CN104333859B - A kind of communication management-control method of WLAN - Google Patents
A kind of communication management-control method of WLAN Download PDFInfo
- Publication number
- CN104333859B CN104333859B CN201310308882.3A CN201310308882A CN104333859B CN 104333859 B CN104333859 B CN 104333859B CN 201310308882 A CN201310308882 A CN 201310308882A CN 104333859 B CN104333859 B CN 104333859B
- Authority
- CN
- China
- Prior art keywords
- channel
- frame
- blocked
- blocking
- mac address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 61
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000000903 blocking effect Effects 0.000 claims abstract description 64
- 101100172132 Mus musculus Eif3a gene Proteins 0.000 claims description 14
- 230000007246 mechanism Effects 0.000 claims description 12
- 238000012986 modification Methods 0.000 claims description 2
- 230000004048 modification Effects 0.000 claims description 2
- 230000000051 modifying effect Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 description 21
- 230000000694 effects Effects 0.000 description 20
- 230000011664 signaling Effects 0.000 description 14
- 230000004888 barrier function Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 8
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 235000013399 edible fruits Nutrition 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000001228 spectrum Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000007630 basic procedure Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000001351 cycling effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010408 sweeping Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W74/00—Wireless channel access
- H04W74/08—Non-scheduled access, e.g. ALOHA
- H04W74/0808—Non-scheduled access, e.g. ALOHA using carrier sensing, e.g. carrier sense multiple access [CSMA]
- H04W74/0816—Non-scheduled access, e.g. ALOHA using carrier sensing, e.g. carrier sense multiple access [CSMA] with collision avoidance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a kind of communication management-control method of WLAN.This method is:1)The trawl performance of blocking equipment is changed, blocking equipment is blocked frame to be sent no more than short interFrameGap SIFS;2)Radio local network environment around blocking equipment scanning, is obtained in the access point AP of multi-channel operation to be blocked and the MAC Address of terminal STA;3)Blocking equipment establishes one for each channel and needs to be blocked the channel MAC Address list of access point AP and the MAC Address of terminal STA comprising the channel;4)For each channel to be blocked, blocking equipment is sent after the MAC Address in the channel MAC Address list of the channel is filled to the destination address field for blocking frame.The present invention substantially increases concerning security matters unit or the Information Security in area, and the influence to periphery electromagnetic environment is small.
Description
Technical field
The present invention relates to a kind of communication management-control method of WLAN, belong to wireless communication technology field.
Technical background
WLAN, i.e. WLAN (Wireless LAN), are the networks to be communicated using wireless transmission medium.Due to
WLAN, which has, disposes the characteristics of flexible, easy to use, and can be very good to support that notebook, tablet personal computer, mobile phone etc. are portable
The needs of formula terminal mobile Internet access, therefore popularized in business market rapidly.While extensive use, WLAN safety issue
It also result in the attention of researcher.WLAN not only faces the security breaches that conventional wired networks are faced, its open spy
Point also brings more potential safety hazards for it.
Cable network is controllable by the use of twisted-pair feeder as transmission medium, the border of its transmission signal.And WLAN utilizes 2.4GHz
Or 5.8GHz electromagnetic signal, using air as transmission medium, the border of its transmission signal is difficult to constrain and controlled.Believe in WLAN
In number coverage, anyone transferring content that need to can be only listened on wireless channel by a simple receiving device,
Unauthorized user can easily intercepted data, and this monitoring behavior is difficult to be noticeable.Malicious attacker can be to cutting simultaneously
Obtain data to be handled, by distorting the technological means such as initial data, camouflage legal identity, network is attacked.
Wireless local area network technology is quickly grown in China, and mobile communication carrier of China provides WLAN in some regions
Access service, the service range of its single access point (Access Point, abbreviation AP) can reach several kilometers, and some parties,
The important departments such as political affairs, army, position are located in its service range.Although the current existing relevant regulations in China are forbidden in important portion
Door, position are built and using WLANs, but one side is difficult to reach the purpose of safety precaution only by administrative provisions, and one
A little leakages of a state or party secret be not party it is intentional caused by;On the other hand for having been located in the important portion in WLAN data service areas
Door, position, its internal staff can only pass through a portable equipment for surfing the net, such as mobile phone, it is possible to log in internet, intentional or nothing
Meaning blazes abroad sensitive information, and this will bring very big potential safety hazard to China's national security.Therefore, technological means pair is passed through
It is important and urgent demand that important department, the wireless LAN communication of part interior, which block,.
