摘要
通过分析Oh等设计的T-AKA协议,发现该协议无法实现网络对用户的正确认证及消息的新鲜性验证,并利用该安全漏洞构造出了伪冒用户的攻击方法.然后,在3GPP规范的基础上,在服务网络端引入公钥机制,提出了改进的认证与密钥协商协议.最后,应用串空间模型理论及认证测试方法,对改进协议的机密性和双向认证正确性进行了形式化证明.研究结果表明:改进协议能够保证消息的新鲜性和网络-用户间的双向认证,克服T-AKA协议中存在的伪冒用户攻击及其他重放、伪冒攻击,具有高的安全性;协议设计中保留了3GPP规范的框架,避免了用户终端进行繁重的公钥运算,具有强的实用性.
The ticket based authentication and key agreement(T-AKA) protocol proposed by Oh et al is analyzed.Its weaknesses that the network cannot correctly authenticate subscribers and the freshness of the message is not guaranteed are pointed out,and an impersonation attack is given.Then,based on the specification of the third generation partnership project(3GPP),the public key mechanism is introduced at the service network end,and a new improved universal mobile telecommunications system(UMTS) AKA protocol is proposed and analyzed.Finally,the confidentiality and the mutual authentication of the proposed protocol are formally proved by the strand space model theory and the authentication test method.The results indicate that in the new protocol,the freshness checking of the message and the mutual authentication between the subscriber and the network can be guaranteed.The impersonation attack to the T-AKA protocol and other possible attacks can be overcome.In addition,the framework of the 3GPP original protocol is preserved and the heavy computation at the user end is avoided.Hence,the new protocol is of high security and strong practicability.
出处
《东南大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2010年第6期1163-1168,共6页
Journal of Southeast University:Natural Science Edition
基金
国家自然科学基金资助项目(60902008)
常州市高技术研究重点实验室开放课题资助项目(CM20103003)
关键词
AKA协议
认证
安全
UMTS
串空间模型
认证测试
authentication and key agreement(AKA) protocol
authentication
security
universal mobile telecommunications system(UMTS)
strand space model
authentication test