一种新型的LTE-A网络切换认证协议

针对典型蜂窝网络LTE-A网络的切换认证问题,本文通过引入SDN（Software Defined Network,软件定义网络）,提出了软件定义LTE-A异构网络架构,在中心控制器中共享UE（User Equipment,用户设备）的安全上下文信息,以实现简化切换认证过程,提高认证效率的目标.中心控制器的加入,使蜂窝与核心网通信时需要增加一次信令开销,而LTE-A网络的标准切换认证方法过于复杂,应用在软件定义LTE-A异构网络中,会产生较多的信令开销.基于代理签名的切换认证方法,使UE在验证身份时不用经过核心网,减少了信令开销.在安全性相同的情况下,基于椭圆曲线的加密体系比基于RSA的加密体系计算量更小,有利于减少中心控制器的计算压力.本文采用椭圆曲线代理签名方法,提出了一种新型的切换认证协议,并运用着色Petri网进行建模和仿真分析.仿真结果表明,该协议是有效的,且安全性更高.     

Privacy‐preserving registration protocol for mobile network

In this paper, we propose a novel privacy‐preserving registration protocol that combines the verifier local revocation group signature with mobile IP. The protocol could achieve strong security guarantee, such as user anonymity via a robust temporary identity, local user revocation with untraceability support, and secure key establishment against home server and eavesdroppers. Various kinds of adversary attacks can be prevented by the proposed protocol, especially that deposit‐case attack does not work here. Meanwhile, a concurrent mechanism and a dynamical revocation method are designed to minimize the handover authentication delay and the home registration signals. The theoretical analysis and simulation results show that the proposed scheme could provide high security level besides lightweight computational cost and efficient communication performance. For instance, compared with Yang's scheme, the proposed protocol could decrease the falling speed of handover authentication delay up to about 40% with privacy being preserved. Copyright © 2012 John Wiley & Sons, Ltd.     

Prediction-based secured handover authentication for mobile cloud computing

Mobile cloud computing (MCC) is a new technology that brings cloud computing and mobile networks together. It enhances the quality of service delivered to mobile clients, network operators, and cloud providers. Security in MCC technology, particularly authentication during the handover process, is a big challenge. Current vertical handover authentication protocols encounter different problems such as undesirable delays in real-time applications, the man in the middle attack, and replay attack. In this paper, a new authentication protocol for heterogeneous IEEE 802.11/LTE-A mobile cloud networks are proposed. The proposed protocol is mainly based on the view of the 3GPP access network discovery and selection function, which uses the capacities given by the IEEE 802.11 and the 3GPP long term evolution-advanced (LTE-A) standards interconnection. A prediction scheme, with no additional load over the network, or the user is utilized to handle cloud computing issues arising during authentication in the handover process. The proposed handover authentication protocol outperformed existing protocols in terms of key confidentiality, powerful security, and efficiency which was used to reduce bandwidth consumption.

     

AAA authentication for network mobility

Network mobility (NEMO) is a protocol proposed for the mobility management of a whole network.It offers seamless Internet connectivity to the mobile end users.However,the NEMO protocol has not been wid...     

基于“北斗”的战场移动装备域间身份认证方法

为了实现对移动装备在不同管理域间切换时身份的快速、安全认证,基于“北斗”卫星导航系统所提供的安全可靠的短报文通信功能和高精度的授时功能,提出了一种基于“北斗”的战场移动装备域间身份认证方法,设计了基于“北斗”的战场移动装备域间身份认证体系结构和战场移动装备域间身份认证协议。该认证体系采用两级认证机制。整个移动网络通过“北斗”系统的高精度授时实现全网时钟的精确同步,将“北斗”系统提供的时钟信息作为时间戳加入到身份认证信息中,并利用“北斗”系统传输身份认证信息。经过对协议的安全性分析表明,该协议安全可靠,可以实现域间身份认证时新管理域中的认证中心与移动装备的双向认证,也可以实现移动装备的匿名认证,同时具有抗重放攻击能力。此外,该协议有效地减小了家乡域认证中心的开销。     

LR-AKE-Based AAA for Network Mobility (NEMO) Over Wireless Links

Network mobility introduces far more complexity than host mobility. Therefore, host mobility protocols such as Mobile IPv6 (MIPv6) need to be extended to support this new type of mobility. To address the extensions needed for network mobility, the IETF NEMO working group has recently standardized the network mobility basic support protocol in RFC 3963. However, in this RFC, it is not mentioned how authentication authorization and accounting (AAA) issues are handled in NEMO environment. Also, the use of IPsec to secure NEMO procedures does not provide robustness against leakage of stored secrets. To address this security issue and to achieve AAA with mobility, we propose new handover procedures to be performed by mobile routers and by visiting mobile nodes. This new handover procedure is based on leakage resilient-authenticated key establishment (LR-AKE) protocol. Using analytical models, we evaluate the proposed handover procedure in terms of handover delay which affects the session continuity. Our performance evaluation is based on transmission, queueing and encryption delays over wireless links.     

Secure Handover Authentication Protocol Based on Bilinear Pairings

Handover authentication protocol enables a mobile node to switch from one base station to another without loss or interruption of service when the node exits the transmission area of his or her current base station. This paper proposes a secure prime-order handover authentication protocol based on bilinear pairings. The proposed protocol adapts the concept of pseudonyms to provide user anonymity and user unlinkability. It withstands well-known security threats and achieves mutual authentication, user unlinkability. A batch signature verification mechanism to verify a mass of signatures is presented in our scheme. We also prove that our scheme is secure under random oracle.     

A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks

Nowadays, seamless roaming service in heterogeneous wireless networks attracts more and more attention. When a mobile user roams into a foreign domain, the process of secure handover authentication and key exchange (AKE) plays an important role to verify the authenticity and establish a secure communication between the user and the access point. Meanwhile, to prevent the user's current location and moving history information from being tracked, privacy preservation should be also considered. However, existing handover AKE schemes have more or less defects in security aspects or efficiency. In this paper, a secure pairing‐free identity‐based handover AKE protocol with privacy preservation is proposed. In our scheme, users' temporary identities will be used to conceal their real identities during the handover process, and the foreign server can verify the legitimacy of the user with the home server's assistance. Besides, to resist ephemeral private key leakage attack, the session key is generated from the static private keys and the ephemeral private keys together. Security analysis shows that our protocol is provably secure in extended Canetti‐Krawczyk (eCK) model under the computational Diffie‐Hellman (CDH) assumption and can capture desirable security properties including key‐compromise impersonation resistance, ephemeral secrets reveal resistance, strong anonymity, etc. Furthermore, the efficiency of our identity‐based protocol is improved by removing pairings, which not only simplifies the complex management of public key infrastructure (PKI) but also reduces the computation overhead of ID‐based cryptosystem with pairings. It is shown that our proposed handover AKE protocol provides better security assurance and higher computational efficiency for roaming authentication in heterogeneous wireless networks.     

基于ElGamal签名的移动通信系统用户认证方案

提出了一种改进的基于ElGamal签名的移动用户认证方案。与原方案相比,新方案使得网络中心的安全性进一步提高,同时通过对认证过程的改进,使得用户的计算量得以降低。分析结果表明,该改进方案不仅具有更低的计算复杂度,而且具有更高的安全性,符合移动通信系统要求。     

协议组合逻辑安全的4G无线网络接入认证方案

针对4G无线网络中移动终端的接入认证问题,基于自证实公钥系统设计了新的安全接入认证方案,并运用协议演绎系统演示了该方案形成的过程和步骤,用协议组合逻辑对该方案的安全属性进行了形式化证明.通过安全性证明和综合分析,表明该方案具有会话认证性和密钥机密性,能抵御伪基站攻击和重放攻击,并能提供不可否认服务和身份隐私性,同时提高了移动终端的接入效率     

适用于车载边缘计算网络的高效匿名认证协议

为了解决车载边缘计算网络中无线网络传输特性导致的窃听、重放、拦截、篡改等安全威胁,考虑到车载终端资源有限的特点,提出了一种轻量级匿名高效身份认证协议。基于切比雪夫混沌映射算法,避免了多数方案所采用的指数、双线性映射等复杂算法,有效降低了身份认证与密钥协商过程中的计算复杂度。此外,在实现接入认证及切换认证的同时,能够实现终端匿名性及可追溯、可撤销等安全功能。通过Scyther工具验证结果表明该协议能够满足认证过程中的安全需求并且能够抵抗多种协议攻击。相比已有方案,所提接入认证方案总计算开销最低可节省67%,带宽开销最低可节省11%。此外,相比于接入认证方案,所提域内切换认证方案总计算开销可节省99.8%,带宽开销可节省52%;域间切换认证方案总计算开销可节省80%,带宽开销可节省37%。性能分析结果表明该协议具备更良好的计算和通信性能,因此可以解决车载边缘计算网络中的终端高效安全接入及切换问题。     

基于ElGamal签名的移动通信系统用户认证方案

提出了一种改进的基于EIGamal签名的移动用户认证方案。与原方案相比，新方案使得网络中心的安全性进一步提高，同时通过对认证过程的改进，使得用户的计算量得以降低。分析结果表明，该改进方案不仅具有更低的计算复杂度，而且具有更高的安全性，符合移动通信系统要求。     

Secure authentication enhancement scheme for seamless handover and roaming in space information network

Space information network composed of a variety of heterogeneous networks is widely concerned.However,the space information network is facing more security threats and more likely to roam due to its complex topology and large user scale.Considering the characteristics of space information network,a secure authentication enhancement scheme for seamless handover and roaming in space information network was presented.The fast mutual authentication and reasonable accounting between the user and the visiting domain based on the combination of Token and Hash chain was achieved.In addition,two seamless handover mechanisms were proposed to ensure the continuity of user communication.Finally,security analysis indicates that the scheme can not only provide essential security properties,but also achieve reasonable accounting.     

An efficient pairing‐free identity‐based authenticated group key agreement protocol

An authenticated group key agreement protocol allows participants to agree on a group key that will be subsequently used to provide secure group communication over an insecure network. In this paper, we give a security analysis on a pairing‐free identity‐based authenticated group key agreement because of Islam et al. We show that the protocol of Islam et al. cannot satisfy the minimal security requirements of the key agreement protocols. We propose an efficient pairing‐free identity‐based authenticated group key agreement for imbalanced mobile network. The proposed protocol can be implemented easily for practical application in mobile networks as it is free from bilinear. Under the difficulty of the InvCDH and CDH we demonstrate that the proposed protocol provides perfect forward secrecy, implicit key authentication and the dynamic functionality. As compared with the group key agreement protocols for imbalanced mobile network, the proposed protocol provides stronger security properties and high efficiency. Copyright © 2013 John Wiley & Sons, Ltd.     

移动自组网中基于多跳步加密签名 函数签名的分布式认证

移动自组网Manet(Mobile Ad Hoc Network)是一种新型的无线移动网络,由于其具有网络的自组性、拓扑的动态性、控制的分布性以及路由的多跳性,所以,传统的安全机制还不能完全保证Manet的安全,必须增加一些新的安全防范措施.本文探讨了Manet所特有的各种安全威胁,提出了一种基于多跳步加密签名函数签名的安全分布式认证方案,即将移动密码学与(n,t)门槛加密分布式认证相结合,并采用了分布式容错处理算法和私钥分量刷新技术以发现和避免攻击者假冒认证私钥进行非法认证以及保护私钥分量和认证私钥不外泄.     

一种基于移动公网的安全专网认证与密钥协商方案

针对移动公网保障端到端安全的不足,提出了一种基于改进的Diffie-Hellman密钥交换协议机制的安全专网认证和密钥协商设计方案。该方案可以在终端接入移动公网的基础上,实现通信双方端到端的相互认证,同时协商出独立于网络的密钥。性能分析表明,该方案结构简单,安全高效,符合移动通信系统的要求。     

Efficient identity-based signature scheme with batch authentication for delay tolerant mobile sensor network

Identity-based cryptography （IBC） has drawn a lot of attentions in delay tolerant environment. However, the high computational cost of IBC becomes the most critical issue in delay tolerant mobile sensor network （DTMSN） because of the limited processing power. In this paper, an efficient identify-based signature scheme with batch authentication （ISBA） is proposed for DTMSN. ISBA designs an online/offline signature with batch authentication to reduce the computational cost, and improves data delivery mechanism to increase the number of messages for each batch authentication. Simulation results show that ISBA not only realizes a lower computational cost than existed schemes, but also does not induce negative impact on the delivery performance.     

适用于数字移动通信系统的用户认证方案

基于Schnorr签名，提出了一种适用于数字移动通信系统的用户身份认证方案。该方案能实现双方相互认证，抵抗各种攻击（包括网内攻击）。在用户端引入预计算，减少了用户端的计算量，满足了移动通信的实时要求。并对该方案的安全性及计算复杂性进行了分析，得出了该方案是一个安全性高，计算复杂性低，符合数字移动通信系统要求的结论。     

一种高效的具有用户匿名性的无线认证协议

提出了一种高效的具有用户匿名性的无线认证协议。利用Hash函数和Smart卡实现了协议的用户匿名性。协议充分考虑了无线网络自身的限制和移动设备存储资源及计算资源的局限性，在认证过程中移动用户只需要进行一次对称加密和解密运算，用户与访问网络、本地网络与访问网络都只进行一次信息交换，而且所有对称加密都使用一次性密钥。本协议具有实用、安全、高效的特点。