According to domestic and foreign literature data, there are many methods that WLAN handling capacities can be greatly lowered, improve packet loss, very
Extremely completely WLAN can be blocked to communicate, these methods can be divided into two types:One kind is noise jamming, and one kind is that signaling is done
Disturb.
Noise jamming method is by launching interference signal, such as pseudo-random sequence noise signal, drop in WLAN communications bands
The signal to noise ratio of low communication channel, unauthorized communication side is not correctly decoded, be finally reached and block the communication of unauthorized communication side
Purpose.
Signaling interference method is the distinctive signal that transmitting meets 802.11 serial protocols in WLAN communication channels, in channel
Communicating pair is attacked or cheated to the frame of transmission, reaches the effect for blocking the communication of unauthorized communication side.Use on the market at present
The product of signaling interference method is mostly to go certification or the method for removing disassociation frame using transmitting.The counterfeit AP of blocking equipment is to terminal
Certification/remove disassociation frame is gone in (Station, abbreviation STA) transmitting, goes certification/go disassociation frame to belong to management frame in 802.11 agreements,
Can be unconditionally accepted by recipient, therefore STA is after certification/remove disassociation frame is received, will be considered that AP with its disconnect certification/
Association, then can attempt to be authenticated/associate with AP again.Because blocking equipment can constantly launch certification/remove disassociation frame, send out
Penetrate it is spaced far be less than certification/association the time required to, therefore STA can maintain the state of re-authentication/association, make unauthorized communication side
It can not be communicated.Simultaneously blocking equipment can also counterfeit STA go certification/remove disassociation frame to AP transmittings, can equally reach resistance
The effect of disconnected unauthorized communication side's communication.
Existing WLAN blocking equipments much still use the blocking-up method of noise jamming, i.e., in WLAN communications bands, hair
Powerful interference signal is penetrated, makes the signal to noise ratio of receiving device reduce, large area packet loss occurs, so that it cannot proper communication.
Interference signal can be narrow band signal or broadband signal.Using during narrow-bandpass filter, it is necessary to control narrow
Quickly target complete is disturbed in the frequency sweep in WLAN communications bands, the complete inswept target frequency bands within a period of time, realization to band signal
The effect of frequency range.When being disturbed using broadband signal, if jamming signal bandwidth does not take WLAN communications bands completely, it is necessary to multiple width
Band interference signal works simultaneously, or does rapid frequency-sweeping with a wideband interferer signal, reaches the purpose for disturbing whole frequency ranges.
The method and technology threshold of noise jamming is relatively low, and realization is easier, and equipment making cost is relatively low in addition, at it
He is many, and the communications field is also used widely, such as GSM.
With the development of modern communication technology, analog-modulated technology is gradually digitally modulated technology substitution, in addition various expansions
Frequency technology is also widely used so that communication equipment can be communicated in the environment compared with low signal-to-noise ratio.
The method of noise jamming is substantially exactly to reduce the signal to noise ratio of signal of communication, makes unauthorized communication side can not be from channel
In be correctly decoded, cause communication disruption.Therefore, while modulation technique develops, the effect of noise jamming method is had a greatly reduced quality.
In 802.11 race's agreements, conventional four kinds of pattern 802.11a/b/g/n, digital modulation technique is all employed, and
Spread spectrum technic.Because 802.11g/n pattern transmission rates are higher, therefore most of AP would generally give tacit consent to use at present
802.11g/n patterns, and both mode of operations all use OFDM modulation systems.OFDM uses direct sequence spread spectrum skill, should
Technology can increase substantially signal to noise ratio after modulation /demodulation, reduce packet loss.According to noise jamming mode to being operated in
Equipment under 802.11g/n patterns is blocked, it is necessary to which higher transmission power can be only achieved the effect effectively blocked, blocking effect
Fruit is relatively low, and certain influence may be produced on periphery electromagnetic environment.
According to the regulation in 802.11 agreements, terminal (STA) being carried out with access point (AP) before normal data communication, it is necessary to
AP is accessed first.In access procedure, STA initiates request first with AP certifications, is associated, associates with AP again after certification success
It can be carried out communicating by rear STA and AP.When needing to stop communication, with access procedure on the contrary, disconnecting association service first,
It is then turned off authentication service.At this moment if STA will be communicated with AP, it is necessary to restart access procedure.
