CN106686583A - Method and device for safe communication in WiFi environment - Google Patents

Method and device for safe communication in WiFi environment Download PDF

Info

Publication number
CN106686583A
CN106686583A CN201610080863.3A CN201610080863A CN106686583A CN 106686583 A CN106686583 A CN 106686583A CN 201610080863 A CN201610080863 A CN 201610080863A CN 106686583 A CN106686583 A CN 106686583A
Authority
CN
China
Prior art keywords
data
terminal
frame
signal
interference
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610080863.3A
Other languages
Chinese (zh)
Inventor
段晓辉
焦秉立
马猛
李云洲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201610080863.3A priority Critical patent/CN106686583A/en
Publication of CN106686583A publication Critical patent/CN106686583A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/80Jamming or countermeasure characterized by its function
    • H04K3/82Jamming or countermeasure characterized by its function related to preventing surveillance, interception or detection
    • H04K3/825Jamming or countermeasure characterized by its function related to preventing surveillance, interception or detection by jamming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention aims to provide a method and device for safe communication in a WiFi environment. According to the invention, random interference signals can be released actively when a terminal is sending data, so that the random interference signals are superposed to signals intercepted by an attacker. Demodulation on physical layer signals between the terminal and an access point by the attacker is prevented effectively, so that information leakage is prevented from the source and safety of the WiFi application environment is improved effectively. The method and device provided by the invention can support safe communication in two mechanisms including RTS/CTS and CSMA/CA. No modification of the terminal is required and no software module needs to be installed on the terminal. The method and device are compatible to the current WiFi system and can be conveniently applied to confidential application environments.

