| Authentication system is a key part of a digital campus. Campus which has several districts usually divides the campus network into several realms, so cross-realm authentication is a crucial problem which needs to be solved. WLAN is used widely because of its flexibility. Therefore, an authentication system of digital campus should have security and availability of high level, and the ability of processing cross-realm authentication in wired LAN as well as WLAN. Besides, considering the developing trend of NGN, authentication system should support IPv6 protocol.Diameter protocol, as a next generation AAA protocol which is a substitute of RADIUS, has richly considered the demands of security, reliability and mobility for future AAA service. It supports agents and roaming, gives explicit features such as message routing, end-to-end security and transport level security.PANA protocol is an authentication carrying protocol which is above IP protocol. Based on PANA protocol, access devices can be deployed more flexible. PANA can give a unified carrying platform for many authentication methods.On the basis of the research on Diameter and PANA protocol, this thesis proposes a unified authentication system which is suitable for campus network. The authentication system runs above IP layer, which gives more flexitility for deployment. By introducing the message routing of Diameter base protocol, this system can process cross-realm authentication in both wired LAN and WLAN, and can also support IEEE 802.11i protocol and IPv6 protocol.This thesis also gives some details of the implement of a testing system. A cross-realm authentication process in WLAN is successfully tested in the system.At the end of this thesis, an authentication method EAP-PEAP is discussed. By extending EAP-PEAP protocol, a single sign-on ticket distribution method for a unified authentication system is given. |
PDF Full Text Request