CN107148017A - Strengthen the method for wlan security based on physical layer key agreement - Google Patents
Strengthen the method for wlan security based on physical layer key agreement Download PDFInfo
- Publication number
- CN107148017A CN107148017A CN201710273678.0A CN201710273678A CN107148017A CN 107148017 A CN107148017 A CN 107148017A CN 201710273678 A CN201710273678 A CN 201710273678A CN 107148017 A CN107148017 A CN 107148017A
- Authority
- CN
- China
- Prior art keywords
- sequence
- threshold value
- access point
- site sta
- signal intensity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of wlan security Enhancement Method based on physical layer key agreement, including encryption in physical layer key agreement, coded communication packet, the step of updating encryption key three phases, first stage encryption in physical layer key agreement is as follows:1st, data link layer collection signal strength values;2nd, signal intensity value sequence is screened;3rd, quantization threshold external signal sequence of intensity;4th, signal intensity sequence in quantization threshold;5th, physical layer key is generated;6th, physical layer key is extended;7th, encryption data bag;8th, timing updates encryption key.The present invention generates physical layer key based on physical layer negotiation, and WLAN identifying procedure and data communication are protected using the key, and timing updates encryption key.WLAN security is enhanced, WLAN potential safety hazard is solved, available for technical fields such as wireless network secures.
Description
Technical field
The invention belongs to wireless communication technology field, one in WLAN security technology area is further related to
Planting strengthens the method for wlan security based on physical layer key agreement.The present invention is with based on the key of wireless channel physical parameter association
Based on business's technology, it is proposed that one kind can be used in WLAN, realize each communication node in WLAN
The method of secure communication.
Background technology
How to ensure directly safely and reliably to enter row information biography between each communication node and access point in public WLAN
Defeated is an important subject under discussion in wireless network secure field, is also the core missions for solving public wlan security hidden danger instantly
One of.Key negotiation technique based on wireless channel physical parameter is realized between two wireless devices independent of conventional cipher
Method just can generate the key technology of network security of shared key, can realize for solving communication node in public WLAN
Secure communication demand.
The paper " security for strengthening 802.11i using radio physical layer key " that Li Xinghua Buddhist monk's morning sunlight is delivered at it
Security in WLAN enhancing technology is proposed in (Journal of Jiangsu University, 2013).This method has main steps that:(1) exist
Physical layer key PK is generated between mobile site and access point;(2) using the PK protection data frames and management frame of generation;(3) join
With the generation of encryption key, to message encryption in subsequent authentication procedure.The weak point that this method is present is to use Internet
Data probe generation physical layer key PK, cipher key match rate is low, and key generating rate is low.The physical layer key PK of generation does not have
Update mechanism, for a long time use can increase the risk of leakage.
Patent document " the side of enhancing wireless LAN safety that Koninklijke Philips Electronics N.V applies at it
Method " proposes a kind of enhancing nothing in (application number 031249124, date of application 2003.09.19, publication date 2005.03.23)
The method of line LAN safety.This method has main steps that:(1) key being stored in ID card is read;(2) according to reading
The key arrived and corresponding AES request WAP carry out authentication processing;(3) if authentication success,
Access WLAN.Using this method, pressure authentication can be carried out to the wireless terminal that will access WLAN
Cause network dangerous to prevent unwarranted wireless terminal from entering network.This method exist weak point be:The party
Method is mainly the security of enhancing certification, can not protect the security of communication, and needs to use ID card to deposit in advance
Store up a safe key, but existing most of equipment in a wireless local area network and in the absence of such a ID card, this can be big
The applicability of big limitation this method.
The content of the invention
It is an object of the invention to overcome above-mentioned the deficiencies in the prior art, propose a kind of based on physical layer key agreement
Wlan security Enhancement Method, to protect identifying procedure, it is ensured that the secure communication of each communication node in WLAN, takes precautions against current
The potential safety hazard that WLAN is present, strengthens WLAN security.
To achieve the above object, the technical solution adopted by the present invention includes encryption in physical layer key agreement, coded communication number
According to bag, encryption key three phases are updated.
