跳到主要內容

臺灣博碩士論文加值系統

(44.210.99.209) 您好!臺灣時間:2024/04/18 16:40
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:林建佑
研究生(外文):Jian-You Lin
論文名稱:在AAA架構下無線網路存取管理系統之設計與實作
論文名稱(外文):Design and Implementation of a Wireless Network Access Management System under AAA Architecture
指導教授:高勝助高勝助引用關係
學位類別:碩士
校院名稱:國立中興大學
系所名稱:資訊科學系所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2006
畢業學年度:94
語文別:中文
論文頁數:53
中文關鍵詞:AAARADIUSNetFlow無線網路存取管理
外文關鍵詞:AAARADIUSNetFlowWireless LANAccess Management
相關次數:
  • 被引用被引用:1
  • 點閱點閱:261
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
目前無線網路系統的管理機制中,主要是利用RADIUS(Remote Access Dial-In User Service)協定來提供IETF所制訂的認證、授權及計費(Authentication, Authorization, and Accounting)的服務。此服務讓使用者在無線網路中擁有一個安全的身份認證環境,同時讓系統管理者能夠監控網路使用情形。然而不支援進階無線網路認證技術標準的無線網路存取點仍普遍存在,這種情形增加了在架構無線網路存取管理的困難。目前大多數的網路服務供應商並沒有提供使用者於每次登入時多ISP出口選擇權的服務,使得使用者無法根據其使用習慣、本身喜好,或是出口ISP之連線、服務品質(下載檔案速度、連線穩定性、閱讀網頁速度)來選擇ISP出口。此外原RADIUS協定中的計費機制會對使用者閒置的時間進行計算,此計費機制對使用者並不公平。為改善這些問題,在本文中我們設計與實作一個以AAA架構為基礎的無線網路存取管理系統。在此系統中,我們利用網頁認證的方式來取代原本要在無線存取點封包處理的工作,藉此讓我們的系統能夠在擁有不支援RADIUS協定的存取裝置之無線網路環境中,仍然可以擁有認證、授權及計費的功能。且在Multi-Homing的環境中,當使用者通過認證後,可以有自行選擇或是系統依使用者需求決定給予適當的ISP出口,以達到較佳的連線品質。此外,我們利用NetFlow的封包收集來分析使用者使用網路的資訊,針對實際使用網際網路的時間與流量加以計費。在實作的系統中,我們提出四種計費機制:使用者預付時間,使用者預付流量,使用者後付時間,及使用者後付流量,讓使用者得以根據自己的使用需求,作最有利的選擇。
In the current wireless network environment, Remote Access Dial-In User Service (RADIUS) protocol was mainly adopted to provide the services of Authentication, Authorization, and Accounting (AAA), which was proposed by IETF. With the support of RADIUS protocol, a secure environment for wireless users is provided while the usage of network resources can also be monitored and managed by system administrator. However, since not all wireless access points support the RADIUS protocol, it is difficult to build a universal wireless security environment. Furthermore, the accounting policy of RADIUS protocol takes into account the idle time of a wireless user whenever he is in the connection state, which is obviously unfair to the user. To overcome these deficiencies, in this paper, we propose a wireless network access management system which directs the processes of authentication, authorization, and accounting to back-end servers. In the system, by employing the approach similar to the webpage authentication, the wireless access point is not necessary for ensuring legal access but simply transfers the messages to the back-end authorization and authentication server. Consequently, the AAA features are satisfiably accomplished with a better accounting strategy. In Multi-homing environment, once a user has passed the authentication, he can freely choose an ISP or the system can determine an ISP depending upon the user’s request. Hence, a better connection quality can be reached. Specifically, the NetFlow protocol is applied to collect the wireless network usage for each user. Based on the collection, the time or the traffic each user actually utilizes is accounted for. Four accounting alternatives, which include time-prepaid, flow-prepaid, time-postpaid, and flow-postpaid, are proposed and demonstrated.
摘要.........................Ⅰ
Abstract.....................Ⅱ
圖目錄.......................Ⅴ
表目錄.......................Ⅶ
第一章 緒論...................1
1.1 研究動機..................1
1.2 論文貢獻..................2
1.3 論文架構..................3
第二章 相關研究與技術.........4
2.1 NetFlow技術...............4
2.1.1 NetFlow概念...........4
2.1.2 NetFlow Version 5 的資料格式.................5
2.2 AAA架構.......................6
2.3 RADIUS協定....................7
2.3.1 封包架構..................8
2.3.2 認證方式..................9
2.3.3 RADIUS協定的特點..........10
2.3.4 RADIUS協定軟體............11
2.4 IEEE 802.1x...................11
2.4.1 控制和未控制的連接埠......13
2.4.2可延伸認證協定.............14
2.4.3可延伸認證協定與RADIUS驗證伺服器...............16
2.5封包處理機制.......................17
2.6 Diameter協定......................17
第三章 系統架構.......................19
3.1系統核心模組.......................19
3.1.1導向模組.......................20
3.1.2認證模組.......................21
3.1.3計費模組.......................21
3.2系統整體架構.......................22
3.2.1無線基地台.....................23
3.2.2授權代理者.....................24
3.2.3系統運作流程...................26
3.2.4集中式系統延伸架構.............28
第四章 系統實作.......................30
4.1 導向模組..........................31
4.1.1 導向模組工具環境..............31
4.1.2 未認證使用者之導向機制........32
4.1.3 導向機制與授權代理者..........33
4.2 認證模組..........................34
4.2.1 認證模組工具環境..............34
4.2.2 認證模組程序..................34
4.3 授權代理者........................36
4.3.1 授權代理者部署................36
4.3.2 授權代理者程序................37
4.4 計費模組..........................40
4.4.1 計費機制......................41
4.4.1.1 使用者預付時間............43
4.4.1.2 使用者後付時間............44
4.4.1.3 使用者預付流量............45
4.4.1.4 使用者後付流量............45
4.4.2 使用者點數顯示及警示..........46
4.4.3 使用者登出 ....................47
第五章 結論與未來展望.................48
5.1結論...............................48
5.2 未來展望..........................49
參考文獻..............................50
附錄A.................................53
[1]Jonathan Hassell, “RADIUS”, O’Reilly, ISBN:0-596-00322-6, October 2002.