Description

The method and device of secure communication under a kind of Wi-Fi environment
1. title
The method and device of secure communication under a kind of WiFi environment.
2. technical field
The present invention relates to network safety filed, in particular to radio communication safety under public Wi-Fi environment is particularly The method and apparatus of communication.
3. background technology
As portable mobile intelligent terminal is used by substantial amounts of, such as smart mobile phone, panel computer or portable Ultrabook, above-mentioned terminal can bring more convenient in the state of networking for user.The main method of user's online at present It is to be surfed the Net by WiFi, but most public Wi-Fi is unsafe, such as WiFi does not support isolation, therefore exists There is the risk that data are ravesdropping;Whether the Wi-Fi that mobile device also has no ability to recognize connection is to forge, and be accordingly, there exist The risk that bright forwarding, attacker forge, using there is man-in-the-middle attack equivalent risk in TCP/IP.
At present the above-mentioned main method for solving the problems, such as public Wi-Fi has:
【1】The safe practices such as the link layer encryption technology provided using WiFi itself, such as WEP2, WRAP, TKIP, CCMP, Protection is encrypted to packet using encryption technologies such as AES.But the packet after encrypting can be captured by attacker, some pins The attack algorithm of aes algorithm can be attacked it, sensitive information is finally obtained.
【2】Using VPN (Virtual Private Network, VPN), by with long-range vpn server The encryption channel of foundation, it can be ensured that attacker cannot eavesdrop and data falsification, but this method belongs to the high-rise encryption of network Technology, needs the support of vpn server, terminal to be typically also required to provide the control client or hardware encryption module of VPN, even if VPN is employed, the WiFi before the service of connection establishment VPN logs in the operation such as conversation procedure and there is also risk.For example it is disclosed Patent " safe networking method and apparatus under public Wi-Fi environment " (application number:CN201510395146.5) method for adopting is Higher-layer encryption is carried out to the flow of public WiFi using ciphering unit.
【3】Using the method for safety certification, road publication " the heterogeneous network unified certification side based on safety of physical layer Method " (application number:201410215922.4) method for proposing is, using the measurement of physical layer channel, to produce physical layer random authentication Parameter, belongs to the safe practice of authenticated connection.
In sum, at present existing safety method is concentrated mainly on the cryptographic means of link layer and Internet, these sides Method can not prevent the physical layer signal in communication link from being obtained by attacker, for follow-up analysis.Ask currently for this Topic, not yet proposes based on the effective solution of WiFi safety of physical layer.
4. goal of the invention
It is an object of the invention to provide under a kind of WiFi environment secure communication method and device, can send in terminal During data, random interfering signal is discharged on one's own initiative so that be superimposed random interfering signal in the signal that attacker intercepts and captures, can be effective Prevent attacker to be demodulated the physical layer signal between terminal and access point, so as to prevent letting out for information on source Leakage, the safety being effectively improved in WiFi applied environments.
5. the content of the invention:
The particular content of the present invention is as follows:
The invention provides under a kind of WiFi environment secure communication method, including:
(1) upon actuation, the indication signal of devices broadcasting itself, terminal according to the indication signal, using RTS/CTS or Two kinds of mechanism of CSMA/CA are communicated, and realize that terminal transmits data to device.
(2) when being communicated using RTS/CTS mechanism, terminal to device sends networking request RTS frames.Device is received After the networking request RTS that terminal sends, by MRP, the response CTS frames for allowing terminal to carry out data transmission are sent.
(3) terminal is received after CTS, the information such as information such as time window, modulation format provided according to CTS, is sent out Frame DATA is sent, the Frame contains information INFO to be sent, centre may contain the sensitive information of protection in need, Authentication information when such as logging in, account information during transaction etc..
(4) because device has the full detail of CTS, device is believed while terminal sends Frame according to related Breath, sends interference signal frame JAM, and in open space the interference superposed signal of JAM+DATA is formed.
(5) device receives the terminal data frame (JAM+DATA) for being superimposed interference signal, because JAM frame signals are by device Send, device can utilize the information such as characteristic, the waveform of known interference signal JAM, eliminate received signal (JAM+DATA) In interference signal JAM, extracting Frame DATA carries out follow-up demodulation, obtains so that information INFO, so that device can To obtain information INFO that terminal sends.
(6) other-end (listener-in), the signal of reception is also the terminal data frame signal (JAM+ for being superimposed interference DATA), but because the signal of these terminal-pairs JAM is unknown, therefore will be unable to from JAM+DATA, obtain DATA, and demodulate Go out INFO information.Referring specifically to Fig. 2.
(7) if terminal adopts basic CSMA/CA patterns, the data of information INFO that contains directly are sent to device Frame DATA, the Frame is by containing the frame head DATA-HEADER of destination address and this frame persistence length information, and has modulated and treat Two sections of compositions of DATA-PAYLOAD of transmission information INFO, DATA-PAYLOAD constitutes Frame behind DATA-HEADER DATA.Device can obtain notebook data frame after the anterior frame head DATA-HEADER for receiving terminal transmission Frame DATA Persistence length, protects if necessary to the further part DATA-PAYLOAD to Frame DATA, then send corresponding length JAM signals, the interference signal will be superimposed with remaining DATA frame signals (DATA-PAYLOAD), into the reception of device Passage, device adopts aforesaid similar approach, eliminates the JAM of laminated thereto, realizes the demodulation of DATA, and obtaining terminal needs transmission Information INFO, and it is digital frame signal DATA-PAYLOAD+ that latter half has been superimposed interference signal that other-end is received JAM, due to the characteristic of unknown added interference signal JAM, will be unable to realize the demodulation to DATA-PAYLOAD, obtain terminal transmission Information INFO.It is concrete as shown in Figure 3.
