CN107148017A - Strengthen the method for wlan security based on physical layer key agreement - Google Patents

Strengthen the method for wlan security based on physical layer key agreement Download PDF

Info

Publication number
CN107148017A
CN107148017A CN201710273678.0A CN201710273678A CN107148017A CN 107148017 A CN107148017 A CN 107148017A CN 201710273678 A CN201710273678 A CN 201710273678A CN 107148017 A CN107148017 A CN 107148017A
Authority
CN
China
Prior art keywords
sequence
threshold value
access point
site sta
signal intensity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710273678.0A
Other languages
Chinese (zh)
Other versions
CN107148017B (en
Inventor
陈东
杨超
马建峰
李兴华
宋嘉良
孟献昆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201710273678.0A priority Critical patent/CN107148017B/en
Publication of CN107148017A publication Critical patent/CN107148017A/en
Application granted granted Critical
Publication of CN107148017B publication Critical patent/CN107148017B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of wlan security Enhancement Method based on physical layer key agreement, including encryption in physical layer key agreement, coded communication packet, the step of updating encryption key three phases, first stage encryption in physical layer key agreement is as follows:1st, data link layer collection signal strength values;2nd, signal intensity value sequence is screened;3rd, quantization threshold external signal sequence of intensity;4th, signal intensity sequence in quantization threshold;5th, physical layer key is generated;6th, physical layer key is extended;7th, encryption data bag;8th, timing updates encryption key.The present invention generates physical layer key based on physical layer negotiation, and WLAN identifying procedure and data communication are protected using the key, and timing updates encryption key.WLAN security is enhanced, WLAN potential safety hazard is solved, available for technical fields such as wireless network secures.

