摘要
目前气象部门内WLAN(Wireless Local Area Network,无线局域网)的应用部署日益广泛,但对其安全接入却没有提出过较为合理的设计与规划,由WLAN引起的安全漏洞给整个信息网络系统带来很大隐患。基于802.1x/EAP(Extensible Authentication Protocol,可扩展验证协议)的安全认证分析,通过比较几种EAP认证方式,优选了安全性较高的EAP-TLS(Transport Layer Security,传输层安全),并详细阐述了EAP-TLS的认证原理与密钥导出机制,分析了其在集中化WLAN架构下的认证过程。结合气象部门业务需求对集中化WLAN的试验环境构建进行了介绍,并对各个组件的功能进行了描述,验证了EAP-TLS认证方式的可行性,结合现有系统现状对基于802.1x/EAP认证的WLAN在气象业务中的应用部署提出了两点需考虑的实际问题,即认证服务器和DHCP服务器的可靠性与可用性。
On the basis of the analysis of WLAN(Wireless Local Area Network) security authentication based on 802.1x/EAP(Extensible Authentication Protocol),the EAP/TLS(Transport Layer Security) is selected through comparing several common authentication solutions.The principles of EAP/TLS authentication,the mechanisms of session key derivation,the detailed procedures of authentication,and the validation lab to test the EAP-TLS deployment in the meteorological network are described.The EAP-TLS authentication technology proved feasible and practical.In combination with the current status of the system,two problems are discussed,i.e.,reliability and applicability of the authentication and DHCP servers,encountered in the application of EAP/TLS-based WLAN in the meteorological network system in China.
出处
《气象科技》
北大核心
2010年第3期347-352,共6页
Meteorological Science and Technology