無線網狀網路之頻道分配與認證機制

Abstract

無線網狀網路(wireless mesh network)是一種無需實體電纜連接的網路架構，因此具有低成本與快速佈署等優勢。隨著應用需求的日趨成長，如何在此網路下提供安全通訊(secure communication)與支援快速換手(fast handoff)為迫切面對的問題。針對這個問題，我們提出將IEEE 802.1X認證者(authenticator)角色移往網狀網路入口(mesh portal)擔任的新安全架構，藉以建立行動節點(mobile station)與網狀網路入口間的端點對端點安全通道(end-to-end secure channel)。藉由我們所提出的架構，在不失去安全性的前提下，行動節點利用快速認證機制可以在漫遊時快速的與網路端互相認證，並且同時建立安全連線，而不需要一再的執行IEEE 802.1X認證與金鑰分配流程，因而可以有效降低行動節點換手時的認證延遲。 多躍步(multi-hop)無線網狀網路的另一個嚴峻挑戰就是必須克服頻道干擾問題(co-channel interference)。既使隨著無線技術的進步而使得無線介面(radio interface)的資料傳輸率(data bit rate)不斷提昇，但仍可能因干擾問題而使得整體網路的流量(throughput)無法獲得相對應的提昇。這個問題同時也將造成無線網狀網路會有不可預期的傳輸延遲，成為快速換手機制的不安定因素。針對此問題，過去已有相當多研究提出利用分配頻帶不重疊的頻道(non-overlapping channels)來降低干擾與利用多無線介面的架構來提昇整體網路流量。然而考慮到無線網狀網路的應用特性，頻道分配(channel allocation)機制應該要同時考量到端點對端點的傳輸與同網域(intra-mesh)及跨網域(inter-mesh)通訊並存的情況，這也是過去研究所忽略的問題。因此，我們提出一套基於頻道與時間切割(radio-frequency-slot)的端點對端點的頻道分配機制，除了使得任意端點對端點傳輸路徑本身的多躍步之間都可以避免干擾外，不同傳輸路徑之間的干擾也可以被避免。雖然分離封包(packet)傳輸的接收與發送到不同的頻道上進行並非是一個新的發現，但是我們觀察到若是導入此概念至我們所提出的機制中，將可提升頻道的再利用率並且使我們的機制得以應用在多網路介面架構的無線網狀網路。接著，進一步配合適用於此機制的路徑選擇(route selection)方法，使得每一路徑的傳輸流量與延遲得以被維持，且有助於提昇整體網路的流量。 最後，為了讓行動節點能即時感知到網路環境的變化，因而能適時執行快速換手機制，我們提出一套跨網路協定階層(cross-layer)的互動機制與中介平台(middleware platform)。基於此平台，其上層的應用程式可透過程式開發介面(application programming interfaces)使用跨階層訊息交換機制(cross-layer signaling mechanism)來取得下層的網路狀態及通知下層改變網路連接點等。應用程式同樣可透過此介面使用事件通知機制(event notification mechanism)來即時感知其關注的網路變化。 透過端點對端點的安全通訊架構，在不失安全性前題下有效改進行動節點換手時的認證延遲。端點對端點的頻道分配機制可提昇網路流量且避免非預期傳輸延遲的發生，也連帶確保了行動節點換手時的訊息交換延遲。跨網路協定階層互動機制與中介平台則讓行動節點有能力即時感知網路變化並適時進行換手程序。結合前述三項研究，我們提供一套可在無線網狀網路下支援快速換手的解決方案。

While wireless mesh networks (WMNs) are gaining momentum in widespread application, we are concerned with fast handoff in a secure mesh environment. To this end, we present a means in the context of IEEE 802.11s by allowing a mesh portal to act as an IEEE 802.1X authenticator, to reduce costly IEEE 802.1X authentications during handoff. As the mesh portal (MPP) engages in IEEE 802.1X authentication and cryptographic key management, our scheme maintains an end-to-end secure channel between a mobile station and the MPP wherever the station roams in the network. Therefore, without compromising required robust security, IEEE 802.1X authentication can be bypassed during handoff to reduce overall delay in an approach suggested for moderately sized networks. A WMN suffers from a co-channel interference problem when mesh nodes share the same wireless access channels. Therefore, the overall throughput of WMNs may not be able to increase substantially even with broadband physical layer technologies. The problem also causes unexpected transmission delays in the network, which could seriously influence the process of authentications. As a remedy, we propose an end-to-end channel allocation scheme, extending the radio-frequency-slot method and providing stable throughput for end-to-end packet delivery in WMNs. Although separating transmissions of data and acknowledgment packets on two different channels is not our new finding, we observe that the non-overlapping channels can be efficiently reused if the concept is introduced into our scheme. Moreover, by applying link and path metrics for route selection, the end-to-end throughput and delay can be maintained, and the overall throughput of WMNs can be improved. For fast handoff, a mobile station should be able to detect immediately the changes of a network environment, such that the station can perform handoff process at correct time. To this end, we designed and implemented a middleware platform, providing application programming interfaces (APIs) for upper applications to use cross-layer signaling and event notification mechanisms. The applications can configure and acquire status of underlying protocol stack via the cross-layer signaling mechanism, and can immediately detect changes of a network environment via the event notification mechanism.