無線網狀網路(Wireless Mesh Network)為一新無線網路技術。 目前有一 趨勢是將研究採用無線網狀網路技術建造成商業化行動網路以提高都會 型無線網路的覆蓋率與便利性。快速、容易且低成本網路部署的特性,使 得無線互聯網服務供應商(Wireless Internet Service Providers,WISP)考慮以 無線網狀網路架構提供用戶存取網際網路的服務。無線網狀網路不需要固 定的基礎設施且在開放的傳輸媒介中運作,故在被無線電波覆蓋的範圍內 的任何網狀用戶端都可以存取網路,也因此在無線網狀網路技術中,鑑別 試圖鏈接網路的網狀用戶端為一關鍵且重要的安全要求。本計畫擬研究發 展一適合無線網狀網路的高效率且實用的鑑別機制,其中包括鑑別架構、 登入鑑別、網內換手鑑別(intra-domain handover authentication)與跨網換手 鑑別(inter-domain handover authentication);此外,因應無線網狀網路架構 之特殊性我們也研發網狀用戶端在通訊範圍無法與網狀存取點(mesh access point,MAP)直接鏈接的情況下透過其他網狀用戶端間接鏈接MAP 的過程中網狀用戶端二者間與網狀用戶端和MAP間相互鑑別技術。相較於 目前的蜂巢式網路(Cellular Network),我們考慮排除兩兩WISP需由事先簽 訂服務層級協議(Service level agreement,SLA)方能提供漫遊做法,取而代 之的是許多WISP之間在符合安全需求之前提下依網狀用戶端狀況動態即時處理。同時,我們亦將以理論模式論證我們的方法之鑑別性。不同於目 前的蜂巢式網路(Cellular Network)的用戶,以本計畫的預期研究成果每個 網狀用戶端在任何無線網狀網路均能運作存取網際網路不再受限制,他能 無縫地漫遊在許多不同WISP管轄的網域。我們將著重於降低鑑別延遲 (authentication latency)使其在跨網換手鑑別或網內換手鑑別都不會影響網 狀用戶端的持續連線網路的品質。本計畫研究發展的鑑別技術將提供網狀 用戶端悠遊於不同網域間時,WISP與網狀用戶端和不同網狀用戶端間高效 率的相互鑑別機制和產生共同密鑰以做為建置其它安全功能的根基,也因 此本計畫預期的研究成果將成為建構無線網狀網路的重要安全基礎。 A wireless mesh network (WMN) is a new wireless network technology. There is a trend to adopt the wireless mesh network technology to build commercial mobile Ad Hoc networks. Using Wireless Mesh Networks to offer Internet connectivity is becoming a popular choice for Wireless Internet Service Providers (WISP) as it allows a fast, easy and inexpensive network deployment. Since a WMN is such a network without fixed infrastructure and is operated in an open medium, any user within the range covered by radio wave may access the network. Therefore, a critical requirement for the security in WMN is the authentication of a new user who is trying to join the network. This project plans to devise an efficient and practical authentication scheme (login authentication, intra and inter-domain authentication) for WMN. In contrast to a conventional cellular-like solution, we eliminate the need for establishing bilateral roaming agreements and having real-time interactions between potentially numerous WISPs. With the research results of this project in place, each user is no longer bound to any specific network operator, as he ought to do in current cellular networks. Instead, he can realize seamless roaming across WMN domains administrated by different WISPs. The research results of this project support efficient mutual authentication and key agreement both between a user and a serving WMN domain and between users served by the same WMN domain. This project will build the important security base for WMN.
