網際網路的蓬勃發展帶動人類科技跨越另一個世紀，而無線網路的興起更是代表了人類可以不受"空間"限制更便利的使用網際網路，隨著無線區域網路設備成本的降低及可快速建置的優點，愈來愈多支援無線區域網路標準的行動裝置，加上許多廠商積極投入WLAN使得WLAN建置成本愈來愈低，許多hotspots譬如咖啡廳、機場、車站或者學校及公司內部網路紛紛被廣泛且積極的建制WLAN•對於使用者而言，如何提供一個簡單、安全、有品質的無線上網環境成了一個相當重要的議題•然無線區域網路( WLANs )提出時只是簡單的區域網路架構，在被廠商推行應用之前並未考量且制定好完整的行動性(mobility)以及安全性(security)的機制，各廠商的產品及校園無線網路的推廣也眾所紛芸難以整合，有鑑於此，為達到讓網路資源更具彈性及擴充性，並使得Internet能更廣泛及便利的應用，本文以校園無線網路為基礎進行跨校漫遊系統、安全控管管理的規劃與建置，除了利用我們系統架構可做到跨校漫遊機制，並整合現有漫遊認證機制做到異質性平台跨校漫遊認證•

The flourishing development of internet moves the human technology into another new epoch and the rising of the wireless LAN presents the fact which people are freer and more convenient from the unlimited-space using the internet. More and more equipments can support the mobile device of WLAN. By reducing the cost and its good points of easy-building. Lots of hotspots, for instance, café’s, airports, train stations, schools and companies are widely deployed and positive to construct WLAN. How to provide people a simple, easy, and quality environment of WLAN becomes an important issue from the viewpoints of user. When WLAN had been discussed, it was only a simple LAN environment. Before it has been promoted by the manufacture, the mobility and security were not been measured and instituted. All the products from different suppliers and the promotion of wireless internet in school are difficult to be united. By the fact of this, in order to make the resource of internet more flexible and expandable and make internet can be used in wide-ranging and more convenient way, this article draw up a plan and structure of Cross-Domain Roaming System and security control. Besides, our system can support and integration of heterogeneous authentication platforms on the WLAN.

一、 緒論 1
1.1研究動機 1
1.2研究目標 1
二、 背景知識 3
2.1 IEEE802.11 3
2.2 IEEE802.11網路基本架構 4
2.2.1無基礎架構的無線區域網路(AdHoc WLan) 4
2.2.2有基礎架構的無線區域網路(Infrastructure WLan) 4
2.3 IEEE802.11的安全機制 5
2.3.1 MAC Address Filtering 5
2.3.2 Service Set Identification (SSID) 6
2.3.3 Wired Equivalent Privacy(WEP) 7
2.4 IEEE802.11無線區域網路的優缺點 8
2.5 IEEE802.1x 9
2.5.1 IEEE802.1x網路架構 10
2.5.2 IEEE802.1x認證架構 11
2.5.3 EAP over 802.1x 12
2.5.4 Radius Server 13
2.6 數位憑證 14
三、 相關問題分析 15
3.1 無線區域網路認證機制 15
3.1.1 Open System 15
3.1.2 Shared-key 16
3.2 無線區域網路漫遊機制 19
3.2.1 Web-based認證方式 19
3.2.2 Radius with IEEE802.1x 20
四、 研究目標與進行步驟 21
4.1 研究目標 21
4.1.1支援包含IEEE 802.1x標準安全驗證之校際無線區域漫遊機制 21
4.2 系統規劃與建置 22
4.2.1跨校漫遊認證機制 23
4.3 異質系統整合 26
4.3.1 Homogeneous Roaming 26
4.3.2 Heterogeneous Roaming (Remote Radius Server) 27
4.3.3 Heterogeneous Roaming (Local Radius Server) 28
4.3.4 Heterogeneous Roaming (POP3 Server) 29
五、 研究成果與貢獻 30
5.1 使用者認證 30
5.2管理系統 32
六、 結論與未來展望 36
七、 參考文獻 38

[1] IEEE Standard for Information Technology - Telecommunications and Information Exchange between Systems - Local and Metropolitan Area Network - Specific Requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (IEEE, 1997)
[2] Phifer, L. “Improving WLAN security” 802.11 Planet. 11 January 2002.
[3] Arbaugh, W., Shankar, N., & Wan, J. “Your 802.11 Wireless Network has No Clothes”, Department of Computer Science University of Maryland College Park, Maryland, March, 2001.
[4] Fluher, S., Mantin, I., & Shamir, A. “Weaknesses in the Key Scheduling Algorithm of RC4”. (2001). http://downloads.securityfocus.com/library/rc4_ksaproc.pdf
[5] Geier, J. “802.11 WEP:Concepts and Vulnerability”, 802.11 Planet. 20 June 2002. URL: http://www.80211-planet.com/tutorials/article/0,,10724_1368661,00.html. 22 June 2002.
[6] Borisov, N. Goldberg, I. and Wagner, D.“Intercepting Mobile Communications: The Insecurity of 802.11”, explores many of WEP's flaws in more depth..
[7] Phifer, L. “Improving WLAN security” 802.11 Planet. 11 January 2002. URL: http://www.80211-planet.com/tutorials/print/0,,10724_953651,00.html (7 May 2002).
[8] Rivest, R., and Dusse, S. “The MD5 Message-Digest Algorithm”, RFC 1321, MIT Laboratory for Computer Science, RSA Data Security Inc., April 1992.
[9] IEEE Standard 802.1x,“IEEE Standard for Local and metropolitan area networks ─ Port-Based Network Access Control”,June 2001. URL: http://standards.ieee.org/getieee802/download/802.1X-2001.pdf
[10] Blunk, L. and Vollbrecht, J. IETF RFC 2284, PPP Extensible Authentication Protocol (EAP), , March 1998
[11] Rigney, C., Willens, S., Rubens,A. IETF RFC 2865, Remote Authentication Dial In User Service (RADIUS), , and Simpson, W., June 2000, http://www.ietf.org/rfc/rfc2865.txt
[12] Rigney, C., Willats, W., and Calhoun, P. IETF RFC 2869, RADIUS Extensions, , June 2000.,http://www.ietf.org/rfc/rfc2869.txt
[13] Myers, J. Rose M. IETF RFC 1939, Post Office Protocol - Version 3(POP3), May 1996
[14] http://www.freeradius.org
[15] http://open1x.org/
[16] http://www.verisign.com
[17] http://www.rsa.com
[18] http://www.ibm.com
[19] http://java.sun.com