(8) further, device can select as needed to carry out security protection, specific implementation to certain terminal It is the device release interference signal when the terminal sends data.Device can be when being communicated for different terminals, device Different interference signal is discharged, if terminal need not be protected, need not release interference.
(9) further, the interference of device release can change the characteristic of interference signal according to the needs of protection intensity, It is various including interference signal intensity, interference signal release moment, interference signal spectral range, interference signal distributed wave probability etc. Interference signal characteristic, to realize sending terminal the effective protection of data, it is however generally that the interference signal also should have specific Stochastic behaviour, therefore other-end cannot be eliminated effectively.
(10) further, this method can be used for the radio communication device of single antenna, it is also possible to for the wireless of multiple antennas Communicator.
(11) are further, in above-mentioned end message INFO, can include a time dependent value, and device can Using the value, as the parameter of an encryption, to produce the encryption parameter of change, the data of terminal are sent back to device to be carried out adding It is close, so as to realize device to communication security during terminal transmission data.
In order to implement said method, the communicator by disturbing sending module, interference cancellation module, Frame modulation mould Block, Frame demodulation module, system MAC control module, application layer module composition, wherein interference sending module is according to system MAC The control signal sequential that control module is given, sends interference signal while terminal sends data, and interference cancellation module is responsible for Elimination receives the interference signal in physical layer signal, is sent in corresponding demodulation module and is demodulated, control frame modulation /demodulation Module is responsible for the modulation and demodulation of control frame, and Frame modulation module is responsible for the modulation of various Frames, Frame demodulation module Being responsible for the Frame to eliminating interference carries out further disturbing to eliminate demodulating with earliest signal, system MAC control module It is responsible for carrying out system transmitting-receiving control according to the demodulating information of control frame, application layer module provides the control function on upper strata for device With the data-transmission channel of application data.The system block diagram of the device is as shown in figure 1, the sequential of specific works is as shown in Figure 2.
Beneficial effect
Using the method for the present invention, the device that the present invention has been superimposed on the signal that listener-in receives can be made actively to discharge Interference signal so as to cannot effectively demodulate terminal transmission signal, therefore, the leakage of information is prevented on source, protect Demonstrate,proved the safety of sensitive data, such that it is able to improve WiFi environment under security.
Meanwhile, this method need not be modified to terminal, and existing without installing any software module in terminal WiFi system is completely compatible, can easily apply in the applied environment of need for confidentiality.
6. accompanying drawing and drawing explanation
The system block diagram of Fig. 1 devices
The schematic diagram of the physical layer protection under Fig. 2 RTS/CTS mechanism
Physical layer protection schematic diagram under Fig. 3 CSMA/CA mechanism
7. embodiment
Describe applicant in detail and think to implement this invention best one or several representative instances, listing will with the present invention The relevant data of point and condition, the control accompanying drawing for having accompanying drawing is illustrated.In the case where claim protection is relatively wide, should More for several embodiments.
A kind of embodiment of the present invention is applied in the environment of WiFi, and wherein device is an AP (Access Point) Equipment, eliminates with interference proposed by the invention, disturbs the modules such as generation, is represented with AP below.
After 1.AP starts, start to broadcast the WiFi indication signals of itself, so that terminal is according to the indication signal, send networking Request RTS frames.
2.AP is received after the networking request RTS of terminal, and by MRP, sending allows the response CTS frames of data transfer.
3. terminal is received after CTS, the information provided according to CTS, show that AP allows the time window of terminal upload data Mouthful, Frame DATA is sent, the Frame is generated by Frame modulation module by information INFO to be sent, contained in INFO Need sensitive information to be protected, such as authentication information when logging in, account information during transaction etc..
4.AP while terminal sends Frame DATA, sends dry according to the relevant information of the corresponding CTS of the Frame Signal frame JAM is disturbed, JAM is the pseudo noise of a string of M sequences, in open space the interference superposed signal of JAM+DATA is formed.
5.AP receives the terminal data frame (JAM+DATA) for being superimposed interference signal, because JAM frame signals are also sent by AP, AP by interference cancellation module (JAM+DATA) for receiving, and JAM signal subtractions, namely (JAM+DATA)-JAM= DATA, extracts Frame DATA, is sent to Frame demodulation module, carries out follow-up demodulation, believes also dependent on JAM in demodulation Number characteristic, eliminate remaining interference signal, final demodulation obtains information INFO, so that AP can obtain the letter of terminal transmission Breath INFO.
6. other-end (listener-in), the signal of reception is also the terminal data frame signal (JAM+ for being superimposed interference DATA), but because the signal of these terminal-pairs JAM is unknown, therefore will be unable to from JAM+DATA, obtain DATA, and demodulate Go out INFO information.
7. when AP needs especially to protect certain terminal, as long as selecting the data transmission window of the terminal, enter Row interference release, and if other-end need not be protected, need not release disturb.
8. furthermore, the interference of AP releases can control the intensity for discharging interference according to the distance of terminal distance, to protect The other-end that card is eavesdropped in terminal surrounding also cannot be demodulated to terminal signaling, so as to realize sending number to terminal According to safety of physical layer protection.

