CN107529165A - The recognition methods of wireless access points legitimacy under a kind of Campus Net - Google Patents
The recognition methods of wireless access points legitimacy under a kind of Campus Net Download PDFInfo
- Publication number
- CN107529165A CN107529165A CN201710939686.4A CN201710939686A CN107529165A CN 107529165 A CN107529165 A CN 107529165A CN 201710939686 A CN201710939686 A CN 201710939686A CN 107529165 A CN107529165 A CN 107529165A
- Authority
- CN
- China
- Prior art keywords
- wireless access
- access points
- client
- checking
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000012795 verification Methods 0.000 claims abstract description 6
- 230000001010 compromised effect Effects 0.000 abstract description 2
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 241001580017 Jana Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of recognition methods of wireless access points legitimacy under Campus Net, after mobile intelligent terminal is connected to campus network, runtime verification client;Checking client sends the request of checking AP legitimacies by HTTPS to gateway server;After gateway server receives the request, the source IP addresses of the request are obtained, and are based on the IP address, and checking client coordinates, whether the AP of checking mobile intelligent terminal connection is legal.Utilize technical scheme provided by the invention, so that mobile intelligent terminal is when being connected to campus network, can be in the case of independent of AP physical parameters, easily by verifying that client identifies whether connected AP is legal exactly, so as to avoid causing because being connected to rogue AP user data leakage and information security from being compromised.
Description
Technical field
The present invention relates to the wireless access points under network security interconnection technique, more particularly to kind Campus Net
(Wireless Access Point, abbreviation AP) whether legal recognition methods.
Background technology
Under Campus Net, mobile intelligent terminal (can be referred to as by the campus network AP that school web administrative department disposes
Legal AP) campus network is connected to, and then access resources of campus network.After user enters the region of campus network covering, in intelligent movable
WLAN is searched in terminal, after the SSID and the connection that select campus network, mobile intelligent terminal can access campus network.Moving
During dynamic intelligent terminal is connected to campus network, a potential safety hazard be present:If the people of bad attempt will palm off campus
During net SSID illegal wireless access points (AP) placement is arrived school, then user is possible in the case of unwitting will
The mobile intelligent terminal of oneself is connected on personation AP, causes user data to reveal, and is even resulted in user benefit and is damaged.
In recent years, some identification personations AP method is suggested, such as, patent CN103648094A and CN
201710182847 technologies for describing BSSID based on AP or MAC Address to be identified.But rogue AP can lead to
The BSSID and MAC for crossing counterfeit legal AP escape the inspection of this kind of method.Document (JANA S, KASERA S K.On fast and
accurate detection of unauthorized wireless access points using clock skews
[J].IEEETransactions on Mobile Computing,2010,9(3):449–462.;REISING D R,
TEMPLE M,JACKSON J.Authorized and rogue device discrimination using
dimensionally reduced RF-DNA fingerprints[J].IEEE Transactions on Information
Forensics and Security,2015,10(6):1180-1192.) describe based on the physical features of packet to identify
The method of rogue AP, still, this method implementation are complex, are not particularly suited for Campus Net.
The content of the invention
In order to overcome the above-mentioned deficiencies of the prior art, the invention provides wireless access points under a kind of Campus Net
(AP) whether legal recognition methods so that under Campus Net, in the case of the physical parameter independent of AP, pass through checking
Client (checking client can run in the intelligent mobile terminal equipments such as smart mobile phone, notebook computer, iPad) identification is non-
The AP of method.
Technical scheme provided by the invention is:
The recognition methods of wireless access points legitimacy under a kind of Campus Net, when mobile intelligent terminal is connected to school
After the net of garden, runtime verification client;Checking client sends the request of checking AP legitimacies by HTTPS to gateway server;
After gateway server receives the request, the source IP addresses of the request are obtained, and are based on the IP address, and checking client is matched somebody with somebody
Close, whether the AP of checking mobile intelligent terminal connection is legal.