Send and go the signaling interference method of association/de-authentication frames to utilize the management frame in 802.11 protocol suites:Remove disassociation frame
(Disassociation Frame) and de-authentication frames (Deauthentication Frame).Go association service both can be by
STA is initiated, and can also be initiated by AP.It is not a service request, but a notice.Association is gone to take according to agreement regulation
The both sides for being engaged in having been associated refuse, and should unconditionally be performed.Authentication service is gone with going association service similar, it is nor please
Ask but notify, can not be refused by communicating pair.Because authentication service will be prior to association service in access procedure, therefore work as
When AP sends de-authentication frames to the STA associated, STA association service will also terminate.Association service is gone to go to associate by sending
Frame is realized, goes authentication service to be realized by sending de-authentication frames.
Transmission goes the signaling interference method of association/de-authentication frames to have many characteristics and advantage.First, transmission goes to associate/go to recognize
The signaling interference method of card frame make use of the particular frame in 802.11 agreements, and its barrier effect is relevant with network interface card performance, as long as network interface card
Can correctly parse that blocking equipment sends goes association/de-authentication frames, it becomes possible to plays the effect of Communication Block.Therefore, this
Kind method blocks efficiency high than noise jamming method, and the effect of interior Communication Block in a big way can be reached with less transmission power.
Second, this method individually can carry out Communication Block to some AP or some STA, reach fine-grained communication management and control.
3rd, although this method is that association/de-authentication frames are gone in counterfeit AP or STA transmission, but it need not be to network interface card hardware and network interface card
Driving is modified, it is only necessary to is achieved that function in application layer programming, is realized easier.
The blocking-up method for going association/de-authentication frames is sent to go to close, it is necessary to individually send each AP or STA to be blocked
Connection/de-authentication frames, it is necessary to cycle through each frame when wait AP the or STA more than one blocked.Generally send and go to associate/go to recognize
The blocking way of card frame can't change trawl performance, therefore blocking equipment still will be abided by when association/de-authentication frames are gone in transmission
CSMA/CA mechanism is kept, that is, channel is first listened to before sending frame, is just sent only in channel idle, now sends and also needs to
Limited by back off time.If equipment to be blocked is relatively more, when cycling through frame, cycle period can be very long, makes to treat
Blocking equipment has time enough reconnect after association/authentication is interrupted, and then can carry out short time proper communication, leads to
Letter barrier effect is had a greatly reduced quality.
The content of the invention
For may the key unit as caused by WLAN or area information security issue, the present invention proposes a kind of wireless office
Domain net communication management-control method, so as to avoid unauthorized communication side enter row information steal or relevant staff error cause letter
Breath leakage.
In terms of barrier effect, signaling interference method is better than noise jamming method.The present invention is signaling interference method, it is intended to is solved existing
There is transmission to go the signaling interference methods of association/de-authentication frames when blocking AP or STA quantity more, Communication Block effect drastically under
Drop, the shortcomings that complete blocking communication can not be accomplished.Meanwhile when sending blocking signaling, by selecting suitable frame, accomplish compatibility
802.11a/b/g/n patterns, blocking signaling is set to be treated blocking equipment (i.e. unauthorized communication side, including all kinds of use as far as possible
Family terminal STA and access point AP) identification, improves barrier effect.In addition, also contemplating multichannel is carried out in single transmitting equipment
During blocking, the requirement to sending frame.
The main contents of technical solution of the present invention:
A kind of communication management-control method of WLAN, its step are:
1) trawl performance of blocking equipment is changed, blocking equipment is blocked to be sent no more than short interFrameGap SIFS
Frame;
2) radio local network environment around blocking equipment scanning, was obtained at the access point AP of multi-channel operation to be blocked and end
Hold STA MAC Address;
3) blocking equipment establishes one for each channel and needs to be blocked access point AP and terminal STA comprising the channel
The channel MAC Address list of MAC Address;
4) MAC Address in the channel MAC Address list of the channel is filled for each channel to be blocked, blocking equipment
Sent after to the destination address field for blocking frame.
Further, the method for changing the trawl performance of the blocking equipment is:The idle channel of modification trawl performance is commented
CCA threshold values are estimated, when making blocking equipment progress channel status judgement, it is believed that wireless medium is in idle condition all the time;And reduce
Competition window CW value.
