因為無線網路天生的特性,使得安全性變成一個很重要的議題。很多目前存在的無線網路的安全機制都是從有線網路發展而來的。但是,無線網路的基本性質是和有線網路完全不同的。 在這篇論文中,我們提出了一個”使用暫時性的資料通道以提供安全的事後認證”的機制,在這個機制中,我們同時考慮了無線網路的安全性和移動管理。在我們提出的方法中,當一個Mobile Station從舊的認證者換手到新的認證者的時候,新的認證者可以依據舊的認證者的可靠程度來”暫時性的”信任這個新來的Mobile Station,當這個Mobile Station在和新的認證者進行認證和授權的過程中,新的認證者會提供一個暫時性的資料通道來讓Mobile Station傳送和接收封包,以達到無縫式換手的目的。同時,通過這個暫時性資料通道的封包會由舊的認證者來做安全性上的把關。我們已經實做出一個實驗平台來展現這個設計的可行性。
Due to the open nature of wireless networks, security is an important issue. Many of present wireless network security schemes are developed from wired networks. However, the characteristics of wireless networks are completely different with wired networks. In this thesis, we proposed ”a secure post-authentication with provisional data channel” which considers both security and mobility management in wireless networks. In our proposed scheme, when a mobile station handoffs from old authenticator to a new authenticator, the new authenticator can ”provisionally” trust the mobile station based on the reliability from the old authenticator. The new authenticator provides a provisional data channel for user to transmit and receive data when the mobile station is performing the procedure of authentication and authorization with the new authenticator. By the provisional data channel, mobile stations can handoff seamlessly. At the same time, the data from the mobile station are veried by the old authenticator. A testbed has been constructed to demonstrate the feasibility of the design.