Description

Strengthen the method for wlan security based on physical layer key agreement
Technical field
The invention belongs to wireless communication technology field, one in WLAN security technology area is further related to Planting strengthens the method for wlan security based on physical layer key agreement.The present invention is with based on the key of wireless channel physical parameter association Based on business's technology, it is proposed that one kind can be used in WLAN, realize each communication node in WLAN The method of secure communication.
Background technology
How to ensure directly safely and reliably to enter row information biography between each communication node and access point in public WLAN Defeated is an important subject under discussion in wireless network secure field, is also the core missions for solving public wlan security hidden danger instantly One of.Key negotiation technique based on wireless channel physical parameter is realized between two wireless devices independent of conventional cipher Method just can generate the key technology of network security of shared key, can realize for solving communication node in public WLAN Secure communication demand.
The paper " security for strengthening 802.11i using radio physical layer key " that Li Xinghua Buddhist monk's morning sunlight is delivered at it Security in WLAN enhancing technology is proposed in (Journal of Jiangsu University, 2013).This method has main steps that:(1) exist Physical layer key PK is generated between mobile site and access point;(2) using the PK protection data frames and management frame of generation;(3) join With the generation of encryption key, to message encryption in subsequent authentication procedure.The weak point that this method is present is to use Internet Data probe generation physical layer key PK, cipher key match rate is low, and key generating rate is low.The physical layer key PK of generation does not have Update mechanism, for a long time use can increase the risk of leakage.
Patent document " the side of enhancing wireless LAN safety that Koninklijke Philips Electronics N.V applies at it Method " proposes a kind of enhancing nothing in (application number 031249124, date of application 2003.09.19, publication date 2005.03.23) The method of line LAN safety.This method has main steps that:(1) key being stored in ID card is read;(2) according to reading The key arrived and corresponding AES request WAP carry out authentication processing;(3) if authentication success, Access WLAN.Using this method, pressure authentication can be carried out to the wireless terminal that will access WLAN Cause network dangerous to prevent unwarranted wireless terminal from entering network.This method exist weak point be:The party Method is mainly the security of enhancing certification, can not protect the security of communication, and needs to use ID card to deposit in advance Store up a safe key, but existing most of equipment in a wireless local area network and in the absence of such a ID card, this can be big The applicability of big limitation this method.
The content of the invention
It is an object of the invention to overcome above-mentioned the deficiencies in the prior art, propose a kind of based on physical layer key agreement Wlan security Enhancement Method, to protect identifying procedure, it is ensured that the secure communication of each communication node in WLAN, takes precautions against current The potential safety hazard that WLAN is present, strengthens WLAN security.
To achieve the above object, the technical solution adopted by the present invention includes encryption in physical layer key agreement, coded communication number According to bag, encryption key three phases are updated.
First stage:The step of encryption in physical layer key agreement, is as follows:
(1) data link layer collection signal strength values:
(1a) access point AP randomly chooses an integer m as data-bag interacting total degree in the range of 100 to 200, Site STA is sent to, the first interaction times of access point AP are set to 1;
(1b) sends request data package in data link layer, access point AP to site STA, and site STA receives number of request According to the rear to access point AP transmission response data packets of bag, site STA records the signal strength values of wireless channel, and access point AP is connecing By the signal strength values that wireless channel is recorded after response data packet;
(1c) access point AP judges whether current interaction times are equal to total interaction times m, if so, step (1d) is then performed, Otherwise, current interaction times are added 1 by access point AP, perform step (1b);
Access point AP signal strength values are constituted signal intensity sequence by (1d), and the signal strength values of site STA are constituted Signal intensity sequence, performs step (2);
(2) signal intensity value sequence is screened:
(2a) uses threshold value calculation method, respectively calculate access point AP signal intensity value sequences upper threshold value and lower threshold value with And the upper threshold value and lower threshold value of site STA signal intensity value sequence;
(2b) screening access point AP signal intensity value sequence, obtain access point AP threshold value external signal intensity value sequence and Signal intensity value sequence in threshold value, screens the signal intensity value sequence of site STA, obtains the threshold value external signal intensity of site STA Signal intensity value sequence in value sequence and threshold value;
(2c) uses threshold value calculation method, and the upper threshold value of access point AP threshold value external signal intensity value sequences is calculated respectively with The upper threshold value and lower threshold value of signal intensity value sequence in threshold value and access point AP threshold values;
(3) quantization threshold external signal sequence of intensity:
Access point AP first quantization number of times is set to 1 by (3a);
(3b) recorded the current quantisation number of times for meeting following formula access point AP sequence number array:
A [i] < q+And A [i] > q-
Wherein, A represents access point AP signal intensity value sequence, and [] represents the operation of array value, and i represents access point AP's Current quantisation number of times, q+Represent the upper threshold value of access point AP threshold value external signal sequence of intensity, q-Represent access point AP threshold value external signals The lower threshold value of sequence of intensity;
(3c) judges whether access point AP current quantisations number of times is more than the length of access point AP threshold value external signal sequence of intensity Value, if so, performing step (3d), otherwise, adds 1 by access point AP current quantisation number of times, performs step (3b);
Access point AP sequence number array is sent to site STA as the sequence number array of site STA by (3d), by website STA first quantization number of times is set to 1;
(3e) according to the following formula, obtains the sequence number of site STA:
