一种改进的高效鲁棒的3GPP AKA协议

针对3G鉴权与密钥协商协议（3GPP AKA）中存在的安全缺陷,结合攻击者可能发起的攻击提出了一种可以防止重定向攻击,利用存在安全漏洞的网络发起的主动攻击,SQN同步缺陷和用户身份信息泄露的改进协议（ER AKA,Efficient and Robust Authentication and Key Agreement）,并对其安全性和效率进行了分析,分析表明通过该协议可以以较少的存储资源和计算资源为代价有效的解决上述安全性问题并减少3G系统中安全性处理的信令交互次数。     

LTE认证与密钥协商协议的安全分析及改进

近年来,3GPP长期演进(LTE)项目已成为当前4G无线通信系统的主流技术。相对于3G,LTE在接入安全方面做出了很大改进,安全性亦得到提升,然而仍存在着一些安全问题。重点分析了LTE认证与密钥协商协议(EPS AKA)流程中的安全问题,关键信息的明文传送问题、公共密钥泄露问题等。针对这些安全问题提出了相应的改进方案,对其进行了安全性分析。     

可证明安全的异构无线网络认证协议

异构无线网络中互连的安全问题是当前研究的关注点，针对3G网络和WLAN（无线局域网）所构成的异构互连网络中认证协议的安全和效率问题，提出了一种基于离线计费方法的认证协议。该协议通过对WLAN服务网络身份进行验证，抵御了重定向攻击的行为；采用局部化重认证过程，减少了认证消息的传输延时，提高了认证协议的效率。仿真结果表明，该协议的平均消息传输延时相对于EAP—AKA协议缩短了大约一半。通过Canetti—Krawczyk（CK）安全模型对新协议进行了安全性证明，证明该协议具有SK—secure安全属性。     

两个认证密钥协商协议的前向安全性分析

目前,网络安全及隐私受到广泛关注。前向安全性是Günther在1989年提出的一种认证密钥协商协议( AKA)的安全属性(doi: 10.1007/3-540-46885-4_5),该性质经过30年的蓬勃发展已经成为研究领域的热点之一。该文主要分析了MZK20和VSR20两个AKA协议。首先在启发式分析的基础上,利用BAN逻辑分析了MZK20协议不具有弱前向安全性;其次利用启发式分析和Scyther工具证明了VSR20协议不具备前向安全性。最后,在分析VSR20协议设计缺陷的基础上,提出了改进方案,并在eCK模型下证明了改进后协议的安全性;并且,结合Scyther软件证明了改进VSR20协议与VSR20协议相比明显提高了安全性。     

基于P2P技术的AKA认证机制研究

移动互联网中基于AKA认证的现有架构容易导致单点失效,服务器遭受恶意注册攻击,而且3GPP—AKA协议本身存在安全缺陷,文章对原有认证模型进行改进,提出基于P2P架构的认证服务器部署方案,同时改进AKA的认证流程,最后对本方案的安全性进行分析。     

基于无线通信的ASK协议的建模分析

安全协议的建模分析与设计一般采用形式化的方法进行,这是许多经典安全协议存在的缺陷。因此,文章提出采用形式化验证的方法对一种复杂的无线移动安全协议-ASK协议进行建模和验证,针对ASK协议所存在的缺陷,我们提出了改进之后的协议,并对改进后的协议进行了验证,结果表明,新的协议是安全的,是能够抵御重放攻击的。     

基于智能卡的强安全认证与密钥协商协议

将认证与密钥协商(Authenticated Key Agreement,AKA)协议所需的一种强安全属性——抗临时密钥泄露攻击引入到基于智能卡和口令的AKA协议中,基于NAXOS方法分别提出了基于智能卡的两方强安全AKA协议和三方强安全AKA协议.同时,首次给出了包含临时密钥泄露攻击的基于智能卡和口令的AKA协议的安全模型,并在该模型下给了所提出协议的安全性证明.此外,文中还分析了抗临时密钥泄露攻击不能在仅使用口令的AKA协议中实现的原因.     

基于身份保护的高效3GPP AKA协议

针对3GPP AKA协议中存在的安全缺陷,在消息中加入访问网络的身份信息,利用秘密令牌机制,提出了一种可以防止重定向攻击、SQN同步缺陷和用户身份信息泄露的改进方案,并对其安全性和效率进行了分析。分析表明,本方案可以有效解决上述问题,以较少的资源开销就能获取协议效率和安全性能的提高。     

利用密钥更新改进的3G认证协议

详细分析了3G认证和密钥分配协议过程及其安全性，针对该协议中可能被攻击的弱点．提出密钥更新的协议改进方法。经过分析，这一改进协议不但满足3G的安全需求，而且通过密钥更新，明显增强了认证的安全性。     

无线传感器网络中分簇安全路由协议保密通信方法的能效研究

保密通信方法研究的是如何保证路由信息在传输的过程中的安全性,是无线传感器网络中的核心技术之一。针对现阶段大多无线传感器网络路由协议都存在路由安全性问题,该文从均衡能耗的角度出发,引入保密通信协议(SCP)保密通信方法,提出一种能耗均衡的保密通信协议,并对该协议的安全方案进行了分析。然后对协议的性能进行了仿真,结果证明了该协议在能耗和安全性上的性能和利用价值。     

SEAI: Secrecy and Efficiency Aware Inter-gNB Handover Authentication and Key Agreement Protocol in 5G Communication Network

Recently, the Third Generation Partnership Project (3GPP) has initiated the research in the Fifth Generation (5G) network to fulfill the security characteristics of IoT-based services. 3GPP has proposed the 5G handover key structure and framework in a recently published technical report. In this paper, we evaluate the handover authentication mechanisms reported in the literature and identify the security vulnerabilities such as violation of global base-station attack, failure of key forward/backward secrecy, de-synchronization attack, and huge network congestion. Also, these protocols suffer from high bandwidth consumption that doesn’t suitable for energy-efficient mobile devices in the 5G communication network. To overcome these issues, we introduce Secrecy and Efficiency Aware Inter-gNB (SEAI) handover Authentication and Key Agreement (AKA) protocol. The formal security proof of the protocol is carried out by Random Oracle Model (ROM) to achieve the session key secrecy, confidentiality, and integrity. For the protocol correctness and achieve the mutual authentication, simulation is performed using the AVISPA tool. Also, the informal security evaluation represents that the protocol defeats all the possible attacks and achieves the necessary security properties.Moreover, the performance evaluation of the earlier 5G handover schemes and proposed SEAI handover AKA protocol is carried out in terms of communication, transmission, computation overhead, handover delay, and energy consumption. From the evaluations, it is observed that the SEAI handover AKA protocol obtains significant results and strengthens the security of the 5G network during handover scenarios.

     

基于Lowe分类法的5G网络EAP-AKA$ ' $协议安全性分析

移动网鉴权认证协议攻击不断涌现,针对5G网络新协议EAP-AKA\begin{document}$ '$\end{document},该文提出一种基于Lowe分类法的EAP-AKA\begin{document}$ '$\end{document}安全性分析模型。首先对5G网络协议EAP-AKA\begin{document}$ '$\end{document}、信道及攻击者进行形式化建模。然后对Lowe鉴权性质进行形式化描述,利用TAMARIN证明器分析协议中安全锚点密钥K_SEAF的Lowe鉴权性质、完美前向保密性、机密性等安全目标,发现了3GPP隐式鉴权方式下的4条攻击路径。最后针对发现的安全问题提出2种改进方案并验证其有效性,并将5G网络两种鉴权协议EAP-AKA\begin{document}$ '$\end{document}和5G AKA的安全性进行了对比,发现前者在Lowe鉴权性质方面更安全。     

Reducing Signaling Traffic for the Authentication and Key Agreement Procedure in an IP Multimedia Subsystem

In the IP multimedia subsystem (IMS) of UMTS, two authentication procedures are necessary for IMS subscribers before accessing IMS services: (i) packet-switch domain authentication using the authentication and key agreement of the 3rd Generation Partnership Projects (3GPP AKA), and (ii) IMS authentication using IMS AKA. However, since IMS AKA is based on 3GPP AKA, almost all of the operations are the same. Besides, IMS AKA needs two round-trips to carry out. Therefore, it is inefficient that almost all involved steps in IMS AKA are duplicated. Therefore, we propose a one-pass IMS AKA instead of IMS AKA. The one-pass IMS AKA can keep the security properties of IMS AKA, such as mutual authentication and key agreement. Furthermore, the one-pass IMS AKA not only has at least 45% improvement over IMS AKA in terms of authentication signaling, but also has 76.5% improvement over IMS AKA in terms of storage space.     

3G系统全网安全体制的探讨与分析

文章基于3GPP体制探讨了3G系统的安全机制，重点分析了3G认证与密钥分配协议、加密与完整性保护的过程及其安全性，并针对核心网部分，从ATMPRM出发讨论了将安全功能置于ATM协议栈中不同位置时的几种安全方案。     

基于CPK的IMS认证与密钥协商协议

针对3G及4G网络发展中IMS系统的广泛应用及其AKA认证协议安全强度的不足,在分析CPK及IMSAKA认证机制的基础上,设计了一种基于CPK机制的IMS认证与密钥协商协议。经分析表明,该协议在提高强IMS智能终端的认证强度基础上,为引入额外的通信,并且扩展了IMS系统支持的认证机制。     

A new authentication and key agreement protocol for 5G wireless networks

Telecommunication Systems - Authentication and key agreement (AKA) protocol is an important security mechanism for access services in mobile communication systems. The 3GPP group has standardized...     

基于AKA的IMS接入认证机制

IP多媒体子系统(IMS)作为3G网络的核心控制平台,其安全问题正面临着严峻的挑战。IMS的接入认证机制的实现作为整个IMS安全方案实施的第一步,是保证IMS系统安全的关键。基于认证和密钥协商(AKA)的IMS接入认证机制是由因特网工程任务组(IETF)制定,并被3GPP采用,广泛应用于3G无线网络的鉴权机制。此机制基于"提问/回答"模式实现对用户的认证和会话密钥的分发,由携带AKA参数的SIP消息在用户设备(UE)和IMS网络认证实体之间进行交互,按照AKA机制进行传输和协商,从而实现用户和网络之间的双向认证,并协商出后续通信所需的安全性密钥对。     

Experimental Analysis of an SSL-Based AKA Mechanism in 3G-and-Beyond Wireless Networks

The SSL/TLS protocol is a de-facto standard that has proved its effectiveness in the wired Internet and it will probably be the most promising candidate for future heterogeneous wireless environments. In this paper, we propose potential solutions that this protocol can offer to future “all-IP” heterogeneous mobile networks with particular emphasis on the user's side. Our approach takes into consideration the necessary underlying public key infrastructure (PKI) to be incorporated in future 3G core network versions and is under investigation by 3GPP. We focus on the standard 3G+ authentication and key agreement (AKA), as well as the recently standardized extensible authentication protocol (EAP)-AKA procedures and claim that SSL-based AKA mechanisms can provide for an alternative, more robust, flexible and scalable security framework. In this 3G+ environment, we perceive authentication as a service, which has to be performed at the higher protocol layers irrespectively of the underlying network technology. We conducted a plethora of experiments concentrating on the SSL's handshake protocol performance, as this protocol contains demanding public key operations, which are considered heavy for mobile devices. We gathered measurements over the GPRS and IEEE802.11b networks, using prototype implementations, different test beds and considering battery consumption. The results showed that the expected high data rates on one hand, and protocol optimisations on the other hand, can make SSL-based authentication a realistic solution in terms of service time for future mobile systems.