期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于串空间模型的UMTS AKA协议安全分析与改进 被引量:2

Security analysis and improvement of UMTS AKA protocol based on strand space model
下载PDF
导出
摘要 通过分析Oh等设计的T-AKA协议,发现该协议无法实现网络对用户的正确认证及消息的新鲜性验证,并利用该安全漏洞构造出了伪冒用户的攻击方法.然后,在3GPP规范的基础上,在服务网络端引入公钥机制,提出了改进的认证与密钥协商协议.最后,应用串空间模型理论及认证测试方法,对改进协议的机密性和双向认证正确性进行了形式化证明.研究结果表明:改进协议能够保证消息的新鲜性和网络-用户间的双向认证,克服T-AKA协议中存在的伪冒用户攻击及其他重放、伪冒攻击,具有高的安全性;协议设计中保留了3GPP规范的框架,避免了用户终端进行繁重的公钥运算,具有强的实用性. The ticket based authentication and key agreement(T-AKA) protocol proposed by Oh et al is analyzed.Its weaknesses that the network cannot correctly authenticate subscribers and the freshness of the message is not guaranteed are pointed out,and an impersonation attack is given.Then,based on the specification of the third generation partnership project(3GPP),the public key mechanism is introduced at the service network end,and a new improved universal mobile telecommunications system(UMTS) AKA protocol is proposed and analyzed.Finally,the confidentiality and the mutual authentication of the proposed protocol are formally proved by the strand space model theory and the authentication test method.The results indicate that in the new protocol,the freshness checking of the message and the mutual authentication between the subscriber and the network can be guaranteed.The impersonation attack to the T-AKA protocol and other possible attacks can be overcome.In addition,the framework of the 3GPP original protocol is preserved and the heavy computation at the user end is avoided.Hence,the new protocol is of high security and strong practicability.
作者 邢媛 蒋睿
机构地区 东南大学信息科学与工程学院
出处 《东南大学学报(自然科学版)》 EI CAS CSCD 北大核心 2010年第6期1163-1168,共6页 Journal of Southeast University:Natural Science Edition
基金 国家自然科学基金资助项目(60902008) 常州市高技术研究重点实验室开放课题资助项目(CM20103003)
关键词 AKA协议 认证 安全 UMTS 串空间模型 认证测试 authentication and key agreement(AKA) protocol authentication security universal mobile telecommunications system(UMTS) strand space model authentication test
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1ETSI.GSM technical specification-GSM 02.09 security aspects (version 3.1.0)[EB/OL].(1995-01-01)[2010-03-10].http://www.3gpp.org/ftp/Specs/ar-chive/02 _ series/02.09/0209-310.zip.
  • 23GPP.3rd generation partnership project; technical specification group services and system aspects:3G security; security architecture[EB/OL].(2009-12-18)[2010-03-10].http://www.3gpp.org/ftp/Specs/archive/33 _ series/33.102/33102-910.zip.
  • 3蒋睿,李建华,潘理.基于串空间模型的3GPP认证密钥交换协议分析[J].上海交通大学学报,2006,40(5):791-795. 被引量:5
  • 4Zheng Xiankun,Liu Changjiang.An improved authentication and key agreement protocol of 3G[C] //International Workshop on Education Technology and Computer Science.Wuhan,China,2009.733-737.
  • 5Al-Saraireh J,Yousef S.A new authentication protocol for UMTS mobile networks[C] //Proceedings of the 17 th IASTED International Conference on Modelling and Simulation.Montreal,Canada,2006:128-133.
  • 6Deng Yaping,Fu Hong,Xie Xianzhong,et al.A novel 3 GPP SAE authentication and key agreement protocol[C] //Proceedings of the 2009 IEEE International Conference on Network Infrastructure and Digital Content.Beijing,China,2009:557-561.
  • 7Huang Chungming,Li Jianwei.Authentication and key agreement protocol for UMTS with low bandwidth consumption[C] //Proceedings of the 19th International Conference on Advanced Information Networking and Applications.Washington DC,USA,2005:392-397.
  • 8Oh K K,Lee T Y,Nam C S,et al.Strong authentication and key agreement protocol in UMTS[C] //Proceedings of the Fifth International Joint Conference on INC,IMS and IDC.Seoul,Korea,2009:917-920.
  • 9Fdbrega J T,Jonathan C H,Joshua D G.Strand spaces:proving security protocols correct[J].Journal of Computer Security,1999,7(2/3):191 -230.
  • 10Joshua D G,Fábrega J T.Authentication tests[C] //Proceedings of the 2000 IEEE Symposium on Security and Privacy.Berkeley,California,USA,2000:96-109.