S=B [j]
Wherein, s represents the sequence number of site STA, and B represents the sequence number array of site STA, and [] represents array value behaviour Make, j represents the current quantisation number of times of website site STA;
The sequence number that (3f) will meet the site STA of following formula recorded the ultimate sequence number group of site STA:
C [s] < q+And C [s] > q-
Wherein, C represents the threshold value external signal sequence of intensity of site STA, and s represents the sequence number of site STA, q+Represent access The upper threshold value of point site STA threshold value external signal sequence of intensity, q-Represent the lower threshold value of site STA threshold value external signal sequence of intensity;
(3g) judges whether the current quantisation number of times of site STA is more than the length of site STA threshold value external signal sequence of intensity Value, if so, performing step (3h), otherwise, adds 1 by site STA current quantisation number of times subscript, performs step (3e);
The ultimate sequence number group of site STA is sent to access point AP as access point AP ultimate sequence number by (3h) Group;
(3i) utilizes sequence number conversion method, respectively by access point AP and the ultimate sequence number group and threshold value of site STA External signal intensity value sequence, is converted into access point AP bit sequence and the bit sequence of site STA;
(4) signal intensity sequence in quantization threshold:
(4a) according to the following formula, calculates the signal strength values of access point AP and site STA signal intensity value sequence:
R=Max (X)-Min (X)
Wherein, R represents signal strength range value, and X represents signal intensity value sequence, and Max represents maxima operation, Min tables Show minimum Value Operations;
(4b) according to the following formula, calculates access point AP and the signal intensity value sequence of site STA decile space-number respectively:
Wherein, K such as represents at point space-number,Represent downward floor operation, log2Represent with 2 log operations bottom of for;
First cycle number of times is set to 1 by (4c);
(4d) according to the following formula, calculates access point AP and the signal strength values of site STA respectively:
S=D [p]
Wherein, S represents signal strength values, and D represents signal intensity value sequence in threshold value,pRepresent current cycle time;
(4e) calculates interval numbering where the signal strength values of access point AP and site STA according to the following formula, respectively:
Wherein, N is represented, S represents signal strength values, and K is access point AP interval number;
(4f) is respectively by the signal strength values location of interval numbering and site STA where access point AP signal strength values Between numbering be converted into Gray code;
Access point AP Gray code is stored in access point AP threshold value Nepit sequence by (4g), by the Gray code of site STA It is stored in the threshold value Nepit sequence of site STA;
(4h) judges whether current cycle time is equal to the length value of signal intensity value sequence in access point AP threshold values, if It is the threshold value Nepit sequence for then respectively obtaining access point AP and site STA, performs step (5), otherwise, by previous cycle Number performs step (4d) after Jia 1;
(5) physical layer key is generated:
By bit sequence outside access point AP threshold value and threshold value Nepit sequence assembly into access point AP physical layer key PK, by bit sequence outside the threshold value of site STA and threshold value Nepit sequence assembly into site STA physical layer key PK;
(6) physical layer key is extended:
(6a) utilizes key schedule, and physical layer key PK is expanded to 384bit master key PMK;
(6b) utilizes key schedule, and physical layer key PK is expanded to 256bit group key GK;
Second stage coded communication packet step is as follows:
(7) encryption data bag:
Session key SK as encryption key, using Advanced Encryption Standard AES, is encrypted WLAN management frame datas by (7a) Bag;
Session key SK as encryption key, using Advanced Encryption Standard AES, is encrypted authentication data packet by (7b);
Initiation authentication from (7c) site STA to access point AP;
(7d) uses session key SK as encryption key, using Advanced Encryption Standard AES, encrypts WLAN communication datas Bag;
It is as follows that phase III updates encryption key step:
(8) timing updates encryption key:
Perform first stage encryption in physical layer key agreement within every 30 minutes, regenerate encryption in physical layer key.
The present invention has the following advantages that compared with prior art:
First, because the present invention is by generating physical layer key, physical layer key is extended, encryption data bag protects number According to communication, the security that prior art is mainly enhancing certification is overcome, the deficiency of the security of communication can not be protected so that Present invention lifting communications security.
Second, because the present invention is by data link layer collection signal strength values, overcomes and use network in the prior art The data probe generation physical layer key of layer, cipher key match rate is low, and the low deficiency present invention of key generating rate, which has, improves thing Manage the advantage of layer key generating rate and cipher key match rate.
3rd, because the present invention is by timing renewal encryption key, overcome the physical layer key generated in the prior art PK does not have update mechanism, and use for a long time can increase the risk of leakage so that the present invention, which has, prevents encryption key from revealing excellent Point.
Brief description of the drawings
Fig. 1 is the flow chart of the present invention;
Fig. 2 is link layer data bag form schematic diagram;
Fig. 3 is data-bag interacting schematic diagram;
Fig. 4 is channel strength value sequence collection schematic diagram.
Embodiment
The invention will be further described below in conjunction with the accompanying drawings:
Reference picture 1, the present invention includes encryption in physical layer key agreement, and coded communication packet updates encryption key three Stage, first stage:The step of encryption in physical layer key agreement, is as follows.
Step 1, data link layer collection signal strength values.
1st step, it is always secondary as data-bag interacting that access point AP randomly chooses an integer m in the range of 100 to 200 Number, is sent to site STA, the first interaction times of access point AP is set into 1.
2nd step, in data link layer, access point AP sends request data package to site STA, and site STA receives request The rear of packet sends response data packet to access point AP, and site STA records the signal strength values of wireless channel, and access point AP exists Receive the signal strength values that wireless channel is recorded after response data packet.
