共查询到16条相似文献,搜索用时 156 毫秒
1.
IP多媒体子系统(IMS)作为3G网络的核心控制平台,其安全问题正面临着严峻的挑战。IMS的接入认证机制的实现作为整个IMS安全方案实施的第一步,是保证IMS系统安全的关键。基于认证和密钥协商(AKA)的IMS接入认证机制是由因特网工程任务组(IETF)制定,并被3GPP采用,广泛应用于3G无线网络的鉴权机制。此机制基于"提问/回答"模式实现对用户的认证和会话密钥的分发,由携带AKA参数的SIP消息在用户设备(UE)和IMS网络认证实体之间进行交互,按照AKA机制进行传输和协商,从而实现用户和网络之间的双向认证,并协商出后续通信所需的安全性密钥对。 相似文献
2.
用户终端通过通用移动通信系统(UMTS)分组域接入到IP多媒体子系统(IMS)时,UMTS分组域和IMS会分别对用户终端独立地进行两次认证和密钥分配,两次操作过程具有较大的相似性,造成了重复的通信开销,缺乏效率。通过分析IMS认证与密钥分配协议(IMS AKA)过程,发现协议中存在安全漏洞,容易受到伪装攻击。文章提出了一种优化与改进方法ESAKA(Efficient and Security AKA),在提高IMSAKA效率的同时,可以解决用户终端对S-CSCF的认证及网络端信息传输的安全性。 相似文献
3.
4.
在网络融合的趋势下,通过电信网络为WLAN网络提供终端认证将是未来WLAN业务认证的主要方式。为高效、安全地实现网间漫游状态下WLAN的鉴权认证,本研究分析了在网间漫游状态下WLAN的鉴权需求,讨论了鉴权模式、流程和存在的问题,提出了基于EAP SIM/AKA协议的、非中转方式的WLAN漫游认证方案,并进行了验证。实验结果证明该非中转认证方案可以满足终端在漫游状态下实现EAP SIM/AKA认证的需要,同时增强了系统的安全性,降低了投资成本,实现了实时计费。 相似文献
5.
6.
统一IMS的研究已成为IMS演进发展的重要趋势,也成为全业务运营商实际IMS网络部署过程中亟需考虑的一大问题。文章在分析CDMA接入统一IMS系统可行性的基础上,给出了统一IMS系统的功能架构,并对CDMA接入统一IMS系统的媒体编解码转换、多接入认证方式以及语音呼叫连续性等关键技术问题进行了探讨,最后指出了统一IMS系统有待继续研究的方向。 相似文献
7.
8.
9.
10.
移动互联网中基于AKA认证的现有架构容易导致单点失效,服务器遭受恶意注册攻击,而且3GPP—AKA协议本身存在安全缺陷,文章对原有认证模型进行改进,提出基于P2P架构的认证服务器部署方案,同时改进AKA的认证流程,最后对本方案的安全性进行分析。 相似文献
11.
Reducing Signaling Traffic for the Authentication and Key Agreement Procedure in an IP Multimedia Subsystem 总被引:1,自引:1,他引:0
In the IP multimedia subsystem (IMS) of UMTS, two authentication procedures are necessary for IMS subscribers before accessing
IMS services: (i) packet-switch domain authentication using the authentication and key agreement of the 3rd Generation Partnership
Projects (3GPP AKA), and (ii) IMS authentication using IMS AKA. However, since IMS AKA is based on 3GPP AKA, almost all of
the operations are the same. Besides, IMS AKA needs two round-trips to carry out. Therefore, it is inefficient that almost
all involved steps in IMS AKA are duplicated. Therefore, we propose a one-pass IMS AKA instead of IMS AKA. The one-pass IMS
AKA can keep the security properties of IMS AKA, such as mutual authentication and key agreement. Furthermore, the one-pass
IMS AKA not only has at least 45% improvement over IMS AKA in terms of authentication signaling, but also has 76.5% improvement
over IMS AKA in terms of storage space. 相似文献
12.
