以憑證中心機制強化跨校無線漫遊認證環境安全

Abstract

台灣地區跨校無線漫遊服務在國家高速網路與計算中心以及資策會電子商務研究所的整合之下，已經有超過76個單位納入無線漫遊的範圍。無線漫遊服務固然方便，但在無線存取環境擴大的同時，使用者的無線存取安全更值得大家去思考及探討。目前加入漫遊環境的各單位多採用網頁認證方式進行認證，本計畫透過漫遊憑證中心的建立及無線漫遊認證網站SSL憑證(certificates)的整合以建立無線漫遊用戶認證的安全機制，確保使用者不被惡意的認證網頁所欺騙，同時也可作為未來佈建802.1x環境的基礎建設。

The web portals are the most widely deployed WLAN authentication method in campuses and organizations. User authentication process is protected by HTTP over TLS, and the security mechanism is relying on the SSL certificate installed on the web server. Unfortunately, most of users are not easy to judge the wed certificate is official or not and may face the M-I-T-M attacks. By introducing the WLAN Roaming CA infrastructure will provide an easy way to recognize the SSL certificate for roaming users and take them far away from malicious web portals. Currently, the CA certificates are used for web portals. In addition, the infrastructure is also useful for 802.1x PEAP/TTLS environments.