共查询到20条相似文献,搜索用时 15 毫秒
1.
可证明安全的异构无线网络认证协议 总被引:1,自引:0,他引:1
异构无线网络中互连的安全问题是当前研究的关注点,针对3G网络和WLAN(无线局域网)所构成的异构互连网络中认证协议的安全和效率问题,提出了一种基于离线计费方法的认证协议。该协议通过对WLAN服务网络身份进行验证,抵御了重定向攻击的行为;采用局部化重认证过程,减少了认证消息的传输延时,提高了认证协议的效率。仿真结果表明,该协议的平均消息传输延时相对于EAP—AKA协议缩短了大约一半。通过Canetti—Krawczyk(CK)安全模型对新协议进行了安全性证明,证明该协议具有SK—secure安全属性。 相似文献
2.
主要介绍第三代移动通信合作计划(3GPP———3GPartnershipProject)与无线局域网(WLAN)互连的结构,3GPP用户可通过WLAN开展WLAN接入业务。在WLAN中,通过3GPP预约,使用客户识别模块(SIM)/用户服务识别模块(USIM)接入通用IC卡(UICC),使3GPP与WLAN终端互连。文中还介绍基于3GPP的WLAN接入认证授权、IEEE802.11i中的认证和密钥协定、3G-WLAN互连中的认证和授权、复用3GPP的归属位置注册器等,描述了用户数据如何选路和接入业务,最后介绍WLAN中基于3GPP的计费方法(预付费和后付费),以及如何对这些用户计费和对归属网络中基于IP的计费。 相似文献
3.
Interworking architecture between 3GPP and WLAN systems 总被引:21,自引:0,他引:21
4.
Because of the requirements of stringent latency, high‐connection density, and massive devices concurrent connection, the design of the security and efficient access authentication for massive devices is the key point to guarantee the application security under the future fifth Generation (5G) systems. The current access authentication mechanism proposed by 3rd Generation Partnership Project (3GPP) requires each device to execute the full access authentication process, which can not only incur a lot of protocol attacks but also result in signaling congestion on key nodes in 5G core networks when sea of devices concurrently request to access into the networks. In this paper, we design an efficient and secure privacy‐preservation access authentication scheme for massive devices in 5G wireless networks based on aggregation message authentication code (AMAC) technique. Our proposed scheme can accomplish the access authentication between massive devices and the network at the same time negotiate a distinct secret key between each device and the network. In addition, our proposed scheme can withstand a lot of protocol attacks including interior forgery attacks and DoS attacks and achieve identity privacy protection and group member update without sacrificing the efficiency. The Burrows Abadi Needham (BAN) logic and the formal verification tool: Automated Validation of Internet Security Protocols and Applications (AVISPA) and Security Protocol ANimator for AVISPA (SPAN) are employed to demonstrate the security of our proposed scheme. 相似文献
5.
6.
IP多媒体子系统(IMS)作为3G网络的核心控制平台,其安全问题正面临着严峻的挑战。IMS的接入认证机制的实现作为整个IMS安全方案实施的第一步,是保证IMS系统安全的关键。基于认证和密钥协商(AKA)的IMS接入认证机制是由因特网工程任务组(IETF)制定,并被3GPP采用,广泛应用于3G无线网络的鉴权机制。此机制基于"提问/回答"模式实现对用户的认证和会话密钥的分发,由携带AKA参数的SIP消息在用户设备(UE)和IMS网络认证实体之间进行交互,按照AKA机制进行传输和协商,从而实现用户和网络之间的双向认证,并协商出后续通信所需的安全性密钥对。 相似文献
7.
3GPP IMS与WLAN之间的互通可以将IMS核心网络业务扩展到WLAN接入环境中,同时使WLAN成为3GPP系统的一种补充接入技术。介绍了3GPPIMS的网络结构,分析了IMS中SIP协议及其扩展,重点讨论了IMS与WLAN的互通模型,以及如何支持3GPP目前定义的几种业务互通等级。 相似文献
8.
Wireless Network Security and Interworking 总被引:1,自引:0,他引:1
Shin M. Ma J. Mishra A. Arbaugh W.A. 《Proceedings of the IEEE. Institute of Electrical and Electronics Engineers》2006,94(2):455-466
A variety of wireless technologies have been standardized and commercialized, but no single technology is considered the best because of different coverage and bandwidth limitations. Thus, interworking between heterogeneous wireless networks is extremely important for ubiquitous and high-performance wireless communications. Security in interworking is a major challenge due to the vastly different security architectures used within each network. The goal of this paper is twofold. First, we provide a comprehensive discussion of security problems and current technologies in 3G and WLAN systems. Second, we provide introductory discussions about the security problems in interworking, the state-of-the-art solutions, and open problems. 相似文献
9.
在3GPP提出的3G与WLAN融合方案的基础上,针对EAP-AKA认证方法中存在的虚假AP攻击,用户私密信息泄露等安全问题,提出了一种EAP-TTLS-AKA认证方法.此方法实现了UE对WLAN接入网的认证,在UE和WLAN接入网之间建立了安全认证隧道,并在安全认证隧道中实现UE和3GPP的AKA认证.分析结果表明,此... 相似文献
10.