Songbo Song Mohamed Abid Hassnaa Moustafa Hossam Afifi 《Telecommunication Systems》2013,52(4):2205-2218
The IP Multimedia Subsystem (IMS) is an access-independent, IP based, service control architecture. Users’ authentication to the IMS takes place through the AKA (Authentication and Key Agreement) protocol, while Generic Bootstrapping Architecture (GBA) is used to authenticate users before accessing the multimedia services over HTTP. In this paper, we focus on the performance analysis of an IMS Service Authentication solution that we proposed and that employs the Identity Based Cryptography (IBC) to personalize each user access. We carry out the implementation of this solution on top of an emulated IMS architecture and evaluate its performance through different clients’ access scenarios. Performance results indicate that increase in the number of clients does not influence the average processing time and the average consumed resources of the GBA entities during the authentication. We also notice that the Bootstrapping Server Function (BSF) presents a bottleneck during the service authentication which helps in giving some guidelines for the GBA entities deployment. 相似文献
13.
针对3G鉴权与密钥协商协议(3GPP AKA)中存在的安全缺陷,结合攻击者可能发起的攻击提出了一种可以防止重定向攻击,利用存在安全漏洞的网络发起的主动攻击,SQN同步缺陷和用户身份信息泄露的改进协议(ER AKA,Efficient and Robust Authentication and Key Agreement),并对其安全性和效率进行了分析,分析表明通过该协议可以以较少的存储资源和计算资源为代价有效的解决上述安全性问题并减少3G系统中安全性处理的信令交互次数。 相似文献
14.
One-pass GPRS and IMS authentication procedure for UMTS 总被引:6,自引:0,他引:6
Yi-Bing Lin Ming-Feng Chang Meng-Ta Hsu Lin-Yi Wu 《Selected Areas in Communications, IEEE Journal on》2005,23(6):1233-1239
Universal Mobile Telecommunications System (UMTS) supports Internet protocol (IP) multimedia services through IP multimedia core network subsystem (IMS). Since the IMS information is delivered through the general packet radio service (GPRS) transport network, a UMTS mobile station (MS) must activate GPRS packet data protocol (PDP) context before it can register to the IMS network. In the Third-Generation Partnership Project (3GPP) specifications, authentication is performed at both the GPRS and the IMS networks before an MS can access the IMS services. We observe that many steps in this 3GPP "two-pass" authentication procedure are identical. Based on our observation, this paper proposes an one-pass authentication procedure that only needs to perform GPRS authentication. At the IMS level, authentication is implicitly performed in IMS registration. Our approach may save up to 50% of the IMS registration/authentication traffic, as compared with the 3GPP two-pass procedure. We formally prove that the one-pass procedure correctly authenticate the IMS users. 相似文献
15.
The IP Multimedia Subsystem (IMS) has been selected as a telecommunication industrial standard for the signal processing in the heterogeneous access networks. It is also brought up to handle the mobility management. However, the mobility of the user equipment (UE) may disrupt or even intermittently disconnect an ongoing real-time session, which heavily affects the satisfaction of the users. Therefore, how to reduce the service disruption time gets more and more important. This paper first proposes a centralized service continuity scheme, abbreviated as CSC, in IMS-based networks. The CSC treats handover as a service in the IMS network. Its architecture and operation are based on service invocation. The service continuity procedure is performed by an application server called CSC AS. The CSC AS can carry out the third-party call control for fast session re-establishment by initiating two INVITE requests concurrently. In addition, a variant of the CSC, denoted by CSC*, is derived by adopting the E-IMS AKA with one-pass authentication for achieving the acceleration of IMS registration during the handover. Analytical results show that both schemes could shorten the handover latency significantly, as compared with the standard IMS-based service continuity. 相似文献
16.
3G认证和密钥分配协议的形式化分析及改进 总被引:4,自引:0,他引:4
介绍了第三代移动通信系统所采用的认证和密钥分配(AKA)协议,网络归属位置寄存器/访问位置寄存器(HLR/VLR)对用户UE(用户设备)的认证过程和用户UE对网络HLR/VLR的认证过程分别采用了两种不同的认证方式,前者采用基于"询问-应答"式的认证过程,后者采用基于"知识证明"式的认证过程.使用BAN形式化逻辑分析方法分别对这两种认证过程进行了分析,指出在假定HLR与VLR之间系统安全的前提下,基于"知识证明"式的认证过程仍然存在安全漏洞.3GPP采取基于顺序号的补充措施;同时,文中指出了另一种改进方案. 相似文献