CN104333859B - A kind of communication management-control method of WLAN - Google Patents

A kind of communication management-control method of WLAN Download PDF

Info

Publication number
CN104333859B
CN104333859B CN201310308882.3A CN201310308882A CN104333859B CN 104333859 B CN104333859 B CN 104333859B CN 201310308882 A CN201310308882 A CN 201310308882A CN 104333859 B CN104333859 B CN 104333859B
Authority
CN
China
Prior art keywords
channel
frame
blocked
blocking
mac address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310308882.3A
Other languages
Chinese (zh)
Other versions
CN104333859A (en
Inventor
朱海涛
朱大立
祁峰
冯维淼
范伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201310308882.3A priority Critical patent/CN104333859B/en
Publication of CN104333859A publication Critical patent/CN104333859A/en
Application granted granted Critical
Publication of CN104333859B publication Critical patent/CN104333859B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W74/00Wireless channel access
    • H04W74/08Non-scheduled access, e.g. ALOHA
    • H04W74/0808Non-scheduled access, e.g. ALOHA using carrier sensing, e.g. carrier sense multiple access [CSMA]
    • H04W74/0816Non-scheduled access, e.g. ALOHA using carrier sensing, e.g. carrier sense multiple access [CSMA] with collision avoidance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a kind of communication management-control method of WLAN.This method is:1)The trawl performance of blocking equipment is changed, blocking equipment is blocked frame to be sent no more than short interFrameGap SIFS;2)Radio local network environment around blocking equipment scanning, is obtained in the access point AP of multi-channel operation to be blocked and the MAC Address of terminal STA;3)Blocking equipment establishes one for each channel and needs to be blocked the channel MAC Address list of access point AP and the MAC Address of terminal STA comprising the channel;4)For each channel to be blocked, blocking equipment is sent after the MAC Address in the channel MAC Address list of the channel is filled to the destination address field for blocking frame.The present invention substantially increases concerning security matters unit or the Information Security in area, and the influence to periphery electromagnetic environment is small.

