一种简化的低开销家庭基站重认证协议

The 3rd Generation Partnership Project (3GPP) defined a new architecture, called Home eNode B (HeNB). The 3GPP has also presented a protocol for communications between HeNB and core networks for mutual authentication. To reduce the authentication costs associated with communication, compu-tation and energy, this paper proposes a simple and low-cost re-authentication protocol that does not compromise the provided security services. The proposed protocol uses as the re-authentication parameter a Master Session Key (MSK) that has already been computed in the initial authentication, and does not require the full initial authentication to be repeated. Moreover, the proposed protocol does not modify the 3GPP infrastructure, and is easily applied to the HeNB system. Finally, the security of the proposed protocol is veri?ed by Automated Validation of Internet Security Protocols and Applications (AVISPA) and Burrows-Abadi-Needham (BAN) Logic; de-tailed evaluations of performance are also given. The analysis results illustrate that the proposed protocol can achieve at least 50% cost reduction in communication and 58% cost reduction in energy. The computational cost is also reduced by half compared with the initial authentication.     

一种改进的WLAN-3G融合网络认证协议

本文在分析了现有3GPP WLAN-3G融合网络接入认证协议EAP-AKA的优势和不足的基础上,引入WAPI证书鉴别机制,提出WAPI-3G互联结构模型,并针对该互联模型设计了一种接入认证协议EAP-WAPI.本文提议的WLAN-3G互联结构模型及接入认证机制解决了融合组网环境下WLAN终端统一接入认证的问题.分析和仿真结果表明,相比于原有的WAPI认证协议WAPI-XG1,本文所提议的协议具有较高的安全性和执行效率.     

SEAI: Secrecy and Efficiency Aware Inter-gNB Handover Authentication and Key Agreement Protocol in 5G Communication Network

Recently, the Third Generation Partnership Project (3GPP) has initiated the research in the Fifth Generation (5G) network to fulfill the security characteristics of IoT-based services. 3GPP has proposed the 5G handover key structure and framework in a recently published technical report. In this paper, we evaluate the handover authentication mechanisms reported in the literature and identify the security vulnerabilities such as violation of global base-station attack, failure of key forward/backward secrecy, de-synchronization attack, and huge network congestion. Also, these protocols suffer from high bandwidth consumption that doesn’t suitable for energy-efficient mobile devices in the 5G communication network. To overcome these issues, we introduce Secrecy and Efficiency Aware Inter-gNB (SEAI) handover Authentication and Key Agreement (AKA) protocol. The formal security proof of the protocol is carried out by Random Oracle Model (ROM) to achieve the session key secrecy, confidentiality, and integrity. For the protocol correctness and achieve the mutual authentication, simulation is performed using the AVISPA tool. Also, the informal security evaluation represents that the protocol defeats all the possible attacks and achieves the necessary security properties.Moreover, the performance evaluation of the earlier 5G handover schemes and proposed SEAI handover AKA protocol is carried out in terms of communication, transmission, computation overhead, handover delay, and energy consumption. From the evaluations, it is observed that the SEAI handover AKA protocol obtains significant results and strengthens the security of the 5G network during handover scenarios.

     

3G系统全网安全体制的探讨与分析

文章基于3GPP体制探讨了3G系统的安全机制，重点分析了3G认证与密钥分配协议、加密与完整性保护的过程及其安全性，并针对核心网部分，从ATMPRM出发讨论了将安全功能置于ATM协议栈中不同位置时的几种安全方案。     

Mobile satellite communications systems: Toward global personalcommunications

The constraints imposed by the RF environment are reviewed. An overview of present and planned mobile satellite systems is given. Present systems refer to those already in operation, while planned systems refer to those that have authority to offer the services and have either a satellite in orbit or one being built to support the systems. Future directions for mobile satellite communications systems are discussed. One approach emerging is the use of large satellites, with large antennas. operating at much higher carrier frequencies. A second approach is to use low-earth orbit (LEO) satellites. in order to reduce the path loss. The LEO approach also results in much smaller propagation delays than those experienced with geostationary satellites     

One-pass GPRS and IMS authentication procedure for UMTS

Universal Mobile Telecommunications System (UMTS) supports Internet protocol (IP) multimedia services through IP multimedia core network subsystem (IMS). Since the IMS information is delivered through the general packet radio service (GPRS) transport network, a UMTS mobile station (MS) must activate GPRS packet data protocol (PDP) context before it can register to the IMS network. In the Third-Generation Partnership Project (3GPP) specifications, authentication is performed at both the GPRS and the IMS networks before an MS can access the IMS services. We observe that many steps in this 3GPP "two-pass" authentication procedure are identical. Based on our observation, this paper proposes an one-pass authentication procedure that only needs to perform GPRS authentication. At the IMS level, authentication is implicitly performed in IMS registration. Our approach may save up to 50% of the IMS registration/authentication traffic, as compared with the 3GPP two-pass procedure. We formally prove that the one-pass procedure correctly authenticate the IMS users.     

