| With the advance of informatization process and popularity of internet, WirelessLocal Area Network has become the important part of digitization cities anddigitization campuses due to its mobility, flexibility and low cost. So many inherenthidden dangers caused by openness and mobility of WLAN easily results in theleakage of user’s authentication information during the process certification, such asusername, password, certificate and so on, and the network information after userpasses the authentication also faces the same threat. Although WLAN provides theencryption in certain form, access authentication issue of WLAN becomes a hot spotas WEP and WPA security technology are effectively cracked in the recent period.IEEE802.1x is the port-based access control protocol standard by IEEE in June,2001, which is used for authentication and key management in IEEE802local areanetwork.8021.1X provides a kind of port-based network control technology, andmakes control over the user’s access by means of ports of switch or AP. In June,2004,IEEE past the security standard of WLAN, namely802.11i standard,802.1xauthentication and key management mode are used in the standard.Taking typical WLAN-wireless campus network as the example, this paperdesigned and implemented IEEE802.1x standard-based wireless campus securityaccess uniform authentication system, including client software W~2AAASupplicantsupporting standard802.1x protocol and authentication server constructed based onfreeRadius+openLDAP. W~2AAASupplicant is independent from authentication servereach other. The network devices which this access uniform authentication systemrelies on are switches or wireless AP supporting802.1X.By client-end software W~2AAASupplicant, user can safely, conveniently connectwith NAS by wireless mode to complete authentication process; user is authorized toaccess campus network after passing authentication. Using object-orientedprogramming method, the client-end state machine and EAP authentication modebased on802.1X standard can implement the client-end software W~2AAASupplicanton the Windows platform, the client-end software supports EAP-MD5,EAP-TLSauthentication mode. Authentication server opens EAP-MD5,EAP-TLS and PEAPauthentication mode, thus multi-RADIUS servers can make the centralized, uniformaccess to LDAP server. Using open source software freeRadius in the Linux as RADIUS server, the open source software openLDAP as LDAP directory server, theopen source software BerkeleyDB as the database of directory server, the backgroundauthentication server of IEEE802local area network security access authenticationsystem is established in the Linux operating system.At last, the client-end software W~2AAASupplicant is implemented by means ofprogramming, the open source software freeRadius+openLDAP in the Linux is usedas the background authentication server. Wireless access point AP supporting802.1Xis used as authentication system to construct the detailed security authenticationsystem experiment platform for wireless local area network, thus verifying thefeasibility, reliability and utility of the implemented access authentication system inthe practice. |
PDF Full Text Request