First stage:The step of encryption in physical layer key agreement, is as follows:
(1) data link layer collection signal strength values:
(1a) access point AP randomly chooses an integer m as data-bag interacting total degree in the range of 100 to 200,
Site STA is sent to, the first interaction times of access point AP are set to 1;
(1b) sends request data package in data link layer, access point AP to site STA, and site STA receives number of request
According to the rear to access point AP transmission response data packets of bag, site STA records the signal strength values of wireless channel, and access point AP is connecing
By the signal strength values that wireless channel is recorded after response data packet;
(1c) access point AP judges whether current interaction times are equal to total interaction times m, if so, step (1d) is then performed,
Otherwise, current interaction times are added 1 by access point AP, perform step (1b);
Access point AP signal strength values are constituted signal intensity sequence by (1d), and the signal strength values of site STA are constituted
Signal intensity sequence, performs step (2);
(2) signal intensity value sequence is screened:
(2a) uses threshold value calculation method, respectively calculate access point AP signal intensity value sequences upper threshold value and lower threshold value with
And the upper threshold value and lower threshold value of site STA signal intensity value sequence;
(2b) screening access point AP signal intensity value sequence, obtain access point AP threshold value external signal intensity value sequence and
Signal intensity value sequence in threshold value, screens the signal intensity value sequence of site STA, obtains the threshold value external signal intensity of site STA
Signal intensity value sequence in value sequence and threshold value;
(2c) uses threshold value calculation method, and the upper threshold value of access point AP threshold value external signal intensity value sequences is calculated respectively with
The upper threshold value and lower threshold value of signal intensity value sequence in threshold value and access point AP threshold values;
(3) quantization threshold external signal sequence of intensity:
Access point AP first quantization number of times is set to 1 by (3a);
(3b) recorded the current quantisation number of times for meeting following formula access point AP sequence number array:
A [i] < q+And A [i] > q-
Wherein, A represents access point AP signal intensity value sequence, and [] represents the operation of array value, and i represents access point AP's
Current quantisation number of times, q+Represent the upper threshold value of access point AP threshold value external signal sequence of intensity, q-Represent access point AP threshold value external signals
The lower threshold value of sequence of intensity;
(3c) judges whether access point AP current quantisations number of times is more than the length of access point AP threshold value external signal sequence of intensity
Value, if so, performing step (3d), otherwise, adds 1 by access point AP current quantisation number of times, performs step (3b);
Access point AP sequence number array is sent to site STA as the sequence number array of site STA by (3d), by website
STA first quantization number of times is set to 1;
(3e) according to the following formula, obtains the sequence number of site STA:
S=B [j]
Wherein, s represents the sequence number of site STA, and B represents the sequence number array of site STA, and [] represents array value behaviour
Make, j represents the current quantisation number of times of website site STA;
The sequence number that (3f) will meet the site STA of following formula recorded the ultimate sequence number group of site STA:
C [s] < q+And C [s] > q-
Wherein, C represents the threshold value external signal sequence of intensity of site STA, and s represents the sequence number of site STA, q+Represent access
The upper threshold value of point site STA threshold value external signal sequence of intensity, q-Represent the lower threshold value of site STA threshold value external signal sequence of intensity;
(3g) judges whether the current quantisation number of times of site STA is more than the length of site STA threshold value external signal sequence of intensity
Value, if so, performing step (3h), otherwise, adds 1 by site STA current quantisation number of times subscript, performs step (3e);
The ultimate sequence number group of site STA is sent to access point AP as access point AP ultimate sequence number by (3h)
Group;
(3i) utilizes sequence number conversion method, respectively by access point AP and the ultimate sequence number group and threshold value of site STA
External signal intensity value sequence, is converted into access point AP bit sequence and the bit sequence of site STA;
(4) signal intensity sequence in quantization threshold:
(4a) according to the following formula, calculates the signal strength values of access point AP and site STA signal intensity value sequence:
R=Max (X)-Min (X)
Wherein, R represents signal strength range value, and X represents signal intensity value sequence, and Max represents maxima operation, Min tables
Show minimum Value Operations;
(4b) according to the following formula, calculates access point AP and the signal intensity value sequence of site STA decile space-number respectively:
Wherein, K such as represents at point space-number,Represent downward floor operation, log2Represent with 2 log operations bottom of for;
First cycle number of times is set to 1 by (4c);
(4d) according to the following formula, calculates access point AP and the signal strength values of site STA respectively:
S=D [p]
Wherein, S represents signal strength values, and D represents signal intensity value sequence in threshold value,pRepresent current cycle time;
(4e) calculates interval numbering where the signal strength values of access point AP and site STA according to the following formula, respectively:
Wherein, N is represented, S represents signal strength values, and K is access point AP interval number;
(4f) is respectively by the signal strength values location of interval numbering and site STA where access point AP signal strength values
Between numbering be converted into Gray code;
Access point AP Gray code is stored in access point AP threshold value Nepit sequence by (4g), by the Gray code of site STA
It is stored in the threshold value Nepit sequence of site STA;
(4h) judges whether current cycle time is equal to the length value of signal intensity value sequence in access point AP threshold values, if
It is the threshold value Nepit sequence for then respectively obtaining access point AP and site STA, performs step (5), otherwise, by previous cycle
Number performs step (4d) after Jia 1;
(5) physical layer key is generated:
By bit sequence outside access point AP threshold value and threshold value Nepit sequence assembly into access point AP physical layer key
PK, by bit sequence outside the threshold value of site STA and threshold value Nepit sequence assembly into site STA physical layer key PK;
(6) physical layer key is extended:
(6a) utilizes key schedule, and physical layer key PK is expanded to 384bit master key PMK;
(6b) utilizes key schedule, and physical layer key PK is expanded to 256bit group key GK;
Second stage coded communication packet step is as follows:
(7) encryption data bag:
Session key SK as encryption key, using Advanced Encryption Standard AES, is encrypted WLAN management frame datas by (7a)
Bag;
Session key SK as encryption key, using Advanced Encryption Standard AES, is encrypted authentication data packet by (7b);
Initiation authentication from (7c) site STA to access point AP;
(7d) uses session key SK as encryption key, using Advanced Encryption Standard AES, encrypts WLAN communication datas
Bag;
It is as follows that phase III updates encryption key step:
(8) timing updates encryption key:
Perform first stage encryption in physical layer key agreement within every 30 minutes, regenerate encryption in physical layer key.