基于公钥密码体制的3G认证协议改进

文章对原3GPP认证协议进行了安全分析,提出其存在的安全漏洞,并根据公钥密码体制思想,在保持原有3GPP认证过程的基础上提出一种新的认证过程,并对该过程的安全性和可实施性进行了分析。     

Prediction-based secured handover authentication for mobile cloud computing

Mobile cloud computing (MCC) is a new technology that brings cloud computing and mobile networks together. It enhances the quality of service delivered to mobile clients, network operators, and cloud providers. Security in MCC technology, particularly authentication during the handover process, is a big challenge. Current vertical handover authentication protocols encounter different problems such as undesirable delays in real-time applications, the man in the middle attack, and replay attack. In this paper, a new authentication protocol for heterogeneous IEEE 802.11/LTE-A mobile cloud networks are proposed. The proposed protocol is mainly based on the view of the 3GPP access network discovery and selection function, which uses the capacities given by the IEEE 802.11 and the 3GPP long term evolution-advanced (LTE-A) standards interconnection. A prediction scheme, with no additional load over the network, or the user is utilized to handle cloud computing issues arising during authentication in the handover process. The proposed handover authentication protocol outperformed existing protocols in terms of key confidentiality, powerful security, and efficiency which was used to reduce bandwidth consumption.

     

基于WIMAX系统的安全策略研究

全球微波接入互操作性(WiMAX)是一个极具发展潜力的无线通信标准,需要有一个好的安全机制来保证。文中简要概述了WiMAX系统的安全体系结构和802.1x协议的体系架构,在此基础上阐述了EAP协议,特别是EAP协议的实现流程步骤,并深入阐述了在公司系统测试平台上实现WiMAX安全机制的协议流程和解决方案,包括在公司系统测试平台上实现鉴权协议的具体过程与3GPP协议规定的鉴权流程的详细区别。     

Extension of an Efficient 3GPP Authentication and Key Agreement Protocol

Recently, Zhang and Fang proposed a security analysis and enhancements of 3GPP authentication and key agreement protocol (AP-AKA for short). The enhancements of 3GPP authentication and key agreement protocol is proposed to improve some drawbacks of the current third-generation wireless communications. It also eliminates the need of synchronization between a mobile station and its home network. However, this paper shows that AP-AKA has some drawbacks, including the huge bandwidth consumption between foreign network and the home network, and the overhead of the stored space in the foreign network, and the overloaded home network with authentication of mobile stations. As a result, an extension of AP-AKA is proposed, which improves theses drawbacks, while preserving the superior merits of AP-AKA.     

基于分布式星群的双层星座设计

当前,陆地通信系统已无法满足日益复杂的信息需求,利用空间信息网络实现全球范围内的无缝覆盖和高效容量传输成为研究热点。现有卫星通信系统以单层星座为主,缺少高低轨卫星之间的协同。提出了一种基于分布式星群的双层星座设计,以基于分布式星群的低轨卫星作为网络架构的基础,采用星间链路实现低轨卫星之间的通信,通过高轨卫星实现中低纬度地区覆盖性能加强。仿真结果表明,所提方法在仅依靠在国内部署卫星地面站的前提下可实现全球多重覆盖。     

Efficient authentication scheme for double-layer satellite network

To solve the issue of networking authentication among GEO and LEO satellites in double-layer satellite network,a secure and efficient authenticated key agreement scheme was proposed.Based on symmetric encryption,the proposed scheme can achieve trust establishment and secure communication between satellites without the trusted third party.Meanwhile,considering characteristics of highly unified clock and predictable satellite trajectory in satellite networks,a pre-calculation method was designed,which can effectively improve the authentication efficiency of satellite networking.Moreover,formal proof and security analysis demonstrate that the scheme can satisfy various security requirements during satellite networking.Performance analysis and simulation results show that the scheme has low computation and communication overhead,which can achieve the authentication of satellite networking in resource-limited scenarios.     

A novel congestion control model for interworking AAA in heterogeneous networks

In the 3rd generation partnership project (3GPP) and wireless local area network (WLAN) interworking networks, 3GPP authentication, authorization, accounting (AAA) server located in 3GPP core network will be responsible for the AAA request from WLAN access network (AN). However, centralized AAA deployment is bound to give rise to the single point failure, resulting in system congestion. In order to solve this problem, this paper presents a novel congestion control model for AAA. In addition, through analyzing the model, the conclusion can be drawn that the average congestion rate of extensible authentication protocol (EAP) user request is related with factors, such as the arrival rate of EAP request, the number of EAP re-authentication, and the system buffer queue length. Finally, the simulation results show that EAP request arrival rate is directly proportional to the congestion rate, and when the number of EAP re-authentication and system buffer queue length are fixed, the number of corresponding user authentication vectors should be directly proportional to the EAP request arrival rate, so as to ensure the average congestion rate of EAP request is less than 0.005.     

