一種泛在網(wǎng)絡(luò)的安全認證協(xié)議
doi: 10.11999/JEIT151043
基金項目:
國家自然科學(xué)基金(61272419),江蘇省未來網(wǎng)絡(luò)前瞻性研究(BY2013095-3-02)
A Secure Authentication Protocol of Ubiquitous Convergent Network
Funds:
The National Natural Science Foundation of China (61272419), Future Network Research Projects in Jiangsu Province (BY2013095-3-02)
-
摘要: 泛在網(wǎng)絡(luò)是標準的異質(zhì)異構(gòu)網(wǎng)絡(luò),保證用戶在網(wǎng)絡(luò)間的切換安全是當前泛在網(wǎng)的一個研究熱點。該文對適用于異構(gòu)網(wǎng)絡(luò)間切換的認證協(xié)議EAP-AKA進行分析,指出該協(xié)議有著高認證時延,且面臨著用戶身份泄露、中間人攻擊、DoS攻擊等安全威脅,此外接入網(wǎng)絡(luò)接入點的有效性在EAP-AKA協(xié)議中也沒有得到驗證,使得用戶終端即使經(jīng)過了復(fù)雜的認證過程也不能避免多種攻擊。針對以上安全漏洞,該文提出一種改進的安全認證協(xié)議,將傳統(tǒng)EAP-AKA的適用性從3G系統(tǒng)擴展到泛在網(wǎng)絡(luò)中。新協(xié)議對傳播時延和效率進行完善,為用戶和接入點的身份信息提供有效性保護,避免主會話密鑰泄露,采用橢圓曲線Diffie Hellman算法生成對稱密鑰,在每次認證會話時生成隨機的共享密鑰,并實現(xiàn)用戶終端與家鄉(xiāng)域網(wǎng)絡(luò)的相互認證。通過開展實驗,對協(xié)議進行比較分析,驗證了新協(xié)議的有效性及高效率。
-
關(guān)鍵詞:
- 泛在網(wǎng)絡(luò) /
- 訪問控制 /
- 安全認證協(xié)議 /
- EAP-AKA
Abstract: Ubiquitous network is a kind of standard heterogeneous network. It is a hot research topic to secure switching between networks. This paper analyzes EAP-AKA, which is used during handoff across heterogeneous networks. However, this protocol has high authentication delay and is confronted with several security threats, such as user identity disclosure, man in middle attack and DoS attack. Moreover, access point of the access network is not verified, leaving the user under attack even after heavy authentication procedure. To deal with the above security vulnerabilities, an improved secure authentication protocol for ubiquitous network based on EAP-AKA protocol is proposed, extending the applicability of traditional EAP-AKA protocol from the 3G system to ubiquitous network. The new protocol reduces authentication delay and effectively protects identities of users and access points. In order to avoid main session key leakage, the Diffie Hellman algorithm is used to generate a symmetric key randomly each time. The mutual authentication between user endpoint and the home network is also achieved in new protocol. Experiments and analysis verifies effectiveness and efficiency of the proposed protocol.-
Key words:
- Ubiquitous network /
- Access control /
- Secure authentication protocol /
- EAP-AKA
-
%20based%20Authentication%20 Test-bed/1568980767_USIM% 20based%20Authentication%20Test-bed%20.pdf. 2015. IETF. RFC 4187 -2006. Extensible authentication protocol method for 3rd generation authentication and key agreement (EAP-AKA)[S]. J Arkko, H Haverinen, 2006. MUN H, HAN K, and KIM K. 3G-WLAN interworking: Security analysis and new authentication and key agreement based on EAP-AKA[C]. Wireless Telecommunications Symposium, Prague, 2009: 1-8. doi: 10.1109/WTS.2009. 5068983. CAO J, MA M, LI H, et al. A survey on security aspects for LTE and LTE-A networks[J]. IEEE Communications Survey Tutorials, 2014, 16(1): 283-302. doi: 10.1109/SURV. 2013.041513.00174. ANANTHA NARAYANAN V, SURESH KUMAR V, and RAJESWARE A. Enhanced fast iterative localized re-authentication protocol for UMTS-WLAN interworking[C]. 2014 International Conference on Electronics and Communication Systems (ICECS), Marseille, 2014: 1-5. doi: 10.1109/ECS.2014.6892696. BOUABIDI I E, DALY I, and ZARAI F. Secure handoff protocol in 3GPP LTE networks[C]. 3rd International Conference on Communication and Networking (ComNet), Hammamet, 2012: 1-6. doi: 10.1109/ComNet.2012.6217746. SHIDHANI A A and LEUNG V. Local fast re-authentication protocol for 3G-WLAN interworking architecture[C]. Wireless Telecommunications Symposium, Pomona, CA, 2007: 1-8. doi: 10.1109/WTS.2007.4563332. EL H E I Y, ZAHID N, and JEDRA M. A new fast re-authentication method for the 3G-WLAN interworking based on EAP-AKA[C]. 20th International Conference on Telecommunications (ICT), Casablanca, 2013: 1-5. doi: 10.1109/ICTEL.2013.6632107. 傅建慶, 陳健, 范容, 等. 基于代理簽名的移動通信網(wǎng)絡(luò)匿名漫游認證協(xié)議[J]. 電子與信息學(xué)報, 2011, 33(1): 156-162. doi: 10.3724/SP.J.1146.2009.01455. FU Jianqing, CHEN Jian, FAN Rong, et al. Delegation-based protocol for anonymous roaming authentication in mobile communication network[J]. Journal of Electronics Information Technology, 2011, 33 (1): 156-162. doi: 10.3724/ SP.J.1146.2009.01455. IDRISSI Y E H E, ZAHID N, and JEDRA M. Security analysis of 3GPP (LTE)-WLAN interworking and a new local authentication method based on EAP-AKA[C]. 2012 International Conference on Future Generation Communication Technology (FGCT), London, 2012: 137-142. doi: 10.1109/FGCT.2012.6476561. PATKAR S S and AMBAWADE D D. Secure 3GPP-WLAN authentication protocol based on EAP-AKA[C]. IEEE International Advance Computing Conference (IACC), Banglore, 2015: 1011-1016. doi: 10.1109/IADCC.2015. 7154857. ALEZABI K A, HASHIM F, HASHIM S J, et al. An efficient authentication and key agreement protocol for 4G (LTE) networks[C]. 2014 IEEE Region 10 Symposium, Kuala Lumpur, 2014: 502-507. doi: 10.1109/TENCONSpring. 2014.6863085. YU Binbin, ZHANG Jianwu, and WU Zhendong. Improved EAP-AKA protocol based on redirection defense[C]. 9th IEEE International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Guangdong, 2014: 543-547. doi: 10.1109/3PGCIC.2014.106. 侯惠芳, 劉光強, 季新生, 等. 基于公鑰的可證明安全的異構(gòu)無線網(wǎng)絡(luò)認證方案[J]. 電子與信息學(xué)報, 2009, 31(10): 2385-2391. doi: 10.3724/SP.J.1146.2008.01411. HOU Huifang, LIU Guangqiang, JI Xinsheng, et al. Provable security authentication scheme based on public key for heterogeneous wireless network[J]. Journal of Electronics Information Technology, 2009, 31(10): 2385-2391. doi: 10.3724/SP.J.1146.2008.01411. GUTTMAN J D. Security protocol design via authentication tests[C]. Proceedings of the IEEE Computer Security Foundations Workshop, Cape Breton, 2002: 92-103. doi: 10.1109/CSFW.2002.1021809. BOZGA L, LAKHNECH Y, and PERIN M. HERMES: An automatic tool for verification of secrecy in security protocols[C]. CAV 2003, LNCS 2725, Berlin Heidelberg, 2003: 219-222. doi: 10.1007/978-3-540-45069-6_23. -
計量
- 文章訪問數(shù): 1645
- HTML全文瀏覽量: 166
- PDF下載量: 459
- 被引次數(shù): 0