CN104902467A - Access method for wireless local area network (WLAN) based on near field communication (NFC) - Google Patents

Access method for wireless local area network (WLAN) based on near field communication (NFC) Download PDF

Info

Publication number
CN104902467A
CN104902467A CN201510169069.1A CN201510169069A CN104902467A CN 104902467 A CN104902467 A CN 104902467A CN 201510169069 A CN201510169069 A CN 201510169069A CN 104902467 A CN104902467 A CN 104902467A
Authority
CN
China
Prior art keywords
wlan
nfc
user
nfc module
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510169069.1A
Other languages
Chinese (zh)
Inventor
解冰珊
金志刚
李云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
Original Assignee
Tianjin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University filed Critical Tianjin University
Priority to CN201510169069.1A priority Critical patent/CN104902467A/en
Publication of CN104902467A publication Critical patent/CN104902467A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to an access method for a wireless local area network (WLAN) based on near field communication NFC. The access method utilizes two (NFC) modules, namely a user NFC module adopted by user equipment and an NFC module of the WLAN; the user NFC module is an initial identity working in the NFC communication in a point-to-point mode; the NFC module of the WLAN is a target identity; when a user passes identity authentication, a symmetric key KEY is utilized to carry out encryption transmission two pieces of WLAN configuration information, namely a wireless pre-shared key (PSK) and a server set identifier (ESSID), and an access to the WLAN is realized after the user obtains the configuration information. According to the access method, eavesdrop attack, replay attach and man-in-the-middle attack to the NFC can be prevented, eavesdrop and illegal access of the WLAN are prevented, safety of the WLAN is strengthened, and the complicated configuration is eliminated.

