進階搜尋


下載電子全文  
系統識別號 U0026-2008201513230500
論文名稱(中文) 無線軟體定義網路中可用於不同SSID之Openflow AP間的單一金鑰認證機制
論文名稱(英文) Single-key-based Wi-Fi Authentication for Multiple Openflow APs with Different SSIDs in Wireless SDN
校院名稱 成功大學
系所名稱(中) 資訊工程學系
系所名稱(英) Institute of Computer Science and Information Engineering
學年度 103
學期 2
出版年 104
研究生(中文) 李思穎
研究生(英文) Ssu-Yin Li
學號 P76024457
學位類別 碩士
語文別 英文
論文頁數 41頁
口試委員 指導教授-蔡孟勳
口試委員-鄭欣明
口試委員-胡敏君
口試委員-蘇淑茵
口試委員-蔡佩璇
中文關鍵字 認證機制  無線網路  軟體定義網路  服務設定識別碼識別元 
英文關鍵字 authentication  IEEE 802.11  Software Defined Network(SDN)  Service Set Identifier(SSID) 
學科別分類
中文摘要 隨著移動型裝置使用量不斷地成長,存取網路的使用量也大為增加,無線網路服務的提供變得相當重要。儘管在日常環境中已佈署許多無線存取點(AP)可供應無線網路服務,但大多AP是屬於個人建置之封閉式AP (具不同SSID),僅為數有限的使用者可認證、使用。導致雖然有大量AP佈建在生活周遭,卻無法使用。
軟體定義網路有別於傳統網路,將資料和控制模組分開,採用集中式控制器進行管理。其中控制器與交換器之間的OpenFlow協定,可以讓控制器與多種支援OpenFlow的交換器溝通,大幅增加軟體定義網路於硬體設備上的彈性。
在論文中,我們提出讓軟體定義網路與無線網路結合的方案。讓控制器管理不同SSID的AP。並將AP組成一個個群組,只要使用者曾經認證、連線其中一個AP,即可不需密碼地暫時借用同個群組中的其他AP。實測與模擬的結果顯示,所有的方法中,我們的方法有最快的使用者連線建立速度,並且確實能夠大幅的增加使用者可使用AP的比例。
英文摘要 The number of mobile devices is constantly growing, and the internet access utilization has also increased a lot. Providing wireless network service becomes more and more important. A lot of APs with different SSIDs are widely deployed, but most APs are closed (only authenticated users could access). Deployment of these APs does nothing to help with the massive users.
Software Defined Network (SDN) separates data plane and control plane, and the network is managed by centralized controllers. In SDN, Openflow protocol is used to communicate between controller and APs. Thus, it is more flexible to choose different vendors' hardware.
In this thesis, we propose a Wi-Fi auto authentication scheme which integrates SDN into personal mode of wireless network. The proposed scheme uses the controller to control APs with different SSIDs. We define that an "AP group" consists of more than one AP. After a user connects to an AP with passphrase, the user is then allowed to use other APs in the same AP group. In actual measurement, our scheme has the fastest speed of user connection with APs. In simulation, our scheme significantly increase the successful rate of user connection.
論文目次 中文摘要. . . . . . . . . . . . . . . . . . . . . . . . i
Abstract . . . . . . . . . . . . . . . . . . .. . . . . ii
Acknowledgements . . . . . . . . . . . . . . . . . .. . iv
Contents . . . . . . . . . . . . . . . . . . . . . . . . v
List of Tables . . . . . . . . . . . . . . . . . . . . .vi
List of Figures . . . . . . . . . . . . . . . . . . . .vii
1 Introduction . . . . . . . . . . . . . . . . . . . .. .1
1.1 Software Defined Network . . . . . . . . . . . . . ..2
2 Related Works . . . . . . . . . . . . . . . . . . . . .6
3 Proposed Scheme . . . . . . . . . . . . . . . . . . . .8
3.1 Architecture and procedure . . . . . . . . . . . . ..8
3.2 Security Consideration . . . . . . . . . . . . . . .12
3.2.1 Modi ed WEP Passphrase Validation . . . . . . . . 12
3.2.2 Modi ed WPA2 Passphrase Validation . . . . . . . .14
4 Vulnerability analysis . . . . . . . . . . . . . . . .21
5 Performance Evaluation . . . . . . . . . . . . . . . .26
5.1 Actual measurement . . . . . . . . . . . . . . . . .26
5.2 Simulation experiment . . . . . . . . . . . . . . . 30
5.2.1 Impact of |Gn| on user successful connection . . .32
5.2.2 Impact of Valid time on user successful connection..35
6 Conclusion . . . . . . . . . . . . . . . . . . . . . .38
References . . . . . . . . . . . . . . . . . . . . . . .39
參考文獻 [1] 財團法人資訊工業策進會, 2014年上半年消費者行為調查. http://www.iii.org.tw/m/News-more.aspx?id=1367.
[2] 財團法人資訊工業策進會, 2013年台灣民眾行動與無線上網現況. http://www.find.org.tw/find/home.aspx?page=many&id=362.
[3] iPass Mobile Network. http://www.ipass.com/.
[4] Kok-Kiong Yap, Rob Sherwood, Masayoshi Kobayashi, Te-Yuan Huang, Michael Chan, Nikhil Handigol, Nick McKeown, and Guru Parulkar. Blueprint for introducing innovation into wireless mobile networks. In Proceedings of the second ACM SIGCOMM workshop on Virtualized infrastructure systems and architectures, pages 25-32. ACM, 2010.
[5] Martin Casado, Michael J Freedman, Justin Pettit, Jianying Luo, Nick McKeown, and Scott Shenker. Ethane: Taking control of the enterprise. In ACM SIGCOMM Computer Communication Review, volume 37, pages 1-12. ACM, 2007.
[6] Martin Casado, Tal Garfinkel, Aditya Akella, Michael J Freedman, Dan Boneh, Nick McKeown, and Scott Shenker. Sane: A protection architecture for enterprise networks. In Usenix Security, 2006.
[7] Natasha Gude, Teemu Koponen, Justin Pettit, Ben Pfaff, Martin Casado, Nick McKeown, and Scott Shenker. Nox: towards an operating system for networks. ACM SIGCOMM Computer Communication Review, 38(3):105-110, 2008.
[8] Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner. Openflow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2):69-74, 2008.
[9] Open Networking Foundation. https://www.opennetworking.org/.
[10] IEEE Standards Association et al. IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements: Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE, 2001.
[11] Nikita Borisov, Ian Goldberg, and David Wagner. Intercepting mobile communications: the insecurity of 802.11. In Proceedings of the 7th annual international conference on Mobile computing and networking, pages 180-189. ACM, 2001.
[12] Shawn Hernan, Scott Lambert, Tomasz Ostwald, and Adam Shostack. Uncover security design flaws using the stride approach" msdn. microsoft. com, nov. 2006.
[13] Diego Kreutz, Fernando Ramos, and Paulo Verissimo. Towards secure and dependable software-defined networks. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pages 55-60. ACM, 2013.
[14] Sakir Sezer, Sandra Scott-Hayward, Pushpinder-Kaur Chouhan, Barbara Fraser, David Lake, Jim Finnegan, Niel Viljoen, Mary Miller, and Neeraj Rao. Are we ready for sdn? implementation challenges for software-defined networks. Communications Magazine, IEEE, 51(7):36-43, 2013.
[15] Aaron Yi Ding, Jon Crowcroft, Sasu Tarkoma, and Hannu Flinck. Software defined networking for security enhancement in wireless mobile networks. Computer Networks, 66:94-101, 2014.
[16] Seungwon Shin, Yongjoo Song, Taekyung Lee, Sangho Lee, Jaewoong Chung,Phillip Porras, Vinod Yegneswaran, Jiseong Noh, and Brent Byunghoon Kang. Rosemary: A robust, secure, and high-performance network operating system. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 78-89. ACM, 2014.
[17] Seungwon Shin, Vinod Yegneswaran, Phillip Porras, and Guofei Gu. Avant-guard: Scalable and vigilant switch ow management in software-de_ned networks. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 413-424. ACM, 2013.
[18] Philip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, and Guofei Gu. A security enforcement kernel for openflow networks. In Proceedings of the first workshop on Hot topics in software defined networks, pages 121-126. ACM, 2012.
[19] Kevin Benton, L Jean Camp, and Chris Small. Openflow vulnerability assessment. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pages 151-152. ACM, 2013.
[20] Rowan Kloti, Vasileios Kotronis, and Paul Smith. Openflow: A security analysis. In Network Protocols (ICNP), 2013 21st IEEE International Conference on, pages 1-6. IEEE, 2013.
論文全文使用權限
  • 同意授權校內瀏覽/列印電子全文服務,於2020-08-31起公開。
  • 同意授權校外瀏覽/列印電子全文服務,於2020-08-31起公開。


  • 如您有疑問,請聯絡圖書館
    聯絡電話:(06)2757575#65773
    聯絡E-mail:etds@email.ncku.edu.tw