Further, network interface card receives signal during by the clear channel assessment (CCA) CCA threshold modifyings for much larger than proper communication
Energy value;Competition window CW values are taken as the minimum value that the blocking equipment network interface card allowed.
Further, the channel is recycled when the access point AP or not unique terminal STA in channel is blocked when a certain
Channel MAC Address list in MAC Address filling block frame, then send.
Further, the blocking frame built every time is only sent once in a wheel circulation.
Further, it is described to block frame as the ACK control frame in 802.11 agreements.
Further, the channel to be blocked is pre-set channel.
Further, the channel to be blocked is the channel determined according to scanning result.
Further, disguise oneself as access point AP or terminal STA of the blocking equipment sends the blocking frame.
Further, the WLAN is the WLAN for meeting the communication of CSMA/CA mechanism.
Compared with prior art, beneficial effects of the present invention:
1. the present invention realizes that its barrier effect will not to unauthorized user Communication Block function by way of channel occupancy
Because AP the and STA quantity that is worked in channel number change, Communication Block effect stability, it is possible to achieve block completely logical
Letter.
2. the present invention uses ACK frame busy channels, ACK frames can be identified by all devices, the strong applicability of Communication Block;
ACK frames are shorter, and it is more can to meet that the single WLAN network interface card in needs blocking equipment is taken by cyclic switching channel
The demand of individual channel;Using existing MAC Address fills the RA domains of ACK frames in the channel, prevent special network interface card is escaped from blocking,
Strengthen the compatibility of Communication Block, substantially increase concerning security matters unit or the Information Security in area.
3. the present invention is the blocking of signaling level, relative to noise jamming method, it can be obtained with less transmission power with
The same Communication Block scope of noise jamming method;The present invention takes full advantage of CSMA/CA mechanism, sends resistance at a time interval
Disconnected frame, on the premise of barrier effect is ensured, the emitting times in the unit interval are reduced, further reduce it to electromagnetism ring around
The influence in border.
Brief description of the drawings
Fig. 1 is ACK frame formats;
Fig. 2 workflow diagrams of the present invention.
Embodiment
The present invention is disturbed for signaling, but the signaling interference method of association/de-authentication frames is gone different from traditional transmission, but is believed
Make the channel occupancy method of level.This method make use of the CSMA/CA mechanism of 802.11 agreements, under CSMA/CA mechanism, sender
First monitor channel state is needed before sending, if waiting SIFS (Short Interframe Space, between short interframe
Every) or DIFS (DCF Interframe Space, distributed inter-frame space) afterwards (such as:Need to wait before sending data frame
DIFS, need to wait SIFS before sending ACK frames), channel is still idle, then starts a random generation Backoff time timer,
During counter decrements to zero, if channel is still idle, just start to send.If during monitor channel, find
Channel busy, then delay a period of time, return listening state.Blocking equipment of the present invention is persistently sent in the channel meets 802.11
The frame of agreement, and not fully observe when sending the limitation of CSMA/CA mechanism, i.e. only a fixed wait is not more than between two frames
SIFS intervals, so as to shield normal monitor channel process, random Backoff time is not waited for yet.Pass through lasting transmission
Frame, channel capacity is caused to be otherwise fully engaged, the unauthorized communication side for the meeting CSMA/CA communication equipment in channel is in monitor channel
When, will be considered that channel is constantly in busy state, and can not taking over channels send the frame of oneself so that unauthorized communication side leads to
Letter interrupts, and reaches the purpose for blocking unauthorized communication.The blocking target of this method is not some AP or STA, but some
Channel, therefore its barrier effect is not influenceed by AP and STA quantity.
Blocking equipment uses wireless universal LAN network interface card in hardware realization, because manufacturer is when selling network interface card, only carries
The network interface card hardware and software driving that can meet 802.11 agreement proper communications is supplied.Therefore, in order that network interface card is not operate at CSMA/
Under CA mechanism, the present invention needs to modify to the trawl performance of blocking equipment.Network interface card manufacturer is for technical know-how, execution efficiency
Etc. consideration, often network interface card partial bottom layer function is solidificated on hardware chip, without being provided with drive form, so very
The difficult method by changing driving changes transmission flow, directly skips CSMA/CA mechanism, and can only be by changing variable and deposit
The method of device value (changing CCA threshold values and CW values), masked segment function, makes this partial function be operated in abnormal condition,
Reach the effect for not observing CSMA/CA mechanism.
