在IPv6網路環境下之認證系統實作

Abstract

在無線網路環境下，安全與認證一直是個很重要的議題。近年來，由IEEE所提出的IEEE 802.1x提供一個良好的架構，在無線網路環境中廣為使用。在IEEE 802.1x架構下，主要是透過後端的認證伺服器(Authentication Server)集中管理使用者的認證資訊，而認證者(Authenticator)就扮演著網路使用者與認證伺服器之間溝通的橋樑，負責轉送封包。一般在認證者與認證伺服器間是透過遠端認證撥接使用者服務協定(Remote Authentication Dial In User Service，RADIUS)相互溝通。然而，目前的RADIUS認證伺服器或是支援IEEE 802.1x/RADIUS協定的擷取點(Access Point)都是運作在IPv4網路，我們尚未發現可運作在IPv6網路上的認證系統。因此，在本篇論文，我們建立一個以IEEE 802.1x/RADIUS為基礎架構的認證系統於IPv6網路上，提供無線網路使用者的認證服務。

Security and authentication are the most important topics in wireless networks. In recent years, IEEE 802.1x, proposed by IEEE, provides a proper authentication architecture. It has been used in wireless local area networks widely. In IEEE 802.1x architecture, authentication server is responsible to authenticate users and manage users’ information. Authenticator is responsible to transfer the authentication messages between users and authentication server. In general, authenticator and authentication server use the RADIUS protocol to communicate with each other. However, the existing softwares and devices that implement IEEE 802.1x and RADIUS protocol work over IPv4 networks. Up to now, we didn’t find authentication systems based on IEEE 802.1x and RADIUS protocol run over IPv6 networks. In this thesis, we implement an IPv6 authentication system based on IEEE 802.1x and RADIUS protocol to provide authentication to wireless LAN users. A prototype is presented to demonstrate that our approaches are feasible.