Claims (8)

1. under a kind of WiFi environment secure communication method, it is characterised in that include:
Upon actuation, the indication signal of devices broadcasting itself, terminal, using RTS/CTS mechanism, is realized eventually according to the indication signal Hold to device and transmit data.
Terminal to device sends networking request RTS frames.Device is received after the networking request RTS of terminal transmission, by MRP, Send the response CTS frames for allowing terminal to carry out data transmission.
Terminal is received after CTS, the information such as information such as time window, modulation format provided according to CTS, sends Frame DATA, the Frame contains information INFO to be sent, and centre may contain the sensitive information of protection in need, such as log in When authentication information, account information during transaction etc..
Device while terminal sends Frame, send out by time window information of the device in CTS, the information such as modulation format Interference signal frame JAM is sent, in open space the interference superposed signal of JAM+DATA is formed.
Device receives the terminal data frame (JAM+DATA) for being superimposed interference signal, and device is according to known interference signal JAM Characteristic, eliminates interference signal JAM in received signal (JAM+DATA), and extracting Frame DATA carries out follow-up demodulation, Obtain so that information INFO, allows device to obtain information INFO of terminal transmission.
Other-end (listener-in), received signal is also the terminal data frame signal (JAM+DATA) for being superimposed interference, but It is, because the signal of these terminal-pairs JAM is unknown, therefore to will be unable to from JAM+DATA, obtains DATA, and demodulates INFO letters Breath.
By above step, you can under realizing RTS/CTS mechanism, terminal sends the safety of data to device.
2. under a kind of WiFi environment secure communication method, it is characterised in that include:
Upon actuation, the indication signal of devices broadcasting itself, terminal according to the indication signal, using basic CSMA/CA patterns, Realize that terminal transmits data to device.
Terminal directly sends to device and contains the DATA frames of information INFO, the DATA Frames by contain destination address and this The frame head DATA-HEADER of frame persistence length information, and two sections of compositions of DATA-PAYLOAD of information INFO to be transmitted have been modulated, DATA-PAYLOAD constitutes Frame DATA behind DATA-HEADER.
Device can obtain notebook data frame after the anterior frame head DATA-HEADER for receiving terminal transmission Frame DATA Persistence length, protects if necessary to the further part DATA-PAYLOAD to Frame DATA, then send corresponding length JAM signals, the interference signal will be superimposed with remaining DATA frame signals (DATA-PAYLOAD), be formed in open space Interference superposed signal.
Device eliminates the JAM signals of DATA-PAYLOAD laminated theretos according to the JAM characteristics of signals of known superposition, realizes The demodulation of DATA-PAYLOAD, obtaining terminal needs information INFO of transmission.
What other ends were received at end is digital frame signal DATA-PAYLOAD+JAM that latter half has been superimposed interference signal, due to The characteristic of unknown added interference signal JAM, will be unable to realize the demodulation to DATA-PAYLOAD.
By above step, you can under realizing basic CSMA/CA mechanism, terminal sends the safety of data to device.
3. under a kind of WiFi environment according to right 1 and right 2 secure communication method, it is characterised in that:
Device can carry out as needed security protection to terminal, namely when needing terminal to be protected to send data, device is released Put interference signal.If terminal need not be protected, need not release interference.
4. under a kind of WiFi environment according to right 1 and right 2 secure communication method, it is characterised in that:
The interference of device release has stochastic behaviour, such as gaussian random noise, M sequence pseudo noise etc..
5. under a kind of WiFi environment according to right 1 and right 2 secure communication method, it is characterised in that:
Device can be when being communicated for different terminals, and device discharges different interference signal, different interference letters Number characteristic, including interference signal intensity, the interference signal release moment, interference signal spectral range, interference signal distributed wave The various interference signal characteristics such as probability.
6. under a kind of WiFi environment according to right 1 and right 2 secure communication method, it is characterised in that:
In the end message INFO that terminal sends to device, a time dependent value can be included, device can be utilized The value, as the parameter of an encryption, produces the encryption parameter of change, and the data that terminal is sent back to device are encrypted, from And realize device to communication security during terminal transmission data.
7. under a kind of WiFi environment according to right 1 and right 2 secure communication method, it is characterised in that:
Device is the radio communication device of the radio communication device with single antenna, or multiple antennas.
8. under a kind of WiFi environment secure communication device, it is characterised in that:
The communicator is by disturbing sending module, interference cancellation module, Frame modulation module, Frame demodulation module, system MAC control modules, application layer module composition.
The control signal sequential that interference sending module is given according to system MAC control module, sends out while terminal sends data Send interference signal, interference cancellation module to be responsible for eliminating the interference signal received in physical layer signal, be sent to corresponding solution mode transfer It is demodulated in block, control frame modulation /demodulation module is responsible for the modulation and demodulation of control frame, Frame modulation module is responsible for various The modulation of Frame, Frame demodulation module is responsible for carrying out the Frame that eliminates interference further interference and is eliminated and earliest Signal demodulation, system MAC control module be responsible for according to the demodulating information of control frame carry out system transmitting-receiving control, application layer module The control function on upper strata and the data-transmission channel of application data are provided for device.
CN201610080863.3A 2016-02-05 2016-02-05 Method and device for safe communication in WiFi environment Pending CN106686583A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610080863.3A CN106686583A (en) 2016-02-05 2016-02-05 Method and device for safe communication in WiFi environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610080863.3A CN106686583A (en) 2016-02-05 2016-02-05 Method and device for safe communication in WiFi environment

