Posts

Showing posts from December 7, 2008

Received Signal Strength Indication(RSSI)

In telecommunications, Received Signal Strength Indication (RSSI) is a measurement of the power present in a received radio signal.

RSSI is generic radio receiver technology metric, which is usually invisible to the user of device containing the receiver, but is directly known to users of wireless networking of IEEE 802.11 protocol family.

RSSI is often done in the intermediate frequency (IF) stage before the IF amplifier. In zero-IF systems, it is done in the baseband signal chain, before the baseband amplifier. RSSI output is often a DC analog level. It can also be sampled by an internal ADC and the resulting codes available directly or via peripheral or internal processor bus.

RSSI in 802.11 implementations
In an IEEE 802.11 system RSSI is the received signal strength in a wireless environment, in arbitrary units. RSSI can be used internally in a wireless networking card to determine when the amount of radio energy in the channel is below a certain threshold at which point the network …

Simple Object Access Protocol(SOAP)

SOAP的全名為Simple Object Access Protocol(簡易物件通訊協定),是一種以XML為基礎的通訊協定,其作用是編譯網路服務所需的要求或回應後,再將編譯後的訊息送出到網路,簡單來說就是應用程式和用戶之間傳輸資料的一種機制。

SOAP的全名為Simple Object Access Protocol(簡易物件通訊協定),是一種以XML為基礎的通訊協定,其作用是編譯網路服務所需的要求或回應後,再將編譯後的訊息送出到網路,簡單來說就是應用程式和用戶之間傳輸資料的一種機制。

SOAP是一個獨立的訊息,可以獨自運作在不同的作業系統與網路上面,例如在微軟的Windows或Linux的建構下運作,並可以使用各種不同的通訊方式來作傳輸,例如SMTP、MIME,或是HTTP等。

近來W3C對於建立網路服務的協定不遺於力,尤其W3C對於SOAP的1.2版更新工作更是已經接近完工的階段。在SOAP1.2版中,包含了一個用於簡化網路的工具包,這個工具包擁有許多1.1版未有的工具,例如可讓開發者建立管理SOAP訊息規則的「處理模型」,以及包含簡易管理大量的XML文檔功能。

不過因為SOAP還未到達完成的階段,所以W3C現今只定位SOAP1.2版為「建議性的網路服務開發工具」。

SOAP的架構為:Envelope、Header、Body,和Fault四個部份;其組織架構是與XML的語法相結合應用,換句話說SOAP是由XML語法所寫而成。

SOAP不但可以在不同的網路上運作,更可以在不同的網路間作傳輸,如圖3所示,SOAP可以透過HTTP發送訊息,再透過TCP、MSMQ,最後由SMTP收到訊息,途中可以透過四個不同的傳輸點傳達訊息。由此我們可以見到SOAP的透通性與實用性,遠比一般的通訊協定更為有彈性。

Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol that forms part of the 802.11i standard for wireless local area networks (WLANs), particularly those using WiMax technology. The CCMP algorithm is based on the U.S. federal government's Advanced Encryption Standard (AES).
CCMP offers enhanced security compared with similar technologies such as Temporal Key Integrity Protocol (TKIP). CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks. The Counter Mode component provides data privacy. The Cipher Block Chaining Message Authentication Code component provides data integrity and authentication. The enhanced privacy and security of CCMP compared with TKIP requires additional processing power, often necessitating new or upgraded hardware.

802.11i is a standard for WLANs that provides encryption for networks that use the 802.11a, 802.11b and 802.11g standards. The AES is an en…

Proactive Key Caching(PKC)

PKC is an IEEE 802.11i extension that allows for the proactive caching (before the client roaming event) of the WPA/WPA2 PMK that is derived during a client IEEE 802.1 x/EAP authentication at the AP. If a PMK (for a given WLAN client) is already present at an AP when presented by the associating client, full IEEE 802.1X/EAP authentication is not required. Instead, the WLAN client can simply use the WPA 4-way handshake process to securely derive a new session encryption key for communication with that AP.

Note PKC is an IEEE 802.11i extension and so is supported in WPA2—not WPA.

Basic Service Set(BSS)

Image
The Basic Service Set is a term used to describe the collection of Stations which may communicate together within an 802.11 WLAN (Wireless Local Area Network).

The BSS may or may not include AP (Access Point) which provide a connection onto a fixed distribution system such as an Ethernet network. Two types of BSS exist; IBSS (Independent Basic Service Set) and Infrastructure Basic Service Set.

EAP-TTLS(Extensible Authentication Protocol-Tunneled Transport Layer Security)

EAP-Tunneled Transport Layer Security, or EAP-TTLS is an EAP protocol that extends TLS. It was co-developed by Funk Software and Certicom. It is widely supported across platforms, although there is no native OS support for this EAP protocol in Microsoft Windows, it requires the installation of small extra programs such as SecureW2.

EAP-TTLS offers very good security. The client does not need be authenticated via a CA-signed PKI certificate to the server, but only the server to the client. This greatly simplifies the setup procedure as a certificate does not need to be installed on every client.

