標題: IEEE 802.11i無線網路快速換手之設計與實作
Design and Implementation of a Fast Handoff Mechanism for IEEE 802.11i-based Wireless Networks
作者: 蔡亞軒
Ya-Hsuan Tsai
Chien-Chao Tseng
關鍵字: 快速換手;Robust Security Network;IEEE 802.11i;4-way handshake;Fast Handoff
公開日期: 2004
摘要: 近年來無線網路的技術發展逐漸成熟,舉凡傳輸速度、傳輸距離都有大幅的進步,在各公共場合 (例如機場、車站及餐廳等等) 也佈建著許多熱點 (Hot Spot),使用者可以透過這些熱點來連接上網際網路,使用網際網路上多元的服務。網路安全一直都是人們所關心的課題,無線網路帶給我們便利的上網服務,但也引出許多安全相關的問題,當我們使用無線網路時,有心人只要有電波接收的設備,就可以竊聽在空氣中傳遞的訊息,為此IEEE 802.11標準中規定使用有線等級私密 (Wired Equivalent Privacy) 來保護資料的安全性,但不幸的是,有線等級私密在設計上有重大瑕疵,其安全性已不足以被信賴,因此制定了IEEE 802.11i標準做為無線網路安全性的規範,IEEE 802.11i使用更複雜的機制來達到資料的私密性和完整性,但也增加了行動節點 (Mobile Node) 在網路中換手 (Handoff) 的延遲時間。 為了加快換手的速度,讓上層應用程式能夠更順暢的進行,我們提出預先四訊息交換 (Pre-Four-Way-Handshake) 的方法避免802.11i四訊息交換的延遲。在我們提出的預先四訊息交換的機制中,行動節點在要執行換手之前,先透過目前所聯結的無線存取點 (Access Point) 和可能會換手到的目標無線存取點溝通,預先執行四訊息握手交換,並把成果用一特別的資料結構儲存起來,而此資料結構會擁有一唯一的識別名稱。配合著IEEE 802.11i中的預先認証程序 (Pre-Authentication),行動節點在換手後僅需傳遞先前儲存的資料結構識別名稱,則無線存取點和行動節點雙方就可繼續進行一般資料的傳送,因換手而造成應用程式的暫時中斷也可以降到最低。 由於預先認証和預先四訊息握手交換行動節點都必須知道目標無線存取點的位址,所以我們提出一位置資訊交換架構來輔助快速換手的機制。在此架構中,設立有一台位置伺服器,此位置伺服器會有當地無線網路的基地台與認證伺服器的網路資訊及拓撲等知識,而行動節點會將本身目前的位置資訊告知位置伺服器,位置伺服器會記錄下來並依行動節點過去的位置記錄,預測出行動節點可能會換手到的無線存取點,之後藉由雙方訊息的交換,讓行動節點得知目標無線存取點的位址,藉以輔助本論文快速換手的機制。 最後,我們實作出一套包含位置資訊交換及快速換手機制的系統雛型,以驗証我們所提出的方法。實作結果証明,我們的方法確實可行。
With the advance of wireless internet technologies, the transmission rate of IEEE 802.11 networks increases significantly while the deployment cost decrease substantially. Many IEEE 802.11-based hot spots have been deployed in public areas, such as airports, transit stations, restaurants, and hotels, so that hot spots users can surf the Internet and subscribe services even when they are away from their home or offices. However one of the most important issues that remain to be solved in 802.11 networks is the security issue. The downside of using wireless technologies is that anybody can effortlessly eavesdrop messages in the air with a wireless network adapter. Therefore, IEEE 802.11 specification adopted wired equivalent privacy (WEP) to protect messages transferred in the air. Unfortunately, WEP has a significant flaw in security. Hence IEEE standard committees proposed 802.11i specification as the security enhancement for wireless environment. IEEE 802.11i employs more complex mechanism to achieve data confidentiality and integrity. However, it also increases the handoff delay time. In this thesis, we adopted a new method, pre-four-way-handshake, to shorten the handoff delay of IEEE 802.11i four-way-handshake. Together with the pre-authentication procedure defined in IEEE 802.11i specification, the pre-four-way-handshake can reduce handoff delay perceivable by a mobile node (MN). Before commencing a handoff, an MN communicates with candidate target access points (APs), through the access point that the MN is currently associated with, to perform pre-authentication and pre-four-way-handshake. Both the MN and each of the target APs store the results of pre-authentication and pre-four-way-handshake in a specific data structure, called security association (SA). Each SA has a unique identifier for identification purpose. The MN needs only send the corresponding identifier to the AP with which it newly associates. The AP then uses the identifier to find the MN’s SA to retrieve the MN’s authentication statuses and key materials. Because the MN have performed the authentication and key exchange procedures with the new AP before it starts a handoff process, the MN can continues transferring general packets immediately after it has associated with the new AP. Therefore the application interruption due to handoff can be reduced substantially by the pre-authentication and pre-four-way-handshake. Because the MN needs to obtain the addresses of the candidate APs beforehand for pre-authentication and pre-four-way-handshake, we also proposed a location information exchange architecture to assist the fast handoff. In this architecture, there is a location server that maintains the configuration and topology information of APs. Besides, it also keeps track of MN’s locations and predicts which APs the MN might handoff to. By exchanging messages with the location server, the MN can obtain the addresses of the candidate APs and perform pre-authentication and pre-four-way handshake when handoff is about to occur. We have implemented a prototype that employs a location server for pre-authentication and pre-four-way-handshake in IEEE 802.11i-based networks. Experimental results show that our proposals are very effective.
Appears in Collections:Thesis

Files in This Item:

  1. 753901.pdf