Since a packet network is mainly used for sharing resources without giving much consideration to a security problem when it emerges at the beginning, the security problem is paid more and more attention with the continuous popularization of the internet. From an access layer to an application layer, each of the layers is provided with a corresponding security mechanism to protect corresponding data flow.
For a wireless local area network, the security mechanism is mainly manifested as an authentication during accessing. The security mechanisms emerged successively mainly comprise: a Wired Equivalent Privacy (WEP), a Wi-Fi protected access (WPA), a WPA-2, an 802.1x, and a national standard WLAN authentication and privacy infrastructure (WAPI) of China. Wherein some of the mechanisms adopt a symmetric encryption algorithm, for example, the WEP and the WPA-TKIP (temporal key integrity protocol) use an RC4 encryption algorithm itself. These two security modes are easy to be attacked due to the problems of the algorithm. During the establishment process of the wireless local area network national standards, the WAN is used to replace the WEP; and a public infrastructure is used to realize the authentication between a terminal and an access point, so that the security of the wireless local area network is greatly improved.
The security of a network layer consists of a series of security protocols, performs an identification authentication and a key negotiation by an internet key exchange (IKE), establishes a Peer-to-Peer security association according to a security policy database, and realizes a data privacy transmission on an internet protocol (IP) layer. With the continuous perfection of the standards, solutions with various expanded IPsec (IP_SECURITY) has emerged.
A TLS/SSL (transport layer security protocol/secure socket layer) is used to provide an encryption protocol for the data integrity and the security of transmission control protocol (TCP) communication, is widely used in a web page browsing, e-mail(s), instant message(s) and Voice over IP (VoIP) call(s), and can also be used to protect user datagram protocol (UDP) flow after being expanded.
However, since the above security mechanisms are suitable for different situations, if there is not any proper negotiation mechanism, the various security mechanisms will be difficult to be deployed, for example, the terminal has no means to know the security mechanism which can be adopted by a corresponding server or the various security mechanisms are used at the same time, the network service quality will is reduced.