The present invention has the following advantages that compared with prior art:
First, because the present invention is by generating physical layer key, physical layer key is extended, encryption data bag protects number
According to communication, the security that prior art is mainly enhancing certification is overcome, the deficiency of the security of communication can not be protected so that
Present invention lifting communications security.
Second, because the present invention is by data link layer collection signal strength values, overcomes and use network in the prior art
The data probe generation physical layer key of layer, cipher key match rate is low, and the low deficiency present invention of key generating rate, which has, improves thing
Manage the advantage of layer key generating rate and cipher key match rate.
3rd, because the present invention is by timing renewal encryption key, overcome the physical layer key generated in the prior art
PK does not have update mechanism, and use for a long time can increase the risk of leakage so that the present invention, which has, prevents encryption key from revealing excellent
Point.
Brief description of the drawings
Fig. 1 is the flow chart of the present invention;
Fig. 2 is link layer data bag form schematic diagram;
Fig. 3 is data-bag interacting schematic diagram;
Fig. 4 is channel strength value sequence collection schematic diagram.
Embodiment
The invention will be further described below in conjunction with the accompanying drawings:
Reference picture 1, the present invention includes encryption in physical layer key agreement, and coded communication packet updates encryption key three
Stage, first stage:The step of encryption in physical layer key agreement, is as follows.
Step 1, data link layer collection signal strength values.
1st step, it is always secondary as data-bag interacting that access point AP randomly chooses an integer m in the range of 100 to 200
Number, is sent to site STA, the first interaction times of access point AP is set into 1.
2nd step, in data link layer, access point AP sends request data package to site STA, and site STA receives request
The rear of packet sends response data packet to access point AP, and site STA records the signal strength values of wireless channel, and access point AP exists
Receive the signal strength values that wireless channel is recorded after response data packet.
3rd step, access point AP judges whether current interaction times are equal to total interaction times m, if so, then performing this step
Current interaction times are added 1 by the 4th step, otherwise, access point AP, perform the 2nd step of this step.
Access point AP signal strength values are constituted signal intensity sequence, by the signal strength values group of site STA by the 4th step
Into signal intensity sequence.
Data link layer request data package and the form of response data packet below in conjunction with the accompanying drawings in 2 pairs of steps (1b) is carried out
Description.
Legacy data link layer Beacon frames are modified, sample is used for using the field of original idle as seq fields
This pairing.
Wherein, Frame Control represent frame control field, and Duration represents interval of giving out a contract for a project, and DA represents destination address,
SA represents source address, and BSSID represents Basic Service Set, and Sequence Control represent Sequence Control field, Frame Body
Frame is represented, seq represents sequence number, and FCS represents that sequence is examined in frame school
The data-bag interacting process in 3 pairs of steps (1b) is described below in conjunction with the accompanying drawings.
Data-bag interacting process has two kinds of situations of normal flow and data-bag lost.
In normal flow, AP sends request request data package to STA, and STA is recorded after request data package is received
Signal strength values in packet, and reply response data packet to AP.AP records packet after receiving response data packet
In signal strength values.Wherein request is the sequence number of request data package, and ack is the sequence number of response data packet.
Data-bag lost situation is divided into two kinds, if the request data packet loss that AP is sent to STA, and AP is super in timer
When after send again.If the signal intensity in the response data packet loss that STA is replied to AP, only STA record datas bag
Value.
The signal strength values of the record wireless channel in 4 pairs of steps (1b) are described below in conjunction with the accompanying drawings.
AP and STA opens the handover interface mon0 of wireless network card, and sets filtering rule, is grabbed in application layer using packet
The signal intensity SSI Signal fields caught in function library libpcap crawl packets, record data bag are used as signal strength values.
Wherein, radiotap header represent wireless signal head, and ieee802.11data represents 802.11 data words
Section, llc represents logic link control, and Upper layer data represent upper layer data, and Ethernet represents Ethernet, Header
Version represents head version number, and Header data represent header data, and Header length represent head length,
Present flags represent existing mark, and timestamp represents timestamp, and Flags represents mark, and Date Rate represent data
Speed, Channel Frequency represent channel frequency, and SSI Signal represent signal strength indicator, and libpcap represents data
Bag arrests function library, and mon0 represents No. zero handover interface, and ieee8023_parser represents that 802.3 forms are changed.