First monitor channel is wanted before sending data in CSMA/CA mechanism, it is by changing CCA (Clear to shield this function
Channel Assessment, i.e. clear channel assessment (CCA)) threshold value realization.CCA is used to make physical layer according to certain condition to sentence
Disconnected wireless medium is busy or idle.Network interface card physical layer is defined in 802.11 agreements will at least meet that following three CCA is realized
One kind in mode:
1. energy exceedes threshold value:CCA should detect it is any beyond the energy of threshold value when report medium be in busy condition;
2. only carrier sense:Only when listening to the signal for meeting 802.11 agreements, CCA report media are in busy condition,
The signal energy can be higher or lower than threshold value;
Carrier sense when 3. energy exceedes threshold value:When detecting that energy exceedes the signal of threshold value, CCA report media are in
Busy condition.
The network interface card that the present invention selects uses the first implementation.By changing CCA threshold values, threshold value is set to be much larger than positive normal open
Network interface card receives the energy value of signal during letter, and such CCA will be considered that medium is in idle shape all the time when doing channel status judgement
State, as long as now Backoff time counter is decremented to zero, it is possible to send data immediately.
Regulation is made to minimum Backoff time in 802.11 agreements, Backoff time is calculated by below equation:
Backoff time=random number × time slot time
Wherein, random number is an integer, and its value is between [0, CW].CW is competition window, and its value should be in agreement
In the range of defined competition window.If sender's channel in Backoff time is constantly in busy, then can be increased with exponential form
Big competition window CW value, until CW values reach maximum.Competition window minimum 7 is provided in standard, is up to 255.During time slot
Between be as defined in physical layer characteristic, be fixed value.
Because the present invention has been modified by CCA threshold values, it is always idle condition that channel is will be considered that in channel-monitoring, so only
The minimum value CWmin for needing to reduce CW is to reduce random number value, it is possible to shortens Backoff time.
It can be seen that by increasing CCA threshold values, and reduce the method for CWmin values, so that it may so that network interface card is when sending frame
CSMA/CA limitation is broken away from, frame is sent with the Fixed Time Interval of setting, it is normal that this time interval can be far smaller than network interface card
Transmission interval during work.
When carrying out channel occupancy, select suitable signal busy channel extremely important.Because if the signal of transmitting is such as
Fruit treats the CSMA/CA mechanism of blocking equipment without triggering, then does not just have the effect of busy channel.Present invention selection ACK frames,
ACK frames are control frames, and it can be sent by AP or be sent by STA, and same AP and STA can also parse ACK frames, so
Just do not have to consider that blocking equipment disguises oneself as AP or STA.ACK frames confirm to be properly received data for receiving direction sender
Frame.Blocking equipment carrys out busy channel when being blocked, by ACK frames are sent.
Selection sends ACK frames and realizes channel occupancy, mainly there is following reason:
First, ACK are one kind of control frame, and frame format is fixed, and should be able to all parse ACK frames according to agreement AP and STA, its is simultaneous
Capacitive is preferable.
Second, according to 802.11 agreements, source (Source) after data frame has been sent, target (Destination) is waiting
ACK is sent after SIFS.SIFS is less than DIFS, and the bottom function of some network interface cards is cured within hardware, does not support with SIFS
Data frame, management frame are sent for interval, because these frames will at least wait DIFS before sending according to agreement.Select ACK frames just
The limitation of network interface card can be avoided, frame is sent with shorter time interval, more fully busy channel, Communication Block effect is more excellent.
3rd, ACK frame length are shorter, and MAC header only has 10 bytes, and its frame format is as shown in Figure 1.Advised according to 802.11 agreements
Sender is determined before data frame is sent, at least to wait channel idle DIFS, is appointed even if interior blocking equipment this period is not sent
What frame, data communication is there will not be in channel.When carrying out Communication Block with channel occupancy method, when can make full use of this
Between, tranmitting frequency is reduced, improves efficiency.Frame as busy channel is shorter, its send time it is also shorter, and DIFS be it is fixed,
Therefore fixed DIFS is obtained with shorter launch time, can further improve blocking efficiency.
In addition, in order to improve the utilization rate of blocking equipment, it is sometimes desirable to use a WLAN in blocking equipment
Network interface card takes multiple channels, and blocking equipment can be sent out by making the network interface card be switched to another channel after a channel sends frame
Send, move in circles.The frame length of transmission is shorter, and the transmission time is also shorter, and the network interface card can also be got in the time that each channel is resident
Short, the cycle so sent once in each Channel cyclical will also shorten, and the frequency of frame is sent on some channel to be improved,
To ensure barrier effect.And this demand can be met from ACK frames.
