EAP-NEW：Wi-Fi快速認證機制

Abstract

在IP-based網路上實現行動服務，其架構大致可分為三層，其分別是網路存取控制(Network Access Control)、IP網路(IP Network)以及服務提供(Service Provider)，而這三層都需要透過認證機制來取得使用授權。本論文討論一個在EAP架構下的快速認證新方法，稱作EAP-NEW。此新方法主要的概念為將認證流程所需的資料由認證伺服器(AAA)轉入AP，使得認證程序可以在MN和AP之間完成。其概念可以使用在不同的認證環境中，如Wi-Fi環境網路存取認證、Mobile IP認證以及其它網路服務認證等。 為了證明新方法EAP-NEW的認證效能，本論文的重點放在將EAP-NEW新方法透過修改現有開放原始碼(Open Source)完整實作出來，並在此實作環境上，量測EAP-NEW及其它四種較為典型的EAP認證方法(EAP-MD5、EAP-TLS、EAP-TTLS以及EAP-PEAP)的認證時間，實驗結果顯示和上述四種EAP認證方法相比，EAP-NEW可以顯著的減少認證時間，有此效能表現完全符合設計EAP認證新方法時的預期。

For a mobile service on a IP-based network, there are three entities. They are Network Access Control entity, IP Network entity and Service Providing entity (Service Provider). An authentication process must be applied to get the access authority for each of these three entities. In this thesis we discuss a new EAP authentication method, called EAP-NEW. The method will provide mobile users a very quick handover experience. The main concept of the method is to move authentication needed data from authentication server to access point (AP) such that authentication process can be finished just between AP and mobile user. This concept could be applied to different environment’s authentication, for examples, Wi-Fi access control, Mobile IP authentication and service authentication. To prove the efficiency of EAP-NEW, we implement the method on a Wi-Fi access environment (WLAN). In additions, we measure the authentication time for different EAP methods on the environment. The EAP methods are EAP-NEW, EAP-MD5, EAP-TLS, EAP-TTLS and EAP-PEAP. The measured result shows that EAP-NEW significantly outperforms the other four EAP methods in terms of authentication time.