After the server is securely authenticated to the client via its CA certificate, the server can then use the established secure connection ("tunnel") to authenticate the client. It can use an existing and widely deployed authentication protocol and infrastructure, incorporating legacy password mechanisms and authentication databases, while the secure tunnel provides protection from eave…

EAP-MD5(Extensible Authentication Protocol-Message Digest 5)

EAP-MD5, defined in RFC 3748, is the only IETF Standards Track based EAP method. It offers minimal security; the MD5 hash function is vulnerable to dictionary attacks, and does not support key generation, which makes it unsuitable for use with dynamic WEP, or WPA/WPA2 enterprise. EAP-MD5 differs from other EAP methods in that it only provides authentication of the EAP peer to the EAP server but not mutual authentication. By not providing EAP server authentication, this EAP method is vulnerable to man-in-the-middle attacks.

EAP-SIM(Extensible Authentication Protocol-Subscriber Identity Module)

Extensible Authentication Protocol Method for GSM Subscriber Identity, or EAP-SIM, is an Extensible Authentication Protocol (EAP) mechanism for authentication and session key distribution using the Global System for Mobile Communications (GSM) Subscriber Identity Module (SIM). EAP-SIM is described in RFC 4186.

Public Key Infrastructure(PKI)

In cryptography, a public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA) . For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA.

The term trusted third party (TTP) may also be used for certificate authority (CA). The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA.

Protected Access Credentials(PAC)

Protected Access Credentials (PACs) are credentials that are distributed to clients for optimized network authentication. PACs can be used to establish an authentication tunnel between the client and the authentication server (the first phase of authentication as described in the "Two-Phase Tunneled Authentication" section). A PAC consists of, at most, three components: a shared secret, an opaque element, and other information.

The shared secret component contains the pre-shared key between the client and authentication server. Called the PAC-Key, this pre-shared key establishes the tunnel in the first phase of authentication.

The opaque component is provided to the client and is presented to the authentication server when the client wants to obtain access to network resources. Called the PAC-Opaque, this component is a variable length field that is sent to the authentication server during tunnel establishment. The EAP server interprets the PAC-Opaque to obtain the required …

Cisco Centralized Key Management(CCKM)

CCKM is a term used in wireless networks. It stands for Cisco Centralized Key Management, which is a form of Fast Roaming. When a wireless LAN is configured for fast reconnection, a LEAP enabled client device can roam from one access point to another without involving the main server. Using Cisco (TM) Centralized Key Management (CCKM), an access point configured to provide Wireless Domain Services (WDS) takes the place of the RADIUS server and authenticates the client without perceptible delay in voice or other time-sensitive applications.

Actually, the WDS (which can be run as a service on a Cisco Access Point or on various router modules) caches the user credentials after the initial log-on. The user must authenticate with the Radius server the first time - then he can roam between access points using cached credentials. This saves time in the roaming process, especially valuable for IP Telephones.

The current implementation of CCKM requires Cisco compatible hardware and either LEAP, …

Network Access Identifier(NAI) - RFC2486

RFC2486 - The Network Access Identifier

Network Working Group B. Aboba
Request for Comments: 2486 Microsoft
Category: Standards Track M. Beadles
WorldCom Advanced Networks
January 1999

The Network Access Identifier

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

1. Abstract

In order to enhance the interoperability of roaming and tunneling
services, it is d…

070網路電話的牛肉在哪?!

Image
蔡宜秀 2008/12/09 06:00:00
歷經多年延宕,強調可與公眾電信網路(PSTN)互通的070網路電話(VoIP)終於上個月(11月)由遠傳電信率先開通。
別於Skype及IPOX 070等網路電話,由國家傳播委員會(NCC)審議通過的070網路電話除有11個號碼(指070-BCDE-FGHI)外,由於070網路電話是走國際電信聯盟(ITU)的E.164通信編碼格式,因此可與同走E.164格式的公眾電信網路(PSTN)互通,如市話等。
070網路電話之於企業,究竟有何意義?可讓企業大幅降低通訊成本,抑或是其他?答案是,若070網路電話可與企業既有的網路電話(VoIP)互通,確實有助於企業降低通話費,畢竟,企業已部署的網路電話只能撥出(Out-bound)無法撥入(In-bound),而070網路電話則無此問題。
但若070網路電話業者欲以有助降低通訊成本一點吸引企業轉使用070網路電話,有其困難性,理由是,企業除得先整合070網路電話與企業內的VoIP PBX等外,還必需進一步向員工宣導與改變其使用習慣等,在這樣的狀況下,建議取得070網路電話執照的業者在祭出各項優惠通話費率之外,如070網路電話使用者可以極低費用撥接行動電話等,亦需要提供更多元的加值服務。
加值服務最為關鍵
為何加值服務對於070網路電話業者來說,極為重要?我想,這可從以下兩個層面來看:第一,費率競爭將日趨激烈。為吸引企業客戶青睞,遠傳在推出070網路電話之後,即祭出可整合ADSL與MVPN行動服務、免費贈送遠傳070軟體電話,以及享網路閘道器(IP Gateway)免租金、免設定及安裝費等優惠的「遠傳070企業方案」,由這,不難預測,是方通訊等070網路電話業者為弭補晚入070網路電話市場一事,即可能提供更優惠的費資方案,如可與非E.164網路電話互通等。
第二,市場趨勢使然。從美國、日本、南韓、新加坡與香港等地的070網路電話(非每個國家都是以070為網路電話號碼的前綴碼,如下述的Yahoo!BB網路電話的前綴碼即為050)推動狀況來看,加值服務已成為E.164網路電話業者擴大業務範疇的關鍵作法,如日本的第一大網路電話業者Yahoo!BB為擴大事業版圖,繼推出隨選視訊(MOD)─BBTV後,還與微軟及日本電信(Japan Telecom)合作推出整合網路電話、電子郵件(E-mail)與…