Description

Based on the WLAN (wireless local area network) WLAN cut-in method of near-field communication NFC
Technical field
The present invention relates to a kind of WLAN (wireless local area network) WLAN cut-in method based on near-field communication NFC.
Background technology
Along with network is popularized, the use of WLAN (wireless local area network) WLAN is more and more extensive.Current widely used WLAN authentication mode is all based on the secret key PSK of pre-share.In order to ensure fail safe, the secret key PSK of pre-share should be enough complicated.But the secret key PSK of the pre-share of complexity adds the difficulty of people's memory, so of common occurrence by the situation of the mode record password such as hand-written and manual delivery password.Especially for the large place of flow of the people, various attack may be caused.
For widely used WI-FI protected access protocol WPA/WPA2-PSK authentication mode, transmit the mode of the secret key PSK of pre-share mainly by manual delivery.Because the awareness of safety of people is poor, transmit pre-share secret key PSK mode random, and password is arranged simply, cipher change is slow, causes potential safety hazard very large.Although still can channel isolation be ensured when the secret key PSK of pre-share reveals, eavesdrop the attack of 4-Way Handshake bag if be subject to, so also cannot ensure channel isolation.
On WI-FI protected access protocol WPA/WPA2-PSK basis, unreliable in order to solve pre-share secret key PSK manual delivery, the secret key PSK of pre-share configures complicated problem, creates Wi-Fi protected configuration WPS authentication mode.But to Wi-Fi protected configuration WPS authentication mode, as long as password can be touched or button can obtain networking authority, realize other and attack, and the PIN authentication mode password of Wi-Fi protected configuration WPS more easily cracks.
Near-field communication NFC technique is a kind of short-range high frequency wireless communication technology, allows to carry out point-to-point non-contacting transfer of data between electronic equipment, and can design complicated interaction protocol.The aggressive mode of baud rate 106 is used effectively to avoid data tampering to attack.NFC module is contacted and can set up channel, but this communication there is unencryption and uses the defect that can be ravesdropping during professional equipment.In communication, both sides role is divided into initial side and target side two kinds.Initial side initiatively initiates communication, target side passive response.
Summary of the invention
The object of the present invention is to provide one based on the WLAN cut-in method of NFC ad hoc mode, realize preventing eavesdropping attack, Replay Attack, man-in-the-middle attack to NFC, realize preventing eavesdropping and illegal access to WLAN, strengthen wlan security, save loaded down with trivial details configuration simultaneously.In order to achieve the above object, the present invention adopts following technical scheme:
Based on a WLAN (wireless local area network) WLAN cut-in method of near-field communication NFC, it is characterized in that, this kind of cut-in method uses two NFC module: the NFC module of user's NFC module that subscriber equipment adopts and WLAN; The equipment accepting user's connection in the NFC module WLAN of WLAN is in same can not divulging a secret in scope; User's NFC module is operated in the initial side's identity in NFC communication, initiatively initiates communication; The NFC module of WLAN is target side identity, passive response; Two described NFC module are operated in ad hoc mode, and the access point AP used is divided into two classes, and a class is the access point AP that simultaneously can configure multiple Virtual Service set identifier SSID; The another kind of access point AP for can not configure multiple Virtual Service set identifier SSID simultaneously, for Equations of The Second Kind, upgrades extended service set identification ESSID and the secret key PSK of pre-share within the set time of presetting; When user asks access WLAN, the NFC module of user and the NFC module of WLAN set up NFC communication, adopt the symmetric key KEY that the first security algorithm must be known to only both sides' NFC module; When user is by after authentication, be encrypted transmission with symmetric key KEY to these two WLAN configuration informations of the secret key PSK and service set ESSID of wireless pre-share, namely user can be accessed by WLAN after obtaining configuration information.
Wherein, user access the process of WLAN after obtaining described configuration information can be as follows:
(1) NFC module of WLAN uses the second security algorithm to generate the secret key PSK of pre-share, and stochastic generation extended service set identification ESSID;
(2) the secret key PSK of pre-share generated in (1) and extended service set identification ESSID is used advanced encryption algorithm AES, and the secret key KEY of symmetry described in using sends to user's NFC module after encrypting, and configures access point AP and the Radius server of WLAN simultaneously;
(3) user obtains the secret key PSK and service set ESSID of pre-share after deciphering with symmetric key KEY, delivers to WLAN networking module, then accesses WLAN according to the protected access protocol WPA/WPA2-PSK of WI-FI.
The invention has the beneficial effects as follows, between NFC module, avoid the loaded down with trivial details of the manual delivery of configuration information and risk alternately.Based on the design of NFC ad hoc mode, the transmission using NFC to carry out WLAN configuration information achieves secrecy transmission.Checking is carried out to user identity and achieves user identity system of real name, avoid man-in-the-middle attack.User is networked each time, all can carry out a NFC certification, generate the secret key PSK and extended service set identification ESSID of new different pre-share, achieve channel isolation, one-time pad, avoid the eavesdropping to data.
Accompanying drawing explanation
Fig. 1 is the complete sequential chart of this method
With reference to Fig. 1, initial side represents the NFC module of user, with the wlan device of user on one device; Access point AP represents in WLAN the equipment accepting STA and connect, and target side represents the NFC module accepting the request of WLAN access authentication, i.e. the NFC module of WLAN, and both are at least in one and can not divulge a secret in scope.
Embodiment
Below in conjunction with accompanying drawing and example, the present invention is described in detail.
The present invention proposes a WLAN (wireless local area network) WLAN cut-in method based on near-field communication NFC.Use two NFC module: the NFC module of user's NFC module and WLAN.When user asks access WLAN, the NFC module that the hand-held NFC module of user touches WLAN sets up NFC communication, the symmetric key KEY that must know to only both sides' NFC module with certain safe enough algorithm.Then user identity is verified.After authentication is passed through, generate the secret key PSK of wireless pre-share with certain safe enough algorithm, transmit with configuration informations such as the secret key PSK and service set ESSID of the wireless pre-share of secure key encryption, namely user can be accessed by WLAN after obtaining configuration information.
For used two NFC module, the wlan device of user's NFC module and user is in same equipment; The NFC module of WLAN at least with accept the equipment that user is connected in WLAN and be in same can not divulging a secret in scope.User's NFC module is operated in the initial side's identity in NFC communication, initiatively initiates communication; The NFC module of WLAN is target side identity, passive response.Two equipment are operated in ad hoc mode.The access point AP such as the router used are enough routers simultaneously configuring multiple Virtual Service set identifier SSID.For the access point AP such as router that can not configure multiple Virtual Service set identifier SSID simultaneously, upgrade extended service set identification ESSID and the secret key PSK of pre-share in set time every day.
Below in conjunction with accompanying drawing 1, an implementation process based on the WLAN (wireless local area network) WLAN cut-in method of near-field communication NFC is described, generate the algorithm of key for Di Fei-Herman algorithm, authentication is for public key certificate system, be specially Digital Signature Algorithm DSA authentication public key agreement, the secret key PSK of wireless pre-share is stochastic generation:
(1) user's digital signature DSA secret key pair of using a certain software algorithm of equipment of itself to obtain for certification, comprises a PKI and a private key, PKI is submitted to WLAN keeper then and there and apply for access authority, sign electronic signature by leader.
(2) two NFC module contacts, user's NFC module sets up with the NFC module of WLAN and communicates, and both sides calculate symmetric key KEY by Di Fei-Herman algorithm exchange message respectively.
(3) Digital Signature Algorithm DSA certificate is used, the initial side in NFC communication, i.e. user's NFC module
Use private key to sign to the symmetric key KEY in (2), signature sig is sent to the target side in NFC communication, i.e. the NFC module of WLAN.
(4), after target side receives signature, the signature Sig of the corresponding PKI of the private key utilizing user to apply in advance to KEY verifies.Also the consistency of secret key is verified while verifying initial side's identity.Verify errorless, user is undertaken next step by authentication; Otherwise illustrate that the secret key of advanced encryption algorithm AES is inconsistent, user identity is illegal, communication stops.
(5) target side generates certain enough complicated secret key, from Linux /dev/urandom equipment in read, go out a string length at random and be greater than 16, comprise the secret key PSK of pre-share of upper and lower case letter, numeral, spcial character, and stochastic generation extended service set identification ESSID.
(6) these two configuration information advanced encryption algorithm AES are sent to initial side after symmetric key KEY encrypts, simultaneously by access point AP such as this information configuration routers, prepare user's access.
(7) obtain the secret key PSK and extended service set identification ESSID of pre-share after initial side symmetric key KEY deciphers configuration information, transfer networking module, the wlan device of user is according to the networking of WI-FI protected access association WPA/WPA2-PSK agreement.

