摘要
3G系统执行认证与密钥分配协议,在移动台和服务网络之间进行双向认证,在互相确认对方身份的基础上生成数据加密密钥CK和数据完整性密钥IK。3G安全体系的鉴权认证阶段是其薄弱环节,针对其缺陷,结合PKI技术,提出基于SSL握手协议的鉴权认证方案。在3G网络中加入认证中心及注册中心,用于验证用户身份、发放和恢复证书。针对无线终端特性,为服务器端使用的证书定义一个新的PKI证书格式———WTLS证书,并使用短时效证书SLC作为验证证书有效期的方案。该认证方案可以与3G现有安全模式并行,建议3G设置双模式认证方式来提高其安全强度。在无线终端侧实现了用户证书的存储管理,从而实现了加解密、数据完整性保护等各方面的功能,验证了基于SSL握手协议的鉴权认证方式是可行的。
In 3G, system implementation Authentication and Key Agreement (AKA), mobile platform and service network are authenticated in two-way. The encryption key (CK) and integrity key (IK) is produced after their identities are affirmed. The stage of security authentication of 3G is its defects. A authentication mechanism implementing PKI based SSL is put forward (to be pertinent to the defects mentioned above). In this project, PKI components-Certificates Authority (CA) and Register Authority (RA) is added into the current network of 3G which will be responsible for verifying, issuing and recovery the certification. Due to the weaker computing ability of the wireless device, a new certificate format-WTLS is defined and the Short Lived Certificate (SLC) as the method of verify certification period of validity. The project can run parallel with 3G current security model. It can be attached to the current security scheme as a choice module to enhance 3G security. A program on mobile communication device with complete function of encrypting, de-encrypting and keeping integrity of data is realized. In summary, the project of authentication mechanism implementing PKI based SSL is feasible.
出处
《中国铁道科学》
EI
CAS
CSCD
北大核心
2005年第6期126-130,共5页
China Railway Science
关键词
3G网络
网络安全
公钥安全体系
安全套接层协议
鉴权认证
3G network
Network security
Public Key Infrastructure
Security Socket Layer
Authentication and Key Agreement