Step 2, signal intensity value sequence is screened.
Using threshold value calculation method, upper threshold value and lower threshold value and the station of access point AP signal intensity value sequences are calculated respectively
The upper threshold value and lower threshold value of point STA signal intensity value sequences.
The threshold value calculation method is comprised the following steps that:
1st step, according to the following formula, calculates the average of signal intensity value sequence:
Wherein, M represents the average value of signal intensity value sequence, and n represents the length of signal intensity value sequence, and ∑ represents summation
Operation, SiRepresent i-th of signal strength values in signal intensity value sequence.
2nd step, according to the following formula, calculates the standard deviation of intensity value sequence:
Wherein, D represents the standard deviation of signal intensity value sequence, and √ represents that evolution is operated.
3rd step, according to the following formula, calculates the upper threshold value and lower threshold value of signal intensity sequence:
q+=M+0.5D
q-=M-0.5D
Wherein, q+And q-The upper threshold value and lower threshold value of signal intensity sequence are represented respectively.
Access point AP signal intensity value sequence is screened, access point AP threshold value external signal intensity value sequence and threshold value is obtained
Interior signal intensity value sequence, screens the signal intensity value sequence of site STA, obtains the threshold value external signal intensity level sequence of site STA
Signal intensity value sequence in row and threshold value.
The specific steps of described screening process are described as follows.
By each signal intensity sequence in signal intensity sequence and the upper threshold value and lower threshold value of signal intensity value sequence
It is compared, if signal strength values are more than upper threshold value or signal strength values are less than lower threshold value, the signal strength values recorded
Otherwise the signal strength values recorded signal intensity value sequence in threshold value by threshold value external signal intensity value sequence.
Using threshold value calculation method, the upper threshold value and lower threshold value of access point AP threshold value external signal intensity value sequences are calculated respectively
And in access point AP threshold values signal intensity value sequence upper threshold value and lower threshold value.
The threshold value calculation method is comprised the following steps that:
1st step, according to the following formula, calculates the average of signal intensity value sequence:
Wherein, M represents the average value of signal intensity value sequence, and n represents the length of signal intensity value sequence, and ∑ represents summation
Operation, SiRepresent i-th of signal strength values in signal intensity value sequence.
2nd step, according to the following formula, calculates the standard deviation of intensity value sequence:
Wherein, D represents the standard deviation of signal intensity value sequence, and √ represents that evolution is operated.
3rd step, according to the following formula, calculates the upper threshold value and lower threshold value of signal intensity sequence:
q+=M+0.5D
q-=M-0.5D
Wherein, q+And q-The upper threshold value and lower threshold value of signal intensity sequence are represented respectively.
Step 3, quantization threshold external signal sequence of intensity.
1st step, 1 is set to by access point AP first quantization number of times.
2nd step, the current quantisation number of times for meeting following formula recorded access point AP sequence number array:
A [i] < q+And A [i] > q-
Wherein, A represents access point AP signal intensity value sequence, and [] represents the operation of array value, and i represents working as access point AP
Preceding quantization number of times, q+Represent the upper threshold value of access point AP threshold value external signal sequence of intensity, q-Represent that access point AP threshold value external signals are strong
The lower threshold value of degree series.
3rd step, judges whether access point AP current quantisations number of times is more than the length of access point AP threshold value external signal sequence of intensity
Angle value, if so, performing the 4th step of this step, otherwise, adds 1 by access point AP current quantisation number of times, performs the 2nd step of this step.
4th step, access point AP sequence number array is sent to site STA as the sequence number array of site STA.Will station
Point STA first quantization number of times is set to 1.
1st step, according to the following formula, obtains the sequence number of site STA:
S=B [j]
Wherein, s represents the sequence number of site STA, and B represents the sequence number array of site STA, and [] represents array value behaviour
Make, j represents the current quantisation number of times of website site STA.
2nd step, the sequence number that will meet the site STA of following formula recorded the ultimate sequence number group of site STA:
C [s] < q+And C [s] > q-
Wherein, C represents the threshold value external signal sequence of intensity of site STA, and s represents the sequence number of site STA, q+Represent access
The upper threshold value of point site STA threshold value external signal sequence of intensity, q-Represent the lower threshold value of site STA threshold value external signal sequence of intensity.
3rd step, judges whether the current quantisation number of times of site STA is more than the length of site STA threshold value external signal sequence of intensity
Angle value, if so, performing the 4th step of this step, otherwise, adds 1 by site STA current quantisation number of times subscript, performs the 2nd of this step
Step.
4th step, access point AP is sent to as access point AP ultimate sequence number using the ultimate sequence number group of site STA
Array.
