以憑證為基礎的無線網路快速認證機制

Abstract

無線通訊已成為日常生活的一部分，使用者可邊移動邊使用網 路。隨著技術發展與成熟，整合不同的無線通訊系統，可跨不同ISP、網路種類，以提供使用者更方便的通訊服務。而漫遊時的重新認證很耗時間，會造成網路斷線，所以快速認證是達到無間隙漫遊所必需的。 為了達到無間隙漫遊的目標，系統必須提供下列功能： 1.在跨 網域的漫遊能快速認證。 2.使用者目前漫遊到的網路可不需要與使 用者的Home domain 有漫遊協定，卻可以允許通過認證。 3.目前漫 遊到的網路可對使用者作完整的認證，以確認使用者為合法的。然而 目前的快速認證方法都無法完整滿足這些需求。 為了達到上述需求，本論文根據下列策略提出一跨無線通訊網域 之快速認證方法： 1. 基於Extension of IAPP，讓AP 間可以溝通， 傳送必須的認證資訊，以達到快速認證。 2. 使用Certificate chain讓使用者與目前漫遊到的網路可以做完整的認證，卻不需要回到後端RADIUS 伺服器。

Wireless network communications have already been a part of life, and users can connect to the network on the move. With the development and maturity of mobile communication technologies, a mobile subscriber can now roam across various communication systems with different network providers. However, the long authentication delay during handover may result in communication interruptions or even connection losses. Therefore, it is necessary to reduce the authentication delay for handover across networks or network provider domains. For achieving the target of seamless handover across networks and domains, the handover mechanism should have the following characteristics: (1) fast authentication in inter-domain handovers, (2) no a priori roaming agreement directly between the domain a user is entering and the user’s home domain, and (3) re-authentication of a user in the visited domains. However, none of the existing fast authentication methods can fulfill these requirements. In order to achieve the above-mentioned requirements, this thesis proposes a Certificate Authority-Based Fast Authentication Mechanism for Wireless Networks. The fast authentication mechanism adopts the following two underlying concepts: Extended Inter-Access Point Protocol (IAPP) and Certificate Chains. Extended IAPP enables authentication information exchanges between two access points andCertificate Chains make it possible to perform re-authentication locally between a user and the visited AP without invoking remote authentication servers. With the Certificate Authority-Based Authentication Mechanism, we can reduce the authentication delay during handover to achieve fast handovers.