一种泛在网络的安全认证协议

戚湧; 郭诗炜; 李千目

doi:10.11999/JEIT151043

一种泛在网络的安全认证协议

doi: 10.11999/JEIT151043

基金项目:

国家自然科学基金(61272419)，江苏省未来网络前瞻性研究(BY2013095-3-02)

计量
- 文章访问数: 1607
- HTML全文浏览量: 160
- PDF下载量: 459
- 被引次数: 0
出版历程
- 收稿日期: 2015-09-06
- 修回日期: 2016-02-25
- 刊出日期: 2016-07-19

A Secure Authentication Protocol of Ubiquitous Convergent Network

Funds:

The National Natural Science Foundation of China (61272419), Future Network Research Projects in Jiangsu Province (BY2013095-3-02)

摘要

摘要: 泛在网络是标准的异质异构网络，保证用户在网络间的切换安全是当前泛在网的一个研究热点。该文对适用于异构网络间切换的认证协议EAP-AKA进行分析，指出该协议有着高认证时延，且面临着用户身份泄露、中间人攻击、DoS攻击等安全威胁，此外接入网络接入点的有效性在EAP-AKA协议中也没有得到验证，使得用户终端即使经过了复杂的认证过程也不能避免多种攻击。针对以上安全漏洞，该文提出一种改进的安全认证协议，将传统EAP-AKA的适用性从3G系统扩展到泛在网络中。新协议对传播时延和效率进行完善，为用户和接入点的身份信息提供有效性保护，避免主会话密钥泄露，采用椭圆曲线Diffie Hellman算法生成对称密钥，在每次认证会话时生成随机的共享密钥，并实现用户终端与家乡域网络的相互认证。通过开展实验，对协议进行比较分析，验证了新协议的有效性及高效率。
- 泛在网络 /
- 访问控制 /
- 安全认证协议 /
- EAP-AKA
Abstract: Ubiquitous network is a kind of standard heterogeneous network. It is a hot research topic to secure switching between networks. This paper analyzes EAP-AKA, which is used during handoff across heterogeneous networks. However, this protocol has high authentication delay and is confronted with several security threats, such as user identity disclosure, man in middle attack and DoS attack. Moreover, access point of the access network is not verified, leaving the user under attack even after heavy authentication procedure. To deal with the above security vulnerabilities, an improved secure authentication protocol for ubiquitous network based on EAP-AKA protocol is proposed, extending the applicability of traditional EAP-AKA protocol from the 3G system to ubiquitous network. The new protocol reduces authentication delay and effectively protects identities of users and access points. In order to avoid main session key leakage, the Diffie Hellman algorithm is used to generate a symmetric key randomly each time. The mutual authentication between user endpoint and the home network is also achieved in new protocol. Experiments and analysis verifies effectiveness and efficiency of the proposed protocol.
- Ubiquitous network /
- Access control /
- Secure authentication protocol /
- EAP-AKA

HTML全文

参考文献(18)

%20based%20Authentication%20 Test-bed/1568980767_USIM% 20based%20Authentication%20Test-bed%20.pdf. 2015.

IETF. RFC 4187 -2006. Extensible authentication protocol method for 3rd generation authentication and key agreement (EAP-AKA)[S]. J Arkko, H Haverinen, 2006.

MUN H, HAN K, and KIM K. 3G-WLAN interworking: Security analysis and new authentication and key agreement based on EAP-AKA[C]. Wireless Telecommunications Symposium, Prague, 2009: 1-8. doi: 10.1109/WTS.2009. 5068983.

CAO J, MA M, LI H, et al. A survey on security aspects for LTE and LTE-A networks[J]. IEEE Communications Survey Tutorials, 2014, 16(1): 283-302. doi: 10.1109/SURV. 2013.041513.00174.

ANANTHA NARAYANAN V, SURESH KUMAR V, and RAJESWARE A. Enhanced fast iterative localized re-authentication protocol for UMTS-WLAN interworking[C]. 2014 International Conference on Electronics and Communication Systems (ICECS), Marseille, 2014: 1-5. doi: 10.1109/ECS.2014.6892696.

BOUABIDI I E, DALY I, and ZARAI F. Secure handoff protocol in 3GPP LTE networks[C]. 3rd International Conference on Communication and Networking (ComNet), Hammamet, 2012: 1-6. doi: 10.1109/ComNet.2012.6217746.

SHIDHANI A A and LEUNG V. Local fast re-authentication protocol for 3G-WLAN interworking architecture[C]. Wireless Telecommunications Symposium, Pomona, CA, 2007: 1-8. doi: 10.1109/WTS.2007.4563332.

EL H E I Y, ZAHID N, and JEDRA M. A new fast re-authentication method for the 3G-WLAN interworking based on EAP-AKA[C]. 20th International Conference on Telecommunications (ICT), Casablanca, 2013: 1-5. doi: 10.1109/ICTEL.2013.6632107.

傅建庆, 陈健, 范容, 等. 基于代理签名的移动通信网络匿名漫游认证协议[J]. 电子与信息学报, 2011, 33(1): 156-162. doi: 10.3724/SP.J.1146.2009.01455.

FU Jianqing, CHEN Jian, FAN Rong, et al. Delegation-based protocol for anonymous roaming authentication in mobile communication network[J]. Journal of Electronics Information Technology, 2011, 33 (1): 156-162. doi: 10.3724/ SP.J.1146.2009.01455.

IDRISSI Y E H E, ZAHID N, and JEDRA M. Security analysis of 3GPP (LTE)-WLAN interworking and a new local authentication method based on EAP-AKA[C]. 2012 International Conference on Future Generation Communication Technology (FGCT), London, 2012: 137-142. doi: 10.1109/FGCT.2012.6476561.

PATKAR S S and AMBAWADE D D. Secure 3GPP-WLAN authentication protocol based on EAP-AKA[C]. IEEE International Advance Computing Conference (IACC), Banglore, 2015: 1011-1016. doi: 10.1109/IADCC.2015. 7154857.

ALEZABI K A, HASHIM F, HASHIM S J, et al. An efficient authentication and key agreement protocol for 4G (LTE) networks[C]. 2014 IEEE Region 10 Symposium, Kuala Lumpur, 2014: 502-507. doi: 10.1109/TENCONSpring. 2014.6863085.

YU Binbin, ZHANG Jianwu, and WU Zhendong. Improved EAP-AKA protocol based on redirection defense[C]. 9th IEEE International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Guangdong, 2014: 543-547. doi: 10.1109/3PGCIC.2014.106.

侯惠芳, 刘光强, 季新生, 等. 基于公钥的可证明安全的异构无线网络认证方案[J]. 电子与信息学报, 2009, 31(10): 2385-2391. doi: 10.3724/SP.J.1146.2008.01411.

HOU Huifang, LIU Guangqiang, JI Xinsheng, et al. Provable security authentication scheme based on public key for heterogeneous wireless network[J]. Journal of Electronics Information Technology, 2009, 31(10): 2385-2391. doi: 10.3724/SP.J.1146.2008.01411.

GUTTMAN J D. Security protocol design via authentication tests[C]. Proceedings of the IEEE Computer Security Foundations Workshop, Cape Breton, 2002: 92-103. doi: 10.1109/CSFW.2002.1021809.

BOZGA L, LAKHNECH Y, and PERIN M. HERMES: An automatic tool for verification of secrecy in security protocols[C]. CAV 2003, LNCS 2725, Berlin Heidelberg, 2003: 219-222. doi: 10.1007/978-3-540-45069-6_23.

施引文献

资源附件(0)

访问统计