IEEE 802.11标准组提出了802.11i标准以增强无线局域网的安全性能。在802.11i标准中采用了802.1X标准实现无线局域网用户的认证和接入控制过程。针对802.1X认证协议的三方交互结构提出一种扩展Bellare-Rogaway模型，对802.11i认证和密钥交换机制进行可验安全性分析。通过分析，证明802.11i认证协议存在缺陷并给出了相应的中间人攻击方法。

802.11i standard is proposed by IEEE 802.11 Standard Group to improve the security of the WLAN. In 802.11i, 802.1x standard is used for the authentication and access controll. How to analyze the security of the new protocol to prove its validity is the most interesting problem we are concerned. In order to solve this problem, an expanded Bellare-Rogaway model is established to give a provable security formal analysis on this protocol. By utilizing the expanded Bellare-Rogaway model, a flaw has been found in 802.1X authentication protocols and the corresponding man-in-the-middle attack is given here.

宋宇波（1977－），男，江苏无锡市人，东南大学信息科学与工程学院副教授，研究方向为无线网络和信息安全