跳到主要內容

臺灣博碩士論文加值系統

(44.192.48.196) 您好!臺灣時間:2024/06/26 02:56
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:陸培華
論文名稱:設計與實作基於單次密鑰加密之無線網路認證協定
論文名稱(外文):Design and Implementation of Secure Wireless Authentication Protocol using One-Time Key
指導教授:黃育綸
學位類別:碩士
校院名稱:國立交通大學
系所名稱:電機與控制工程系所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2008
畢業學年度:96
語文別:英文
論文頁數:50
中文關鍵詞:802.11 無線區域網路安全相互認證跨域認證
外文關鍵詞:802.11 WLANsecuritymutual authenticationinter-domain authentication
相關次數:
  • 被引用被引用:0
  • 點閱點閱:319
  • 評分評分:
  • 下載下載:37
  • 收藏至我的研究室書目清單書目收藏:0
換手的安全和效率問題變得越來越具重要性在現代的無線網路環境中。在安全及效率中取得平衡是需要被考量的。我們提出了一個新的協定,使用單次密鑰來做為使用者認證。這個提出的新協定可以有效的支援同領域及跨領域認證。我們利用金鑰發行中心(KDC)來管理使用者和授權伺服器。此協定需要五個訊息來達到同領域的初始認證;
三個訊息完成後繼認證;以及五個給換手認證。在換手的過程中不需要金鑰發行中心可減輕金鑰發行中心的負擔。我們實現一個整合802.1X和此協議的擴展認證協議(EAP),並和其他擴展認證協議做比較。這結果也給了一個應用我們的協議到現存的802.11無線網路的簡單方法。最後,此協定被BAN邏輯所證明其正確性。
摘要i
Abstract ii
誌謝iii
Table of Contents iv
List of Figures vi
List of Tables vii
Chapter 1 Introduction 1
Chapter 2 Related Work 3
2.1 Network Authentication Protocols . . . . . . . . . . . . . . . . . . . . 3
2.2 EAP-based Authentication Protocols . . . . . . . . . . . . . . . . . . . 4
Chapter 3 Proposed Protocol: OSNP 8
3.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.2 Intra-Domain Authentication . . . . . . . . . . . . . . . . . . . . . . . 8
3.2.1 Initial Authentication . . . . . . . . . . . . . . . . . . . . . . . 10
3.2.2 Subsequent Authentication . . . . . . . . . . . . . . . . . . . . 12
3.2.3 Handover Authentication . . . . . . . . . . . . . . . . . . . . . 14
3.3 Inter-Domain Authentication . . . . . . . . . . . . . . . . . . . . . . 16
3.3.1 Hierarchical KDC . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.3.2 Protocol Description . . . . . . . . . . . . . . . . . . . . . . . 17
Chapter 4 Software Architecture: EAP-OSNP 21
4.1 EAP Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.2 Building Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.3 Software Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.3.1 OSNP Library . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.3.2 KDC Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.3.3 Authentication Server . . . . . . . . . . . . . . . . . . . . . . 29
4.3.4 Wireless Client . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.4 Protocol Stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Chapter 5 Experiments 32
5.1 SWOON Testbed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.2 Experiment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.2.1 Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.2.2 Software Packages . . . . . . . . . . . . . . . . . . . . . . . . 34
5.2.3 Measurement . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Chapter 6 Analysis and Comparisons 38
6.1 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
6.2 Performance Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 40
6.3 OSNP Logic Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
6.3.1 Initial Authentication . . . . . . . . . . . . . . . . . . . . . . . 42
6.3.2 Subsequent Authentication . . . . . . . . . . . . . . . . . . . . 44
Chapter 7 Conclusion 46
References 47
[1] IEEE, ''IEEE Standard for Local and metropolitan area networks Port-Based Network
Access Control,'' 2004, pp. 1--169.
[2] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz, ''Extensible
Authentication Protocol (EAP),'' RFC 3748 (Proposed Standard), Jun. 2004. [Online].
Available: http://www.ietf.org/rfc/rfc3748.txt
[3] D. Stanley, J. Walker, and B. Aboba, ''Extensible Authentication Protocol (EAP) Method
Requirements for Wireless LANs,'' RFC 4017 (Informational), Mar. 2005. [Online].
Available: http://www.ietf.org/rfc/rfc4017.txt
[4] IEEE, ''Information technology - Telecommunications and information exchange between
systems - Local and metropolitan area networks - Specific requirements Part 11: Wireless
LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications (Includes
IEEE Std 802.11, 1999 Edition; IEEE Std 802.11a.-1999; IEEE Std 802.11b.-1999; IEEE
Std 802.11b.-1999/Cor 1-2001; and IEEE Std 802.11d.-2001),'' 2005, pp. 1--721.
[5] B. Aboba and D. Simon, ''PPP EAP TLS Authentication Protocol,'' RFC 2716
(Experimental), Oct. 1999, obsoleted by RFC 5216. [Online]. Available:
http://www.ietf.org/rfc/rfc2716.txt
[6] D. Simon, B. Aboba, and R. Hurst, ''The EAP-TLS Authentication Protocol,'' RFC 5216
(Proposed Standard), Mar. 2008. [Online]. Available: http://www.ietf.org/rfc/rfc5216.txt
[7] N. Cam-Winget, D. McGrew, J. Salowey, and H. Zhou, ''The Flexible Authentication via
Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST),'' RFC 4851
(Informational), May 2007. [Online]. Available: http://www.ietf.org/rfc/rfc4851.txt
[8] K.-H. Baek, S. W. Smith, and D. Kotz, ''A Survey of WPA and 802.11i RSN
Authentication Protocols,'' Dept. of Computer Science, Dartmouth College, Hanover,
NH, Tech. Rep. TR2004-524, November 2004. [Online]. Available:
http://www.cs.dartmouth.edu/~dfk/papers/baek-survey-tr.pdf
[9] C. Neuman, T. Yu, S. Hartman, and K. Raeburn, ''The Kerberos Network Authentication
Service (V5),'' RFC 4120 (Proposed Standard), Jul. 2005, updated by RFCs 4537, 5021.
