CN104902467A - Access method for wireless local area network (WLAN) based on near field communication (NFC) - Google Patents
Access method for wireless local area network (WLAN) based on near field communication (NFC) Download PDFInfo
- Publication number
- CN104902467A CN104902467A CN201510169069.1A CN201510169069A CN104902467A CN 104902467 A CN104902467 A CN 104902467A CN 201510169069 A CN201510169069 A CN 201510169069A CN 104902467 A CN104902467 A CN 104902467A
- Authority
- CN
- China
- Prior art keywords
- wlan
- nfc
- user
- nfc module
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to an access method for a wireless local area network (WLAN) based on near field communication NFC. The access method utilizes two (NFC) modules, namely a user NFC module adopted by user equipment and an NFC module of the WLAN; the user NFC module is an initial identity working in the NFC communication in a point-to-point mode; the NFC module of the WLAN is a target identity; when a user passes identity authentication, a symmetric key KEY is utilized to carry out encryption transmission two pieces of WLAN configuration information, namely a wireless pre-shared key (PSK) and a server set identifier (ESSID), and an access to the WLAN is realized after the user obtains the configuration information. According to the access method, eavesdrop attack, replay attach and man-in-the-middle attack to the NFC can be prevented, eavesdrop and illegal access of the WLAN are prevented, safety of the WLAN is strengthened, and the complicated configuration is eliminated.
Description
Technical field
The present invention relates to a kind of WLAN (wireless local area network) WLAN cut-in method based on near-field communication NFC.
Background technology
Along with network is popularized, the use of WLAN (wireless local area network) WLAN is more and more extensive.Current widely used WLAN authentication mode is all based on the secret key PSK of pre-share.In order to ensure fail safe, the secret key PSK of pre-share should be enough complicated.But the secret key PSK of the pre-share of complexity adds the difficulty of people's memory, so of common occurrence by the situation of the mode record password such as hand-written and manual delivery password.Especially for the large place of flow of the people, various attack may be caused.
For widely used WI-FI protected access protocol WPA/WPA2-PSK authentication mode, transmit the mode of the secret key PSK of pre-share mainly by manual delivery.Because the awareness of safety of people is poor, transmit pre-share secret key PSK mode random, and password is arranged simply, cipher change is slow, causes potential safety hazard very large.Although still can channel isolation be ensured when the secret key PSK of pre-share reveals, eavesdrop the attack of 4-Way Handshake bag if be subject to, so also cannot ensure channel isolation.
On WI-FI protected access protocol WPA/WPA2-PSK basis, unreliable in order to solve pre-share secret key PSK manual delivery, the secret key PSK of pre-share configures complicated problem, creates Wi-Fi protected configuration WPS authentication mode.But to Wi-Fi protected configuration WPS authentication mode, as long as password can be touched or button can obtain networking authority, realize other and attack, and the PIN authentication mode password of Wi-Fi protected configuration WPS more easily cracks.
Near-field communication NFC technique is a kind of short-range high frequency wireless communication technology, allows to carry out point-to-point non-contacting transfer of data between electronic equipment, and can design complicated interaction protocol.The aggressive mode of baud rate 106 is used effectively to avoid data tampering to attack.NFC module is contacted and can set up channel, but this communication there is unencryption and uses the defect that can be ravesdropping during professional equipment.In communication, both sides role is divided into initial side and target side two kinds.Initial side initiatively initiates communication, target side passive response.
Summary of the invention
The object of the present invention is to provide one based on the WLAN cut-in method of NFC ad hoc mode, realize preventing eavesdropping attack, Replay Attack, man-in-the-middle attack to NFC, realize preventing eavesdropping and illegal access to WLAN, strengthen wlan security, save loaded down with trivial details configuration simultaneously.In order to achieve the above object, the present invention adopts following technical scheme:
Based on a WLAN (wireless local area network) WLAN cut-in method of near-field communication NFC, it is characterized in that, this kind of cut-in method uses two NFC module: the NFC module of user's NFC module that subscriber equipment adopts and WLAN; The equipment accepting user's connection in the NFC module WLAN of WLAN is in same can not divulging a secret in scope; User's NFC module is operated in the initial side's identity in NFC communication, initiatively initiates communication; The NFC module of WLAN is target side identity, passive response; Two described NFC module are operated in ad hoc mode, and the access point AP used is divided into two classes, and a class is the access point AP that simultaneously can configure multiple Virtual Service set identifier SSID; The another kind of access point AP for can not configure multiple Virtual Service set identifier SSID simultaneously, for Equations of The Second Kind, upgrades extended service set identification ESSID and the secret key PSK of pre-share within the set time of presetting; When user asks access WLAN, the NFC module of user and the NFC module of WLAN set up NFC communication, adopt the symmetric key KEY that the first security algorithm must be known to only both sides' NFC module; When user is by after authentication, be encrypted transmission with symmetric key KEY to these two WLAN configuration informations of the secret key PSK and service set ESSID of wireless pre-share, namely user can be accessed by WLAN after obtaining configuration information.
