摘要： 分析了无线局域网的安全标准IEEE 802.11i和WAPI在安全与效率上存在的缺陷。提出了一种基于哈希链构造认证令牌，实现无线网络快速实体认证机制FWAI。与802.11i和WAPI比较，新机制使用较少的交互，无需数字签名，实现在“第一时间”对实体STA的认证，并高效产生会话密钥。新机制不仅能有效防范STA、AP、ASU的假冒、消息重放等攻击，还具有很强的抗击拒绝服务攻击的能力。

关键词: 无线局域网, WAPI 802.11i, 认证, FWAI

Abstract: Several shortcomings of two security standards in WLAN: IEEE 802.11i and WAPI are analyzed on efficiency and security. A fast/efficient authentication scheme for WLAN (FWAI) is proposed, which is based on tokens derived from Hash chains. Compared with 802.11i and WAPI, the proposed scheme needs fewer messages to authenticate STA in the foremost time, as well as session keys are negotiated efficiently. The scheme canot only against personating STA, AP and AS and messages replay attacks, but also can against DoS attacks effectively.

Key words: WLAN, WAPI 802.11i, Authentication, FWAI