Description

A kind of communication management-control method of WLAN
Technical field
The present invention relates to a kind of communication management-control method of WLAN, belong to wireless communication technology field.
Technical background
WLAN, i.e. WLAN (Wireless LAN), are the networks to be communicated using wireless transmission medium.Due to WLAN, which has, disposes the characteristics of flexible, easy to use, and can be very good to support that notebook, tablet personal computer, mobile phone etc. are portable The needs of formula terminal mobile Internet access, therefore popularized in business market rapidly.While extensive use, WLAN safety issue It also result in the attention of researcher.WLAN not only faces the security breaches that conventional wired networks are faced, its open spy Point also brings more potential safety hazards for it.
Cable network is controllable by the use of twisted-pair feeder as transmission medium, the border of its transmission signal.And WLAN utilizes 2.4GHz Or 5.8GHz electromagnetic signal, using air as transmission medium, the border of its transmission signal is difficult to constrain and controlled.Believe in WLAN In number coverage, anyone transferring content that need to can be only listened on wireless channel by a simple receiving device, Unauthorized user can easily intercepted data, and this monitoring behavior is difficult to be noticeable.Malicious attacker can be to cutting simultaneously Obtain data to be handled, by distorting the technological means such as initial data, camouflage legal identity, network is attacked.
Wireless local area network technology is quickly grown in China, and mobile communication carrier of China provides WLAN in some regions Access service, the service range of its single access point (Access Point, abbreviation AP) can reach several kilometers, and some parties, The important departments such as political affairs, army, position are located in its service range.Although the current existing relevant regulations in China are forbidden in important portion Door, position are built and using WLANs, but one side is difficult to reach the purpose of safety precaution only by administrative provisions, and one A little leakages of a state or party secret be not party it is intentional caused by;On the other hand for having been located in the important portion in WLAN data service areas Door, position, its internal staff can only pass through a portable equipment for surfing the net, such as mobile phone, it is possible to log in internet, intentional or nothing Meaning blazes abroad sensitive information, and this will bring very big potential safety hazard to China's national security.Therefore, technological means pair is passed through It is important and urgent demand that important department, the wireless LAN communication of part interior, which block,.
According to domestic and foreign literature data, there are many methods that WLAN handling capacities can be greatly lowered, improve packet loss, very Extremely completely WLAN can be blocked to communicate, these methods can be divided into two types:One kind is noise jamming, and one kind is that signaling is done Disturb.
Noise jamming method is by launching interference signal, such as pseudo-random sequence noise signal, drop in WLAN communications bands The signal to noise ratio of low communication channel, unauthorized communication side is not correctly decoded, be finally reached and block the communication of unauthorized communication side Purpose.
Signaling interference method is the distinctive signal that transmitting meets 802.11 serial protocols in WLAN communication channels, in channel Communicating pair is attacked or cheated to the frame of transmission, reaches the effect for blocking the communication of unauthorized communication side.Use on the market at present The product of signaling interference method is mostly to go certification or the method for removing disassociation frame using transmitting.The counterfeit AP of blocking equipment is to terminal Certification/remove disassociation frame is gone in (Station, abbreviation STA) transmitting, goes certification/go disassociation frame to belong to management frame in 802.11 agreements, Can be unconditionally accepted by recipient, therefore STA is after certification/remove disassociation frame is received, will be considered that AP with its disconnect certification/ Association, then can attempt to be authenticated/associate with AP again.Because blocking equipment can constantly launch certification/remove disassociation frame, send out Penetrate it is spaced far be less than certification/association the time required to, therefore STA can maintain the state of re-authentication/association, make unauthorized communication side It can not be communicated.Simultaneously blocking equipment can also counterfeit STA go certification/remove disassociation frame to AP transmittings, can equally reach resistance The effect of disconnected unauthorized communication side's communication.
Existing WLAN blocking equipments much still use the blocking-up method of noise jamming, i.e., in WLAN communications bands, hair Powerful interference signal is penetrated, makes the signal to noise ratio of receiving device reduce, large area packet loss occurs, so that it cannot proper communication.
Interference signal can be narrow band signal or broadband signal.Using during narrow-bandpass filter, it is necessary to control narrow Quickly target complete is disturbed in the frequency sweep in WLAN communications bands, the complete inswept target frequency bands within a period of time, realization to band signal The effect of frequency range.When being disturbed using broadband signal, if jamming signal bandwidth does not take WLAN communications bands completely, it is necessary to multiple width Band interference signal works simultaneously, or does rapid frequency-sweeping with a wideband interferer signal, reaches the purpose for disturbing whole frequency ranges.
The method and technology threshold of noise jamming is relatively low, and realization is easier, and equipment making cost is relatively low in addition, at it He is many, and the communications field is also used widely, such as GSM.
With the development of modern communication technology, analog-modulated technology is gradually digitally modulated technology substitution, in addition various expansions Frequency technology is also widely used so that communication equipment can be communicated in the environment compared with low signal-to-noise ratio.
The method of noise jamming is substantially exactly to reduce the signal to noise ratio of signal of communication, makes unauthorized communication side can not be from channel In be correctly decoded, cause communication disruption.Therefore, while modulation technique develops, the effect of noise jamming method is had a greatly reduced quality.