Using sequence number conversion method, it will believe respectively outside the ultimate sequence number group and threshold value of access point AP and site STA
Number intensity value sequence, is converted into access point AP bit sequence and the bit sequence of site STA.
The sequence number conversion method is comprised the following steps that:
First conversion times are set to 1 by the 1st step.
2nd step, using current conversion times as the subscript of sequence number array, takes out sequence number, regard the sequence number as letter
The sequence subscript of number intensity value sequence, takes out signal strength values.
3rd step, the signal strength values that will be greater than signal intensity value sequence upper threshold value are deposited into bit sequence with integer 1, its
Remaining is stored in bit sequence with integer 0.
4th step, judges whether current conversion times are equal to the length value of sequence number array, if so, obtaining the outer bit of threshold value
Otherwise current conversion times, are added 1 by sequence, perform the 2nd step of this step.
Step 4, signal intensity sequence in quantization threshold.
According to the following formula, access point AP and the signal intensity value sequence of site STA signal strength values are calculated:
R=Max (X)-Min (X)
Wherein, R represents signal strength values, and X represents signal intensity value sequence, and Max represents maxima operation, and Min is represented most
Small Value Operations.
According to the following formula, access point AP and the signal intensity value sequence of site STA decile space-number are calculated respectively:
Wherein, K such as represents at point space-number,Represent downward floor operation, log2Represent with 2 log operations bottom of for.
1st step, 1 is set to by first cycle number of times.
2nd step, according to the following formula, calculates access point AP and the signal strength values of site STA respectively:
S=D [p]
Wherein, S represents signal strength values, and D represents signal intensity value sequence in threshold value,pRepresent current cycle time.
3rd step, according to the following formula, calculates interval numbering where the signal strength values of access point AP and site STA respectively:
Wherein, N is represented, S represents signal strength values, and K is access point AP interval number;
4th step, respectively by where the signal strength values of interval numbering and site STA where access point AP signal strength values
Interval numbering is converted into Gray code.
5th step, access point AP Gray code is stored in access point AP threshold value Nepit sequence, by the Gray of site STA
The threshold value Nepit sequence of code deposit site STA.
6th step, judges whether current cycle time is equal to the length value of signal intensity value sequence in access point AP threshold values, if
It is the threshold value Nepit sequence for then respectively obtaining access point AP and site STA, step 5 is performed, otherwise, by current cycle time
The 2nd step of this step is performed after plus 1.
Step 5, physical layer key is generated.
By bit sequence outside access point AP threshold value and threshold value Nepit sequence assembly into access point AP physical layer key
PK, by bit sequence outside the threshold value of site STA and threshold value Nepit sequence assembly into site STA physical layer key PK.
Step 6, physical layer key is extended.
Using key schedule, physical layer key PK is expanded to 384bit master key PMK.Described master key
PMK includes 128bit message integrity check code MIC and 128bit key-encrypting key KEK128bit session key
SK。
Using key schedule, physical layer key PK is expanded to 256bit group key GK.
Described group key GK includes 128bit group encryption keys GEK and 128bit message integrity check code
MIC。
Second stage coded communication packet step is as follows.
Step 7, encryption data bag.
Using session key SK as encryption key, using Advanced Encryption Standard AES, WLAN management frame data bags are encrypted.
Using session key SK as encryption key, using Advanced Encryption Standard AES, authentication data packet is encrypted.
Initiation authentication from site STA to access point AP.
Using session key SK as encryption key, using Advanced Encryption Standard AES, WLAN communication data packets are encrypted.
It is as follows that phase III updates encryption key step.
Step 8, timing updates encryption key.
Perform first stage encryption in physical layer key agreement within every 30 minutes, regenerate encryption in physical layer key.
Above description is only example of the present invention, does not constitute any limitation of the invention, it is clear that for this
, all may be without departing substantially from the principle of the invention, the feelings of structure after present invention and principle is understood for the professional in field
Under condition, the various modifications and variations in formal and details are carried out, but these modifications and variations based on inventive concept exist
Within the claims of the present invention.