3rd step, access point AP judges whether current interaction times are equal to total interaction times m, if so, then performing this step Current interaction times are added 1 by the 4th step, otherwise, access point AP, perform the 2nd step of this step.
Access point AP signal strength values are constituted signal intensity sequence, by the signal strength values group of site STA by the 4th step Into signal intensity sequence.
Data link layer request data package and the form of response data packet below in conjunction with the accompanying drawings in 2 pairs of steps (1b) is carried out Description.
Legacy data link layer Beacon frames are modified, sample is used for using the field of original idle as seq fields This pairing.
Wherein, Frame Control represent frame control field, and Duration represents interval of giving out a contract for a project, and DA represents destination address, SA represents source address, and BSSID represents Basic Service Set, and Sequence Control represent Sequence Control field, Frame Body Frame is represented, seq represents sequence number, and FCS represents that sequence is examined in frame school
The data-bag interacting process in 3 pairs of steps (1b) is described below in conjunction with the accompanying drawings.
Data-bag interacting process has two kinds of situations of normal flow and data-bag lost.
In normal flow, AP sends request request data package to STA, and STA is recorded after request data package is received Signal strength values in packet, and reply response data packet to AP.AP records packet after receiving response data packet In signal strength values.Wherein request is the sequence number of request data package, and ack is the sequence number of response data packet.
Data-bag lost situation is divided into two kinds, if the request data packet loss that AP is sent to STA, and AP is super in timer When after send again.If the signal intensity in the response data packet loss that STA is replied to AP, only STA record datas bag Value.
The signal strength values of the record wireless channel in 4 pairs of steps (1b) are described below in conjunction with the accompanying drawings.
AP and STA opens the handover interface mon0 of wireless network card, and sets filtering rule, is grabbed in application layer using packet The signal intensity SSI Signal fields caught in function library libpcap crawl packets, record data bag are used as signal strength values.
Wherein, radiotap header represent wireless signal head, and ieee802.11data represents 802.11 data words Section, llc represents logic link control, and Upper layer data represent upper layer data, and Ethernet represents Ethernet, Header Version represents head version number, and Header data represent header data, and Header length represent head length, Present flags represent existing mark, and timestamp represents timestamp, and Flags represents mark, and Date Rate represent data Speed, Channel Frequency represent channel frequency, and SSI Signal represent signal strength indicator, and libpcap represents data Bag arrests function library, and mon0 represents No. zero handover interface, and ieee8023_parser represents that 802.3 forms are changed.
Step 2, signal intensity value sequence is screened.
Using threshold value calculation method, upper threshold value and lower threshold value and the station of access point AP signal intensity value sequences are calculated respectively The upper threshold value and lower threshold value of point STA signal intensity value sequences.
The threshold value calculation method is comprised the following steps that:
1st step, according to the following formula, calculates the average of signal intensity value sequence:
Wherein, M represents the average value of signal intensity value sequence, and n represents the length of signal intensity value sequence, and ∑ represents summation Operation, SiRepresent i-th of signal strength values in signal intensity value sequence.
2nd step, according to the following formula, calculates the standard deviation of intensity value sequence:
Wherein, D represents the standard deviation of signal intensity value sequence, and √ represents that evolution is operated.
3rd step, according to the following formula, calculates the upper threshold value and lower threshold value of signal intensity sequence:
q+=M+0.5D
q-=M-0.5D
Wherein, q+And q-The upper threshold value and lower threshold value of signal intensity sequence are represented respectively.
Access point AP signal intensity value sequence is screened, access point AP threshold value external signal intensity value sequence and threshold value is obtained Interior signal intensity value sequence, screens the signal intensity value sequence of site STA, obtains the threshold value external signal intensity level sequence of site STA Signal intensity value sequence in row and threshold value.
The specific steps of described screening process are described as follows.
By each signal intensity sequence in signal intensity sequence and the upper threshold value and lower threshold value of signal intensity value sequence It is compared, if signal strength values are more than upper threshold value or signal strength values are less than lower threshold value, the signal strength values recorded Otherwise the signal strength values recorded signal intensity value sequence in threshold value by threshold value external signal intensity value sequence.
Using threshold value calculation method, the upper threshold value and lower threshold value of access point AP threshold value external signal intensity value sequences are calculated respectively And in access point AP threshold values signal intensity value sequence upper threshold value and lower threshold value.
The threshold value calculation method is comprised the following steps that:
1st step, according to the following formula, calculates the average of signal intensity value sequence:
Wherein, M represents the average value of signal intensity value sequence, and n represents the length of signal intensity value sequence, and ∑ represents summation Operation, SiRepresent i-th of signal strength values in signal intensity value sequence.
2nd step, according to the following formula, calculates the standard deviation of intensity value sequence:
Wherein, D represents the standard deviation of signal intensity value sequence, and √ represents that evolution is operated.
3rd step, according to the following formula, calculates the upper threshold value and lower threshold value of signal intensity sequence:
q+=M+0.5D
q-=M-0.5D
Wherein, q+And q-The upper threshold value and lower threshold value of signal intensity sequence are represented respectively.
Step 3, quantization threshold external signal sequence of intensity.
1st step, 1 is set to by access point AP first quantization number of times.
2nd step, the current quantisation number of times for meeting following formula recorded access point AP sequence number array:
A [i] < q+And A [i] > q-
Wherein, A represents access point AP signal intensity value sequence, and [] represents the operation of array value, and i represents working as access point AP Preceding quantization number of times, q+Represent the upper threshold value of access point AP threshold value external signal sequence of intensity, q-Represent that access point AP threshold value external signals are strong The lower threshold value of degree series.