By theory analysis and a large amount of actual tests, the present invention has selected ACK frames to carry out busy channel.Blocking equipment is using letter
The basic procedure that road takes method is as shown in Figure 2.Radio local network environment first around scanning.Then scanning is obtained all kinds of
Frame is analyzed, and therefrom obtains the MAC Address in the AP and STA of multi-channel operation to be blocked.One is established then for each channel
The list of the individual MAC Address comprising the channel all AP and STA.4th step, the MAC Address in list is filled to ACK frames
RA domains, as shown in figure 1, RA domains are the destination address of ACK frames.5th step, the network interface card that the ACK frames built are passed through into blocking equipment
Physical layer is sent to channel to be blocked, and (channel to be blocked can be with pre-set, for example only blocks channel 1 to channel 6, no matter existing
On these channels either with or without equipment.It can also be determined by scanning result, for example only have communication on channel 1 in 13 channels,
So just only block channel 1).When a certain when the AP or STA not unique in channel is blocked, arranged successively with the channel MAC Address
MAC Address filling ACK frames in table, then send, in the channel MAC Address list after whole MAC all uses, then use
First MAC Address starts to fill, and and so on circulates.The ACK frames built every time are only sent once in a wheel circulation.If work as
When only AP or STA in channel is blocked, it is only necessary to circulated in the 5th step, persistently send ACK frames.
In the present invention ACK frames are filled using the AP and STA MAC Address that work in the channel, rather than with fixation
Address or random address filling.Some equipment by particular design, it is " only carrier sense " and only right by CCA function setting
Destination address responds for the frame of own MAC address.If sent out with the address of fixation or random address filling ACK frames on channel
Send, these equipment still will be considered that channel idle and continue to send the data of oneself, and causing can not blocking communication.And the present invention exists
After scanning channel, ACK frames are filled with the AP and STA MAC Address of itself, make whether these communication equipments can not differentiate ACK frames
It is caused in proper communication, and must receives and parse, it is sent data frame after waiting at least for DIFS, be finally reached
Block the purpose of unauthorized communication.
Claims (10)
1. a kind of communication management-control method of WLAN, its step are:
1)The trawl performance of blocking equipment is changed, blocking equipment is blocked frame to be sent no more than short interFrameGap SIFS;
2)Radio local network environment around blocking equipment scanning, obtains the access point AP and terminal in multi-channel operation to be blocked
STA MAC Address;
3)Blocking equipment is established one for each channel and needed with being blocked the access point AP and MAC of terminal STA comprising the channel
The channel MAC Address list of location;
4)For each channel to be blocked, blocking equipment fills the MAC Address in the channel MAC Address list of the channel to resistance
Sent after the destination address field of disconnected frame.
2. the method as described in claim 1, it is characterised in that the method for changing the trawl performance of the blocking equipment is:Modification
The clear channel assessment (CCA) CCA threshold values of trawl performance, when making blocking equipment progress channel status judgement, it is believed that wireless medium is located all the time
In idle condition;And reduce competition window CW value.
3. method as claimed in claim 2, it is characterised in that by the clear channel assessment (CCA) CCA threshold modifyings for much larger than just
Network interface card receives the energy value of signal when normal open is believed;Competition window CW values are taken as the minimum that the blocking equipment network interface card allowed
Value.
4. the method as described in claim 1, it is characterised in that when the access point AP in a certain channel to be blocked or terminal STA not
When unique, the MAC Address filling recycled in the channel MAC Address list of the channel blocks frame, then sends.
5. method as claimed in claim 4, it is characterised in that the blocking frame built every time is only sent once in a wheel circulation.
6. method as claimed in claim 1 or 2 or 3 or 4, it is characterised in that described to block frame as the ACK in 802.11 agreements
Control frame.
7. method as claimed in claim 1 or 2 or 3 or 4, it is characterised in that the channel to be blocked is pre-set letter
Road.
8. method as claimed in claim 1 or 2 or 3 or 4, it is characterised in that the channel to be blocked is true according to scanning result
Fixed channel.
9. method as claimed in claim 1 or 2 or 3 or 4, it is characterised in that the blocking equipment disguises oneself as access point AP or end
STA is held to send the blocking frame.
