A security management system based on lightweight wireless access point under AAA architecture

• Main Authors: Chao-Hsiung Wang, 王昭雄
• Other Authors: Shang-Juh Kao
• Format: Others
• Language: zh-TW
• Published: 2005
• Online Access: http://ndltd.ncl.edu.tw/handle/42974380688999517364

碩士 === 國立中興大學 === 資訊科學研究所 === 93 === 　　Recently, applications of wireless network have grown as a result of the formulation of IEEE 802.11 standard. As the wireless applications are made more available to users, the security issue is becoming more and more challenging. Authentication, Authorization and Accounting (AAA), which was proposed by IETF, provides Wireless Internet Service Providers (WISP) an architecture to authenticate the identity, authorize the permission of wireless communication, and account the access time for each wireless user. By integrating the AAA architecture with the Remote Access Dial-In User Service (RADIUS) protocol, the IEEE 802.1x architecture presents a more secure authentication environment for wireless users. With the IEEE 802.1x architecture, wireless access points play the role of Network Access Server (NAS) and perform the authentication process between wireless users and authentication server. However, not all wireless devices support the IEEE 802.1x or the RADIUS protocol. This paper brings up a concept of Lightweight Wireless Access Point Security Management. Following the AAA architecture, we build a security management system which forwards the processes of authentication, authorization and accounting to the back-end hosts. Wireless Access Points only need to transport messages between wireless users and back-end hosts. 　　Our purpose is to operate authentication, authorization and accounting processes for wireless access point which doesn’t support the RADIUS protocol. As implied by the name, Lightweight Wireless Access Point doesn’t deal with encapsulating or decapsulating any authentication packets but only delivers them to the back-end hosts. Consequently, our AAA architecture could be efficiently operated. The load on wireless access point can be reduced and any further management requirement can be flexibly performed on the back-end host. For example, it is easily expandable for the back-end host to support various EAP authentication methods. Furthermore, the system could be implemented across several network domains and the wireless network manager could effectively control the AAA features of roaming.