WAPI is an authentication and encryption security protocol of GB 15629.11, the Chinese WLAN standard. This paper introduces the background and working principle of WAPI standard, analyzes the WAPI security defects in the process of identity authentication and key agreement, and improves the defects above. In the process of identity authentication, the new protocol not only authenticate the legitimacy of user certificate, but also authenticate the user has the corresponding private key; in the process of key agreement, the new protocol apply key exchange protocol——MTI to the key exchange process, and improve the safety of key exchange. This paper lists the key process of the improved WAI identity authentication interaction, and gives the security analysis. On the basis of the improved WAPI, we put forward a mobile terminal solution taking advantage of the independent security medium (mobile phone using SD-Key as security medium, PAD using the USB-Key as security medium). Compared with the national standard, modiifed WAPI has been greatly improved in terms of safety. In the standardization of WAPI products, the enhanced mobile terminal solutions proposed in this paper has great reference signiifcance to improving the WAPI standard security.%WAPI是中国无线局域网国家标准GB 15629.11中提出的用来实现无线局域网鉴别和加密的机制。文章介绍了WAPI标准产生的背景和工作原理,分析指出了中国无线局域网国家标准WAPI在身份认证和密钥协商过程存在的安全缺陷,并针对文中提出的缺陷做出相应的改进。身份认证过程中,改进的方案不仅认证用户证书的合法性,还认证用户是否拥有对应的私钥;在密钥协商阶段,将密钥交换协议——MTI应用到密钥交换过程,提高了密钥交换的密码学安全性。文章列出改进的WAI鉴别基础结构关键交互过程,并给出了详细的安全性分析。文章在改进的WAPI基础上,提出了一种结合独立安全介质(手机为SD-Key、PAD为USB-Key)的移动终端方案。相对于原国家标准,改进的WAPI安全性有了很大提升。文章提出的增强移动终端方案对提高WAPI标准产品化过程中的安全性有较大借鉴意义。
展开▼