Publications (1)

Publication Number Publication Date
CN106686583A true CN106686583A (en) 2017-05-17

Family

ID=58839135

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610080863.3A Pending CN106686583A (en) 2016-02-05 2016-02-05 Method and device for safe communication in WiFi environment

Country Status (1)

Country Link
CN (1) CN106686583A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107332639A (en) * 2017-06-12 2017-11-07 京信通信系统(中国)有限公司 A kind of realization method and system of private network communication
WO2018227926A1 (en) * 2017-06-12 2018-12-20 京信通信系统(中国)有限公司 Method and system for implementing private network communication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101494522A (en) * 2008-12-30 2009-07-29 清华大学 Method for eliminating wireless signal interference based on network encode
CN102215483A (en) * 2010-04-08 2011-10-12 华为终端有限公司 Method and device for performing negotiation according to Wi-Fi protected setup (WPS) protocol
CN102843687A (en) * 2012-09-18 2012-12-26 惠州Tcl移动通信有限公司 Smartphone portable point safe access system and method
US20130267163A1 (en) * 2012-04-05 2013-10-10 Narendra Anand Communications security in multiple-antenna wireless networks
CN104620524A (en) * 2012-09-11 2015-05-13 英派尔科技开发有限公司 Secured communication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101494522A (en) * 2008-12-30 2009-07-29 清华大学 Method for eliminating wireless signal interference based on network encode
CN102215483A (en) * 2010-04-08 2011-10-12 华为终端有限公司 Method and device for performing negotiation according to Wi-Fi protected setup (WPS) protocol
US20130267163A1 (en) * 2012-04-05 2013-10-10 Narendra Anand Communications security in multiple-antenna wireless networks
CN104620524A (en) * 2012-09-11 2015-05-13 英派尔科技开发有限公司 Secured communication
CN102843687A (en) * 2012-09-18 2012-12-26 惠州Tcl移动通信有限公司 Smartphone portable point safe access system and method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107332639A (en) * 2017-06-12 2017-11-07 京信通信系统(中国)有限公司 A kind of realization method and system of private network communication
WO2018227926A1 (en) * 2017-06-12 2018-12-20 京信通信系统(中国)有限公司 Method and system for implementing private network communication
CN107332639B (en) * 2017-06-12 2020-01-14 京信通信系统(中国)有限公司 Method and system for realizing private network communication

Similar Documents

Publication Publication Date Title
Noura et al. LoRaWAN security survey: Issues, threats and possible mitigation techniques
Barua et al. Security and privacy threats for bluetooth low energy in iot and wearable devices: A comprehensive survey
CN107968774B (en) Information safety protection method for terminal equipment of Internet of vehicles
Kumar et al. A literature review of security threats to wireless networks
CN105100095A (en) Secure interaction method and apparatus for mobile terminal application program
Gupta et al. Security threats of wireless networks: A survey
CN106789909A (en) The network data transmission method of application program, apparatus and system
CN106209883A (en) Based on link selection and the multi-chain circuit transmission method and system of broken restructuring
CN102571719A (en) Invasion detection system and detection method thereof
Plósz et al. Security vulnerabilities and risks in industrial usage of wireless communication
Kail et al. Security survey of dedicated iot networks in the unlicensed ism bands
EP4243468A1 (en) Authentication method and related apparatus
CN106686583A (en) Method and device for safe communication in WiFi environment
Singh et al. Analysis of security issues and their solutions in wireless LAN
KR101725129B1 (en) Apparatus for analyzing vulnerableness of wireless lan
Bodhe et al. Wireless LAN security attacks and CCM protocol with some best practices in deployment of services
Issac et al. The art of war driving and security threats-a Malaysian case study
CN106888186A (en) Mobile terminal payment class application security method of payment and device
Risley et al. Electronic security risks associated with use of wireless, point-to-point communications in the electric power industry
Knight et al. Radio exploitation 101
Srivastava et al. A New Generation of Driver Assistance and Security
Stanco et al. A comprehensive survey on the security of low power wide area networks for the Internet of Things
Hiltunen WLAN attacks and risks
Curran et al. Demonstrating the wired equivalent privacy (WEP) weaknesses inherent in Wi-Fi networks
Soderi et al. Security of Wi-Fi on-board intra-vehicular communication: Field trials of tunnel scenario

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170517

WD01 Invention patent application deemed withdrawn after publication