Wherein, user access the process of WLAN after obtaining described configuration information can be as follows:
(1) NFC module of WLAN uses the second security algorithm to generate the secret key PSK of pre-share, and stochastic generation extended service set identification ESSID;
(2) the secret key PSK of pre-share generated in (1) and extended service set identification ESSID is used advanced encryption algorithm AES, and the secret key KEY of symmetry described in using sends to user's NFC module after encrypting, and configures access point AP and the Radius server of WLAN simultaneously;
(3) user obtains the secret key PSK and service set ESSID of pre-share after deciphering with symmetric key KEY, delivers to WLAN networking module, then accesses WLAN according to the protected access protocol WPA/WPA2-PSK of WI-FI.
The invention has the beneficial effects as follows, between NFC module, avoid the loaded down with trivial details of the manual delivery of configuration information and risk alternately.Based on the design of NFC ad hoc mode, the transmission using NFC to carry out WLAN configuration information achieves secrecy transmission.Checking is carried out to user identity and achieves user identity system of real name, avoid man-in-the-middle attack.User is networked each time, all can carry out a NFC certification, generate the secret key PSK and extended service set identification ESSID of new different pre-share, achieve channel isolation, one-time pad, avoid the eavesdropping to data.
Accompanying drawing explanation
Fig. 1 is the complete sequential chart of this method
With reference to Fig. 1, initial side represents the NFC module of user, with the wlan device of user on one device; Access point AP represents in WLAN the equipment accepting STA and connect, and target side represents the NFC module accepting the request of WLAN access authentication, i.e. the NFC module of WLAN, and both are at least in one and can not divulge a secret in scope.
Embodiment
Below in conjunction with accompanying drawing and example, the present invention is described in detail.
The present invention proposes a WLAN (wireless local area network) WLAN cut-in method based on near-field communication NFC.Use two NFC module: the NFC module of user's NFC module and WLAN.When user asks access WLAN, the NFC module that the hand-held NFC module of user touches WLAN sets up NFC communication, the symmetric key KEY that must know to only both sides' NFC module with certain safe enough algorithm.Then user identity is verified.After authentication is passed through, generate the secret key PSK of wireless pre-share with certain safe enough algorithm, transmit with configuration informations such as the secret key PSK and service set ESSID of the wireless pre-share of secure key encryption, namely user can be accessed by WLAN after obtaining configuration information.
For used two NFC module, the wlan device of user's NFC module and user is in same equipment; The NFC module of WLAN at least with accept the equipment that user is connected in WLAN and be in same can not divulging a secret in scope.User's NFC module is operated in the initial side's identity in NFC communication, initiatively initiates communication; The NFC module of WLAN is target side identity, passive response.Two equipment are operated in ad hoc mode.The access point AP such as the router used are enough routers simultaneously configuring multiple Virtual Service set identifier SSID.For the access point AP such as router that can not configure multiple Virtual Service set identifier SSID simultaneously, upgrade extended service set identification ESSID and the secret key PSK of pre-share in set time every day.
Below in conjunction with accompanying drawing 1, an implementation process based on the WLAN (wireless local area network) WLAN cut-in method of near-field communication NFC is described, generate the algorithm of key for Di Fei-Herman algorithm, authentication is for public key certificate system, be specially Digital Signature Algorithm DSA authentication public key agreement, the secret key PSK of wireless pre-share is stochastic generation:
(1) user's digital signature DSA secret key pair of using a certain software algorithm of equipment of itself to obtain for certification, comprises a PKI and a private key, PKI is submitted to WLAN keeper then and there and apply for access authority, sign electronic signature by leader.
