以Kerberos為基礎的無線網路漫遊認證協定

Abstract

隨著無線區域網路技術的快速發展，越來越多的公眾區域提供無線區域網路基地台供使用者使用。在無線網路認證方式上，目前主要可分為SIM(Subscriber Identity Module)卡為基礎的認證方式及公開金鑰PKI(Public Key Infrastructure)為基礎的認證方式。 因此本論文的研究是希望於無線網路環境上，提出一個安全、有效率的認證協定。提出了結合Kerberos身份認證協定和EAP-TLS的優點而達成的無線網路漫遊認證協定。相較於現有的無線網路安全協定來說，減少使用者及認證伺服器的之間的訊息傳送次數，以及避免數位憑證重新申請及製作所造成的時間與資源的浪費。 因此本研究的貢獻總結如下： 1. 解決EAP-TLS認證延伸協定跨領域認證的不足處，實現無線網路跨領域認證的協定 2. 減少使用者及認證伺服器的之間的訊息傳送次數 3. 利用票劵減少使用者與認證伺服器在加解密的運算次數 4. 無線網路環境中漫遊重新連線的機率相當高，利用票劵的協定可以避免再一次的重複認證

Because the high-speed of mobile communication and communication device available. But the bandwidth still limited by the device and technology.The ripe WLAN technology makes the more and more public area provide the WLAN access point for user to access. The WLAN authentications are two main type SIM card based and PKI based. We want provide the security and effective authentication in the mobile communication environment. We use the IEEE standard EAP-TLS and Kerberos to design the authentication to solve drawback of the mobile communication roaming circumstances. Keep the security of the method. Reduce the message transfer times and the certificates produce times. So we improve these shortcomings. 1. Provide the solution for EAP-TLS for roaming circumstances. 2. Reduce the message transfer number between user and authentication service. 3. Use ticket to reduce the encryption and decryption numbers. 4. To avoid the reauthentication by ticket.