二级参考文献9

  • 1ISO/IEC 9798-4, Information technology-security techniques-entity authentication Part 4: Mechanisms using a eryptographic check function[S].
  • 23G TS 33. 220, Third generation partnership project;Technical specification group services and system aspects: Generic aultentication architecture (GAA);Generic bootstrapping architecture, version 6.3.0,Release 6, 2004[S].
  • 33G TS 33.221, Third generation partnership project;Technical specification group services and system aspects; Generic authentication architecture (GAA);Support for subscriber certificates, version 6.2.0, Release 6, 2004 [S].
  • 43G TS 33.902, Third generation partnership project Technical specification group services and system aspeels; 3G security; Formal analysis of 3G authentication and key agreement protocol, version 4.0.0, Release 4, 2001[S].
  • 5Thayer Fabrega F J, Herzog J C, Guttman J D Strand spaces: Proving security protocols correct[J].Journal of Computer Security, 1999, 7 (2/3):191 -230.
  • 6Guttman J D, Thayer Fabrega F J. Authentication tests and the structure of bundles[J]. Theoretical Computer Science, 2002, 283(2): 333--380.
  • 7Guttman J D. Security protocol design via authentication tests [C]//Proceedings lgth IEEE Computer Security Foundations Workshop. Keltic Lodge, Canada:IEEE CS Press, 2002:55-66.
  • 8Zhang M X. Provably-secure enhancement on 3GPP authentication and key agreement protocol[EB/OL].http ://eprint. iacr. org/2003/092, 2005-04-20.
  • 93G TS35.205, 3G Security: Specification of the MILENAGE set: An example algorithm set for the 3GPP authentication and key generation functions f1,f1^* , f2, f3, f4, f5, and f5^* , version 3.0.0, Release'99, 2001[S].

共引文献4

同被引文献25

  • 1Chan H, Perrig A, Song D. Random key predistribution schemes for sensor networks [ C ]//Proceeding of the 2003 IEEE Symposium on Security and Privacy. Berkeley, CA, USA, 2003: 197-213.
  • 2Perrig A, Szewczyk R, Wen V, et al. SPINS: security protocols for sensor networks I J ]- Wireless Networks Journal, 2002, 8(5) : 521 -534.
  • 3Zhu S, Setia S, Jajodia S. LEAP + : efficient security mechanisms for large-scale distributed sensor networks [ J]. ACM Transactions on Sensor Networks, 2006, 2 (4) : 500-528.
  • 4Deng J, Han R, Mishra S. INSENS : intrusion-tolerant routing in wireless sensor networks [ J ]. Computer Com- munications, 2006, 29(2): 216-230.
  • 5Lazos L, Poovendran R. SeRLoc: secure range-inde- pendent localization for wireless sensor networks [ C ]// Proceedings of the 4th International Symposium on In- formation Processing in Sensor Networks. Los Angeles,CA, USA, 2005:21 -30.
  • 6Chan H, Perdg A, Przydatek B. SIA: secure informa- tion aggregation in sensor networks [ J ]. Journal of Computer Security, 2007, 15( 1 ) : 69 - 102.
  • 7Hannotin X, Maggi P, Sisto R. Formal specification and verification of mobile agent data integrity proper- ties: a case studyl C]//Proceedings of the 5th Interna- tional Conference on Mobile Agents. Atlanta, GA, USA, 2001:42-53.
  • 8Dojen R, Lasc I, Coffey T. Establishing and fixing a freshness flaw in a key-distribution and authentication protocol [ C ]//IEEE the 4th International Conference on Intelligent Computer Communication and Process- ing. 2008. Cluj-Napoca, Romania, 2008:185 - 192.
  • 9Novotny M. Formal analysis of security protocols for wireless sensor network [ J ]. Tatra Moutains Mathe- matical Publications, 2010, 47( 1 ) : 81 -97.
  • 10Long B W, Fidge C J. Formally analyzing a security protocol for replay attacks [ C ]//Proceedings of the Australian Software Engineering Conference. Sydney, Australia, 2006 : 171 - 180.

引证文献2

二级引证文献2

东南大学学报(自然科学版)
2010年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部