簡易檢索 / 詳目顯示
| 研究生: |
林韋成 Wei-Chang Lin |
|---|---|
| 論文名稱: |
使用暫時性的資料通道以提供安全的事後認證之機制 A Secure Post-Authentication with Provisional Data Channel |
| 指導教授: | 陳志成 |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 資訊工程學系 Computer Science |
| 論文出版年: | 2007 |
| 畢業學年度: | 95 |
| 語文別: | 英文 |
| 論文頁數: | 48 |
| 中文關鍵詞: | 認證 、無縫式換手 |
| 相關次數: | 點閱:2 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
因為無線網路天生的特性,使得安全性變成一個很重要的議題。很多目前存在的無線網路的安全機制都是從有線網路發展而來的。但是,無線網路的基本性質是和有線網路完全不同的。
在這篇論文中,我們提出了一個”使用暫時性的資料通道以提供安全的事後認證”的機制,在這個機制中,我們同時考慮了無線網路的安全性和移動管理。在我們提出的方法中,當一個Mobile Station從舊的認證者換手到新的認證者的時候,新的認證者可以依據舊的認證者的可靠程度來”暫時性的”信任這個新來的Mobile Station,當這個Mobile Station在和新的認證者進行認證和授權的過程中,新的認證者會提供一個暫時性的資料通道來讓Mobile Station傳送和接收封包,以達到無縫式換手的目的。同時,通過這個暫時性資料通道的封包會由舊的認證者來做安全性上的把關。我們已經實做出一個實驗平台來展現這個設計的可行性。
Due to the open nature of wireless networks, security is an important issue. Many of present
wireless network security schemes are developed from wired networks. However, the characteristics
of wireless networks are completely different with wired networks. In this thesis,
we proposed ”a secure post-authentication with provisional data channel” which considers
both security and mobility management in wireless networks. In our proposed scheme,
when a mobile station handoffs from old authenticator to a new authenticator, the new authenticator
can ”provisionally” trust the mobile station based on the reliability from the old
authenticator. The new authenticator provides a provisional data channel for user to transmit
and receive data when the mobile station is performing the procedure of authentication and
authorization with the new authenticator. By the provisional data channel, mobile stations
can handoff seamlessly. At the same time, the data from the mobile station are veried by
the old authenticator. A testbed has been constructed to demonstrate the feasibility of the
design.
Bibliography
[1] J.-C. Chen and T. Zhang, IP-Based Next-Generation Wireless Networks. Wiley, 2004.
[2] P. R. Calhoun, T. Johansson, C. E. Perkins, T. Hiller, and P. J. MaCann, “Diameter
Mobile IPv4 Application.” IETF Internet Draft, <draft-ietf-aaa-diameter-mobileip-
18.txt>, work in progress, May 2004.
[3] P. Eronen, T. Hiller, and G. Zorn, “Diameter Extensible Authentication Protocol
(EAP) Application.” IETF Internet Draft, <draft-ietf-aaa-diameter-eap-08.txt>, work
in progress, June 2004.
[4] B. Aboba, P. Calhoun, S. Glass, T. Hiller, P. McCann, H. Shiino, P. Walsh, G. Zorn,
G. Dommety, C. Perkins, B. Patil, D. Mitton, S. Manning, M. Beadles, S. Sivalingham,
A. Hameed, M. Munson, S. Jacobs, B. Lim, B. Hirschman, R. Hsu, H. Koo, M. Lipford,
E. Campbell, Y. Xu, S. Baba, and E. Jaques, “Criteria for Evaluating AAA Protocols
for Network Access.” IETF RFC 2989, Nov. 2000.
[5] C. Rigney, S.Willens, A. Rubens, andW. Simpson, “Remote authentication dial in user
service (RADIUS).” IETF RFC 2865, June 2000.
[6] “FreeRadius.” http://www.freeradius.org.
[7] P. Calhoun, J. Loughney, E. Guttman, G. Zorn, and J. Arkko, “Diameter Base Protocol,”
Sept. 2003.
[8] “Co-Existence of RADIUS and Diameter,” May 2003.
46
Bibliography
[9] B. Aboba and J. Wood, “Authentication, Authorization and Accounting (AAA) Transport
Prole.” IETF RFC 3539, June 2003.
[10] B. Aboba and P. Calhoun, “RADIUS Support For Extensible Authentication Protocol
(EAP).” IETF RFC 3579, Sept. 2003.
[11] S. Kent and P. Atkinson, “Security Architecture for the Internet Protocol.” IETF RFC
2401, Nov. 1998.
[12] S. Kent and R. Atkinson, “IP Encapsulating Security Payload (ESP).” IETF RFC 2406,
Nov. 1998.
[13] L. Ong and J. Yoakum, “An Introduction to the Stream Control Transmission Protocol
(SCTP).” IETF RFC 3286, May 2002.
[14] B. Aboba, J. Arkko, and D. Harrington, “Introduction to Accounting Management.”
IETF RFC 2975, Oct. 2000.
[15] C. Rigney, “RADIUS Accounting.” IETF RFC 2866, Oct. 2000.
[16] M. Chiba, M. Eklund, D. Mitton, and B. Aboba, “Dynamic Authorization Extensions to
Remote Authentication Dial In User Service (RADIUS).” IETF RFC 3576, July 2003.
[17] P. R. Calhoun, S. Farrell, and W. Bulley, “Diameter CMS Security Application.” IETF
Internet Draft, <draft-ietf-aaa-diameter-cms-sec-04.txt>, Mar. 2002.
[18] T. Dierks and C. Allen, “The TLS Protocol.” IETF RFC 2246, Jan. 1999.
[19] S. Kent and R. Atkinson, “IP Authentication Header.” IETF RFC 2402, Nov. 1998.
[20] D. Harkins and D. Carrel, “The Internet Key Exchange (IKE).” IETF RFC 2409, Nov.
1998.
[21] L. Blunk and J. Vollbrecht, “PPP Extensible Authentication Protocol (EAP).” IETF
RFC 2284, Mar. 1998.
47
Bibliography
[22] I. S. 802.1X-2001, “IEEE Standard for Local and metropolitan area networks- Port-
Based Network Access Control,” Oct. 2001.
[23] R. Rivest, “The MD5 Message-Digest Algorithm.” IETF RFC 1321, Apr. 1992.
[24] P. Funk and S. Blake-Wilson, “EAP Tunneled TLS Authentication Protocol.” IETF
Internet Draft, <draft-ietf-pppext-eap-ttls-04.txt>, work in progress, Apr. 2004.
[25] H. Andersson, S. Josefsson, G. Zorn, D. Simon, and A. Palekar, “Protecting EAP Protocol
(PEAP).” IETF Internet Draft, <draft-josefsson-pppext-eap-tls-eap-05.txt>, Sept.
2002.
[26] J. Vollbrecht, P. Eronen, N. Petroni, and Y. Ohba, “State Machines for Extensible Authentication
Protocol (EAP) Peer and Authenticator.” IETF Internet Draft, <draft-ietfeap-
statemachine-01.txt>, work in progress, June 2003.
[27] B. Lloyd andW. Simpson, “PPP Authentication Protocols.” IETF RFC 1334, Oct. 1992.
[28] W. Simpson, “PPP Challenge Handshake Authentication Protocol(CHAP).” IETF RFC
1334, Aug. 1996.
[29] G. Zorn and S. Cobb, “Microsoft PPP CHAP Extensions.” IETF RFC 2433, Oct. 1998.
[30] G. Zorn, “Microsoft PPP CHAP Extensions, Version 2.” IETF RFC 2759, Jan. 2000.
[31] H. Andersson and S. Josefsson, “Protecting EAP with TLS (EAP-TLS-EAP).” IETF
Internet Draft, <draft-josefsson-pppext-eap-tls-eap-00.txt>, Aug. 2001.
[32] A. Palekar, D. Simon, G. Zorn, J. Salowey, H. Zhou, and S. Josefsson, “Protecting
EAP Protocol (PEAP), Version 2.” IETF Internet Draft, <draft-josefsson-pppext-eaptls-
eap-07.txt>, Oct. 2003.
全文公開日期 本全文未授權公開 (校內網路)全文公開日期 本全文未授權公開 (校外網路)