Mechanism for Supporting Integrated Security Domain for IEEE 802.11s WLAN Mesh Networking

• Main Authors: Ho-Han Liu, 劉合翰
• Other Authors: Chien-Chao Tseng
• Format: Others
• Language: en_US
• Published: 2007
• Online Access: http://ndltd.ncl.edu.tw/handle/96653347245940880553

碩士 === 國立交通大學 === 資訊科學與工程研究所 === 95 === This thesis proposes a mechanism to integrate the authentication and key management scheme of the IEEE 802.11i standard with the WLAN Mesh environment. WLAN Mesh eliminates the need for cabling and provides a powerful routing mechanism, so that deployments of the backbone network will be faster and less expensive than the wired counterpart. However, the security mechanism of the WLAN Mesh is isolated from 802.11i. This isolation of security mechanism introduces extra overhead in handoff handling and routing, and thus degrades the quality of real-time services. In order to improve the handoff performance while fulfilling the security requirement of 802.11i, the proposed mechanism makes the mesh portal (MPP), instead of the mesh access point (MAP), the IEEE 802.1X authenticator so that it can reduce the demand for performing the IEEE 802.1X authentication in handoffs. As a consequence, it not only reduces the handoff latency and message traffic but also improves the routing performance of the encrypted frame. Meanwhile, the mechanism is compatible with IEEE 802.11i and can be used by a station without any modification. Furthermore, the mechanism can also operate with IEEE 802.11s, affecting neither the original routing mechanism nor the security mechanism of IEEE 802.11s. We also propose an analytical model to evaluate the handoff latency and message traffic caused by the security procedures while a station roaming within a WLAN Mesh network. The results show that the proposed mechanism can reduce the handoff latency up to 245% and achieve the same performance as the one accomplished by the 802.11i preauthentication with a successful probability of 80%-90%. Moreover, this model can be further applied in analyzing the optimum number of APs managed by one authenticator in a centralized WLAN architec-ture, where authenticators and APs are implemented in distinct network entities.