移动通信标准中的安全机制

本文着重介绍了3GPP/3GPP2相关标准中规定的第三代移动通信鉴权和密钥协商机制,并与第二代移动通信系统中的鉴权和密钥协商机制进行比较,分析了各自的优缺点.     

WCDMA系统安全机制研究

研究了3G的安全特征,分析了从3GPP R99到R5协议版本中WCDMA系统安全机制的发展,通过分析WCDMA R99信令系统中安全机制的建立过程,重点对WCDMA R99网络中的鉴权和密钥协商机制、身份和数据保密性服务、数据完整性服务等机制进行了深入探讨,并对实现上述各种机制的算法和协议做了详细描述。     

UMTS系统接入安全的研究

描述了UMTS系统中的空中接口安全的实现机制，并讨论了该机制下采用的安全算法。在这篇文章中重点介绍无线接入网所面临的安全问题和解决途径。无线接入网的安全对策主要包括鉴权与密钥协商，鉴权和密钥协商(AKA)算法，临时身份识别(TUMI)，接入链路数据的安全保护，RRC(无线资源层)信令保护完整性。     

3G接入技术中认证鉴权的安全性研究

对3G用户接入时的认证鉴权进行分析和研究，介绍了3G的安全体系结构，详细分析了3G的认证和鉴权机制和过程、用户信息的加密和完整性保护的过程和方法、密钥协商机制，并指出了3G认证鉴权机制可能存在的缺陷，最后对2G和3G的互通方面的安全性和2G与3G安全上下文之间转换运算的算法进行了分类和剖析。     

LTE身份认证与密钥协商过程的研究与实现

阐述了LTE系统身份认证与密钥协商过程,包括终端鉴权网络失败的异常情况处理方式。对鉴权矢量的产生过程进行了详细设计,并验证了设计的合理性。     

LTE系统EPS-AKA过程安全性研究与改进

研究了长期演进(Long Term Evolution,LTE)系统的认证和密钥协商(EPS-AKA)过程,分析了鉴权过程中存在的安全缺陷,如归属用户服务器(Home Subscriber Server,HSS)鉴权用户设备(User Equipment,UE)时,HSS产生的用于产生其他密钥的随机数RAND,在发给UE的时候是未加密的。同时,许多参数的产生通过调用函数,输入值为一个密钥,会很容易被破解。通过分析,提出了一种改进方案,该方案解决了鉴权过程中RAND暴露的问题,并在生成其他参数时采用了密钥对机制,增加了所产生参数的安全级别,使LTE系统更加安全。     

基于小型核心网的LTE鉴权的一种新实现

LTE移动通信系统采用3GPP认证与密钥协商机制来加强对用户的保护。为了节约成本,在用户容量较小和一般性研发测试的环境下,引入一种小型核心网来满足特殊的需求。鉴权过程需要核心网向HSS服务器申请鉴权参数,通过一定的算法来对UE进行鉴权。主要提出了一种针对这种小型核心网的鉴权实现方法,将计算鉴权参数的过程集成到核心网。该实现方法不需要HSS服务器的参与,实现更简单方便,节约开发成本。     

第三代移动通信系统网络接入安全策略

综述了第三代移动通信系统的网络接入安全机制,并系统地讨论了该机制下采用的安全算法:鉴权和密钥协商算法、机密性算法及完整性算法,最后对其应用前景进行了探讨。     

EPON中的鉴权和加密方案的研究

基于以太网的无源光网络(EPON)是一个点到多点的系统,面临着很多安全隐患.为此,本文介绍了一种鉴权和将改进了的ECC与AES相结合的数据加密方案,并对这个加密方案在已知密钥的保密性、危及密钥安全的假冒、显式密钥鉴权和共享密钥的未知性等方面进行了性能分析.     

WCDMA系统接入安全技术

简单论述了WCDMA系统接入安全方面的内容，就WCDMA的鉴权、加密及完整性保护的内容作了初步的探讨。     

Three-party password authenticated key agreement protocol with user anonymity based on lattice

With the rapid development of quantum theory and the existence of polynomial algorithm in quantum computation based on discrete logarithm problem and large integer decomposition problem,the security of the algorithm was seriously threatened.Therefore,two authentication key agreement protocols were proposed rely on ring-learning-with-error (RLWE) assumption including lattice-based implicit authentication key agreement scheme and lattice-based explicit authentication key agreement scheme and proved its security.The implicit authentication key agreement protocol is less to communicate and faster to authentication,the explicit authentication key agreement protocol is more to secure.At the same time,bidirectional authentication of users and servers can resist unpredictable online dictionary attacks.The new protocol has higher efficiency and shorter key length than other password authentication key agreement protocols.It can resist quantum attacks.Therefore,the protocol is efficient,secure,and suitable for large-scale network communication.     

Biometric-based personal identity-authentication system and security analysis

1 Introduction Personal authentication system is a system that verifies a person’s identity, which he (she) claims to be, usually through login name or smart card, etc. Traditional authentication is based on the possession of a secret key, that is, once the user possesses the key, his (her) authenticity is established. Personal authentication based on PKI is one of the most prevalent authentication methods, which uses a private key to prove the user’s identity. Usually cryptographic keys a…     

An Integrated Handover Authentication for FMIPv6 Over Heterogeneous Access Link Technologies

This paper proposes an integrated handover authentication for NGN equipped with FMIPv6-based IP mobility over various kinds of access links. In ITU-T, an integrated authentication model has been introduced to support network attachment with mobility in NGN. Since existing studies for handover authentication have focused on the link layer or network layer respectively, there are additional authentication overhead such as duplicated authentication procedures and authentication messages delivery cost. The proposed integrated handover authentication contributes to reducing complexity of the authentication procedure and to enhancing the efficiency of it by means of the combined key management architecture; a mobile node generates a handover key to transfer it to the next access router through the AAA server, and hierarchical key management scheme addresses the locality of movement to authenticate the mobile node at the link layer. The evaluation of the handover authentication costs shows that it reduces the average number of handover authentication events and the authentication message delivery cost during moves in mobile networks. Also, the security aspects of the proposed scheme are discussed.     

基于测量设备无关协议的量子身份认证方案

借助测量设备无关量子密钥分配协议的安全性,提出了测量设备无关的量子身份认证协议。在此协议下,认证中心和认证方以共享密钥加密认证信息和认证密钥,将其发送至第三方进行贝尔态测量以提取安全的认证信息,实现认证中心对认证方有效认证,并更新共享密钥。分析协议性能显示,系统在不同攻击下认证过程是安全且有效的。     

CPK-based grid authentication:a step forward

Effective grid authentication plays a critical role in grid security, which has been recognized as a key issue in the designing and extension of grid technologies. At present, public key infrastructure (PKI) has been widely applied for grid authentication, and this article proposes a novel grid authentication mechanism, which is based on combined public key (CPK) employing elliptic curve cryptography (ECC). The designing structure of the new grid authentication mechanism and its implementation procedure are described in details. Property analysis of the new mechanism is also made in comparison with that of the globus security infrastructure (GSI) authentication, which leads to the conclusion that CPK-based grid authentication, may be applied as an optimized approach towards efficient and effective grid authentication.     

Internet网络环境中认证与密钥分配的研究

本文根据ＩＳＯ制定的ＯＳＩ安全结构，提出了一种解决ｉｎｔｒａｎｅｔ安全性问题的全面安全模式，并设计了一个适用于Ｉｎｔｅｒｎｅｔ环境的认证与密钥分配协议；新协议采用分层机制，在低层利用ｉｎｔｒａｎｅｔ本地网的已有认证与密钥分配协议，在高层则采用双钥密码体制来设计跨ｉｎｔｒａｎｅｔ的认证与密钥分配协议。新协议与已有密码协议有很好的兼容性，且不降低原协议的安全性，并为ｉｎ－ｔｒａｎｅｔ的各种远程访问提供安全保护，有利于网络的安全管理     

校园网络身份认证技术平台研究

研究校园网络平台中安全身份认证技术问题,提出基于快速密钥生成算法的身份认证方式.这种认证方式只需要在初次进行身份认证时从网络平台服务方得到密钥,运用奇数筛选理论减少了身份验证的计算量,提高了校园网络平台中安全身份认证的效率.实验证明,该算法能够实时认证操作者的身份,进一步保证校园网络平台的安全.     

带认证的ZigBee密钥分配方案

针对ZigBee节点组网时缺乏身份认证,密钥分配安全性不足的问题,该文提出一种基于身份的无双线性对运算的ZigBee节点身份认证及密钥分配方案。该方案继承了基于身份的认证方案的优点,在实现身份认证的同时完成了ZigBee密钥分配过程,具有较高的安全性和可扩展性。实验结果表明,该文方案具有存储开销小、能耗低等优势。     

Efficient Authentication and Key Agreement Protocol with Anonymity for Delay Tolerant Networks

Most of the existing authentication and key agreement protocols for delay tolerant networks are not designed for protecting privacy. In this paper, an authentication and key agreement protocol with anonymity based on combined public key is proposed. The proposed protocol eliminates the need of public key digital certificate on-line retrieval, so that any on-line trusted third party is no longer required, only needs an off-line public information repository and key generation center; and realizes mutual authentication and key agreement with anonymity between two entities. We show that the proposed protocol is secure for all probabilistic polynomial-time attackers, and achieves good security properties, including authentication, anonymity, and confidentiality and so on.