Safety access method of wireless metropolitan area network

Abstract

The invention relates to a secure access method for the wireless metropolitan area network which comprises an identification-authentication step and a session-key consultation step. The identification-authentication step comprises: a base station (BS) sends an activating message for access identification to a subscriber station (SS); the SS sends a request message for access identification to the BS; if the SS which sends the request message for access identification has been sent with the activating message for access identification, the BS sends a request message for certificate identification to an authentication server (AS) and then the AS sends a response message for certificate authentication to the BS which then verifies the legitimacy of the SS according to the response message for certificate authentication; if the SS is legal, an access identification response message is sent to the SS which then verifies the legitimacy of the BS according to the access identification response message; if the BS is legal, following steps are continued. The BS of the proposal of the invention only handles the request message for access identification of the SS to which an 'activating message for access identification' has been sent, thus effectively avoiding DOS attacks or DDOS attacks, realizing the identification and authentication of the SS and the BS and increasing the security.

Description

technical field [0001] The present invention relates to wireless network and information security, more specifically, to a secure access method of wireless metropolitan area network. Background technique [0002] In the field of wireless metropolitan area network, the current mainstream technologies and standards are mainly IEEE802.16 series standards organized by IEEE. In the existing wireless metropolitan area network, when a subscriber station (Subscriber Station, SS for short) accesses a base station (Base Station, BS for short), steps such as authentication and key negotiation need to be performed. In the authentication process, the base station BS authenticates the subscriber station SS by authenticating the digital certificate of the subscriber station SS, so as to prevent the illegal subscriber station SS from accessing the wireless metropolitan area network. The specific authentication process includes: [0003] 1) The subscriber station SS sends an access authent...

AI Technical Summary

Problems solved by technology

[0006] A defect of the existing wireless metropolitan area network access method is that for each subscriber station SS that sends an access authentication request, the base station BS will consume computing resources to check the digital certificate and message signature of the subscriber station SS to determine the subscriber station SS. The identity of the station SS and the validity of the message, thus greatly increasing the calculation burden of the base station BS, resulting in a low load capacity of the base station BS

For example, when the number of access authentication requests sent by the user station SS in a short period of time is relatively large, the base station BS will not be able to respond in time and the wireless metropolitan area network will be paralyzed

In other words, a malicious third party can easily launch a DOS (Denial of Service) or DDOS (Distributed Denial of Service) attack on the base station BS, paralyzing the wireless metropolitan area network

Images