无线局域网中基于身份的密钥协商与鉴别方案

39820058JOURNALOFSHANGHAIJIAOTONGUNIVERSITYVol.39No.8Aug.2005:2004208217:(02QD14027):(19792),,,,.(),,,,(Tel.):021262932069;E2mail:gu2dw@cs.sjtu.edu.cn.:100622467(2005)0821327204,,(,200030):(WAPI),,.,,WAPI.,WAPI.:;;;:TP393.08:AAnID2BasedKeyAgreementandAuthenticationSchemeinWLANLIUHan,GUDa2wu,SHIQing2zu(Dept.ofComputerScience&Eng.,ShanghaiJiaotongUniv.,Shanghai200030,China)Abstract:Thewirelesslocalareanetwork(WLAN)securitystandardmadebyChina(WAPI)usespublickeycertificatesmechanismtoimplementtwo2wayauthenticationandprivatecommunication.Itprovidesgoodsecuritysolutionforlarge2scaleWLAN.However,thesystembasedonWAPIiscomplexandhassecurityflaws.Theidentity2basedcryptosystemwasadoptedinWLANtoimplementkeyagreementandtwo2wayauthentication.Thisschemesimplifiesthesystemarchitectureandismorefeasibleinsmall2scaleormiddle2scaleWLAN.ItalsoovercomesthesecurityflawsinWAPI.Bytheperformanceanalysis,securityanalysisandcontrasttoWAPI,thenewschemeisprovedtobemoresuitableforsmall2scaleormiddle2scaleWLAN.Keywords:wirelesslocalareanetwork(WLAN)security;authentication;keyagreement;keymanagement,[13].20035[1],WAPI(WirelessLocalAreaNetworkAuthenticationandPrivacyInfrastructure),.WAPI,STA(Station)AP(AccessPoint),.ASU(AuthenticationServiceUnit),.(WLAN)WAPI,WLAN..,©1994-2010ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.[4].,.Okamoto[5].WLAN,OkamotoWLAN,,.2:.,STAAP,STAAP;,.AP,.2.12pq,ed:ed[mod(p-1)(q-1)]=1(1),e,dn=pq.GF(p)GF(q)g.STAi,IDi.Si:Si=ID-di(modn)(2)rjn,yj=gerj(modn)(3)(n,e,rj)APj,(n,g,yj,Si)STAi.APSTA.2.2STAAP1.1Fig.1Anidentity2basekeyagreementandauthenticationschemeprotocolflowchart2.2.1(1)STAiAPj.STAiriXi,(IDi,Xi)APj:Xi=Sigri(modn)(4)(2)STAi:Ki=yrij(modn)(5)(3)APjSTAi(IDi,Xi),APj.IDi,,STAi,APjSTAi;STAi.APj:Kj=(XeiõIDi)rj(modn)(6)2.2.2(1)STAiAPj:K=Ki=Kj=gerirj(modn)(7)(2)STAiSTAiAPj.,823139©1994-2010ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.(1)APjSTAi.APjNj,KNjSTAi.(2)STAiAPj.STAiAPj,K,(Nj+1),Ni,STAiK(Nj+1,Ni)APj.(3)APjSTAi.APjK,Nj+1,STAi,IDi;STAi.APjNi,(Ni+1),K(STAi,Ni+1)STAi.(4)STAiAPj.STAiAPj,K,STAi,,;Ni+1,,APj,APj.APjSTAi.2.4APWLANAP,STAAP.,STAiAPjAPk,WLAN.AP(n,e,rj),APKAP.(3),APj,IDi,:(1)APKAPEKAP(IDi),.(2)AP,,APkIDi,APjKAPEKAP(IDi).(3)APj,KAP,IDi.IDi,IDi;EKAP(IDi),STAi,STAiAPj.33.13.1.1,,.,,IDi;E2mail,E2mailIDi.,,.,..E2mail,IDi.3.1.2,,.,..,IDi,.,.IDi.IDi=(E2mail),IDi,.3.2.,,WLAN.AP,.APAP,WLAN,ID.AP,AP.STAAP,APAPSTAID,,.,STA.WLAN,APID,AP,APID.44.1.92318,:©1994-2010ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.(IDi,Xi)APj,APjXi,.STA,,,STA,.,.4.24.2.1AP(n,e,rj),STA(n,g,yj,Si).,.(DSS),5121024bit.n.nbitk(512bitk1024bit).,n.,AP3k(15363072bit),STA4k(20484096bit).4.2.2:STAAP.nbitk(512bitk1024bit).2k(10242048bit);:3,.3DES[6]64bit,AES,128bit.,NiNj.,3DESAES3:(1)APjSTAi,64bit(3DES)128bit(AES);(2)STAiAPj,128bit(3DES)256bit(AES);(3)APjSTAi,128bit(3DES)256bit(AES).,213442368bit(3DES)16642688bit(AES).4.2.3STA:1;2;1,2.AP:2;2,1.,STAAP.4.3WAPIWAPI1.1WAPITab.1ThecontrastanalysisoftheproposedschemetoWAPIWAPISTAAPSTAAPASU475WLANWAPI,WLAN.,.,,,.,,.,,.,WAPI.:[1]GB15629.11-2003.[S].[2]ISDNO273812181225.WirelessLANmediumaccesscontrol(MAC)andphysicallayer(PHY)specificationsANSI,IEEEStd.802.11[S].[3]WiFiAlliance.WPA(WiFiProtectedAccess)whitepaper[DBöOL].httpöö(1335)033139©1994-2010ChinaAcademicJournalElectronicPublishingHouse.Allrightsreserved.:[1],,.[J].,2001,23(4):379-384.CHENWei2dong,XIYu2geng,GUDong2lei.Asurveyofreinforcementlearninginautonomousrobots[J].Robot,2001,23(4):379-384.[2]NicolescuM,MataricMJ.Learningandinteractinginhuman2robotdomains[J].SociallyIntelligentAgents,2001,31(5):419-430.[3]GerkeyB,MataricMJ.Aformalframeworkforthestudyoftaskallocationinmulti2robotsystems[J].InternationalJournalofRoboticsResearch,2003,3(13):1-17.[4],,.[J].,2003,37(Sup.):45-49.JIAJian2qiang,CHENWei2dong,XIYu2geng.Anoverviewofthekeytechniquesinautonomousrobotsoccer[J].JournalofShanghaiJiaotongUniversity,2003,37(Sup.):45-49.[5]MataricMJ.Reinforcementlearninginthemulti2robotdomain[J].AutonomousRobots,1997,4(1):73-83.[6]FontanMS,MataricMJ.Territorialmulti2robottaskdivision[J].IEEETransactionsonRoboticsandAutomation,1998,14(5):815-822.[7]MataricMJ.Learningsocialbehaviors[J].RoboticsandAutonomousSystems,1997,(20):191-204.[8]PengJ,WilliamsRJ.Incrementalmulti2stepQ2learning[J].MachineLearning,1996,22(1ö2ö3):283-290.(1330)[4]ShamirA.Identity2basedcryptosystemsandsignatureschemes[A].ProceedingsofCRYPTO’84[C].Springer:CRYPTO,1984.47-53.[5]OkamotoE.Keydistributionsystemsbasedonidentificationinformation[A].ProceedingsofCRYPTO’87[C].Springer:CRYPTO,1987.194-202.[6],.[J].,2004,38(5):693-700.YANHong,HEChen.Security