检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:韩晓璇 周文安[1] 韩震 HAN Xiao-xuan;ZHOU Wen-an;HAN Zhen(School of Computer Science,Beijing University of Posts and Telecommunications,Beijing 100876,China)
出 处:《计算机工程与科学》2024年第12期2149-2157,共9页Computer Engineering & Science
摘 要:鉴权认证机制的安全性研究一直是移动通信领域重要的关注点,每一代移动通信标准都制定了不同的认证密钥协议(AKA)。随着5G物联网中接入终端类型和接入场景的多样化,3GPP制定了统一的用户安全接入认证机制5G-AKA,经调研发现该机制仍存在脆弱性。通过分析5G-AKA双向认证流程中的请求参数和响应内容,发现认证流程存在用户身份验证标识(SUPI)泄露的风险,设计了SUPI窃听攻击模型。同时,基于UERANSIM和open5gs测试平台设计了网络拓扑结构和实验场景,模拟信令流量并验证上述模型。Research on the security of authentication mechanism has been an important concern in mobile communication,and each generation of mobile communication standards has developed different authentication and key agreement(AKA).With the diversification of access terminal types and access scenarios in 5G IoT,3GPP has developed an unified user security access authentication mechanism,5G-AKA,which is still found to be vulnerable after investigation.In this paper,by analyzing the request parameters and response contents in the bidirectional authentication process of 5G-AKA,the risk of user authentication identifier(SUPI)leakage is found,and a SUPI eavesdropping attack model is designed.Based on the UERANSIM and open5gs testing platforms,this paper designs the network topology and experimental scenarios,simulating signaling traffic to validate the aforementioned model.
分 类 号:TN911.22[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.26