Claims (2)

1. based on a WLAN (wireless local area network) WLAN cut-in method of near-field communication NFC, it is characterized in that, this kind of cut-in method uses two NFC module: the NFC module of user's NFC module that subscriber equipment adopts and WLAN; The equipment accepting user's connection in the NFC module WLAN of WLAN is in same can not divulging a secret in scope; User's NFC module is operated in the initial side's identity in NFC communication, initiatively initiates communication; The NFC module of WLAN is target side identity, passive response; Two described NFC module are operated in ad hoc mode, and the access point AP used is divided into two classes, and a class is the access point AP that simultaneously can configure multiple Virtual Service set identifier SSID; The another kind of access point AP for can not configure multiple Virtual Service set identifier SSID simultaneously, for Equations of The Second Kind, upgrades extended service set identification ESSID and the secret key PSK of pre-share within the set time of presetting; When user asks access WLAN, the NFC module of user and the NFC module of WLAN set up NFC communication, adopt the symmetric key KEY that the first security algorithm must be known to only both sides' NFC module; When user is by after authentication, be encrypted transmission with symmetric key KEY to these two WLAN configuration informations of the secret key PSK and service set ESSID of wireless pre-share, namely user can be accessed by WLAN after obtaining configuration information.
2. the WLAN (wireless local area network) WLAN cut-in method based on near-field communication NFC according to claim 1, is characterized in that, user accesses WLAN process after obtaining described configuration information is as follows:
(1) NFC module of WLAN uses the second security algorithm to generate the secret key PSK of pre-share, and stochastic generation extended service set identification ESSID;
(2) the secret key PSK of pre-share generated in (1) and extended service set identification ESSID is used advanced encryption algorithm AES, and the secret key KEY of symmetry described in using sends to user's NFC module after encrypting, and configures access point AP and the Radius server of WLAN simultaneously;
(3) user obtains the secret key PSK and service set ESSID of pre-share after deciphering with symmetric key KEY, delivers to WLAN networking module, then accesses WLAN according to the protected access protocol WPA/WPA2-PSK of WI-FI.
CN201510169069.1A 2015-04-09 2015-04-09 Access method for wireless local area network (WLAN) based on near field communication (NFC) Pending CN104902467A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510169069.1A CN104902467A (en) 2015-04-09 2015-04-09 Access method for wireless local area network (WLAN) based on near field communication (NFC)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510169069.1A CN104902467A (en) 2015-04-09 2015-04-09 Access method for wireless local area network (WLAN) based on near field communication (NFC)

