一种泛在网络的安全认证协议

泛在网络是标准的异质异构网络，保证用户在网络间的切换安全是当前泛在网的一个研究热点。该文对适用于异构网络间切换的认证协议EAP-AKA进行分析，指出该协议有着高认证时延，且面临着用户身份泄露、中间人攻击、DoS攻击等安全威胁，此外接入网络接入点的有效性在EAP-AKA协议中也没有得到验证，使得用户终端即使经过了复杂的认证过程也不能避免多种攻击。针对以上安全漏洞，该文提出一种改进的安全认证协议，将传统EAP-AKA的适用性从3G系统扩展到泛在网络中。新协议对传播时延和效率进行完善，为用户和接入点的身份信息提供有效性保护，避免主会话密钥泄露，采用椭圆曲线Diffie Hellman算法生成对称密钥，在每次认证会话时生成随机的共享密钥，并实现用户终端与家乡域网络的相互认证。通过开展实验，对协议进行比较分析，验证了新协议的有效性及高效率。

A Secure Authentication Protocol of Ubiquitous Convergent Network

Ubiquitous network is a kind of standard heterogeneous network. It is a hot research topic to secure switching between networks. This paper analyzes EAP-AKA, which is used during handoff across heterogeneous networks. However, this protocol has high authentication delay and is confronted with several security threats, such as user identity disclosure, man in middle attack and DoS attack. Moreover, access point of the access network is not verified, leaving the user under attack even after heavy authentication procedure. To deal with the above security vulnerabilities, an improved secure authentication protocol for ubiquitous network based on EAP-AKA protocol is proposed, extending the applicability of traditional EAP-AKA protocol from the 3G system to ubiquitous network. The new protocol reduces authentication delay and effectively protects identities of users and access points. In order to avoid main session key leakage, the Diffie Hellman algorithm is used to generate a symmetric key randomly each time. The mutual authentication between user endpoint and the home network is also achieved in new protocol. Experiments and analysis verifies effectiveness and efficiency of the proposed protocol.