10. the method as described in claim 1, it is characterised in that the WLAN is to meet what CSMA/CA mechanism communicated
WLAN.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310308882.3A CN104333859B (en) | 2013-07-22 | 2013-07-22 | A kind of communication management-control method of WLAN |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310308882.3A CN104333859B (en) | 2013-07-22 | 2013-07-22 | A kind of communication management-control method of WLAN |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104333859A CN104333859A (en) | 2015-02-04 |
CN104333859B true CN104333859B (en) | 2017-11-14 |
Family
ID=52408491
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310308882.3A Active CN104333859B (en) | 2013-07-22 | 2013-07-22 | A kind of communication management-control method of WLAN |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104333859B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190230618A1 (en) * | 2018-01-23 | 2019-07-25 | Nokia Technologies Oy | Using sidelink information in radio-based positioning |
CN109067436B (en) * | 2018-09-25 | 2021-09-21 | 河南科技大学 | Backward compatible wireless local area network multi-AP cooperative communication method |
CN114567938B (en) * | 2022-01-26 | 2024-05-14 | 青岛东软载波科技股份有限公司 | Optimization method of wireless communication CSMA/CA based on hardware performance adjustment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1518362A1 (en) * | 2002-06-28 | 2005-03-30 | Thomson Licensing S.A. | Method of creation of a new communication network by a wireless terminal and terminal implementing the method |
CN101540667A (en) * | 2008-03-18 | 2009-09-23 | 北京邮电电话设备厂 | Method and equipment for interfering with communication in wireless local area network |
CN102413582A (en) * | 2012-01-06 | 2012-04-11 | 北京邮电大学 | Method for accessing 802.11 wireless network channel under centralized control |
-
2013
- 2013-07-22 CN CN201310308882.3A patent/CN104333859B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1518362A1 (en) * | 2002-06-28 | 2005-03-30 | Thomson Licensing S.A. | Method of creation of a new communication network by a wireless terminal and terminal implementing the method |
CN101540667A (en) * | 2008-03-18 | 2009-09-23 | 北京邮电电话设备厂 | Method and equipment for interfering with communication in wireless local area network |
CN102413582A (en) * | 2012-01-06 | 2012-04-11 | 北京邮电大学 | Method for accessing 802.11 wireless network channel under centralized control |
Also Published As
Publication number | Publication date |
---|---|
CN104333859A (en) | 2015-02-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7428723B2 (en) | Method and apparatus for secure access control in wireless communications | |
CN104066091B (en) | Channel Sharing in radio communication | |
US20090016529A1 (en) | Method and system for prevention of unauthorized communication over 802.11w and related wireless protocols | |
CN109906655A (en) | Improved two stages authorization in unlicensed cell | |
Chen et al. | Protecting wireless networks against a denial of service attack based on virtual jamming | |
Safdar et al. | Common control channel security framework for cognitive radio networks | |
Yu et al. | Improving 4G/5G air interface security: A survey of existing attacks on different LTE layers | |
CN108476506A (en) | User terminal, wireless base station and wireless communications method | |
JP2023517107A (en) | Wireless intrusion prevention system, wireless network system including same, and method of operating wireless network system | |
CN103118360A (en) | System blocking wireless mobile terminals | |
CN104333858B (en) | It is a kind of based on the channel resource control method for going association/de-authentication frames | |
Idoudi et al. | Security challenges in cognitive radio networks | |
US20210377728A1 (en) | Enhanced physical layer security | |
TW201924289A (en) | Incorporating network policies in key generation | |
CN104333859B (en) | A kind of communication management-control method of WLAN | |
Zhu et al. | Two types of attacks against cognitive radio network MAC protocols | |
CN107211488A (en) | It is used for the method to the business datum application safety of reception by what the WLAN node in integrated wireless communications network was performed | |
Thanu | Detection of primary user emulation attacks in cognitive radio networks | |
Tan et al. | {CellDAM}:{User-Space}, Rootless Detection and Mitigation for 5G Data Plane | |
CN103607755B (en) | Wireless local area network communication channel control method based on frequency hopping | |
McHugh et al. | Next generation wireless-LAN: Security issues and performance analysis | |
WO2008130126A1 (en) | Method for performing initial ranging in wireless communication system | |
Afaqui | Contributions to the evolution of next generation WLANs | |
Basak et al. | An overview of wireless local area networks and security system | |
Ma et al. | Security Access in Wireless Local Area Networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |