Fast switch method and system in wireless local area network

Abstract

A rapid-switching method in wireless local-area network includes the following steps: step 1, a wireless workstation sends a second element of a pre-constructed one-way hash chain table to a target wireless access point; step 2, whether the second element is effective or not is judged; if the second element is effective, step 3 is executed, otherwise the process is finished; step 3, connection between the target wireless access point and the wireless workstation is established. The rapid-switching method in wireless local-area network comprises a wireless access point, an authentication service unit, and a wireless workstation; the wireless workstation comprises a first communication module, which is connected with the wireless access point and the authentication service unit; the wireless access point comprises a second communication module, which is connected with the authentication service unit; a memory module, which is connected with the second communication module; an authentication module, which is connected with the memory module and the second communication module; the authentication service unit comprises a third communication module, which is connected with the wireless workstation and the wireless access point. The invention can realize one-way and/or two-way authentication between the wireless workstation and the wireless access point.

Description

technical field [0001] The present invention relates to a fast switching method and system in a wireless local area network, in particular to a fast switching method and system in a wireless local area network that realizes one-way and / or two-way authentication between a wireless workstation and a wireless access point, and belongs to communication technology field. Background technique [0002] In recent years, users' demands for access services are characterized by broadband, mobility, and convenience. The broadband wireless local area network (WLAN) technology and products based on the IEEE 802.11b standard cater to people's needs for broadband data access in the nomadic state, and have been widely promoted and applied around the world. [0003] In order to support the mobility of wireless workstations (referred to as STA), IEEE first proposed the IEEE 802.11f standard. A protocol for communicating and exchanging handover-related information between wireless access poin...

AI Technical Summary

Problems solved by technology

[0006] The disadvantage of the fast handover mechanism of the above-mentioned 802.11r standard is that the fast handover authentication request frame and the random number in the fast handover authentication request frame are sent without authentication, and the wireless access point must accept the message and process it accordingly. Therefore, it faces a more serious denial of service (DOS) attack than IEEE 802.11i

At this time, the attacker can impersonate the wireless workstation and send another message containing the random number S′ to the wireless access point. nonce After receiving the fast handover authentication request frame, the wireless access point resends the fast handover authentication response frame, which contains the random number A' nonce , and recalculate the PTK′, resulting in a mismatch between the PTK calculated by the wireless workstation and the wireless access point, causing the 802.11 authentication confirmation frame sent by the wireless workstation to fail to pass the verification, thus preventing the wireless workstation from accessing the network

Furthermore, the wireless workstation sends a fast handover authentication request frame, which contains a random number S nonce ; The attacker pretends to be a wireless access point and sends a tampered fast handover authentication response frame, which contains the random number A' nonce , the PTA calculated by the wireless workstation and the wireless access point do not match, and the 802.11 authentication confirmation frame cannot pass the verification, so that the wireless workstation cannot access the network

Images