IEEE 802.11s無線區域網狀網路整合式安全網域之實作與實驗

Abstract

如今在許多的公共場合上大多都可以提供無線區域網路，然而無線區域網路必須提供基地台和實體網路連結，增加了佈建無線區域網路的困難與成本。無線網狀網路(Wireless Mesh Network)是以無線取代有線的方式，讓無線基地台之間可以透過無線的方式傳輸來傳遞訊息，使得無線基地台之間的通訊將可以構成網狀的網路架構。藉此提高無線網路服務的覆蓋面，並且達到「最後一哩(Last mile)」的網路服務。 然而目前絕大部分提供無線網路服務的WISP(Wireless Internet Service Provider)所提供的多為HTTPS認證。由於沒有在每個封包做加密與認證，所以十分容易遭到駭客的竊聽與攻擊。雖然目前已經有IEEE802.11i標準提供無線網路強大的安全機制。但是由於無線網路的特性，無線行動裝置在基地台的切換將會十分頻繁。所造成的換手時間延遲將對許多的需要即時性服務的無線裝置造成服務品質不佳甚至服務中段的情形。 本論文實作的機制以不影響802.11i 之安全性為前提，將MAP（mesh access point）的認證者（authenticator）功能改設置於MPP（mesh portal），降低行動端於換手時執行IEEE802.1X 認證之需求。因此，換手延遲與訊息流量將可有效降低。並在實作過程中探討在現實環境中碰到的困難與挑戰。

Today, we are able to access to wireless local area networks (wireless LANs) in many public places; however, this requires access points that link to physical networks. This requirement makes it much more difficult and costly to set up wireless LANs on a larger scale. The Wireless Mesh Network is a wireless replacement for cable connection that enable wireless communications between access points to form a mesh network architecture. With the implementation of Wireless Mesh Networks, the coverage of wireless network services can be improved, and the “last mile” of network service can be reached. Presently, most of the Wireless Internet Service Providers (WISPs) provide only HTTPS authentication, which lacks encryption and authentication for each packet, making base stations soft targets for wireless eardropping and attacks by hackers. IEEE802.11i enhances the encryption and authentication in the Wireless LAN. However, due to the characteristics of wireless networks, wireless mobile devices frequently handoff between the access points. Handoff delay is caused by the switching, and results in poor quality of service and service interruptions for many wireless mobile devices demanding real-time services. The mechanism implemented in this paper moves the function of the authenticator from Mesh Access Point (MAP) to Mesh Portal (MPP) without compromising the security of 802.11i, while reducing the frequency of wireless mobile devices’ demands for IEEE802.1X authentication during handoff. Hence, the handoff delay and message traffic will be effectively reduced. Also, the difficulties and challenges encountered in the real environment during the implementation process will be addressed.