In 802.11 race's agreements, conventional four kinds of pattern 802.11a/b/g/n, digital modulation technique is all employed, and Spread spectrum technic.Because 802.11g/n pattern transmission rates are higher, therefore most of AP would generally give tacit consent to use at present 802.11g/n patterns, and both mode of operations all use OFDM modulation systems.OFDM uses direct sequence spread spectrum skill, should Technology can increase substantially signal to noise ratio after modulation /demodulation, reduce packet loss.According to noise jamming mode to being operated in Equipment under 802.11g/n patterns is blocked, it is necessary to which higher transmission power can be only achieved the effect effectively blocked, blocking effect Fruit is relatively low, and certain influence may be produced on periphery electromagnetic environment.
According to the regulation in 802.11 agreements, terminal (STA) being carried out with access point (AP) before normal data communication, it is necessary to AP is accessed first.In access procedure, STA initiates request first with AP certifications, is associated, associates with AP again after certification success It can be carried out communicating by rear STA and AP.When needing to stop communication, with access procedure on the contrary, disconnecting association service first, It is then turned off authentication service.At this moment if STA will be communicated with AP, it is necessary to restart access procedure.
Send and go the signaling interference method of association/de-authentication frames to utilize the management frame in 802.11 protocol suites:Remove disassociation frame (Disassociation Frame) and de-authentication frames (Deauthentication Frame).Go association service both can be by STA is initiated, and can also be initiated by AP.It is not a service request, but a notice.Association is gone to take according to agreement regulation The both sides for being engaged in having been associated refuse, and should unconditionally be performed.Authentication service is gone with going association service similar, it is nor please Ask but notify, can not be refused by communicating pair.Because authentication service will be prior to association service in access procedure, therefore work as When AP sends de-authentication frames to the STA associated, STA association service will also terminate.Association service is gone to go to associate by sending Frame is realized, goes authentication service to be realized by sending de-authentication frames.
Transmission goes the signaling interference method of association/de-authentication frames to have many characteristics and advantage.First, transmission goes to associate/go to recognize The signaling interference method of card frame make use of the particular frame in 802.11 agreements, and its barrier effect is relevant with network interface card performance, as long as network interface card Can correctly parse that blocking equipment sends goes association/de-authentication frames, it becomes possible to plays the effect of Communication Block.Therefore, this Kind method blocks efficiency high than noise jamming method, and the effect of interior Communication Block in a big way can be reached with less transmission power. Second, this method individually can carry out Communication Block to some AP or some STA, reach fine-grained communication management and control. 3rd, although this method is that association/de-authentication frames are gone in counterfeit AP or STA transmission, but it need not be to network interface card hardware and network interface card Driving is modified, it is only necessary to is achieved that function in application layer programming, is realized easier.
The blocking-up method for going association/de-authentication frames is sent to go to close, it is necessary to individually send each AP or STA to be blocked Connection/de-authentication frames, it is necessary to cycle through each frame when wait AP the or STA more than one blocked.Generally send and go to associate/go to recognize The blocking way of card frame can't change trawl performance, therefore blocking equipment still will be abided by when association/de-authentication frames are gone in transmission CSMA/CA mechanism is kept, that is, channel is first listened to before sending frame, is just sent only in channel idle, now sends and also needs to Limited by back off time.If equipment to be blocked is relatively more, when cycling through frame, cycle period can be very long, makes to treat Blocking equipment has time enough reconnect after association/authentication is interrupted, and then can carry out short time proper communication, leads to Letter barrier effect is had a greatly reduced quality.
The content of the invention
For may the key unit as caused by WLAN or area information security issue, the present invention proposes a kind of wireless office Domain net communication management-control method, so as to avoid unauthorized communication side enter row information steal or relevant staff error cause letter Breath leakage.
In terms of barrier effect, signaling interference method is better than noise jamming method.The present invention is signaling interference method, it is intended to is solved existing There is transmission to go the signaling interference methods of association/de-authentication frames when blocking AP or STA quantity more, Communication Block effect drastically under Drop, the shortcomings that complete blocking communication can not be accomplished.Meanwhile when sending blocking signaling, by selecting suitable frame, accomplish compatibility 802.11a/b/g/n patterns, blocking signaling is set to be treated blocking equipment (i.e. unauthorized communication side, including all kinds of use as far as possible Family terminal STA and access point AP) identification, improves barrier effect.In addition, also contemplating multichannel is carried out in single transmitting equipment During blocking, the requirement to sending frame.
The main contents of technical solution of the present invention:
A kind of communication management-control method of WLAN, its step are:
1) trawl performance of blocking equipment is changed, blocking equipment is blocked to be sent no more than short interFrameGap SIFS Frame;
2) radio local network environment around blocking equipment scanning, was obtained at the access point AP of multi-channel operation to be blocked and end Hold STA MAC Address;
3) blocking equipment establishes one for each channel and needs to be blocked access point AP and terminal STA comprising the channel The channel MAC Address list of MAC Address;
4) MAC Address in the channel MAC Address list of the channel is filled for each channel to be blocked, blocking equipment Sent after to the destination address field for blocking frame.
Further, the method for changing the trawl performance of the blocking equipment is:The idle channel of modification trawl performance is commented CCA threshold values are estimated, when making blocking equipment progress channel status judgement, it is believed that wireless medium is in idle condition all the time;And reduce Competition window CW value.