For the recognition methods of illegal wireless access points under above-mentioned Campus Net, specifically:In gateway server
On, the IP address set of campus network be present, be designated as A;After mobile intelligent terminal is connected to campus network AP, start checking client
End, and perform following operation:
1) verify that client obtains the IP address (being designated as ip1) of mobile intelligent terminal;
2) checking client accesses gateway server in a manner of HTTPS, and passes through server certificate, it is ensured that gateway server
Legitimacy;If certificate is legal, next step is performed;If certificate is illegal, show that the gateway server to be accessed has
Problem, it is not believable server, next step, authentication failed, end operation can not be performed;
3) gateway server is from the HTTPS request of checking client, the source IP address (being designated as ip2) asked;Such as
Fruit ip2 ∈ A, are sent to checking client, and perform next step by ip2;Otherwise show that connected AP is illegal and notify checking visitor
Family end;
4) checking client compares ip1 and ip2, if both are different, that is, shows that connected AP is illegal;Otherwise it is assumed that connect
It is legal AP to meet AP.
Compared with prior art, the beneficial effects of the invention are as follows:
The present invention proposes a kind of recognition methods of illegal wireless access points under Campus Net, works as mobile intelligent terminal
After being connected to campus network, runtime verification client;Checking client sends checking AP legitimacies by HTTPS to gateway server
Request;After gateway server receives the request, the source IP addresses of the request are obtained, and are based on the IP address, and checking visitor
Family end coordinates, and whether the AP of checking mobile intelligent terminal connection is legal.Utilize technical scheme provided by the invention so that mobile intelligence
Energy terminal, can be in the case of independent of AP physical parameters, easily by verifying client standard when being connected to campus network
Really identify whether connected AP is legal, so as to avoid causing because being connected to rogue AP user data leakage and information peace
It is compromised entirely.
Brief description of the drawings
Fig. 1 is the FB(flow block) of the inventive method.
Network environment schematic diagram when Fig. 2 is present invention specific implementation.
Embodiment
Below in conjunction with the accompanying drawings, the present invention, the model of but do not limit the invention in any way are further described by embodiment
Enclose.
The present invention provides a kind of recognition methods of illegal wireless access points under Campus Net, and Fig. 1 is present invention side
The FB(flow block) of method, after mobile intelligent terminal is connected to campus network, runtime verification client;Checking client passes through HTTPS
The request of checking AP legitimacies is sent to gateway server;After gateway server receives the request, the source IP of the request is obtained
Address, and the IP address is based on, and checking client coordinates, whether the AP of checking mobile intelligent terminal connection is legal.
Network environment schematic diagram when Fig. 2 is present invention specific implementation.In following examples, student Xiao Wang enters institution of higher education
Garden, the SSID of this campus net is S.The IP address section of campus network is 10.1.0.0/16.Xiao Wang takes out smart mobile phone, beats
WIFI is opened, and selects to connect S.After successful connection, in order to ensure the AP of mobile phone connection is legal AP, Xiao Wang opens and is arranged on mobile phone
On checking client, to verify whether connected AP legal, (the IP address information in this example is only for example used, has no reality
Border meaning).
Embodiment one:The connected AP of checking is the situation of legal AP.
First, verify that the IP address that client obtains mobile phone is 10.1.0.100.Next, client (i.e. smart mobile phone)
Checking AP HTTPS request https is sent to campus network gateway server://gateway.xxx.xxx.edu.cn/
Validate (it is assumed that this is the URL that the AP services for checking credentials are provided on campus network gateway server).Campus network gateway server receives
After the request, the source IP for finding the request is 10.1.0.100, belongs to campus network IP address range.Next, gateway service
The IP address is returned to checking client by device:{ip:10.1.0.100}.After checking client receives returning result, with mobile phone
IP address contrasted, it is found that both are identical, then judge connected AP as legal AP.
Embodiment two:The connected AP of checking is that (the request IP that gateway server measures is not school for illegal AP situation
Garden net IP address).
First, verify that client obtains mobile phone IP address 172.16.1.100.Next, client takes to campus network gateway
Business device sends checking AP HTTPS request.After campus network gateway server receives the request, it is found that request source IP is
172.16.1.100 it is not belonging to campus network IP address range.Next, gateway server notice checking client, connects AP
For rogue AP:{ap:false}.
Embodiment three:The connected AP of checking is the illegal AP situation (IP address and gateway that checking client obtains
The IP address that server measures is different).
