一個無線網路上二階段式的低遲滯交遞認證機制

Abstract

隨著無線網路的迅速發展，有相當多關聯性的議題也跟著開始被探討。目前可攜式無線裝置在網域間漫遊的服務，可透過快速交遞(Fast handover)與階層式Mobile IP(Hierarchical Mobile IP)，來降低可攜式無線裝置在交遞的過程中，封包遺失率與交遞時間等問題。

當可攜式無線裝置在交遞過程中，除了完成交遞步驟外，也同時採取認證的機制，會使得可攜式無線裝置，因為認證機制的複雜程度，間接拉長了整體的交遞時間，使得可攜式無線裝置無法迅速取得資料，造成封包遺失，因此降低服務品質。

目前認證機制的方法有相當多的架構被提出來，包括AAA(Accounting, Authentication, Authorization)、IEEE 802.1X…等等。每種方法的複雜程度不一樣，所影響的程度也就不同。

在本篇論文中，我們提出一個二階段式的低遲滯交遞認證機制，讓可攜式無線裝置在即將漫遊前，將一些認證資訊藉由快速交遞協定，提前帶給即將前往的路由器，完成暫時認證，並取得臨時通行憑證，使得可攜式無線裝置能到新的網域下，藉由此臨時通行憑證，迅速接收資料。同時可攜式無線裝置在發出臨時通行憑證後，必須在規定的時間內，完成正式的認證。透過ns-2程式的模擬，我們驗證了此機制的效能，證明隨著資料量的增加，更能突顯提前認證的效能與重要性。

With the rapid growth of wireless networks, many related topics have been proposed and discussed. Currently, the combination of Fast Handover and Hierarchical Mobile IP can reduce the problems of mobile devices roaming between subnets such as packet loss rate and handover time. During the handover period, a mobile device needs to perform fast handover signaling as well as authentication mechanisms. The total handover latency and packet loss rate of mobile device will increase according to the complexity of the authentication mechanism. This negative impact causes mobile devices unable to transmit its real-time data packets quickly, hence the quality of service will be affected. Several proposed authentication methods such as AAA (Accounting, Authentication, Authorization) and IEEE 802.1x and etc have been proposed. The complexity of each method has different features and influence. We propose a two-stage authentication scheme in this thesis for achieving low-latency handoff. It allows mobile devices to send certain authentication information by fast handover protocol to obtain a temporary pass certificate from new access node before roaming to the new domain. Mobile device can use the temporary pass certificate to receive real-time data packet quickly and then perform re authentication process to complete the total authentication as normal procedure. We evaluate the performance of the proposed method by using ns-2 simulator and it is shown that transient authentication scheme really improve the quality of service during handover process.