Publications (1)

Publication Number Publication Date
CN104902467A true CN104902467A (en) 2015-09-09

Family

ID=54034807

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510169069.1A Pending CN104902467A (en) 2015-04-09 2015-04-09 Access method for wireless local area network (WLAN) based on near field communication (NFC)

Country Status (1)

Country Link
CN (1) CN104902467A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105245532A (en) * 2015-10-22 2016-01-13 桂林航天工业学院 WLAN access method based on NFC authentication
CN106027522A (en) * 2016-05-20 2016-10-12 福建星网锐捷通讯股份有限公司 Method for obtaining access permissions by wireless terminal touching router
CN109845301A (en) * 2016-10-20 2019-06-04 克朗斯股份公司 For processing food and packing the machine of product

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101114901A (en) * 2006-07-26 2008-01-30 联想(北京)有限公司 Safety authentication system, apparatus and method for non-contact type wireless data transmission
CN101123811A (en) * 2006-08-09 2008-02-13 三星电子株式会社 Apparatus and method for managing stations associated with WPA-PSK wireless network
WO2014205243A1 (en) * 2013-06-20 2014-12-24 Qualcomm Incorporated Wireless configuration using passive near field communication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101114901A (en) * 2006-07-26 2008-01-30 联想(北京)有限公司 Safety authentication system, apparatus and method for non-contact type wireless data transmission
CN101123811A (en) * 2006-08-09 2008-02-13 三星电子株式会社 Apparatus and method for managing stations associated with WPA-PSK wireless network
WO2014205243A1 (en) * 2013-06-20 2014-12-24 Qualcomm Incorporated Wireless configuration using passive near field communication

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105245532A (en) * 2015-10-22 2016-01-13 桂林航天工业学院 WLAN access method based on NFC authentication
CN105245532B (en) * 2015-10-22 2018-01-19 桂林航天工业学院 WLAN cut-in methods based on NFC certifications
CN106027522A (en) * 2016-05-20 2016-10-12 福建星网锐捷通讯股份有限公司 Method for obtaining access permissions by wireless terminal touching router
CN109845301A (en) * 2016-10-20 2019-06-04 克朗斯股份公司 For processing food and packing the machine of product

Similar Documents

Publication Publication Date Title
US10931445B2 (en) Method and system for session key generation with diffie-hellman procedure
RU2659488C2 (en) Wireless communication system
Shen et al. Secure device-to-device communications over WiFi direct
CN101114901B (en) Safety authentication system, apparatus and method for non-contact type wireless data transmission
EP3410758B1 (en) Wireless network connecting method and apparatus, and storage medium
CN103391541B (en) The collocation method of wireless device and device, system
CN109923830A (en) System and method for configuring wireless network access device
CN105577680A (en) Key generation method, encrypted data analyzing method, devices and key managing center
CN102843687A (en) Smartphone portable point safe access system and method
KR20050010960A (en) Key generation in a communication system
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
CN105553981A (en) Rapid authentication and key negotiation method for WLAN
CN107396350A (en) SDN inter-module method for security protection based on the SDN 5G network architectures
CN101895881B (en) Method for realizing GBA secret key and pluggable equipment of terminal
CN105577365A (en) Key consultation method and device for user' access to WLAN
CN105141629A (en) Method for improving network security of public Wi-Fi based on WPA/WPA2 PSK multiple passwords
CN103096307A (en) Secret key verification method and device
CN106992866B (en) Wireless network access method based on NFC certificateless authentication
CN101635922B (en) Safety communication method of wireless mesh network
TW201703555A (en) Configuration and authentication of wireless devices
CN108882233B (en) IMSI encryption method, core network and user terminal
CN104902467A (en) Access method for wireless local area network (WLAN) based on near field communication (NFC)
Xing et al. Security analysis and authentication improvement for ieee 802.11 i specification
Zisiadis et al. Enhancing WPS security
CN211063620U (en) Quantum key distribution site and system based on post-quantum cryptography

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150909

WD01 Invention patent application deemed withdrawn after publication