3G-WLAN安全接入方案的研究与分析  被引量：1

作　　者：苗俊峰[1] 马春光[1,2] 黄予洛 李晓光 

机构地区：[1]哈尔滨工程大学计算机科学与技术学院,黑龙江哈尔滨150001 [2]哈尔滨工程大学国家保密学院,黑龙江哈尔滨150001

出　　处：《信息网络安全》2014年第10期24-30,共7页Netinfo Security

基　　金：黑龙江省自然科学基金[F201229];哈尔滨市科技创新人才研究专项基金[2012RFXXG086]

摘　　要：目前,3G和WLAN两种无线通信技术是最具代表性的技术,同时二者各自的优缺点使3G与WLAN融合网络成为备受业界和学术界关注的焦点。3G-WLAN网络融合可以充分利用两者的优点,优势互补,用户既可以享受3G网络中完善的漫游、鉴权以及计费机制,也可以享受WLAN的高速数据传输速率,这样用户不仅享受优质的网络服务,也使得网络资源利用最大化。但3G与WLAN融合网络需要同时应对来自两方的安全威胁。由于3G和WLAN网络安全威胁存在差异,因此对于各自的安全解决方案也存在很大差异,如何解决融合网络的安全威胁是亟待解决的问题。文章对802.11i和WAPI接入认证安全性和密钥协商灵活性进行了分析和研究,并总结出其各自的优缺点;针对3G-WLAN融合网络中EAP-AKA协议,分析了其存在的漏洞与不足,然后综合802.11i和WAPI安全协议的优势,文章提出了一种新的3G-WLAN安全接入方案EAP-WPI。新协议采用802.11i的EAP认证框架封装认证和WAPI的ECDH密钥协商算法,实现用户终端与后台认证服务器的认证交互以及高安全性的密钥协商,并在认证过程中采用无证书的公钥密码技术免除了部署PKI的负担,并对其进行安全性分析以及仿真测试,其结果表明文章提出的协议具有较高的安全性及执行效率。At present, 3G and WLAN, two kinds of wireless communication technology is the most representative. But because of between the shortcomings and advantages, resulting in 3G and WLAN fusion network is being the focus of the industry and academia, but also one of the most attractive. 3G-WLAN network can make full use of their advantages, which are mutually complementary. Users can enjoy 3G network perfect roaming, authentication and accounting mechanism, also can enjoy high- speed data transmission rate in WLAN. So users not only to enjoy the service network quality, but also makes more use of cyber source. But 3G and WLAN fusion network also need to address security threats from two parties. Because of the difference of 3（3 and WLAN network security threats, their own safety solutions are also very different and how to solve the security threat fusion network is an urgent problem to be solved. This paper analyzed and studied the 802.1 li and WAPI in the access security of authentication and key negotiation flexibility and draws their respective strengths. The 3G-WLAN fusion network EAP-AKA protocol analyze its loopholes and defects, then synthesize 802.1 l i and WAPI protocol security advantages, this paper proposes a new 3G-WLAN security access scheme of EAP-WPI. The new protocol uses EAP authentication framework package certification of 802.1 li and ECDH key agreement algorithm of WAPI, to achieve the user terminal and the backend authentication server authentication interaction, highly secure key agreement, and the use of public key cryptography without certificates in the certification process from the deployment of the PKI burden and makes security analysis and simulation test, which show that the paper which has proposed the protocol has higher of the safety and efficiency.

关 键 词：EAP认证 ECDH密钥协商 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]