Claims (6)
1. a kind of strengthen the method for wlan security, including encryption in physical layer key agreement, encryption based on physical layer key agreement
Communication data packet, updates encryption key three phases, first stage:The step of encryption in physical layer key agreement, is as follows:
(1) data link layer collection signal strength values:
(1a) access point AP randomly chooses an integer m as data-bag interacting total degree in the range of 100 to 200, sends
To site STA, the first interaction times of access point AP are set to 1;
(1b) sends request data package in data link layer, access point AP to site STA, and site STA receives request data package
It is rear send response data packet to access point AP, site STA records the signal strength values of wireless channel, and access point AP receiving
The signal strength values of wireless channel are recorded after response data packet;
(1c) access point AP judges whether current interaction times are equal to total interaction times m, if so, step (1d) is then performed, otherwise,
Current interaction times are added 1 by access point AP, perform step (1b);
Access point AP signal strength values are constituted signal intensity sequence by (1d), and the signal strength values of site STA are constituted into signal
Sequence of intensity, performs step (2);
(2) signal intensity value sequence is screened:
(2a) uses threshold value calculation method, and upper threshold value and lower threshold value and the station of access point AP signal intensity value sequences are calculated respectively
The upper threshold value and lower threshold value of point STA signal intensity value sequences;
(2b) screening access point AP signal intensity value sequence, obtains access point AP threshold value external signal intensity value sequence and threshold value
Interior signal intensity value sequence, screens the signal intensity value sequence of site STA, obtains the threshold value external signal intensity level sequence of site STA
Signal intensity value sequence in row and threshold value;
(2c) uses threshold value calculation method, and the upper threshold value and lower threshold value of access point AP threshold value external signal intensity value sequences are calculated respectively
And in access point AP threshold values signal intensity value sequence upper threshold value and lower threshold value;
(3) quantization threshold external signal sequence of intensity:
Access point AP first quantization number of times is set to 1 by (3a);
(3b) recorded the current quantisation number of times for meeting following formula access point AP sequence number array:
A [i] < q+And A [i] > q-
Wherein, A represents access point AP signal intensity value sequence, and [] represents the operation of array value, and i represents that access point AP's is current
Quantify number of times, q+Represent the upper threshold value of access point AP threshold value external signal sequence of intensity, q-Represent access point AP threshold value external signal intensity
The lower threshold value of sequence;
(3c) judges whether access point AP current quantisations number of times is more than the length value of access point AP threshold value external signal sequence of intensity, if
It is to perform step (3d), otherwise, access point AP current quantisation number of times is added 1, performs step (3b);
Access point AP sequence number array is sent to site STA as the sequence number array of site STA by (3d), by site STA
First quantization number of times be set to 1;
(3e) according to the following formula, obtains the sequence number of site STA:
S=B [j]
Wherein, s represents the sequence number of site STA, and B represents the sequence number array of site STA, and [] represents the operation of array value, j
Represent the current quantisation number of times of website site STA;
The sequence number that (3f) will meet the site STA of following formula recorded the ultimate sequence number group of site STA:
C [s] < q+And C [s] > q-
Wherein, C represents the threshold value external signal sequence of intensity of site STA, and s represents the sequence number of site STA, q+Represent access point station
The upper threshold value of point STA threshold value external signal sequence of intensity, q-Represent the lower threshold value of site STA threshold value external signal sequence of intensity;
(3g) judges whether the current quantisation number of times of site STA is more than the length value of site STA threshold value external signal sequence of intensity, if
It is to perform step (3h), otherwise, site STA current quantisation number of times subscript is added 1, performs step (3e);
The ultimate sequence number group of site STA is sent to access point AP as access point AP ultimate sequence number group by (3h);
(3i) utilizes sequence number conversion method, will believe respectively outside the ultimate sequence number group and threshold value of access point AP and site STA
Number intensity value sequence, is converted into access point AP bit sequence and the bit sequence of site STA;
(4) signal intensity sequence in quantization threshold:
(4a) according to the following formula, calculates the signal strength values of access point AP and site STA signal intensity value sequence:R=Max (X)-
Min(X)
Wherein, R represents signal strength values, and X represents signal intensity value sequence, and Max represents maxima operation, and Min represents minimum value
Operation;
(4b) according to the following formula, calculates access point AP and the signal intensity value sequence of site STA decile space-number respectively:
Wherein, K such as represents at point space-number,Represent downward floor operation, log2Represent with 2 log operations bottom of for;
First cycle number of times is set to 1 by (4c);
(4d) according to the following formula, calculates access point AP and the signal strength values of site STA respectively:
S=D [p]
Wherein, S represents signal strength values, and D represents signal intensity value sequence in threshold value,pRepresent current cycle time;
(4e) calculates interval numbering where the signal strength values of access point AP and site STA according to the following formula, respectively:
Wherein, N is represented, S represents signal strength values, and K is access point AP interval number;
(4f) is compiled interval where the signal strength values of interval numbering and site STA where access point AP signal strength values respectively
Number it is converted into Gray code;
Access point AP Gray code is stored in access point AP threshold value Nepit sequence by (4g), and the Gray code of site STA is stored in
The threshold value Nepit sequence of site STA;
(4h) judges whether current cycle time is equal to the length value of signal intensity value sequence in access point AP threshold values, if so, then
The threshold value Nepit sequence of access point AP and site STA is respectively obtained, step (5) is performed, otherwise, current cycle time plus 1
Step (4d) is performed afterwards;
(5) physical layer key is generated:
, will by bit sequence outside access point AP threshold value with threshold value Nepit sequence assembly into access point AP physical layer key PK
The physical layer key PK of the outer bit sequence of the threshold value of site STA and threshold value Nepit sequence assembly into site STA;
(6) physical layer key is extended:
(6a) utilizes key schedule, and physical layer key PK is expanded to 384bit master key PMK;
(6b) utilizes key schedule, and physical layer key PK is expanded to 256bit group key GK;
Second stage coded communication packet step is as follows:
(7) encryption data bag:
Session key SK as encryption key, using Advanced Encryption Standard AES, is encrypted WLAN management frame data bags by (7a);
Session key SK as encryption key, using Advanced Encryption Standard AES, is encrypted authentication data packet by (7b);
Initiation authentication from (7c) site STA to access point AP;
(7d) uses session key SK as encryption key, using Advanced Encryption Standard AES, encrypts WLAN communication data packets;
It is as follows that phase III updates encryption key step:
(8) timing updates encryption key:
Perform first stage encryption in physical layer key agreement within every 30 minutes, regenerate encryption in physical layer key.