(2) two NFC module contacts, user's NFC module sets up with the NFC module of WLAN and communicates, and both sides calculate symmetric key KEY by Di Fei-Herman algorithm exchange message respectively.
(3) Digital Signature Algorithm DSA certificate is used, the initial side in NFC communication, i.e. user's NFC module
Use private key to sign to the symmetric key KEY in (2), signature sig is sent to the target side in NFC communication, i.e. the NFC module of WLAN.
(4), after target side receives signature, the signature Sig of the corresponding PKI of the private key utilizing user to apply in advance to KEY verifies.Also the consistency of secret key is verified while verifying initial side's identity.Verify errorless, user is undertaken next step by authentication; Otherwise illustrate that the secret key of advanced encryption algorithm AES is inconsistent, user identity is illegal, communication stops.
(5) target side generates certain enough complicated secret key, from Linux /dev/urandom equipment in read, go out a string length at random and be greater than 16, comprise the secret key PSK of pre-share of upper and lower case letter, numeral, spcial character, and stochastic generation extended service set identification ESSID.
(6) these two configuration information advanced encryption algorithm AES are sent to initial side after symmetric key KEY encrypts, simultaneously by access point AP such as this information configuration routers, prepare user's access.
(7) obtain the secret key PSK and extended service set identification ESSID of pre-share after initial side symmetric key KEY deciphers configuration information, transfer networking module, the wlan device of user is according to the networking of WI-FI protected access association WPA/WPA2-PSK agreement.
Claims (2)
1. based on a WLAN (wireless local area network) WLAN cut-in method of near-field communication NFC, it is characterized in that, this kind of cut-in method uses two NFC module: the NFC module of user's NFC module that subscriber equipment adopts and WLAN; The equipment accepting user's connection in the NFC module WLAN of WLAN is in same can not divulging a secret in scope; User's NFC module is operated in the initial side's identity in NFC communication, initiatively initiates communication; The NFC module of WLAN is target side identity, passive response; Two described NFC module are operated in ad hoc mode, and the access point AP used is divided into two classes, and a class is the access point AP that simultaneously can configure multiple Virtual Service set identifier SSID; The another kind of access point AP for can not configure multiple Virtual Service set identifier SSID simultaneously, for Equations of The Second Kind, upgrades extended service set identification ESSID and the secret key PSK of pre-share within the set time of presetting; When user asks access WLAN, the NFC module of user and the NFC module of WLAN set up NFC communication, adopt the symmetric key KEY that the first security algorithm must be known to only both sides' NFC module; When user is by after authentication, be encrypted transmission with symmetric key KEY to these two WLAN configuration informations of the secret key PSK and service set ESSID of wireless pre-share, namely user can be accessed by WLAN after obtaining configuration information.
2. the WLAN (wireless local area network) WLAN cut-in method based on near-field communication NFC according to claim 1, is characterized in that, user accesses WLAN process after obtaining described configuration information is as follows:
(1) NFC module of WLAN uses the second security algorithm to generate the secret key PSK of pre-share, and stochastic generation extended service set identification ESSID;
(2) the secret key PSK of pre-share generated in (1) and extended service set identification ESSID is used advanced encryption algorithm AES, and the secret key KEY of symmetry described in using sends to user's NFC module after encrypting, and configures access point AP and the Radius server of WLAN simultaneously;
(3) user obtains the secret key PSK and service set ESSID of pre-share after deciphering with symmetric key KEY, delivers to WLAN networking module, then accesses WLAN according to the protected access protocol WPA/WPA2-PSK of WI-FI.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510169069.1A CN104902467A (en) | 2015-04-09 | 2015-04-09 | Access method for wireless local area network (WLAN) based on near field communication (NFC) |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510169069.1A CN104902467A (en) | 2015-04-09 | 2015-04-09 | Access method for wireless local area network (WLAN) based on near field communication (NFC) |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104902467A true CN104902467A (en) | 2015-09-09 |
