Please use this identifier to cite or link to this item:
標題: 架構於無線區域網路上之認證與金鑰交換機制
Studies on the Enhanced Key Exchange and Authentication Protocols for Wireless LAN
作者: 邱發俊
Chiu, Philip
關鍵字: 可延伸認證協定
出版社: 資訊科學研究所
摘要: 在傳統的有線網路世界裡,使用者利用有線網路通訊業者所提供的服務來連接網路,而系統業者於使用者連接使用時,可透過路由的機制對使用者身分進行認證。如登入網域,則僅需對網域認證。而在無線網路的環境中,使用者並無特定連線的區域,僅選擇最接近的連接點,因此無線網路對於認證等安全議題特別重視。 大多數植基於使用者密碼的無線網路連線認證機制是建立於對亂數的挑戰/回應,並以密碼學的機制對其加強保密性來達成安全的要求。而以此為基礎的設計亦較其他的設計機制易於實行且符合網路使用習慣。 本文根據IEEE發展標準,提出兩個以密碼為基礎的認證協定,支援無線區域網路上的相互認證性、金鑰傳遞的功能並慮及其他安全相關議題考量。其中,在相互認證上可以減少運算效能的消耗,並增強對使用者匿名的保護;並設計一快速重新認證機制藉以減少認證時的網路傳輸流量。最後,我們對於現行各項無線網路認證機制,無論以密碼為基礎或憑證為基礎之方式,均進行安全上之比較。
In the traditional wired world, the user typically connects each other with a particular service provider by dialing up on the associated network; meanwhile, the service provider routes an authentication to the user's home domain. In a wireless network, however, the user does not need to choose an access domain, but only to connect access point nearby. Thus the topics of security and authentication should be paid more attention to for WLANs. Most password-based authentication protocols used in WLANs are designed for a hash of the password with a random challenge. They enhance the privacy with cryptosystem to satisfy the requirement of security. Also, they are implemented easier then the other network protocol and conformed to the behavior of network use. This paper proposes two password-based authentication protocols according to IEEE standard, which support mutual authentication and key derivation, and take other related security issues into consideration. On the authentication, the proposed protocols lower the computing cost, and enhance user identity privacy support. Additionally, the fast re-authentication mechanism reduces network traffic in the authentication flow. Finally, comparisons of security are made between the proposed protocols and the current protocols, no matter password-based or certificate-based.
Appears in Collections:資訊科學與工程學系所



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.