3rd step, judges whether access point AP current quantisations number of times is more than the length of access point AP threshold value external signal sequence of intensity Angle value, if so, performing the 4th step of this step, otherwise, adds 1 by access point AP current quantisation number of times, performs the 2nd step of this step.
4th step, access point AP sequence number array is sent to site STA as the sequence number array of site STA.Will station Point STA first quantization number of times is set to 1.
1st step, according to the following formula, obtains the sequence number of site STA:
S=B [j]
Wherein, s represents the sequence number of site STA, and B represents the sequence number array of site STA, and [] represents array value behaviour Make, j represents the current quantisation number of times of website site STA.
2nd step, the sequence number that will meet the site STA of following formula recorded the ultimate sequence number group of site STA:
C [s] < q+And C [s] > q-
Wherein, C represents the threshold value external signal sequence of intensity of site STA, and s represents the sequence number of site STA, q+Represent access The upper threshold value of point site STA threshold value external signal sequence of intensity, q-Represent the lower threshold value of site STA threshold value external signal sequence of intensity.
3rd step, judges whether the current quantisation number of times of site STA is more than the length of site STA threshold value external signal sequence of intensity Angle value, if so, performing the 4th step of this step, otherwise, adds 1 by site STA current quantisation number of times subscript, performs the 2nd of this step Step.
4th step, access point AP is sent to as access point AP ultimate sequence number using the ultimate sequence number group of site STA Array.
Using sequence number conversion method, it will believe respectively outside the ultimate sequence number group and threshold value of access point AP and site STA Number intensity value sequence, is converted into access point AP bit sequence and the bit sequence of site STA.
The sequence number conversion method is comprised the following steps that:
First conversion times are set to 1 by the 1st step.
2nd step, using current conversion times as the subscript of sequence number array, takes out sequence number, regard the sequence number as letter The sequence subscript of number intensity value sequence, takes out signal strength values.
3rd step, the signal strength values that will be greater than signal intensity value sequence upper threshold value are deposited into bit sequence with integer 1, its Remaining is stored in bit sequence with integer 0.
4th step, judges whether current conversion times are equal to the length value of sequence number array, if so, obtaining the outer bit of threshold value Otherwise current conversion times, are added 1 by sequence, perform the 2nd step of this step.
Step 4, signal intensity sequence in quantization threshold.
According to the following formula, access point AP and the signal intensity value sequence of site STA signal strength values are calculated:
R=Max (X)-Min (X)
Wherein, R represents signal strength values, and X represents signal intensity value sequence, and Max represents maxima operation, and Min is represented most Small Value Operations.
According to the following formula, access point AP and the signal intensity value sequence of site STA decile space-number are calculated respectively:
Wherein, K such as represents at point space-number,Represent downward floor operation, log2Represent with 2 log operations bottom of for.
1st step, 1 is set to by first cycle number of times.
2nd step, according to the following formula, calculates access point AP and the signal strength values of site STA respectively:
S=D [p]
Wherein, S represents signal strength values, and D represents signal intensity value sequence in threshold value,pRepresent current cycle time.
3rd step, according to the following formula, calculates interval numbering where the signal strength values of access point AP and site STA respectively:
Wherein, N is represented, S represents signal strength values, and K is access point AP interval number;
4th step, respectively by where the signal strength values of interval numbering and site STA where access point AP signal strength values Interval numbering is converted into Gray code.
5th step, access point AP Gray code is stored in access point AP threshold value Nepit sequence, by the Gray of site STA The threshold value Nepit sequence of code deposit site STA.
6th step, judges whether current cycle time is equal to the length value of signal intensity value sequence in access point AP threshold values, if It is the threshold value Nepit sequence for then respectively obtaining access point AP and site STA, step 5 is performed, otherwise, by current cycle time The 2nd step of this step is performed after plus 1.
Step 5, physical layer key is generated.
By bit sequence outside access point AP threshold value and threshold value Nepit sequence assembly into access point AP physical layer key PK, by bit sequence outside the threshold value of site STA and threshold value Nepit sequence assembly into site STA physical layer key PK.
Step 6, physical layer key is extended.
Using key schedule, physical layer key PK is expanded to 384bit master key PMK.Described master key PMK includes 128bit message integrity check code MIC and 128bit key-encrypting key KEK128bit session key SK。
Using key schedule, physical layer key PK is expanded to 256bit group key GK.
Described group key GK includes 128bit group encryption keys GEK and 128bit message integrity check code MIC。
Second stage coded communication packet step is as follows.
Step 7, encryption data bag.
Using session key SK as encryption key, using Advanced Encryption Standard AES, WLAN management frame data bags are encrypted.
Using session key SK as encryption key, using Advanced Encryption Standard AES, authentication data packet is encrypted.
Initiation authentication from site STA to access point AP.
Using session key SK as encryption key, using Advanced Encryption Standard AES, WLAN communication data packets are encrypted.
It is as follows that phase III updates encryption key step.
Step 8, timing updates encryption key.
Perform first stage encryption in physical layer key agreement within every 30 minutes, regenerate encryption in physical layer key.
Above description is only example of the present invention, does not constitute any limitation of the invention, it is clear that for this , all may be without departing substantially from the principle of the invention, the feelings of structure after present invention and principle is understood for the professional in field Under condition, the various modifications and variations in formal and details are carried out, but these modifications and variations based on inventive concept exist Within the claims of the present invention.

Claims (6)

1. a kind of strengthen the method for wlan security, including encryption in physical layer key agreement, encryption based on physical layer key agreement Communication data packet, updates encryption key three phases, first stage:The step of encryption in physical layer key agreement, is as follows:
(1) data link layer collection signal strength values:
(1a) access point AP randomly chooses an integer m as data-bag interacting total degree in the range of 100 to 200, sends To site STA, the first interaction times of access point AP are set to 1;
(1b) sends request data package in data link layer, access point AP to site STA, and site STA receives request data package It is rear send response data packet to access point AP, site STA records the signal strength values of wireless channel, and access point AP receiving The signal strength values of wireless channel are recorded after response data packet;
(1c) access point AP judges whether current interaction times are equal to total interaction times m, if so, step (1d) is then performed, otherwise, Current interaction times are added 1 by access point AP, perform step (1b);
Access point AP signal strength values are constituted signal intensity sequence by (1d), and the signal strength values of site STA are constituted into signal Sequence of intensity, performs step (2);
(2) signal intensity value sequence is screened:
(2a) uses threshold value calculation method, and upper threshold value and lower threshold value and the station of access point AP signal intensity value sequences are calculated respectively The upper threshold value and lower threshold value of point STA signal intensity value sequences;
(2b) screening access point AP signal intensity value sequence, obtains access point AP threshold value external signal intensity value sequence and threshold value Interior signal intensity value sequence, screens the signal intensity value sequence of site STA, obtains the threshold value external signal intensity level sequence of site STA Signal intensity value sequence in row and threshold value;
(2c) uses threshold value calculation method, and the upper threshold value and lower threshold value of access point AP threshold value external signal intensity value sequences are calculated respectively And in access point AP threshold values signal intensity value sequence upper threshold value and lower threshold value;
(3) quantization threshold external signal sequence of intensity:
Access point AP first quantization number of times is set to 1 by (3a);
(3b) recorded the current quantisation number of times for meeting following formula access point AP sequence number array:
A [i] < q+And A [i] > q-
Wherein, A represents access point AP signal intensity value sequence, and [] represents the operation of array value, and i represents that access point AP's is current Quantify number of times, q+Represent the upper threshold value of access point AP threshold value external signal sequence of intensity, q-Represent access point AP threshold value external signal intensity The lower threshold value of sequence;
(3c) judges whether access point AP current quantisations number of times is more than the length value of access point AP threshold value external signal sequence of intensity, if It is to perform step (3d), otherwise, access point AP current quantisation number of times is added 1, performs step (3b);
Access point AP sequence number array is sent to site STA as the sequence number array of site STA by (3d), by site STA First quantization number of times be set to 1;
(3e) according to the following formula, obtains the sequence number of site STA:
S=B [j]
Wherein, s represents the sequence number of site STA, and B represents the sequence number array of site STA, and [] represents the operation of array value, j Represent the current quantisation number of times of website site STA;
The sequence number that (3f) will meet the site STA of following formula recorded the ultimate sequence number group of site STA:
C [s] < q+And C [s] > q-
Wherein, C represents the threshold value external signal sequence of intensity of site STA, and s represents the sequence number of site STA, q+Represent access point station The upper threshold value of point STA threshold value external signal sequence of intensity, q-Represent the lower threshold value of site STA threshold value external signal sequence of intensity;
(3g) judges whether the current quantisation number of times of site STA is more than the length value of site STA threshold value external signal sequence of intensity, if It is to perform step (3h), otherwise, site STA current quantisation number of times subscript is added 1, performs step (3e);
The ultimate sequence number group of site STA is sent to access point AP as access point AP ultimate sequence number group by (3h);
(3i) utilizes sequence number conversion method, will believe respectively outside the ultimate sequence number group and threshold value of access point AP and site STA Number intensity value sequence, is converted into access point AP bit sequence and the bit sequence of site STA;
(4) signal intensity sequence in quantization threshold:
(4a) according to the following formula, calculates the signal strength values of access point AP and site STA signal intensity value sequence:R=Max (X)- Min(X)
Wherein, R represents signal strength values, and X represents signal intensity value sequence, and Max represents maxima operation, and Min represents minimum value Operation;
(4b) according to the following formula, calculates access point AP and the signal intensity value sequence of site STA decile space-number respectively:
Wherein, K such as represents at point space-number,Represent downward floor operation, log2Represent with 2 log operations bottom of for;
First cycle number of times is set to 1 by (4c);
(4d) according to the following formula, calculates access point AP and the signal strength values of site STA respectively:
S=D [p]
Wherein, S represents signal strength values, and D represents signal intensity value sequence in threshold value,pRepresent current cycle time;
(4e) calculates interval numbering where the signal strength values of access point AP and site STA according to the following formula, respectively:
Wherein, N is represented, S represents signal strength values, and K is access point AP interval number;
(4f) is compiled interval where the signal strength values of interval numbering and site STA where access point AP signal strength values respectively Number it is converted into Gray code;
Access point AP Gray code is stored in access point AP threshold value Nepit sequence by (4g), and the Gray code of site STA is stored in The threshold value Nepit sequence of site STA;
(4h) judges whether current cycle time is equal to the length value of signal intensity value sequence in access point AP threshold values, if so, then The threshold value Nepit sequence of access point AP and site STA is respectively obtained, step (5) is performed, otherwise, current cycle time plus 1 Step (4d) is performed afterwards;
(5) physical layer key is generated:
, will by bit sequence outside access point AP threshold value with threshold value Nepit sequence assembly into access point AP physical layer key PK The physical layer key PK of the outer bit sequence of the threshold value of site STA and threshold value Nepit sequence assembly into site STA;
(6) physical layer key is extended:
(6a) utilizes key schedule, and physical layer key PK is expanded to 384bit master key PMK;
(6b) utilizes key schedule, and physical layer key PK is expanded to 256bit group key GK;
Second stage coded communication packet step is as follows:
(7) encryption data bag:
Session key SK as encryption key, using Advanced Encryption Standard AES, is encrypted WLAN management frame data bags by (7a);
Session key SK as encryption key, using Advanced Encryption Standard AES, is encrypted authentication data packet by (7b);
Initiation authentication from (7c) site STA to access point AP;
(7d) uses session key SK as encryption key, using Advanced Encryption Standard AES, encrypts WLAN communication data packets;
It is as follows that phase III updates encryption key step:
(8) timing updates encryption key:
Perform first stage encryption in physical layer key agreement within every 30 minutes, regenerate encryption in physical layer key.
2. according to claim 1 strengthen the method for wlan security based on physical layer key agreement, it is characterised in that:Step Suddenly (2a), threshold value calculation method described in step (2c) are comprised the following steps that:
1st step, according to the following formula, calculates the average of signal intensity value sequence:
<mrow> <mi>M</mi> <mo>=</mo> <mfrac> <mrow> <munderover> <mo>&amp;Sigma;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>n</mi> </munderover> <msub> <mi>S</mi> <mi>i</mi> </msub> </mrow> <mi>n</mi> </mfrac> </mrow>
Wherein, M represents the average value of signal intensity value sequence, and n represents the length of signal intensity value sequence, and ∑ represents summation behaviour Make, SiRepresent i-th of signal strength values in signal intensity value sequence;
2nd step, according to the following formula, calculates the standard deviation of intensity value sequence:
<mrow> <mi>D</mi> <mo>=</mo> <msqrt> <mfrac> <mrow> <munderover> <mi>&amp;Sigma;</mi> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>n</mi> </munderover> <msup> <mrow> <mo>(</mo> <msub> <mi>S</mi> <mi>i</mi> </msub> <mo>-</mo> <mi>M</mi> <mo>)</mo> </mrow> <mn>2</mn> </msup> </mrow> <mi>n</mi> </mfrac> </msqrt> </mrow>
Wherein, D represents the standard deviation of signal intensity value sequence, and √ represents that evolution is operated;
3rd step, according to the following formula, calculates the upper threshold value and lower threshold value of signal intensity sequence:
q+=M+0.5D
q-=M-0.5D
Wherein, q+And q-The upper threshold value and lower threshold value of signal intensity sequence are represented respectively.
3. according to claim 1 strengthen the method for wlan security based on physical layer key agreement, it is characterised in that step Suddenly the signal intensity value sequence of the screening access point AP described in (2b) refers to each signal in signal intensity sequence is strong The upper threshold value and lower threshold value of degree series and signal intensity value sequence are compared, if signal strength values are more than upper threshold value or signal Intensity level is less than lower threshold value, the signal strength values recorded into threshold value external signal intensity value sequence, otherwise, by the signal strength values It recorded signal intensity value sequence in threshold value.
4. according to claim 1 strengthen the method for wlan security based on physical layer key agreement, it is characterised in that step Suddenly sequence number conversion method described in (3i) is comprised the following steps that:
First conversion times are set to 1 by the 1st step;
2nd step, using current conversion times as the subscript of sequence number array, takes out sequence number, and the sequence number is strong as signal The sequence subscript of angle value sequence, takes out signal strength values;
3rd step, the signal strength values that will be greater than signal intensity value sequence upper threshold value are deposited into bit sequence with integer 1, remaining It is stored to integer 0 in bit sequence;
4th step, judges whether current conversion times are equal to the length value of sequence number array, if so, perform the 5th otherwise, will be current Conversion times add 1, perform the 2nd step;
5th step, obtains the outer bit sequence of threshold value.
5. according to claim 1 strengthen the method for wlan security based on physical layer key agreement, it is characterised in that:Step Suddenly the master key PMK described in (6a) includes 128bit message integrity check code MIC, 128bit key-encrypting key KEK, 128bit session key SK.
6. according to claim 1 strengthen the method for wlan security based on physical layer key agreement, it is characterised in that:Step Suddenly the group key GK described in (6b) includes 128bit group encryption keys GEK and 128bit message integrity check code MIC。
CN201710273678.0A 2017-04-25 2017-04-25 Method based on physical layer key agreement enhancing wlan security Active CN107148017B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710273678.0A CN107148017B (en) 2017-04-25 2017-04-25 Method based on physical layer key agreement enhancing wlan security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710273678.0A CN107148017B (en) 2017-04-25 2017-04-25 Method based on physical layer key agreement enhancing wlan security

