计算机工程 ›› 2014, Vol. 40 ›› Issue (12): 108-113.doi: 10.3969/j.issn.1000-3428.2014.12.020

• 安全技术 • 上一篇    下一篇

无线局域网中基于身份签名的接入认证方案

王志蓬1a,1c,林慕清1b,季东杰1b,徐剑1a,2   

  1. 1.东北大学 a.软件学院; b.信息科学与工程学院; c.继续教育学院,沈阳 110819;
    2.中国科学院信息工程研究所信息安全国家重点实验室 北京 100093
  • 收稿日期:2013-12-09 修回日期:2014-02-18 出版日期:2014-12-15 发布日期:2015-01-16
  • 作者简介:王志蓬(1975-),男,工程师、硕士研究生,主研方向:密码学,网络安全,云计算;林慕清、季东杰,硕士研究生;徐 剑(通讯作者),讲师、博士。
  • 基金项目:
    国家科技重大专项基金资助项目(2013ZX03002006);中央高校基本科研业务费专项基金资助项目(N130317002);辽宁省博士启动基金资助项目(20141012);沈阳市科技计划基金资助项目(F14-231-1-08)。

Access Authentication Scheme Using Identity-based Signature in Wireless Local Area Network

WANG Zhipeng1a,1c,LIN Muqing1b,JI Dongjie1b,XU Jian1a,2   

  1. 1a.College of Software; 1b.College of Information Science and Engineering;1c.College of Continuing Education, Northeastern University,Shenyang 110819,China; 2.State Key Laboratory of Information Security, Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China
  • Received:2013-12-09 Revised:2014-02-18 Online:2014-12-15 Published:2015-01-16

摘要: 目前无线局域网中的典型接入认证方案不能较好地支持双向认证,并且效率较低。针对上述问题,利用基于身份签名技术,提出一种新的双向接入认证方案。给出方案的初始化过程、实体间认证协议以及基于该接入认证方案的密钥协商协议,并对密钥协商协议进行效率和安全性分析,结果表明,该协议能以较小的计算代价,实现已知密钥安全、前向安全、未知密钥分享和密钥控制。与EAP-TLS和WAPI2接入认证方案相比,该方案具有无证书、双向认证以及认证效率高等优势。

关键词: 无线局域网, 双向接入认证, 基于身份签名, 密钥协商, EAP-TLS方案, WAPI方案

Abstract: Aiming at the problems such as bidirectional access authentication can not be supported and low efficiency in typical Wireless Local Area Network(WLAN) access authentication schemes,this paper proposes a bidirectional access authentication scheme using the Identity-based Signature(IBS).The scheme’s initialization process,inter-entity authentication protocol,and an efficient key agreement protocol based on that access authentication scheme are given.The efficiency and safety property of the key agreement protocol are analyzed.Results show that this protocol not only has the expense of small computational cost,but also achieves known key security,forward security,unknown key sharing and key control.This is the advantage that other similar protocols do not have.Finally,this paper compares the proposed scheme with EAP-TLS and WAPI scheme in the aspects of performance,the results show that the proposed scheme has advantages of no certificate,mutual authentication and efficient authenticating.

Key words: Wireless Local Area Network(WLAN), bidirectional access authentication, Identity-based Signature(IBS), key agreement, EAP-TLS scheme, WAPI scheme

中图分类号: