Abstract:
This paper proposes the wireless Man In Middle(MIM) framework, which actively proves the vulnerability of MIM by applying the MIM technique in WLAN environment, whose security is applied with 802.1X and Extensible Authentication Protocol(EAP). It describes the design of the required functions and modules, proposes that it is possible to collect WLAN authentication information of the unauthorized user by using the wireless MIM framework under the EAP-MD5 and EAP-TTLS environment.
Key words:
802.1X protocol,
Extensible Authentication Protocol(EAP),
Rouge AP,
Man In Middle(MIM) attack
摘要: 基于802.1X的可扩展认证协议(EAP)是目前主流的无线网络认证协议。该文介绍802.1X、EAP及中间人攻击的相关技术,分析针对802.1X-EAP的中间人攻击流程,给出在EAP-MD5网络环境下对无线网络进行中间人攻击的框架及流程,从而证实目前无线网络设施遭受中间人攻击风险的可能性。
关键词:
802.1X协议,
可扩展认证协议,
非法AP,
中间人攻击
CLC Number:
LI Yong-qiang; WANG Hai-hang. MIM Attack to Secure Authentication Protocol with 802.1X-EAP[J]. Computer Engineering, 2008, 34(22): 192-194.
李永强;汪海航. 针对802.1X-EAP安全认证协议的中间人攻击[J]. 计算机工程, 2008, 34(22): 192-194.