一种泛在网络的安全认证协议  被引量:1

A Secure Authentication Protocol of Ubiquitous Convergent Network

在线阅读下载全文

作  者:戚湧[1] 郭诗炜 李千目[1] 

机构地区:[1]南京理工大学计算机科学与工程学院,南京210094

出  处:《电子与信息学报》2016年第7期1800-1807,共8页Journal of Electronics & Information Technology

基  金:国家自然科学基金(61272419);江苏省未来网络前瞻性研究(BY2013095-3-02)~~

摘  要:泛在网络是标准的异质异构网络,保证用户在网络间的切换安全是当前泛在网的一个研究热点。该文对适用于异构网络间切换的认证协议EAP-AKA进行分析,指出该协议有着高认证时延,且面临着用户身份泄露、中间人攻击、Do S攻击等安全威胁,此外接入网络接入点的有效性在EAP-AKA协议中也没有得到验证,使得用户终端即使经过了复杂的认证过程也不能避免多种攻击。针对以上安全漏洞,该文提出一种改进的安全认证协议,将传统EAP-AKA的适用性从3G系统扩展到泛在网络中。新协议对传播时延和效率进行完善,为用户和接入点的身份信息提供有效性保护,避免主会话密钥泄露,采用椭圆曲线Diffie Hellman算法生成对称密钥,在每次认证会话时生成随机的共享密钥,并实现用户终端与家乡域网络的相互认证。通过开展实验,对协议进行比较分析,验证了新协议的有效性及高效率。Ubiquitous network is a kind of standard heterogeneous network. It is a hot research topic to secure switching between networks. This paper analyzes EAP-AKA, which is used during handoff across heterogeneous networks. However, this protocol has high authentication delay and is confronted with several security threats, such as user identity disclosure, man in middle attack and Do S attack. Moreover, access point of the access network is not verified, leaving the user under attack even after heavy authentication procedure. To deal with the above security vulnerabilities, an improved secure authentication protocol for ubiquitous network based on EAP-AKA protocol is proposed, extending the applicability of traditional EAP-AKA protocol from the 3G system to ubiquitous network. The new protocol reduces authentication delay and effectively protects identities of users and access points. In order to avoid main session key leakage, the Diffie Hellman algorithm is used to generate a symmetric key randomly each time. The mutual authentication between user endpoint and the home network is also achieved in new protocol. Experiments and analysis verifies effectiveness and efficiency of the proposed protocol.

关 键 词:泛在网络 访问控制 安全认证协议 EAP-AKA 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象