[2]C. Rigney, S. Willens, A. Rubens, and W. Simpson, “Remote Authentication Dial In User Service”, RFC 2865, June 2000.
[3]C. de Laat, G. Gross, L. Gommans, J. Vollbrecht, and D. Spence, “Generic AAA Architecture”, RFC 2903, August 2000.
[4]C. Metz, “AAA protocols: authentication, authorization, and accounting for the Internet”, IEEE Internet Computing, pp. 75 – 79, Nov. 1999.
[5]J. Vollbrecht, P. Calhoun, S. Farrell, L. Gommans, G. Gross, B. de Bruijn, C. de Laat, M. Holdrege, and D. Spence, “AAA Authorization Framework”, RFC 2904, August 2000.
[6]國家通訊傳播委員會, “ADSL服務品質評鑑”, http://www.dgt.gov.tw/chinese/Public-cares/12.5/12.5.2/90/Isp_service-90-3649-satisfied.shtml, November 2001.
[7]J. Abley, K. Lindqvist, E. Davies, B. Black, and V. Gill, “IPv4 Multihoming Practices and Limitations”, RFC 4116, July 2005.
[8]NetFlow, http://www.cisco.com/.
[9]IEEE Std 802.11b-1999. “Higher-Speed Physical Layer Extension in the 2.4GHz Band,” Institute of Electrical and Electronics Engineering, Inc. September 1999.
[10]IEEE Std 802.1X-2001, “Port-Based Network Access Control, Institute of Electrical and Electronics Engineering”, Inc., June 2001.
[11]Arunesh Mishra and William A. Arbaugh, “An Initial Security Analysis of the IEEE 802.1X Standard”, Department of Computer Science, University of Maryland College Park, CS-TR-4328, Feb. 2002.
[12]L. Blunk and J. Vollbrecht, “PPP Extensible Authentication Protocol (EAP)”, RFC 2284, March, 1998.
[13]Jyh-Cheng Chen and Yu-Ping Wang, “Extensible authentication protocol (EAP) and IEEE 802.1x: tutorial and empirical experience”, IEEE Radio Communications, supl.26 - supl.32, Dec. 2005.
[14]R. Rivest, “The MD5 Message-Digest Algorithm”, RFC 1321, April 1992.
[15]OpenRADIUS, http://www.xs4all.nl/~evbergen/openradius/.
[16]Cistron RADIUS , http://www.radius.cistron.nl/.
[17]ICRadius, http://www.icradius.org/.
[18]FreeRADIUS, http://www.freeradius.org/.
[19]JRadius, http://jradius.sourceforge.net/.
[20]Radiator, http://www.open.com.au/radiator/.
[21]B. Lloyd and W. Simpson, “PPP Authentication Protocols”, RFC 1334, October 1992.
[22]B. Aboba and D. Simon, “PPP EAP TLS Authentication Protocol”, RFC 2716, October 1999.
[23]P. Funk and S. Blake-Wilson, “EAP Tunneled TLS Authentication Protocol”, IETF Internet draft, draft-ietf-pppext-eap-ttls-05.txt, August 2003.
[24]Gregor N. Purdy, “LINUX iptables Pocket Reference”, O’Reilly, ISBN: 0-596-00569-5, August 2004.
[25]Oskar Andreasson, “Iptables Tutorial 1.2.0”, http://iptables-tutorial.frozentux.net/iptables-tutorial.html, 2005.
[26]P. Calhoun, J. Loughney, E. Guttman, G. Zorn, and J. Arkko,” Diameter Base Protocol”, RFC 3588, September 2003.
[27]Kipp E.B. Hickman, “The SSL Protocol”, Netscape Communications Corp., Nov. 1994.
[28]Jouni Malinen, Host AP, http://hostap.epitest.fi/.
[29]Apache Software Foundation, The Jakarta Project-Tomcat, http://jakarta.apache.org/tomcat/.
[30]Bogdan Surdu, fprobe, http://sourceforge.net/projects/fprobe.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top