2. according to claim 1 strengthen the method for wlan security based on physical layer key agreement, it is characterised in that:Step
Suddenly (2a), threshold value calculation method described in step (2c) are comprised the following steps that:
1st step, according to the following formula, calculates the average of signal intensity value sequence:
<mrow>
<mi>M</mi>
<mo>=</mo>
<mfrac>
<mrow>
<munderover>
<mo>&Sigma;</mo>
<mrow>
<mi>i</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>n</mi>
</munderover>
<msub>
<mi>S</mi>
<mi>i</mi>
</msub>
</mrow>
<mi>n</mi>
</mfrac>
</mrow>
Wherein, M represents the average value of signal intensity value sequence, and n represents the length of signal intensity value sequence, and ∑ represents summation behaviour
Make, SiRepresent i-th of signal strength values in signal intensity value sequence;
2nd step, according to the following formula, calculates the standard deviation of intensity value sequence:
<mrow>
<mi>D</mi>
<mo>=</mo>
<msqrt>
<mfrac>
<mrow>
<munderover>
<mi>&Sigma;</mi>
<mrow>
<mi>i</mi>
<mo>=</mo>
<mn>1</mn>
</mrow>
<mi>n</mi>
</munderover>
<msup>
<mrow>
<mo>(</mo>
<msub>
<mi>S</mi>
<mi>i</mi>
</msub>
<mo>-</mo>
<mi>M</mi>
<mo>)</mo>
</mrow>
<mn>2</mn>
</msup>
</mrow>
<mi>n</mi>
</mfrac>
</msqrt>
</mrow>
Wherein, D represents the standard deviation of signal intensity value sequence, and √ represents that evolution is operated;
3rd step, according to the following formula, calculates the upper threshold value and lower threshold value of signal intensity sequence:
q+=M+0.5D
q-=M-0.5D
Wherein, q+And q-The upper threshold value and lower threshold value of signal intensity sequence are represented respectively.
3. according to claim 1 strengthen the method for wlan security based on physical layer key agreement, it is characterised in that step
Suddenly the signal intensity value sequence of the screening access point AP described in (2b) refers to each signal in signal intensity sequence is strong
The upper threshold value and lower threshold value of degree series and signal intensity value sequence are compared, if signal strength values are more than upper threshold value or signal
Intensity level is less than lower threshold value, the signal strength values recorded into threshold value external signal intensity value sequence, otherwise, by the signal strength values
It recorded signal intensity value sequence in threshold value.
4. according to claim 1 strengthen the method for wlan security based on physical layer key agreement, it is characterised in that step
Suddenly sequence number conversion method described in (3i) is comprised the following steps that:
First conversion times are set to 1 by the 1st step;
2nd step, using current conversion times as the subscript of sequence number array, takes out sequence number, and the sequence number is strong as signal
The sequence subscript of angle value sequence, takes out signal strength values;
3rd step, the signal strength values that will be greater than signal intensity value sequence upper threshold value are deposited into bit sequence with integer 1, remaining
It is stored to integer 0 in bit sequence;
4th step, judges whether current conversion times are equal to the length value of sequence number array, if so, perform the 5th otherwise, will be current
Conversion times add 1, perform the 2nd step;
5th step, obtains the outer bit sequence of threshold value.
5. according to claim 1 strengthen the method for wlan security based on physical layer key agreement, it is characterised in that:Step
Suddenly the master key PMK described in (6a) includes 128bit message integrity check code MIC, 128bit key-encrypting key
KEK, 128bit session key SK.