随着无线互联网的发展,3GPP-WLAN的互通性也成为研究的热点。而作为关键设备的无线接入点在互通过程具有重要的地位。本文介绍了3GPP-WLAN互通性安全,主要讨论基于GSM SIM的认证过程,提出了此机制在WLAN接入点(AP)上的功能实现以及在设计中应注意的问题。 相似文献
11.
Internet protocol (IP) is the kernel of the TCP/IP protocol family. Because IP is the only one that is shared by all high‐level protocols in TCP/IP. So the security of the IP is particularly important to the whole communication network. Fortunately, IPsec provides excellent protection for the kIP security. As a part of the IPsec, Internet Key Exchange (IKE) protocol can achieve security association negotiation, key generation, and identity authentication. The study of IKEv2, both in its application and security analysis, has been relatively mature. When the Internet Engineering Task Force published the Internet‐Draft IKEv3 protocol, there is not much attention and research on it. In this paper, we analyze the security and authentication of IKEv3 by formal verification and show that IKEv3 is susceptible to reflection attack and DoS attack. Then we propose a new variant of the IKEv3 protocol, which both resists reflection attack and mitigates the impact of the DoS attack. 相似文献
12.
WLAN技术作为一种无线接入方式,可以作为3G接入技术的补充,为3G用户提供高速、稳定的数据业务.本文在3GPP所做研究的基础上简要分析了GPRS/UMTS和WLAN的互连,阐述了网络架构,认证、授权和计费过程等相关问题. 相似文献
13.
14.
15.
终端如何在3GPP与WLAN中选择最优网络接入并进行业务分流是WLAN与3GPP互操作中需要解决的重要问题。传统3GPP与WLAN互操作主要集中在核心网层面,无法考虑无线网络负载,容易造成网络负荷不均,用户体验降低。3GPP R12阶段在RAN2开展了WLAN与3GPP无线互操作研究,定义了一系列无线接入网辅助参数和无线接入网规则以增强WLAN与3GPP在无线的接入网选择和业务分流方案,有效提高了用户体验以及运营商对于WLAN的控制能力,为WLAN与3GPP网络深入融合提供解决方案。 相似文献
16.
介绍了无线局域网中存在的一些安全漏洞问题,如RC4密钥的复用造成泄密以及攻击者篡改数据而不被发现等。给出了对应的解决方案-TKIP(Temporal Key Integrity Protocol)和RC4,并在文中介绍了TKIP的实现方法。 相似文献
17.
18.
In the 3rd generation partnership project (3GPP) and wireless local area network (WLAN) interworking networks, 3GPP authentication, authorization, accounting (AAA) server located in 3GPP core network will be responsible for the AAA request from WLAN access network (AN). However, centralized AAA deployment is bound to give rise to the single point failure, resulting in system congestion. In order to solve this problem, this paper presents a novel congestion control model for AAA. In addition, through analyzing the model, the conclusion can be drawn that the average congestion rate of extensible authentication protocol (EAP) user request is related with factors, such as the arrival rate of EAP request, the number of EAP re-authentication, and the system buffer queue length. Finally, the simulation results show that EAP request arrival rate is directly proportional to the congestion rate, and when the number of EAP re-authentication and system buffer queue length are fixed, the number of corresponding user authentication vectors should be directly proportional to the EAP request arrival rate, so as to ensure the average congestion rate of EAP request is less than 0.005. 相似文献
19.
基于全IP的3GPP-WLAN网络互通体系结构 总被引:1,自引:0,他引:1
3GPP-WLAN互通是目前无线互联网的研究重点之一,目前,3GPP及其它相关组织正在积极制定3GPP-WLAN互通的规范.本文介绍了3GPP WLAN互通的基本架构、新增功能实体和接口的功能,并在最后给出了实例的信令流程. 相似文献
20.
Xinghua Li Xiang Lu Jianfeng Ma Zhenfang Zhu Li Xu YoungHo Park 《Mobile Networks and Applications》2011,16(3):394-407
The successful deployment of WLAN for high speed data transmission and 3G cellular systems for wide coverage and global roaming has emerged to be a complementary platform for wireless data communications. But security in the 3G-WLAN interworking, especially the efficient authentication and valid key management, has been remaining a challenging issue. What’s more, some emerging security challenges are neglected by 3GPP specifications as well as the previous studies. This paper first analyzes and evaluates the current contributions in this field, and then puts forward some design issues. Thereafter, by modifying the EAP-AKA keying framework we propose an improved authentication scheme which enables a WLAN user to efficiently access packet switch services through the 3G networks. What’s more, through the new keying framework the user can efficiently realize the future re-authentications and handover authentications. The proposed authentication scheme, the corresponding re-authentications and handover authentications are simulated, and results indicate that our scheme can reduce authentication latency significantly. 相似文献