Further, network interface card receives signal during by the clear channel assessment (CCA) CCA threshold modifyings for much larger than proper communication Energy value;Competition window CW values are taken as the minimum value that the blocking equipment network interface card allowed.
Further, the channel is recycled when the access point AP or not unique terminal STA in channel is blocked when a certain Channel MAC Address list in MAC Address filling block frame, then send.
Further, the blocking frame built every time is only sent once in a wheel circulation.
Further, it is described to block frame as the ACK control frame in 802.11 agreements.
Further, the channel to be blocked is pre-set channel.
Further, the channel to be blocked is the channel determined according to scanning result.
Further, disguise oneself as access point AP or terminal STA of the blocking equipment sends the blocking frame.
Further, the WLAN is the WLAN for meeting the communication of CSMA/CA mechanism.
Compared with prior art, beneficial effects of the present invention:
1. the present invention realizes that its barrier effect will not to unauthorized user Communication Block function by way of channel occupancy Because AP the and STA quantity that is worked in channel number change, Communication Block effect stability, it is possible to achieve block completely logical Letter.
2. the present invention uses ACK frame busy channels, ACK frames can be identified by all devices, the strong applicability of Communication Block; ACK frames are shorter, and it is more can to meet that the single WLAN network interface card in needs blocking equipment is taken by cyclic switching channel The demand of individual channel;Using existing MAC Address fills the RA domains of ACK frames in the channel, prevent special network interface card is escaped from blocking, Strengthen the compatibility of Communication Block, substantially increase concerning security matters unit or the Information Security in area.
3. the present invention is the blocking of signaling level, relative to noise jamming method, it can be obtained with less transmission power with The same Communication Block scope of noise jamming method;The present invention takes full advantage of CSMA/CA mechanism, sends resistance at a time interval Disconnected frame, on the premise of barrier effect is ensured, the emitting times in the unit interval are reduced, further reduce it to electromagnetism ring around The influence in border.
Brief description of the drawings
Fig. 1 is ACK frame formats;
Fig. 2 workflow diagrams of the present invention.
Embodiment
The present invention is disturbed for signaling, but the signaling interference method of association/de-authentication frames is gone different from traditional transmission, but is believed Make the channel occupancy method of level.This method make use of the CSMA/CA mechanism of 802.11 agreements, under CSMA/CA mechanism, sender First monitor channel state is needed before sending, if waiting SIFS (Short Interframe Space, between short interframe Every) or DIFS (DCF Interframe Space, distributed inter-frame space) afterwards (such as:Need to wait before sending data frame DIFS, need to wait SIFS before sending ACK frames), channel is still idle, then starts a random generation Backoff time timer, During counter decrements to zero, if channel is still idle, just start to send.If during monitor channel, find Channel busy, then delay a period of time, return listening state.Blocking equipment of the present invention is persistently sent in the channel meets 802.11 The frame of agreement, and not fully observe when sending the limitation of CSMA/CA mechanism, i.e. only a fixed wait is not more than between two frames SIFS intervals, so as to shield normal monitor channel process, random Backoff time is not waited for yet.Pass through lasting transmission Frame, channel capacity is caused to be otherwise fully engaged, the unauthorized communication side for the meeting CSMA/CA communication equipment in channel is in monitor channel When, will be considered that channel is constantly in busy state, and can not taking over channels send the frame of oneself so that unauthorized communication side leads to Letter interrupts, and reaches the purpose for blocking unauthorized communication.The blocking target of this method is not some AP or STA, but some Channel, therefore its barrier effect is not influenceed by AP and STA quantity.
Blocking equipment uses wireless universal LAN network interface card in hardware realization, because manufacturer is when selling network interface card, only carries The network interface card hardware and software driving that can meet 802.11 agreement proper communications is supplied.Therefore, in order that network interface card is not operate at CSMA/ Under CA mechanism, the present invention needs to modify to the trawl performance of blocking equipment.Network interface card manufacturer is for technical know-how, execution efficiency Etc. consideration, often network interface card partial bottom layer function is solidificated on hardware chip, without being provided with drive form, so very The difficult method by changing driving changes transmission flow, directly skips CSMA/CA mechanism, and can only be by changing variable and deposit The method of device value (changing CCA threshold values and CW values), masked segment function, makes this partial function be operated in abnormal condition, Reach the effect for not observing CSMA/CA mechanism.
First monitor channel is wanted before sending data in CSMA/CA mechanism, it is by changing CCA (Clear to shield this function Channel Assessment, i.e. clear channel assessment (CCA)) threshold value realization.CCA is used to make physical layer according to certain condition to sentence Disconnected wireless medium is busy or idle.Network interface card physical layer is defined in 802.11 agreements will at least meet that following three CCA is realized One kind in mode:
1. energy exceedes threshold value:CCA should detect it is any beyond the energy of threshold value when report medium be in busy condition;
2. only carrier sense:Only when listening to the signal for meeting 802.11 agreements, CCA report media are in busy condition, The signal energy can be higher or lower than threshold value;
Carrier sense when 3. energy exceedes threshold value:When detecting that energy exceedes the signal of threshold value, CCA report media are in Busy condition.
The network interface card that the present invention selects uses the first implementation.By changing CCA threshold values, threshold value is set to be much larger than positive normal open Network interface card receives the energy value of signal during letter, and such CCA will be considered that medium is in idle shape all the time when doing channel status judgement State, as long as now Backoff time counter is decremented to zero, it is possible to send data immediately.