[Online]. Available: http://www.ietf.org/rfc/rfc4120.txt
[10] S. Zrelli and Y. Shinoda, ''Specifying Kerberos over EAP: Towards an integrated network
access and Kerberos single sign-on process,'' in Advanced Information Networking and
Applications, 2007, pp. 490--497, AINA '07. 21st International Conference.
[11] A Real-World Analysis of Kerberos Password Security, 1999. [Online]. Available:
citeseer.ist.psu.edu/wu99realworld.html
[12] S. M. Bellovin and M. Merritt, ''Limitations of the kerberos authentication system,''
SIGCOMM Comput. Commun. Rev., vol. 20, no. 5, pp. 119--132, 1990.
[13] M. Burrows, M. Abadi, and R. Needham, ''A logic of authentication,'' ACM Trans.
Comput. Syst., vol. 8, no. 1, pp. 18--36, 1990.
[14] S.-P. Shieh, F.-S. Ho, and Y.-L. Huang, ''An Efficient Authentication Protocol for Mobile
Networks,'' J. Inf. Sci. Eng., vol. 15, no. 4, pp. 505--520, 1999.
[15] C. Xiao-rong, F. Qi-yuan, D. Chao, and Z. Ming-quan, ''Research and realization of
authentication technique based on OTP and Kerberos,'' in High-Performance Computing
in Asia-Pacific Region, 2005. Proceedings. Eighth International Conference on, Nov./
Dec. 2005.
[16] C. Rigney, S. Willens, A. Rubens, and W. Simpson, ''Remote Authentication Dial In User
Service (RADIUS),'' RFC 2865 (Draft Standard), Jun. 2000, updated by RFCs 2868,
3575, 5080. [Online]. Available: http://www.ietf.org/rfc/rfc2865.txt
[17] C. Rigney, W. Willats, and P. Calhoun, ''RADIUS Extensions,'' RFC 2869
(Informational), Jun. 2000, updated by RFCs 3579, 5080. [Online]. Available:
http://www.ietf.org/rfc/rfc2869.txt
[18] B. Aboba and P. Calhoun, ''RADIUS (Remote Authentication Dial In User Service)
Support For Extensible Authentication Protocol (EAP),'' RFC 3579 (Informational), Sep.
2003, updated by RFC 5080. [Online]. Available: http://www.ietf.org/rfc/rfc3579.txt
[19] D. Nelson and A. DeKok, ''Common Remote Authentication Dial In User Service
(RADIUS) Implementation Issues and Suggested Fixes,'' RFC 5080 (Proposed Standard),
Dec. 2007. [Online]. Available: http://www.ietf.org/rfc/rfc5080.txt
[20] Y. Ohba, S. Das, and A. Dutta, ''Kerberized handover keying: a media-independent
handover key management architecture,'' in MobiArch '07: Proceedings of first ACM/
IEEE international workshop on Mobility in the evolving internet architecture. New
York, NY, USA: ACM, 2007, pp. 1--7.
[21] ''FreeRADIUS -- The world's most popular RADIUS Server.'' http://www.freeradius.org/.
[22] ''Linux WPA/WPA2/IEEE 802.1X Supplicant,'' http://hostap.epitest.fi/wpa_supplicant/.
[23] ''hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator,''
http://hostap.epitest.fi/hostapd/.
[24] Y. L. Huang, H. Y. L. J. D. Tygar, L. Y. Yeh, H. Y. Tsai, K. Sklower, S. P. Shieh, C. C. Wu,
P. H. Lu, S. Y. Chien, Z. S. Lin, L. W. Hsu, C. W. Hsu, C. T. Hsu, Y. C. Wu, and M. S.
Leong, ''SWOON: A Testbed for Secure Wireless Overlay Networks,'' in CSET' 08, 2008.
[25] ''The Network Simulator - ns-2,'' http://www.isi.edu/nsnam/ns/.
[26] B. White, J. Lepreau, L. Stoller, R. Ricci, S. Guruprasad, M. Newbold, M. Hibler,
C. Barb, and A. Joglekar, ''An integrated experimental environment for distributed
systems and networks,'' SIGOPS Oper. Syst. Rev., vol. 36, no. SI, pp. 255--270, 2002.
[27] ''Emulab - Network Emulation Testbed,'' http://www.emulab.net/.
[28] T. Benzel, R. Braden, D. Kim, C. Neuman, A. Joseph, K. Sklower, R. Ostrenga, and
S. Schwab, ''Experience with deter: a testbed for security research,'' Testbeds and
Research Infrastructures for the Development of Networks and Communities, 2006.
TRIDENTCOM 2006. 2nd International Conference on, pp. 10 pp.--, March 2006.
[29] ''cyber-cyber-Dcyber-DEfense Technology Experimental Research laboratory Testbed,''
http://www.isi.edu/deter/.
[30] ''Wireshark: network protocol analyzer.'' http://www.wireshark.org/.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