First, verify that client obtains mobile phone IP address 192.168.1.100.Next, client is to campus network gateway
Server sends checking AP HTTPS request.After campus network gateway server receives the request, it is found that request source IP is
10.1.0.100 belong to campus network IP address range.Next, the IP address is returned to checking client by gateway server:
{ip:10.1.0.100}.After checking client receives returning result, contrasted with the IP address of mobile phone, it is found that both are different,
Then judge connected AP as illegal AP.
Example IV:The situation of authentication failed (kidnapped checking client and asked to what gateway server was sent by rogue AP
Ask).
First, verify that client obtains mobile phone IP address 192.168.1.100.Next, client is to campus network gateway
Server sends HTTPS request.But client finds that certificate is invalid, shows to connect when verifying gateway server certificate
Server be illegal server, checking can not continue, verification operation failure.
It should be noted that the purpose for publicizing and implementing example is that help further understands the present invention, but the skill of this area
Art personnel are appreciated that:Do not departing from the present invention and spirit and scope of the appended claims, various substitutions and modifications are all
It is possible.Therefore, the present invention should not be limited to embodiment disclosure of that, and the scope of protection of present invention is with claim
The scope that book defines is defined.
Claims (3)
- A kind of 1. recognition methods of wireless access points legitimacy under Campus Net, when mobile intelligent terminal connection is arrived school After net, runtime verification client;Checking client is sent to gateway server by HTTPS and verifies that wireless access points are legal The request of property;After gateway server receives the request, the source IP addresses of the request are obtained;And utilize the IP address and checking visitor Family end coordinates, and whether the wireless access points for identifying mobile intelligent terminal connection are legal wireless access points.
- 2. the recognition methods of wireless access points legitimacy under Campus Net as claimed in claim 1, it is characterized in that, by net The IP address set for closing campus network existing for server is designated as A;The accessing wirelessly that campus network is connected to when mobile intelligent terminal connects After access point, start checking client, and perform following operation:1) verify that client obtains the IP address of mobile intelligent terminal, be designated as ip1;2) checking client accesses gateway server in a manner of HTTPS, and passes through server certificate, it is ensured that the conjunction of gateway server Method;If server certificate is legal, next step is performed;If server certificate is illegal, show the gateway to be accessed Server is not believable server, can not perform next step, authentication failed, end operation;3) gateway server is from the HTTPS request of checking client, and the source IP address asked is designated as ip2;If ip2 ∈ A, ip2 is sent to checking client, and performs next step;Otherwise show connected wireless access points be it is illegal, And notify to verify client;4) checking client compares ip1 and ip2;If both are different, that is, it is illegal to show connected wireless access points;Otherwise, it is legal wireless access points to connect wireless access points;By above-mentioned steps, the identification of wireless access points legitimacy under Campus Net is realized.
- 3. the recognition methods of wireless access points legitimacy under Campus Net as claimed in claim 1, it is characterized in that, checking Client can run in various intelligent mobile terminal equipments, intelligent mobile terminal equipment include smart mobile phone, notebook computer, iPad。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710939686.4A CN107529165B (en) | 2017-10-11 | 2017-10-11 | The recognition methods of wireless access points legitimacy under a kind of Campus Net |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710939686.4A CN107529165B (en) | 2017-10-11 | 2017-10-11 | The recognition methods of wireless access points legitimacy under a kind of Campus Net |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107529165A true CN107529165A (en) | 2017-12-29 |
| CN107529165B CN107529165B (en) | 2019-09-13 |
Family
ID=60684979
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710939686.4A Expired - Fee Related CN107529165B (en) | 2017-10-11 | 2017-10-11 | The recognition methods of wireless access points legitimacy under a kind of Campus Net |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107529165B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113973006A (en) * | 2021-09-18 | 2022-01-25 | 重庆云华科技有限公司 | Intranet data access management method and system |