Regulation is made to minimum Backoff time in 802.11 agreements, Backoff time is calculated by below equation:
Backoff time=random number × time slot time
Wherein, random number is an integer, and its value is between [0, CW].CW is competition window, and its value should be in agreement In the range of defined competition window.If sender's channel in Backoff time is constantly in busy, then can be increased with exponential form Big competition window CW value, until CW values reach maximum.Competition window minimum 7 is provided in standard, is up to 255.During time slot Between be as defined in physical layer characteristic, be fixed value.
Because the present invention has been modified by CCA threshold values, it is always idle condition that channel is will be considered that in channel-monitoring, so only The minimum value CWmin for needing to reduce CW is to reduce random number value, it is possible to shortens Backoff time.
It can be seen that by increasing CCA threshold values, and reduce the method for CWmin values, so that it may so that network interface card is when sending frame CSMA/CA limitation is broken away from, frame is sent with the Fixed Time Interval of setting, it is normal that this time interval can be far smaller than network interface card Transmission interval during work.
When carrying out channel occupancy, select suitable signal busy channel extremely important.Because if the signal of transmitting is such as Fruit treats the CSMA/CA mechanism of blocking equipment without triggering, then does not just have the effect of busy channel.Present invention selection ACK frames, ACK frames are control frames, and it can be sent by AP or be sent by STA, and same AP and STA can also parse ACK frames, so Just do not have to consider that blocking equipment disguises oneself as AP or STA.ACK frames confirm to be properly received data for receiving direction sender Frame.Blocking equipment carrys out busy channel when being blocked, by ACK frames are sent.
Selection sends ACK frames and realizes channel occupancy, mainly there is following reason:
First, ACK are one kind of control frame, and frame format is fixed, and should be able to all parse ACK frames according to agreement AP and STA, its is simultaneous Capacitive is preferable.
Second, according to 802.11 agreements, source (Source) after data frame has been sent, target (Destination) is waiting ACK is sent after SIFS.SIFS is less than DIFS, and the bottom function of some network interface cards is cured within hardware, does not support with SIFS Data frame, management frame are sent for interval, because these frames will at least wait DIFS before sending according to agreement.Select ACK frames just The limitation of network interface card can be avoided, frame is sent with shorter time interval, more fully busy channel, Communication Block effect is more excellent.
3rd, ACK frame length are shorter, and MAC header only has 10 bytes, and its frame format is as shown in Figure 1.Advised according to 802.11 agreements Sender is determined before data frame is sent, at least to wait channel idle DIFS, is appointed even if interior blocking equipment this period is not sent What frame, data communication is there will not be in channel.When carrying out Communication Block with channel occupancy method, when can make full use of this Between, tranmitting frequency is reduced, improves efficiency.Frame as busy channel is shorter, its send time it is also shorter, and DIFS be it is fixed, Therefore fixed DIFS is obtained with shorter launch time, can further improve blocking efficiency.
In addition, in order to improve the utilization rate of blocking equipment, it is sometimes desirable to use a WLAN in blocking equipment Network interface card takes multiple channels, and blocking equipment can be sent out by making the network interface card be switched to another channel after a channel sends frame Send, move in circles.The frame length of transmission is shorter, and the transmission time is also shorter, and the network interface card can also be got in the time that each channel is resident Short, the cycle so sent once in each Channel cyclical will also shorten, and the frequency of frame is sent on some channel to be improved, To ensure barrier effect.And this demand can be met from ACK frames.
By theory analysis and a large amount of actual tests, the present invention has selected ACK frames to carry out busy channel.Blocking equipment is using letter The basic procedure that road takes method is as shown in Figure 2.Radio local network environment first around scanning.Then scanning is obtained all kinds of Frame is analyzed, and therefrom obtains the MAC Address in the AP and STA of multi-channel operation to be blocked.One is established then for each channel The list of the individual MAC Address comprising the channel all AP and STA.4th step, the MAC Address in list is filled to ACK frames RA domains, as shown in figure 1, RA domains are the destination address of ACK frames.5th step, the network interface card that the ACK frames built are passed through into blocking equipment Physical layer is sent to channel to be blocked, and (channel to be blocked can be with pre-set, for example only blocks channel 1 to channel 6, no matter existing On these channels either with or without equipment.It can also be determined by scanning result, for example only have communication on channel 1 in 13 channels, So just only block channel 1).When a certain when the AP or STA not unique in channel is blocked, arranged successively with the channel MAC Address MAC Address filling ACK frames in table, then send, in the channel MAC Address list after whole MAC all uses, then use First MAC Address starts to fill, and and so on circulates.The ACK frames built every time are only sent once in a wheel circulation.If work as When only AP or STA in channel is blocked, it is only necessary to circulated in the 5th step, persistently send ACK frames.
In the present invention ACK frames are filled using the AP and STA MAC Address that work in the channel, rather than with fixation Address or random address filling.Some equipment by particular design, it is " only carrier sense " and only right by CCA function setting Destination address responds for the frame of own MAC address.If sent out with the address of fixation or random address filling ACK frames on channel Send, these equipment still will be considered that channel idle and continue to send the data of oneself, and causing can not blocking communication.And the present invention exists After scanning channel, ACK frames are filled with the AP and STA MAC Address of itself, make whether these communication equipments can not differentiate ACK frames It is caused in proper communication, and must receives and parse, it is sent data frame after waiting at least for DIFS, be finally reached Block the purpose of unauthorized communication.

Claims (10)

1. a kind of communication management-control method of WLAN, its step are:
1)The trawl performance of blocking equipment is changed, blocking equipment is blocked frame to be sent no more than short interFrameGap SIFS;
2)Radio local network environment around blocking equipment scanning, obtains the access point AP and terminal in multi-channel operation to be blocked STA MAC Address;
3)Blocking equipment is established one for each channel and needed with being blocked the access point AP and MAC of terminal STA comprising the channel The channel MAC Address list of location;
4)For each channel to be blocked, blocking equipment fills the MAC Address in the channel MAC Address list of the channel to resistance Sent after the destination address field of disconnected frame.
2. the method as described in claim 1, it is characterised in that the method for changing the trawl performance of the blocking equipment is:Modification The clear channel assessment (CCA) CCA threshold values of trawl performance, when making blocking equipment progress channel status judgement, it is believed that wireless medium is located all the time In idle condition;And reduce competition window CW value.
3. method as claimed in claim 2, it is characterised in that by the clear channel assessment (CCA) CCA threshold modifyings for much larger than just Network interface card receives the energy value of signal when normal open is believed;Competition window CW values are taken as the minimum that the blocking equipment network interface card allowed Value.
4. the method as described in claim 1, it is characterised in that when the access point AP in a certain channel to be blocked or terminal STA not When unique, the MAC Address filling recycled in the channel MAC Address list of the channel blocks frame, then sends.
5. method as claimed in claim 4, it is characterised in that the blocking frame built every time is only sent once in a wheel circulation.
6. method as claimed in claim 1 or 2 or 3 or 4, it is characterised in that described to block frame as the ACK in 802.11 agreements Control frame.
7. method as claimed in claim 1 or 2 or 3 or 4, it is characterised in that the channel to be blocked is pre-set letter Road.
8. method as claimed in claim 1 or 2 or 3 or 4, it is characterised in that the channel to be blocked is true according to scanning result Fixed channel.
9. method as claimed in claim 1 or 2 or 3 or 4, it is characterised in that the blocking equipment disguises oneself as access point AP or end STA is held to send the blocking frame.
10. the method as described in claim 1, it is characterised in that the WLAN is to meet what CSMA/CA mechanism communicated WLAN.
CN201310308882.3A 2013-07-22 2013-07-22 A kind of communication management-control method of WLAN Active CN104333859B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310308882.3A CN104333859B (en) 2013-07-22 2013-07-22 A kind of communication management-control method of WLAN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310308882.3A CN104333859B (en) 2013-07-22 2013-07-22 A kind of communication management-control method of WLAN

