- 學位論文
以多重Kerberos建構無線區域網路之全域認證
Cross-Realm Authentication Based on Multiple Kerberi in WLAN (IEEE 802.1X)
摘要
摘要 在本論文中,我們主要針對無線區域網路(WLAN)安全各提出兩個單一領域與跨領域之新的認證機制,此新的認證機制是以多重Kerberos認證協定和公開金鑰密碼系統為基礎。我們所提出的跨領域認證機制具有使用者只須在一個領域註冊便可以全球漫遊之優點。就安全性方面來說,也比現有的無線網路安全機制來的更加安全。 在第一與第三個新的認證機制之中,減少使用者對AP的認證動作將可以加快認證時間卻不失其安全性。首先,AS接收到來自漫遊使用者的身分資料並決定是否需要轉送到使用者的home AS。然後,使用者利用門票核准門票向TGS兌換所需的服務核准門票。最後,使用者便可利用這張特定的服務核准門票去存取他所需要的網路服務。 而第二與第四個新的認證機制的主要目的是為了加強在無線區域網路中認證的安全性。首先,經過了一連串的認證動作之後,漫遊使用者可以從visit AS得到visit端的門票核准門票。然後,使用者利用visit端的門票核准門票去兌換AP與應用伺服器的服務核准門票。最後,應用伺服器利用session key來加密訊息以達成雙向認證。 在本論文中,我們主要的研究貢獻如下: (1)我們提出了四個新的無線區域網路安全機制。(2)結合了傳統Kerberos認證協定與公開金鑰密碼系統之認證機制可以有效的阻絕重送與中間人攻擊。(3)藉由跨領域認證的優點,漫遊使用者可以利用原有的註冊資訊來證明本身是合法的使用者,以存取全球任一地方的網路服務。 我們相信本論文的研究成果,對未來無線區域網路安全機制的研究領域上有相當的助益。
並列摘要
Abstract In this thesis, we propose four new authentication protocols for Single-Realm and Cross-Realm Authentications based on multiple Kerberi authentication technique. Single-Realm authentication is used when user is in the home area. Cross-Realm authentication with multiple Kerberi protocols achieves the goal that users roam anytime around worldwide. The roaming user can be authenticated in the visit area by his home authentication server (AS). Additionally, because of insecure feature of symmetric cryptosystems, we adopt public key cryptosystems to realize the proposed protocols. In the first and third proposed protocols, the actions for user authenticates with access point (AP) is reduced to speed up the authentication time. At first, AS receives the identity from the user and forwards the message to the home AS when the user is roaming subscriber. Then, the user sends ticket-granting ticket (TGT) to Ticket-Granting Server (TGS) to obtain for service-granting ticket. Finally, depending on service-granting ticket, user will access the network service he wants. The main purpose of the second and fourth proposed protocols is to enhance the security of authentication in WLAN. At first, a roaming user obtains the visit TGT form visit AS after a series of authentication steps. Then, the user exchanges service-granting ticket via visit TGT for AP and desirable server, and takes service-granting ticket of AP to authenticate AP. Finally, mutual authentication is achieved by way of the response which is encrypted with session key between the user and desirable server. The contributions of our research are as follows: (1) Four new protocols authentication applied to wireless local area network are given. (2) We combine traditional Kerberos protocol and public key cryptosystems to prevent effectively the replay attack and man-in-middle attack. (3) We can use our original registered information to access the network service worldwide by proposed Cross-Realm Authentication. It is believed that the results of our research in this thesis will be probably practical and efficient on the security of the wireless local area network.
參考文獻
被引用紀錄
延伸閱讀
- 李旻學(2016)。一個應用於多重基地台無線感測網路之K點任播繞徑協定〔碩士論文,逢甲大學〕。華藝線上圖書館。https://doi.org/10.6341/fcu.M0165785
- Lien, S. Y. (2011). 多層式網路中具統計性服務品質保證之感知無線資源管理 [doctoral dissertation, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2011.00181
- 姚天翔(2006)。無線區域網路之高階設計架構〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/CYCU.2006.00380
- Chiang, Y. L. (2006). Simulation and Performance Analysis of IEEE 802.11a WLAN system [master's thesis, Tatung University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0081-0607200917240031
- 林玫芳(2009)。The Application and Capability Research of IEEE802.11n WLAN in a Mobile Networking Environment〔碩士論文,淡江大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0002-2206200918092700