| US11477093B2 (en) * | 2004-12-14 | 2022-10-18 | Kyndryl, Inc. | Coupling of a business component model to an information technology model |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8074279B1 (en) * | 2007-12-28 | 2011-12-06 | Trend Micro, Inc. | Detecting rogue access points in a computer network |
| CN103313429A (en) * | 2013-07-10 | 2013-09-18 | 江苏君立华域信息安全技术有限公司 | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot |
| CN103634270A (en) * | 2012-08-21 | 2014-03-12 | 中国电信股份有限公司 | A method for identifying validity of an access point, a system thereof and an access point discriminating server |
| CN103648094A (en) * | 2013-11-19 | 2014-03-19 | 华为技术有限公司 | Method, device and system for detecting illegal wireless access point |
| CN105792216A (en) * | 2016-05-18 | 2016-07-20 | 上海交通大学 | Wireless phishing access point detection method based on authentication |
| CN105792205A (en) * | 2016-03-03 | 2016-07-20 | 广东顺德中卡云网络科技有限公司 | Method for client to initiate verification of access point validity |
-
2017
- 2017-10-11 CN CN201710939686.4A patent/CN107529165B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8074279B1 (en) * | 2007-12-28 | 2011-12-06 | Trend Micro, Inc. | Detecting rogue access points in a computer network |
| CN103634270A (en) * | 2012-08-21 | 2014-03-12 | 中国电信股份有限公司 | A method for identifying validity of an access point, a system thereof and an access point discriminating server |
| CN103313429A (en) * | 2013-07-10 | 2013-09-18 | 江苏君立华域信息安全技术有限公司 | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot |
| CN103648094A (en) * | 2013-11-19 | 2014-03-19 | 华为技术有限公司 | Method, device and system for detecting illegal wireless access point |
| CN105792205A (en) * | 2016-03-03 | 2016-07-20 | 广东顺德中卡云网络科技有限公司 | Method for client to initiate verification of access point validity |
| CN105792216A (en) * | 2016-05-18 | 2016-07-20 | 上海交通大学 | Wireless phishing access point detection method based on authentication |
Non-Patent Citations (1)
| Title |
|---|
| 钟九洲: "检测校园网WLAN中非法的AP", 《网络安全技术与应用》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11477093B2 (en) * | 2004-12-14 | 2022-10-18 | Kyndryl, Inc. | Coupling of a business component model to an information technology model |
| CN113973006A (en) * | 2021-09-18 | 2022-01-25 | 重庆云华科技有限公司 | Intranet data access management method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107529165B (en) | 2019-09-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI718354B (en) | Safety verification method, platform, device and system | |
| CN100369446C (en) | Method for testing safety switch-in protocol conformity of turn-on point and system thereof | |
| CN106233663B (en) | System and method for carrying strong authentication event on the different channels | |
| CN104254073B (en) | The method and device being authenticated to access terminal | |
| WO2017134632A1 (en) | Method and apparatus for facilitating frictionless two-factor authentication | |
| KR20150071422A (en) | Apparatus and method for identifying rogue device | |
| CN103905194B (en) | Identity traceability authentication method and system | |
| CN106961683B (en) | Method and system for detecting illegal AP and discoverer AP | |
| CN108989434B (en) | Medical service method based on Internet of Things | |
| CN109872424A (en) | A kind of unlocking method, device, electronic equipment and storage medium | |
| CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
| CN107529165B (en) | The recognition methods of wireless access points legitimacy under a kind of Campus Net | |
| AlQahtani et al. | Ts2fa: Trilateration system two factor authentication | |
| CN104837159B (en) | Android platform OAuth agreements misapply safety detection method | |
| Chen et al. | Enhancing Wi-Fi Device Authentication Protocol Leveraging Channel State Information | |
| CN106888091A (en) | Trustable network cut-in method and system based on EAP | |
| CN107707560B (en) | Authentication method, system, network access equipment and Portal server | |
| KR101583698B1 (en) | Authentication system and method for device attempting connection | |
| CN108282551A (en) | Message identifying processing method, apparatus, audiomonitor and readable storage medium storing program for executing | |
| CN107241461B (en) | MAC Address acquisition methods, gateway, network authentication apparatus and network system | |
| CN106412904B (en) | Method and system for preventing counterfeit user authentication authority | |
| US10305884B2 (en) | Secure identification of internet hotspots for the passage of sensitive information | |
| EP3048757A1 (en) | Authentication server testing method and system | |
| Prayogi et al. | Utilization of Mobile Network Infrastructure to Prevent Financial Mobile Application Account Takeover | |
| CN107360573B (en) | Terminal access method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190913 |