無線網路中,使用者具有移動能力故在使用網路服務過程將可能會面臨換手的程序。在換手進行的過程中,基於安全需求與網路便利性必須考量雙向身份鑑別與快速換手。本論文提出無線網路換手鑑別技術在達到身份鑑別安全需求下,能完成快速換手鑑別程序以盡可能降低對使用者的網路服務連通性的影響,我們整體考量了登入、網內換手與跨網換手鑑別的機制。我們的方法特別注意快速換手縮短雙向鑑別延遲,鑑別延遲如果太長可能會造成影響使用者連結網路效能,更甚者可能會造成使用者誤認為網路連線中斷;此外,我們的方法進一步考慮防止重送攻擊、匿名性及向前安全性/向後安全性以提供較健全且完整的安全功能,這也是其他相關研究所不及。在計算成本上我們的方法也不比其他的方法遜色。 Mobile user might perform the procedure of handover in wireless network. In the process of handover, according to the security requirements and convenience, taking mutual authentication and fast handover into account is necessary. This paper proposes a secure handover authentication (SHA) scheme for wireless network that provides fast handover to retain the connectivity of network under the security requirement of identity authentication. It considers not only intra-domain handover but also inter-domain handover to maintain the anonymity of user’s identity, replay attack resistance and the forward/backward secrecy of key generation. These are what other studies haven’t provided. Among these functionality, we especially focus on the authentication latency shortened by fast handover. If the authentication latency takes too long, the network connectivity of the user may be affected. Moreover, it may cause disconnection. SHA scheme reduces more handover authentication latency than other schemes does. The user may misunderstand that it is disconnected. It is more secure and efficient than other studies.