Publications (2)

Publication Number Publication Date
CN107148017A true CN107148017A (en) 2017-09-08
CN107148017B CN107148017B (en) 2019-07-23

Family

ID=59774581

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710273678.0A Active CN107148017B (en) 2017-04-25 2017-04-25 Method based on physical layer key agreement enhancing wlan security

Country Status (1)

Country Link
CN (1) CN107148017B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109151814A (en) * 2018-08-27 2019-01-04 惠州Tcl移动通信有限公司 Mobile terminal connects WIFI password transmission method, mobile terminal and storage medium
CN111050321A (en) * 2018-10-12 2020-04-21 中兴通讯股份有限公司 Data processing method, device and storage medium
CN113473460A (en) * 2021-06-07 2021-10-01 西安电子科技大学 Wireless physical layer key negotiation method based on error correcting code judgment
WO2023155128A1 (en) * 2022-02-18 2023-08-24 Oppo广东移动通信有限公司 Key generation method, information verification method, and devices

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009260579A (en) * 2008-04-15 2009-11-05 Sony Ericsson Mobilecommunications Japan Inc Mobile communication terminal, information transmission setting system, and information transmission setting method
JP2011049701A (en) * 2009-08-25 2011-03-10 Fujitsu Toshiba Mobile Communications Ltd Mobile terminal apparatus and wireless lan connection method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009260579A (en) * 2008-04-15 2009-11-05 Sony Ericsson Mobilecommunications Japan Inc Mobile communication terminal, information transmission setting system, and information transmission setting method
JP2011049701A (en) * 2009-08-25 2011-03-10 Fujitsu Toshiba Mobile Communications Ltd Mobile terminal apparatus and wireless lan connection method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109151814A (en) * 2018-08-27 2019-01-04 惠州Tcl移动通信有限公司 Mobile terminal connects WIFI password transmission method, mobile terminal and storage medium
CN111050321A (en) * 2018-10-12 2020-04-21 中兴通讯股份有限公司 Data processing method, device and storage medium
CN113473460A (en) * 2021-06-07 2021-10-01 西安电子科技大学 Wireless physical layer key negotiation method based on error correcting code judgment
CN113473460B (en) * 2021-06-07 2022-07-01 西安电子科技大学 Wireless physical layer key negotiation method based on error correcting code judgment
WO2023155128A1 (en) * 2022-02-18 2023-08-24 Oppo广东移动通信有限公司 Key generation method, information verification method, and devices

Also Published As

Publication number Publication date
CN107148017B (en) 2019-07-23

Similar Documents

Publication Publication Date Title
EP1972125B1 (en) Apparatus and method for protection of management frames
CN108966220B (en) A kind of method and the network equipment of secret key deduction
CN103109496B (en) For the method and apparatus of cryptographic communication of management frames utilizing quality-of-service mechanisms in WLAN system
US8122249B2 (en) Method and arrangement for providing a wireless mesh network
CN107148017A (en) Strengthen the method for wlan security based on physical layer key agreement
CN102625300B (en) Generation method and device for key
CN108521875A (en) Method and system for establishing secure communication between long-range UE and relaying UE in device-to-device communication network
CN101523796B (en) Method and system for enhancing cryptographic capabilities of wireless device using broadcasted random noise
CN105915472B (en) Power distribution method in collaborative network based on man made noise
CN107769914A (en) Protect the method and the network equipment of data transmission security
US20210329456A1 (en) Signalling storm mitigation in a secured radio access network
US20180034635A1 (en) GPRS System Key Enhancement Method, SGSN Device, UE, HLR/HSS, and GPRS System
CN101379796A (en) Mobile station and method for fast roaming with integrity protection and source authentication using a common protocol
DE112010002837T5 (en) METHOD AND DEVICE FOR DISTRIBUTING SAFETY KEYS (N)
CN109788474A (en) A kind of method and device of message protection
CN104301098B (en) Opportunistic quantum network coding method
CN109803263A (en) A kind of method and device of safeguard protection
CN105407483A (en) Method for safe aggregation model communication based on public-state key in wireless sensor network
CN104010310B (en) Heterogeneous network uniform authentication method based on safety of physical layer
CN107079030A (en) Privacy during re-authentication of from the radio station to certificate server
EP2648437A1 (en) Method, apparatus and system for key generation
CN103841553A (en) Method for routing security and privacy protection of mixed wireless Mesh network
CN106162631A (en) A kind of methods, devices and systems of secure communication
CN101253747B (en) Method and arrangement for the secure transmission of data in a multi-hop communication system
Yang Study on security of wireless sensor network based on ZigBee standard

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant