WLAN与UMTS网络的融合鉴权解决方案

文章对独立运营的WLAN网络鉴权方法进行了介绍,分析了WLAN与UMTS网络的融合方案和网络结构,重点分析了在宽带无线和3G融合的网络环境下的WLAN接入鉴权解决方案,以实现用户无论是通过WLAN或是通过UMTS接入网络都能够采用统一的身份认证。     

CDMA中的鉴权和加密

鉴权和加密是移动通信系统必须要面对的问题。随着诸如电子商务等新业务的应用,这些问题 变得越来越重要。本文重点介绍了CDMA中的鉴权:包括CAVE鉴权算法,密钥体系以及鉴权流程,同时对CDMA 中的通信安全性问题也做了阐述。最后本文指出了在第三代移动通信中鉴权和加密的发展趋势。     

移动终端鉴权技术的演进

文章介绍了随着第一代、第二代和第三代移动通信技术的发展,移动终端鉴权技术的演进过程,并论述了各种鉴权技术的实现原理,分析了各种鉴权技术的特点和不足以及抹机现象存在的原因。另外对SCDMA无线用户环路系统的终端鉴权技术也作了简单介绍。     

蓝牙鉴权算法

蓝牙技术作为一种无线数据与语音通信的全球规范，越来越多地受到广泛的关注，鉴权在蓝牙系统的安全性方面起着关键作用，文章主要介绍鉴权算法原理和实施方案。     

3G接入技术中认证鉴权的安全性研究

对3G用户接入时的认证鉴权进行分析和研究，介绍了3G的安全体系结构，详细分析了3G的认证和鉴权机制和过程、用户信息的加密和完整性保护的过程和方法、密钥协商机制，并指出了3G认证鉴权机制可能存在的缺陷，最后对2G和3G的互通方面的安全性和2G与3G安全上下文之间转换运算的算法进行了分类和剖析。     

CDMA 1X与EVDO网络中的鉴权

介绍了中国电信CDMA网络中1X和EVDO的鉴权过程,介绍了MD5算法和CAVE算法两种鉴权方式.     

关于CDMA鉴权问题的优化分析

本文介绍了CDMA中的鉴权原理,同时结合当前网络中CDMA鉴权问题进行调查分析,提出了几个优化方法并进行评估分析,在解决当前CDMA鉴权问题方面取得了很好的效果。     

无线局域网中鉴权功能的实现

介绍无线局域网的系统结构,提出一种利用IP接入技术和蜂窝鉴权理论实现无线局域网鉴权工作的结构,并详细分析了工作流程。     

CDMA网络用户卡鉴权机制研究与测试

文章首先对目前CDMA2000 1X/EV-DO网络采用的基于ICC架构的UIM卡鉴权机制进行分析,然后结合CDMA网络向未来LTE网络演进的具体需求,重点讨论了一种基于UICC架构平台的CDMA网络用户卡鉴权机制,最后通过智能卡测试工具对鉴权机制进行了测试验证。     

WCDMA系统鉴权机制的研究

首先介绍了WCDMA系统鉴权的概念，具体分析了他的过程，重点介绍了鉴权与密钥协商(AKA)、算法协商、密钥管理等几个关键问题，分析了其对WCDMA系统安全特性的实现。     

一种安全可靠性高的全新IP核保护方法

提出了一种基于3DES加(解)密双方认证系统的IP核保护方法,主要用于保护基于SRAMD工艺FPGA设计的IP核电路。在配置好的FPGA中,通过IP核外附加的内部保护电路和外部验证设备之间的互相通信认证,确认使用者的合法性,可有效防止IP核信息配置到FPGA过程中的非法盗取。详细介绍了这种新IP核保护方法的原理、结构和实现过程,并设计了一套基于此技术的简化双方认证系统。     

一种改进的WLAN-3G融合网络认证协议

本文在分析了现有3GPP WLAN-3G融合网络接入认证协议EAP-AKA的优势和不足的基础上,引入WAPI证书鉴别机制,提出WAPI-3G互联结构模型,并针对该互联模型设计了一种接入认证协议EAP-WAPI.本文提议的WLAN-3G互联结构模型及接入认证机制解决了融合组网环境下WLAN终端统一接入认证的问题.分析和仿真结果表明,相比于原有的WAPI认证协议WAPI-XG1,本文所提议的协议具有较高的安全性和执行效率.     

一种简化的低开销家庭基站重认证协议

The 3rd Generation Partnership Project (3GPP) defined a new architecture, called Home eNode B (HeNB). The 3GPP has also presented a protocol for communications between HeNB and core networks for mutual authentication. To reduce the authentication costs associated with communication, compu-tation and energy, this paper proposes a simple and low-cost re-authentication protocol that does not compromise the provided security services. The proposed protocol uses as the re-authentication parameter a Master Session Key (MSK) that has already been computed in the initial authentication, and does not require the full initial authentication to be repeated. Moreover, the proposed protocol does not modify the 3GPP infrastructure, and is easily applied to the HeNB system. Finally, the security of the proposed protocol is veri?ed by Automated Validation of Internet Security Protocols and Applications (AVISPA) and Burrows-Abadi-Needham (BAN) Logic; de-tailed evaluations of performance are also given. The analysis results illustrate that the proposed protocol can achieve at least 50% cost reduction in communication and 58% cost reduction in energy. The computational cost is also reduced by half compared with the initial authentication.     

基于SNMP的无线网络安全管理存在的问题及相应对策

SNMP广泛应用于管理和监控计算机设备和有线/无线网络,SNMPv3定义了与安全相关的功能USM和VMAC,提供鉴别、加密和访问控制功能。但这种安全模式还是不能有效避免中间人攻击等问题。分析了使用SNMP协议管理无线网络存在的安全隐患,采用一种积极的安全对策,通过使用双向认证方式和Diffie-Hellman算法加强了网络的安全性,提高了无线网络环境下数据传输的正确性。     

A Robust Authentication Protocol with Non-Repudiation Service for Integrating WLAN and 3G Network

The third-generation cellular systems provide great coverage, complete subscriber management and nearly universal roaming. Nevertheless, 3G systems suffer the high installation cost and low bandwidth. Though WLAN provides hot spot coverage with high data rates, it lacks roaming and mobility support. From users' points of views, the integration of WLAN and 3G systems is an attractive way that will provide them a convenient access to network. When integrating WLAN and 3G, there are still some problems should be concerned in terms of authentication and security, such as authentication efficiency and repudiation problem. In this paper, we review the authentication scheme for WLAN and 3G/UMTS interworking which is specified by 3GPP and propose a robust localized fast authentication protocol with non-repudiation service for integrating WLAN and 3G network. The localized re-authentication protocol can shorten the authentication time delay. On the other hand, with the non-repudiation service, the assumption, that subscriber has to fully trust 3G home operator, can be deleted and the trust management between the independent WLAN operator, 3G visited operator and 3G home operator can be eliminated. In other words, our proposed protocol provides legal evidences to prevent the 3G home operator from overcharge toward the subscriber and also prevent the WLAN operator and 3G visited operator from overcharge toward the 3G home operator. The authentication protocol employs HMAC, hash-chaining techniques, and public-key digital signature to achieve localized fast re-authentication and non-repudiation service.     

One-Pass EAP-AKA Authentication in 3G-WLAN Integrated Networks

The incorporation of Wireless Local Area Networks (WLANs) within the third generation (3G) networks materializes the next generation of mobile/wireless systems, named 3G-WLANs integrated networks. This paper proposes an improved authentication procedure for the 3G-WLANs integrated networks that enables a WLAN user to get access to the 3G packet switched services or to the public Internet through the 3G public land mobile network. The proposed procedure reduces significantly the authentication overhead compared to the legacy one, without compromising the provided security services. A security analysis of the proposed authentication procedure is elaborated that ensures the correctness of the authentication procedure, the provision of advanced security services and the elimination of possible attacks that may threaten the proposed authentication procedure. In addition, an energy cost analysis is carried out that compares the energy consumption induced by the legacy and the proposed authentication procedures. Finally, a communication cost analysis is provided that estimates the cost improvement of the proposed over the legacy authentication procedure.

基于EAP-TTLS的3G-WLAN融合网络认证方法

在3GPP提出的3G与WLAN融合方案的基础上,针对EAP-AKA认证方法中存在的虚假AP攻击,用户私密信息泄露等安全问题,提出了一种EAP-TTLS-AKA认证方法.此方法实现了UE对WLAN接入网的认证,在UE和WLAN接入网之间建立了安全认证隧道,并在安全认证隧道中实现UE和3GPP的AKA认证.分析结果表明,此...     

基于公钥密码体制的3G认证协议改进

文章对原3GPP认证协议进行了安全分析,提出其存在的安全漏洞,并根据公钥密码体制思想,在保持原有3GPP认证过程的基础上提出一种新的认证过程,并对该过程的安全性和可实施性进行了分析。     

一种改进的高效鲁棒的3GPP AKA协议

针对3G鉴权与密钥协商协议（3GPP AKA）中存在的安全缺陷,结合攻击者可能发起的攻击提出了一种可以防止重定向攻击,利用存在安全漏洞的网络发起的主动攻击,SQN同步缺陷和用户身份信息泄露的改进协议（ER AKA,Efficient and Robust Authentication and Key Agreement）,并对其安全性和效率进行了分析,分析表明通过该协议可以以较少的存储资源和计算资源为代价有效的解决上述安全性问题并减少3G系统中安全性处理的信令交互次数。     

一种基于PKI的3G网络安全认证框架

针对3G网络应用的普遍性，采用基于PKI证书的信任和标识安全机制，提出了针对个人定位的策略和范例，并讨论了其优点。