A post quantum secure construction of an authentication protocol for satellite communication

Satellite's communication system is used to communicate under significant distance and circumstances where the other communication systems are not comfortable. Since all the data are exchanged over a public channel, so the security of the data is an essential component for the communicating parties. Both key exchange and authentication are two cryptographic tools to establish a secure communication between two parties. Currently, various kinds of authentication protocols are available to establish a secure network, but all of them depend on number–theoretical (discrete logarithm problem/factorization assumption) hard assumptions. Due to Shor's and Grover's computing algorithm number theoretic assumptions are breakable by quantum computers. Although Kumar and Garg have proposed a quantum attack-resistant protocol for satellite communication, it cannot resist stolen smart card attack. We have analyzed that how Kumar and Garg is vulnerable to the stolen smart card attack using differential power analysis attack described in He et al and Chen and Chen. We have also analyzed the modified version of signal leakage attack and sometimes called improved signal leakage attack on Kumar and Garg's protocol. We have tried to construct a secure and efficient authentication protocol for satellites communication that is secure against quantum computing. This is more efficient as it requires only three messages of exchange. This paper includes security proof and performance of the proposed authentication and key agreement protocol.     

基于“北斗”的战场移动装备域间身份认证方法

为了实现对移动装备在不同管理域间切换时身份的快速、安全认证,基于“北斗”卫星导航系统所提供的安全可靠的短报文通信功能和高精度的授时功能,提出了一种基于“北斗”的战场移动装备域间身份认证方法,设计了基于“北斗”的战场移动装备域间身份认证体系结构和战场移动装备域间身份认证协议。该认证体系采用两级认证机制。整个移动网络通过“北斗”系统的高精度授时实现全网时钟的精确同步,将“北斗”系统提供的时钟信息作为时间戳加入到身份认证信息中,并利用“北斗”系统传输身份认证信息。经过对协议的安全性分析表明,该协议安全可靠,可以实现域间身份认证时新管理域中的认证中心与移动装备的双向认证,也可以实现移动装备的匿名认证,同时具有抗重放攻击能力。此外,该协议有效地减小了家乡域认证中心的开销。     

一种改进的高效鲁棒的3GPP AKA协议

针对3G鉴权与密钥协商协议（3GPP AKA）中存在的安全缺陷,结合攻击者可能发起的攻击提出了一种可以防止重定向攻击,利用存在安全漏洞的网络发起的主动攻击,SQN同步缺陷和用户身份信息泄露的改进协议（ER AKA,Efficient and Robust Authentication and Key Agreement）,并对其安全性和效率进行了分析,分析表明通过该协议可以以较少的存储资源和计算资源为代价有效的解决上述安全性问题并减少3G系统中安全性处理的信令交互次数。     

一种基于移动网络的端到端认证机制

为基于移动网络的业务通信双方-业务签约者和业务提供者之间建立一种端到端的相互信任关系,提出了一种新的基于移动网络的应用服务端到端认证机制。研究了移动网络业务通信的发展趋势和安全威胁,介绍了3GPP中的通用鉴权框架的认证机理,指出了它的不足,并且提出了改进方法。介绍了端到端认证机制的总体框架和协议流程,并对其安全性、通用性、灵活性进行了分析。给出了该认证机制的应用场景。     

面向手机直连的低轨卫星通信：关键技术、发展现状与未来展望全文替换

为满足全时、全域通信需求,低轨卫星通信将成为6G的重要组成部分。通过对地面移动通信协议体制进行适应性改进,低轨卫星可为地面移动手机终端提供直连服务。介绍了面向手机直连的低轨卫星通信关键技术和商业项目发展现状,探讨了未来需解决的关键问题和潜在技术途径。     

Efficient dynamic authentication for mobile satellite communication systems without verification table

The mobile satellite system is an important wireless communication system widely used nowadays. The issue of protecting the transmission security in low‐earth‐orbit satellite networks thus becomes more and more critical. It is known that several authentication schemes for satellite communication systems have been proposed to deal with the issue. However, previous protocols either employ complicated public key computation or have to maintain a verification table. In this paper, the author will introduce a new dynamic authentication protocol for mobile satellite communication systems without using a verification table. The comparison results will also show that the proposed scheme has lower computational costs. Copyright © 2014 John Wiley & Sons, Ltd.     

基于小卫星中继的远程通信方案

为满足远程局部战场的通信需求,提出了一种以小卫星为中继的远程通信方案.在分析远程通信系统组成和工作原理的基础上,综合考虑环境因素推算了小卫星轨道参数,构建了具备通信中继功能的中椭圆回归轨道小卫星星座,实现了战机-作战指挥中心通信功能,通过STK软件建立了基于小卫星中继的远程通信覆盖模型.仿真结果表明,该方案对指定战区的平均覆盖率为99.69％,作战指挥中心与战机的可连接时间达到98.26％.