Family
ID=54034807
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510169069.1A Pending CN104902467A (en) | 2015-04-09 | 2015-04-09 | Access method for wireless local area network (WLAN) based on near field communication (NFC) |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104902467A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105245532A (en) * | 2015-10-22 | 2016-01-13 | 桂林航天工业学院 | WLAN access method based on NFC authentication |
CN106027522A (en) * | 2016-05-20 | 2016-10-12 | 福建星网锐捷通讯股份有限公司 | Method for obtaining access permissions by wireless terminal touching router |
CN109845301A (en) * | 2016-10-20 | 2019-06-04 | 克朗斯股份公司 | For processing food and packing the machine of product |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101114901A (en) * | 2006-07-26 | 2008-01-30 | 联想(北京)有限公司 | Safety authentication system, apparatus and method for non-contact type wireless data transmission |
CN101123811A (en) * | 2006-08-09 | 2008-02-13 | 三星电子株式会社 | Apparatus and method for managing stations associated with WPA-PSK wireless network |
WO2014205243A1 (en) * | 2013-06-20 | 2014-12-24 | Qualcomm Incorporated | Wireless configuration using passive near field communication |
-
2015
- 2015-04-09 CN CN201510169069.1A patent/CN104902467A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101114901A (en) * | 2006-07-26 | 2008-01-30 | 联想(北京)有限公司 | Safety authentication system, apparatus and method for non-contact type wireless data transmission |
CN101123811A (en) * | 2006-08-09 | 2008-02-13 | 三星电子株式会社 | Apparatus and method for managing stations associated with WPA-PSK wireless network |
WO2014205243A1 (en) * | 2013-06-20 | 2014-12-24 | Qualcomm Incorporated | Wireless configuration using passive near field communication |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105245532A (en) * | 2015-10-22 | 2016-01-13 | 桂林航天工业学院 | WLAN access method based on NFC authentication |
CN105245532B (en) * | 2015-10-22 | 2018-01-19 | 桂林航天工业学院 | WLAN cut-in methods based on NFC certifications |
CN106027522A (en) * | 2016-05-20 | 2016-10-12 | 福建星网锐捷通讯股份有限公司 | Method for obtaining access permissions by wireless terminal touching router |
CN109845301A (en) * | 2016-10-20 | 2019-06-04 | 克朗斯股份公司 | For processing food and packing the machine of product |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10931445B2 (en) | Method and system for session key generation with diffie-hellman procedure | |
RU2659488C2 (en) | Wireless communication system | |
Shen et al. | Secure device-to-device communications over WiFi direct | |
CN101114901B (en) | Safety authentication system, apparatus and method for non-contact type wireless data transmission | |
EP3410758B1 (en) | Wireless network connecting method and apparatus, and storage medium | |
CN103391541B (en) | The collocation method of wireless device and device, system | |
CN109923830A (en) | System and method for configuring wireless network access device | |
CN105577680A (en) | Key generation method, encrypted data analyzing method, devices and key managing center | |
CN102843687A (en) | Smartphone portable point safe access system and method | |
KR20050010960A (en) | Key generation in a communication system | |
CN110087240B (en) | Wireless network security data transmission method and system based on WPA2-PSK mode | |
CN105553981A (en) | Rapid authentication and key negotiation method for WLAN | |
CN107396350A (en) | SDN inter-module method for security protection based on the SDN 5G network architectures | |
CN101895881B (en) | Method for realizing GBA secret key and pluggable equipment of terminal | |
CN105577365A (en) | Key consultation method and device for user' access to WLAN | |
CN105141629A (en) | Method for improving network security of public Wi-Fi based on WPA/WPA2 PSK multiple passwords | |
CN103096307A (en) | Secret key verification method and device | |
CN106992866B (en) | Wireless network access method based on NFC certificateless authentication | |
CN101635922B (en) | Safety communication method of wireless mesh network | |
TW201703555A (en) | Configuration and authentication of wireless devices | |
CN108882233B (en) | IMSI encryption method, core network and user terminal | |
CN104902467A (en) | Access method for wireless local area network (WLAN) based on near field communication (NFC) | |
Xing et al. | Security analysis and authentication improvement for ieee 802.11 i specification | |
Zisiadis et al. | Enhancing WPS security | |
CN211063620U (en) | Quantum key distribution site and system based on post-quantum cryptography |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150909 |
|
WD01 | Invention patent application deemed withdrawn after publication |