6. according to claim 1 strengthen the method for wlan security based on physical layer key agreement, it is characterised in that:Step
Suddenly the group key GK described in (6b) includes 128bit group encryption keys GEK and 128bit message integrity check code
MIC。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710273678.0A CN107148017B (en) | 2017-04-25 | 2017-04-25 | Method based on physical layer key agreement enhancing wlan security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710273678.0A CN107148017B (en) | 2017-04-25 | 2017-04-25 | Method based on physical layer key agreement enhancing wlan security |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107148017A true CN107148017A (en) | 2017-09-08 |
CN107148017B CN107148017B (en) | 2019-07-23 |
Family
ID=59774581
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710273678.0A Active CN107148017B (en) | 2017-04-25 | 2017-04-25 | Method based on physical layer key agreement enhancing wlan security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107148017B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109151814A (en) * | 2018-08-27 | 2019-01-04 | 惠州Tcl移动通信有限公司 | Mobile terminal connects WIFI password transmission method, mobile terminal and storage medium |
CN111050321A (en) * | 2018-10-12 | 2020-04-21 | 中兴通讯股份有限公司 | Data processing method, device and storage medium |
CN113473460A (en) * | 2021-06-07 | 2021-10-01 | 西安电子科技大学 | Wireless physical layer key negotiation method based on error correcting code judgment |
WO2023155128A1 (en) * | 2022-02-18 | 2023-08-24 | Oppo广东移动通信有限公司 | Key generation method, information verification method, and devices |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009260579A (en) * | 2008-04-15 | 2009-11-05 | Sony Ericsson Mobilecommunications Japan Inc | Mobile communication terminal, information transmission setting system, and information transmission setting method |
JP2011049701A (en) * | 2009-08-25 | 2011-03-10 | Fujitsu Toshiba Mobile Communications Ltd | Mobile terminal apparatus and wireless lan connection method |
-
2017
- 2017-04-25 CN CN201710273678.0A patent/CN107148017B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009260579A (en) * | 2008-04-15 | 2009-11-05 | Sony Ericsson Mobilecommunications Japan Inc | Mobile communication terminal, information transmission setting system, and information transmission setting method |
JP2011049701A (en) * | 2009-08-25 | 2011-03-10 | Fujitsu Toshiba Mobile Communications Ltd | Mobile terminal apparatus and wireless lan connection method |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109151814A (en) * | 2018-08-27 | 2019-01-04 | 惠州Tcl移动通信有限公司 | Mobile terminal connects WIFI password transmission method, mobile terminal and storage medium |
CN111050321A (en) * | 2018-10-12 | 2020-04-21 | 中兴通讯股份有限公司 | Data processing method, device and storage medium |
CN113473460A (en) * | 2021-06-07 | 2021-10-01 | 西安电子科技大学 | Wireless physical layer key negotiation method based on error correcting code judgment |
CN113473460B (en) * | 2021-06-07 | 2022-07-01 | 西安电子科技大学 | Wireless physical layer key negotiation method based on error correcting code judgment |
WO2023155128A1 (en) * | 2022-02-18 | 2023-08-24 | Oppo广东移动通信有限公司 | Key generation method, information verification method, and devices |
Also Published As
Publication number | Publication date |
---|---|
CN107148017B (en) | 2019-07-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1972125B1 (en) | Apparatus and method for protection of management frames | |
CN108966220B (en) | A kind of method and the network equipment of secret key deduction | |
CN103109496B (en) | For the method and apparatus of cryptographic communication of management frames utilizing quality-of-service mechanisms in WLAN system | |
US8122249B2 (en) | Method and arrangement for providing a wireless mesh network | |
CN107148017A (en) | Strengthen the method for wlan security based on physical layer key agreement | |
CN102625300B (en) | Generation method and device for key | |
CN108521875A (en) | Method and system for establishing secure communication between long-range UE and relaying UE in device-to-device communication network | |
CN101523796B (en) | Method and system for enhancing cryptographic capabilities of wireless device using broadcasted random noise | |
CN105915472B (en) | Power distribution method in collaborative network based on man made noise | |
CN107769914A (en) | Protect the method and the network equipment of data transmission security | |
US20210329456A1 (en) | Signalling storm mitigation in a secured radio access network | |
US20180034635A1 (en) | GPRS System Key Enhancement Method, SGSN Device, UE, HLR/HSS, and GPRS System | |
CN101379796A (en) | Mobile station and method for fast roaming with integrity protection and source authentication using a common protocol | |
DE112010002837T5 (en) | METHOD AND DEVICE FOR DISTRIBUTING SAFETY KEYS (N) | |
CN109788474A (en) | A kind of method and device of message protection | |
CN104301098B (en) | Opportunistic quantum network coding method | |
CN109803263A (en) | A kind of method and device of safeguard protection | |
CN105407483A (en) | Method for safe aggregation model communication based on public-state key in wireless sensor network | |
CN104010310B (en) | Heterogeneous network uniform authentication method based on safety of physical layer | |
CN107079030A (en) | Privacy during re-authentication of from the radio station to certificate server | |
EP2648437A1 (en) | Method, apparatus and system for key generation | |
CN103841553A (en) | Method for routing security and privacy protection of mixed wireless Mesh network | |
CN106162631A (en) | A kind of methods, devices and systems of secure communication | |
CN101253747B (en) | Method and arrangement for the secure transmission of data in a multi-hop communication system | |
Yang | Study on security of wireless sensor network based on ZigBee standard |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |