Authentication has strong impact on the overall security model of every information system. Various authentication techniques are available for restricting the access of unauthorized users to the enterprise scale networks. IEEE 802.1X defines a secure and reliable authentication framework for 802.11 WLANs, where Extensible Authentication Protocol (EAP) provides the base to this architecture. EAP is a generic architectural framework which supports extensibility by incorporating the new and improved authentication schemes, which are based on different types of credentials. Currently there exist a number of EAP and Non-EAP methods with varying level of security and complexity. In this work, we have designed a new n-secret based authentication scheme referred here as Personal Dialogue Based Authentication, for the client authentication to the network. It is a Transport Layer Security (TLS) protected authentication protocol, which will be executed inside the secure TLS tunnel for providing the privacy and credential security to the wireless client. The developed authentication protocol has a reasonable set of features like; strong security, user privacy, simplicity and extensibility. For the formal analysis of the protocol we have used SPAN–AVISAP model checker on Ubuntu platform for validating the realization of the specified security goals. The experimental results obtained by simulation performed with the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool shows that our protocol is efficient and secured.
相似文献 |
|||||||
|
|||||||
|
共查询到20条相似文献,搜索用时 171 毫秒
1.
文章对独立运营的WLAN网络鉴权方法进行了介绍,分析了WLAN与UMTS网络的融合方案和网络结构,重点分析了在宽带无线和3G融合的网络环境下的WLAN接入鉴权解决方案,以实现用户无论是通过WLAN或是通过UMTS接入网络都能够采用统一的身份认证。 相似文献
2.
从WLAN现存的问题和技术出发,提出了移动电话网络融合WLAN的方法,重点讨论了WLAN终端和移动电话网络之间鉴权和认证的问题。 相似文献
3.
传统的WLAN(无线局域网)认证模式其繁琐的认证流程不但降低了网络的效率,更重要的是影响了用户的体验效果。从WLAN用户认证便利性出发,给出了基于MAC(媒体接入控制)的无感知认证解决方案,EAP-SIM/AKA(扩展认证协议-用户识别模块/鉴权与密钥协商)无感知认证解决方案和PEAP(受保护的扩展认证协议)无感知认证解决方案等3种解决方案,并分析了各自的优缺点。 相似文献
4.
5.
为提供整体鉴权管理机制以实现固网与移动网络的融合,在对现有通信网络及IMS的安全鉴权进行研究的基础上,提出以EAP-AKA协议加上SIM卡的鉴权机制和只使用SIM卡的用户识别功能两种方案,形成融合网络的整体鉴权。最后对融合网络的未来鉴权机制做了探讨。 相似文献
6.
介绍了在NGN(软交换)网络中如何防止接入终端的非法漫游,以及如何通过对终端的位置信息进行鉴权及计费等,以实现终端漫游增值业务。 相似文献
7.
IP多媒体子系统(IMS)作为3G网络的核心控制平台,其安全问题正面临着严峻的挑战。IMS的接入认证机制的实现作为整个IMS安全方案实施的第一步,是保证IMS系统安全的关键。基于认证和密钥协商(AKA)的IMS接入认证机制是由因特网工程任务组(IETF)制定,并被3GPP采用,广泛应用于3G无线网络的鉴权机制。此机制基于"提问/回答"模式实现对用户的认证和会话密钥的分发,由携带AKA参数的SIP消息在用户设备(UE)和IMS网络认证实体之间进行交互,按照AKA机制进行传输和协商,从而实现用户和网络之间的双向认证,并协商出后续通信所需的安全性密钥对。 相似文献
8.
严晗 《电信工程技术与标准化》2015,(10)
本文WLAN网络技术的背景以及可能存在的风险威胁出发,通过分析当前WLAN的若干种常用认证方法的优劣,最后提出了一种较为安全并且具备可操作性的解决方案,即以IEEE802.11i-2004国际标准为核心,在IEEE802.11i标准框架下,采用802.1X/EAP方式实现强壮网络联合安全的强身份认证,完成身份认证后,使用基于AES算法(FIPS PUB 197-2001)的CCMP实现数据保密性与完整性保护。 相似文献
9.
介绍了在NGN(软交换)网络中如何防止接入终端,如IAD和各种软Phone的非法漫游,以及如何通过对终端的位置信息进行鉴权及计费等来实现终端漫游增值业务。 相似文献
10.
为了探讨在RAVAL和S8HR两种国际漫游方式下,VoLTE紧急呼叫业务的实现方案存在的问题,提出与拜访网络能力和漫游VoLTE终端能力一致的紧急呼叫方案建议,以及基于拜访运营商VoLTE网络实现的正常紧急呼叫和GIBA鉴权紧急呼叫业务流程,研究证明,参考所提出的业务流程,可解决SIP协议对3GPP业务流程无法支持的问题。 相似文献
11.
无线广域网(WWAN)与无线局域网(WLAN)都是近期发展比较成熟的无线网络,将它们很好的结合,是下一代网络(NGN)发展趋势与主题。使用虚拟用户识别模块(SIM)卡认证是在SIM/用户服务识别模块(USIM)模式基础上提出的一种可行性设想,利用蓝牙技术组成无线个人通信网,快速找到虚拟SIM,不需要通过繁复的设置认证,通过把通信任务和进程从应用处理中分离出来,加速了针对无缝漫游新应用的创新。 相似文献
12.
13.
应用于移动环境中的WLAN接入网结构 总被引:5,自引:1,他引:4
文章介绍了把无线局域网接入与GSM,GPRS漫游融合在一起的运营无线局域网(OWLAN),分析了OWLAN的主要系统单元及功能,讨论了基于用户识别模块(SIM)的鉴权、漫游和计费机理。 相似文献
14.
15.
针对WLAN Mesh网络节点漫游接入过程中现有协议的不足,通过利用EMSA(efficient mesh security association)初始认证过程中所建立的安全链路和消息认证码技术,并引入修改后的DH(Diffie Hellman)密钥交换过程,提出了一种能有效满足漫游接入性能和安全性需求的接入认证协议。该协议不仅具有基本的SK(session key,会话密钥)安全属性,还具有较小的接入时延,能够适应Mesh网络拓扑变化的特性,在完成双向接入认证过程的同时,完成了密钥的生成,并能较好地隐藏终端节点的身份信息。 相似文献
16.
The third-generation cellular systems provide great coverage, complete subscriber management and nearly universal roaming. Nevertheless, 3G systems suffer the high installation cost and low bandwidth. Though WLAN provides hot spot coverage with high data rates, it lacks roaming and mobility support. From users' points of views, the integration of WLAN and 3G systems is an attractive way that will provide them a convenient access to network. When integrating WLAN and 3G, there are still some problems should be concerned in terms of authentication and security, such as authentication efficiency and repudiation problem. In this paper, we review the authentication scheme for WLAN and 3G/UMTS interworking which is specified by 3GPP and propose a robust localized fast authentication protocol with non-repudiation service for integrating WLAN and 3G network. The localized re-authentication protocol can shorten the authentication time delay. On the other hand, with the non-repudiation service, the assumption, that subscriber has to fully trust 3G home operator, can be deleted and the trust management between the independent WLAN operator, 3G visited operator and 3G home operator can be eliminated. In other words, our proposed protocol provides legal evidences to prevent the 3G home operator from overcharge toward the subscriber and also prevent the WLAN operator and 3G visited operator from overcharge toward the 3G home operator. The authentication protocol employs HMAC, hash-chaining techniques, and public-key digital signature to achieve localized fast re-authentication and non-repudiation service. 相似文献
17.
18.
Wireless LAN access network architecture for mobile operators 总被引:16,自引:0,他引:16
The evolution of IP-based office applications has created a strong demand for public wireless broadband access technology offering capacity far beyond current cellular systems. Wireless LAN access technology provides a perfect broadband complement for the operators' existing GSM and GPRS services in an indoor environment. Most commercial public wireless LAN solutions have only modest authentication and roaming capability compared to traditional cellular networks. This article describes a new wireless LAN system architecture that combines the WLAN radio access technology with mobile operators' SIM-based subscriber management functions and roaming infrastructure. In the defined system the WLAN access is authenticated and charged using GSM SIM. This solution supports roaming between cellular and WLAN access networks and is the first step toward an all-IP network architecture. The proto-type has been implemented and publicly verified in a real mobile operator network 相似文献
19.
In the 3rd generation partnership project (3GPP) and wireless local area network (WLAN) interworking networks, 3GPP authentication, authorization, accounting (AAA) server located in 3GPP core network will be responsible for the AAA request from WLAN access network (AN). However, centralized AAA deployment is bound to give rise to the single point failure, resulting in system congestion. In order to solve this problem, this paper presents a novel congestion control model for AAA. In addition, through analyzing the model, the conclusion can be drawn that the average congestion rate of extensible authentication protocol (EAP) user request is related with factors, such as the arrival rate of EAP request, the number of EAP re-authentication, and the system buffer queue length. Finally, the simulation results show that EAP request arrival rate is directly proportional to the congestion rate, and when the number of EAP re-authentication and system buffer queue length are fixed, the number of corresponding user authentication vectors should be directly proportional to the EAP request arrival rate, so as to ensure the average congestion rate of EAP request is less than 0.005. 相似文献
20.
|
| 设为首页 | 免责声明 | 关于勤云 | 加入收藏 |
|
Copyright©北京勤云科技发展有限公司 京ICP备09084417号 |