Performance of an Efficient Performing Authentication to obtain access to Public Wireless LAN with a Cache table

摘要

Currently, Wireless LAN (WLAN) service is widely deployed to provide high speed wireless Internet access through the mobile stations such as notebook and PDA. To provide enhanced security and user access control in the public WLAN area, WLAN access points should have the capability of IEEE 802.1x-based user authentication and authorization functionality. In this paper, we provide a brief understanding of IEEE 802.1x standards and related protocols like EAPOL (Extended Authentication Protocol Over LAN), EAP, RADIUS and describe how the IEEE 802.1x is designed and implemented in our embedded linux-based WLAN AP which is named i-WiNG. (Intelligent Wireless Internet Gateway). And we present an efficient authentication proxy for IEEE 802.1x systems based on the port-based access control mechanism. The proxy function of the AP is allowed to cache the supplicant's user ID and password during his first transaction with the server. For the next authentication procedure of the same supplicant, the proxy function of the AP handles the authentication transactions using its cache on behalf of the authentication server. Since the main authentication server handles only the first authentication transaction of each supplicant, the processing load of the server can be reduced. Also, the authentication transaction delay experienced by a supplicant can be decreased compared with the conventional IEEE 802.1x systems. Therefore, the data traffic related to the authentication that has occurred in the backbone network can be considerably reduced to improve the speed of data transmission to the user of the high speed wireless Internet service. Further, in case of a small-scale network, it is possible to save a cost for operating an authentication server using an authentication table.