     

A secure and reliable routing protocol for wireless mesh networks

This study proposes an efficient secure routing protocol which considers symmetric and asymmetric links for wireless mesh networks （WMNs）. A wireless mesh network is a group of wireless mesh routers and several kinds of wireless devices （or nodes）. Individual node cooperates by forwarding packets to each other, allowing nodes to communicate beyond the symmetric or asymmetric links. Asymmetric link is a special feature of WMNs because the wireless transmission ranges of different wireless devices may be different. The asymmetric link enhances WMN coverage. Providing security in WMNs has become an important issue over the last few years. Existing research on this topic tends to focus on providing security for routing and data content in the symmetric link. However, most studies overlook the asymmetric link in these networks. This study proposes a novel distributed routing protocol beyond symmetric and asymmetric links, to guarantee the security and high reliability of the established route in a hostile environment, such as WMNs, by avoiding the use of unreliable intermediate nodes. The routes generated by the proposed protocol are shorter than those in prior works. The major objective of the proposed protocol is to allow trustworthy intermediate nodes to participate in the path construction protocol. The mesh clients out of mesh router wireless transmission range may discover a secure route to securely connect to the mesh router for Internet access via the proposed protocol. The proposed protocol enhances wireless mesh network coverage and assures security.