Publications (2)

Publication Number Publication Date
CN104333859A CN104333859A (en) 2015-02-04
CN104333859B true CN104333859B (en) 2017-11-14

Family

ID=52408491

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310308882.3A Active CN104333859B (en) 2013-07-22 2013-07-22 A kind of communication management-control method of WLAN

Country Status (1)

Country Link
CN (1) CN104333859B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190230618A1 (en) * 2018-01-23 2019-07-25 Nokia Technologies Oy Using sidelink information in radio-based positioning
CN109067436B (en) * 2018-09-25 2021-09-21 河南科技大学 Backward compatible wireless local area network multi-AP cooperative communication method
CN114567938B (en) * 2022-01-26 2024-05-14 青岛东软载波科技股份有限公司 Optimization method of wireless communication CSMA/CA based on hardware performance adjustment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1518362A1 (en) * 2002-06-28 2005-03-30 Thomson Licensing S.A. Method of creation of a new communication network by a wireless terminal and terminal implementing the method
CN101540667A (en) * 2008-03-18 2009-09-23 北京邮电电话设备厂 Method and equipment for interfering with communication in wireless local area network
CN102413582A (en) * 2012-01-06 2012-04-11 北京邮电大学 Method for accessing 802.11 wireless network channel under centralized control

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1518362A1 (en) * 2002-06-28 2005-03-30 Thomson Licensing S.A. Method of creation of a new communication network by a wireless terminal and terminal implementing the method
CN101540667A (en) * 2008-03-18 2009-09-23 北京邮电电话设备厂 Method and equipment for interfering with communication in wireless local area network
CN102413582A (en) * 2012-01-06 2012-04-11 北京邮电大学 Method for accessing 802.11 wireless network channel under centralized control

Also Published As

Publication number Publication date
CN104333859A (en) 2015-02-04

Similar Documents

Publication Publication Date Title
JP7428723B2 (en) Method and apparatus for secure access control in wireless communications
CN104066091B (en) Channel Sharing in radio communication
US20090016529A1 (en) Method and system for prevention of unauthorized communication over 802.11w and related wireless protocols
CN109906655A (en) Improved two stages authorization in unlicensed cell
Chen et al. Protecting wireless networks against a denial of service attack based on virtual jamming
Safdar et al. Common control channel security framework for cognitive radio networks
Yu et al. Improving 4G/5G air interface security: A survey of existing attacks on different LTE layers
CN108476506A (en) User terminal, wireless base station and wireless communications method
JP2023517107A (en) Wireless intrusion prevention system, wireless network system including same, and method of operating wireless network system
CN103118360A (en) System blocking wireless mobile terminals
CN104333858B (en) It is a kind of based on the channel resource control method for going association/de-authentication frames
Idoudi et al. Security challenges in cognitive radio networks
US20210377728A1 (en) Enhanced physical layer security
TW201924289A (en) Incorporating network policies in key generation
CN104333859B (en) A kind of communication management-control method of WLAN
Zhu et al. Two types of attacks against cognitive radio network MAC protocols
CN107211488A (en) It is used for the method to the business datum application safety of reception by what the WLAN node in integrated wireless communications network was performed
Thanu Detection of primary user emulation attacks in cognitive radio networks
Tan et al. {CellDAM}:{User-Space}, Rootless Detection and Mitigation for 5G Data Plane
CN103607755B (en) Wireless local area network communication channel control method based on frequency hopping
McHugh et al. Next generation wireless-LAN: Security issues and performance analysis
WO2008130126A1 (en) Method for performing initial ranging in wireless communication system
Afaqui Contributions to the evolution of next generation WLANs
Basak et al. An overview of wireless local area networks and security system
Ma et al. Security Access in Wireless Local Area Networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant