由於目前網路的架構與服務使用的方式日益複雜，有關於網路安全性的考量便更加重要。而AAA　(Authentication, Authorization and Accounting) 協定即是提供完整的使用者存取控制，於是IETF便組成一個負責討論與訂定相關AAA協定的工作小組。雖然RADIUS協定仍是現行AAA伺服器的主要協定。但是已有一些研究報告指出，RADIUS有許多的缺失須待改進，其中有些是本質上造成的問題。為了發展一套更安全的機制，於是IETF便提出了Diameter協定，來擴充RADIUS協定及強化其安全性。而且在許多實際上的應用也都同意由Diameter取代RADIUS來負責其AAA Server的功能，如3GPP。所以Diameter不論在任何一種網路下，均可稱為新一代可預期且相當看好的AAA協定。目前僅OpenDiameter提供部份相關的程式庫，尚未有人提出完整的實作Diameter EAP認證協定之架構。

本篇論文即是設計並實作出Diameter EAP的實際架構，強調在Diameter上提供認証與授權的功能，除了要按照Diameter Base Protocol的規範外，還需加入EAP的規範，目前EAP在Diameter protocol上的認証方式尚未製定成標準，所以本論文除了依照目前已有的規範來完成外，在實作的過程中仍需考慮並補足其內容可能不足的部分。目前本實作已完成MD5, TLS, TTLS, PEAP四種普遍使用的認証方式。但礙於目前市面上無線網路存取點(Access Point，須包含802.1x Authenticator的功能)均尚未支援Diameter，所以在實作中需另外建構一個支援Diameter的網路存取伺服器(Network Access Server)，完整的Diameter認證環境，仍需待廠商將Diameter的認證功能加入其無線網路存取點產品內。本實作完全按照標準的認証授權流程，使其得以與任一用戶端軟體進行認証授權的功能。

Although current network entities have increased in complexity, the issue of security is more important day by day. The AAA (Authentication, Authorization, and Accounting) protocol provides integrated user access control machination, so the Internet Engineering Task Force
(IETF) formed a working group for discussing and formulating relative specications. In some researches and experiments, traditional RADIUS protocol already is validated that it have much security weaknesses. Diameter thus was proposd to extend the RADIUS protocol and strengthen the security. Many actual application also agree that Diameter will replace RADIUS, for instance 3GPP. Then Diameter is regard as respectably expectable AAA protocol. Now, OpenDiameter only bring up partial program library about Diameter protocol, but it is not any organization to nish whole Diameter testbed. This thesis is design and implementation of WIRE Diameter, it emphasizes Authenti-
cation and Authorization. The WIRE Diameter is an open source, developed by the Wireless Internet Research & Engineering (WIRE) Laboratory, and sponsored this project by Indus-trial Technology Research Institute, Taiwan (ITRI). This is an AAA server which could authenticates and authorize any PPP supplicant. The WIRE Diameter not only is based on Diameter Base Protocol[3], but follows Diameter EAP Application[4]. The WIRE Diameter provides some authentication methods such as EAP-MD5, EAP-TLS, EAP-TTLS and PEAP. In this implementation, we also complete the NAS (Network Access Server) for overcoming AP (Access Point) without supporting Diameter. In this thesis, it is fully
demonstrate how to desigbn and implement the WIRE Diameter.

[1] OpenDiameter. http://www.opendiameter.org.
[2] Industrial Technology Research Institute (ITRI), Taiwan. http://www.itri.org.tw.
[3] P. Calhoun, J. Loughney, E. Guttman, G. Zorn, and J. Arkko, Diameter Base Protocol,Sept. 2003.
[4] P. Eronen, T. Hiller, and G. Zorn, ioDiameter Extensible Authentication Protocol
(EAP) Application. IETF Internet Draft,draft-ietf-aaa-diameter-eap-08.txt, work in progress, June 2004.
[5] WIRE Diameter.http://wire.cs.nthu.edu.tw/wirediameter.
[6] C. Rigney, S. Willens, A. Rubens, and W. Simpson, Remote authentication dial in user
service (RADIUS).IETF RFC 2865, June 2000.
[7] IETF AAA WG. http://www.ietf.org/html.charters/aaa-charter.html.
[8] 3GPP TS 29.229 Cx and Dx interfaces based on the Diameter protocol,Version
6.0.0, May 2004.
[9] J. Loughney, ioDiameter Command Codes for Third Generation Partnership Project
(3GPP) Release 5.le IETF RFC 3589, Sept. 2003.
[10] 802.1X-2001, i0IEEE Standard for Local and metropolitan area networks- Port-Based Network Access Control,Oct. 2001.
[11] P. R. Calhoun, T. Johansson, C. E. Perkins, T. Hiller, and P. J. MaCann, Diameter Mobile IPv4 Application.lF IETF Internet Draft,  draft-ietf-aaa-diameter-mobileip-
18.txt  , work in progress, May 2004.
[12] B. Aboba, P. Calhoun, S. Glass, T. Hiller, P. McCann, H. Shiino, P. Walsh, G. Zorn,
G. Dommety, C. Perkins, B. Patil, D. Mitton, S. Manning, M. Beadles, S. Sivalingham,
A. Hameed, M. Munson, S. Jacobs, B. Lim, B. Hirschman, R. Hsu, H. Koo, M. Lipford,
E. Campbell, Y. Xu, S. Baba, and E. Jaques, Criteria for Evaluating AAA Protocols
for Network Access.ln IETF RFC 2989, Nov. 2000.
[13] FreeRadius. http://www.freeradius.org.
[14] Co-Existence of RADIUS and Diameter, May 2003.
[15] B. Aboba and J. Wood, ioAuthentication, Authorization and Accounting (AAA) Trans-port Prole.ln IETF RFC 3539, June 2003.
[16] B. Aboba and P. Calhoun, RADIUS Support For Extensible Authentication Protocol(EAP). IETF RFC 3579, Sept. 2003.
[17] S. Kent and P. Atkinson, Security Architecture for the Internet Protocol.IETF RFC 2401, Nov. 1998.
[18] S. Kent and R. Atkinson, IP Encapsulating Security Payload (ESP). IETF RFC 2406,Nov. 1998.
[19] L. Ong and J. Yoakum, An Introduction to the Stream Control Transmission Protocol (SCTP).IETF RFC 3286, May 2002.
[20] B. Aboba, J. Arkko, and D. Harrington, Introduction to Accounting Management.IETF RFC 2975, Oct. 2000.
[21] C. Rigney, RADIUS Accounting.IETF RFC 2866, Oct. 2000.
[22] M. Chiba, M. Eklund, D. Mitton, and B. Aboba,Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS).lt IETF RFC 3576, July 2003.
[23] P. R. Calhoun, S. Farrell, and W. Bulley, Diameter CMS Security Application. IETF Internet Draft, draft-ietf-aaa-diameter-cms-sec-04.txt, Mar. 2002.
[24] T. Dierks and C. Allen, The TLS Protocol, IETF RFC 2246, Jan. 1999.
[25] S. Kent and R. Atkinson, IP Authentication Header.IETF RFC 2402, Nov. 1998.
[26] D. Harkins and D. Carrel,The Internet Key Exchange (IKE).IETF RFC 2409, Nov.1998.
[27] L. Blunk and J. Vollbrecht, PPP Extensible Authentication Protocol (EAP). IETF RFC 2284, Mar. 1998.
[28] R. Rivest, The MD5 Message-Digest Algorithm. IETF RFC 1321, Apr. 1992.
[29] P. Funk and S. Blake-Wilson, EAP Tunneled TLS Authentication Protocol.IETF Internet Draft,  draft-ietf-pppext-eap-ttls-04.txt  , work in progress, Apr. 2004.
[30] H. Andersson, S. Josefsson, G. Zorn, D. Simon, and A. Palekar, Protecting EAP Protocol (PEAP).lt IETF Internet Draft,  draft-josefsson-pppext-eap-tls-eap-05.txt  , Sept.
2002.
[31] J. Vollbrecht, P. Eronen, N. Petroni, and Y. Ohba, ihState Machines for Extensible Authentication Protocol (EAP) Peer and Authenticator- IETF Internet Draft,  draft-ietf-eap-statemachine-01.txt  , work in progress, June 2003.
[32] B. Lloyd and W. Simpson, PPP Authentication Protocols IETF RFC 1334, Oct. 1992.
[33] W. Simpson, PPP Challenge Handshake Authentication Protocol(CHAP).IETF RFC 1334, Aug. 1996.
[34] G. Zorn and S. Cobb, Microsoft PPP CHAP Extensions.lP IETF RFC 2433, Oct. 1998.
[35] G. Zorn, Microsoft PPP CHAP Extensions, Version 2.IETF RFC 2759, Jan. 2000.
[36] H. Andersson and S. Josefsson, Protecting EAP with TLS (EAP-TLS-EAP). IETF Internet Draft,  draft-josefsson-pppext-eap-tls-eap-00.txt  , Aug. 2001.
[37] A. Palekar, D. Simon, G. Zorn, J. Salowey, H. Zhou, and S. Josefsson, Protecting EAP Protocol (PEAP), Version 2.ls IETF Internet Draft,  draft-josefsson-pppext-eap-
tls-eap-07.txt  , Oct. 2003.
[38] Adaptive Communication Environment(ACE). http://www.cs.wustl.edu/ schmidt/ACE.html.
[39] Xerces C++ Parser. http://xml.apache.org/xerces-c/index.html.
[40] OpenSSL. http://www.openssl.org.
[41] Pcap Library. http://www.tcpdump.org.
[42] WinPcap Library. http://winpcap.polito.it.
[43] Libnet Library. http://libnet.sourceforge.net.
[44] IEEE-802-1X-REV, Draft Standard for Local and Metropolitan Ares Networks : Port-Based Network Access Control(Revision),l. Jan. 2004.