摘要
近几年来,以3G网络和WLAN为主要代表的无线网络技术取得了重大突破,3G网络能够在广域的范围内提供比较好的漫游服务,但其传输的数据速率以及网络带宽较小,而WLAN能够提供较高的数据传输速率而且价格较低,但其网络范围较小,因此,3G网络和WLAN两者融合具有很好的互补性,这是实现高速接入的一种比较高效的模式。因此3GPP组织针对3G网络与WLAN融合提出了一套互联方案,并为其设计了可扩展认证和密钥协商协议(EAP-AKA)。但是经过大量的的实践和研究发现,EAP-AKA协议存在一些安全缺陷,文章通过对EAP-AKA的协议过程和安全性进行分析,针对其安全缺陷,特别是用户身份会暴露而导致由于身份泄露引起的跟踪攻击,缺乏对无线局域网(WLAN)接入网络的认证以及明文传输会话密钥而导致WLAN失去通信过程中的机密性和完整性等,提出了一种通过对WLAN接入网络增设公钥以及采用匿名技术的改进方案,分别完成了对无线局域网接入网络的认证,避免了用户身份信息的暴露以及加密传输会话密钥,保证了为用户提供安全的网络服务。
In recent years, basing on 3G network and WLAN as the main representative of the wireless network technology which achieved a major breakthrough, 3G network can provide better roaming service in wide area, but the transmission data rate and network bandwidth is small, while the WLAN can provide higher data transmission speed and lower prices, but the network range is small, therefore, both 3G network and WLAN fusion can complement each other very well, which is to achieve a more efficient mode of high speed access. So the 3GPP puts forward a set of scheme for 3G based on WLAN neural network, and designs the Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA). But after a lot of practice and research findings, the EAP-AKA protocol has some security flaws and this paper analyzes the EAP-AKA protocol and security, and points out security flaws in protocol, which especially the user identity will be exposed leading to track attack caused by identity leakage and the lack of authentication of wireless local area network (WLAN) access network and plaintext transmission session key causes WLAN to lose communication process of confidentiality and integrity, which proposes a WLAN access network by adding a public key and an anonymous technology, completes on the WLAN access network authentication, and avoids exposure for the user identity information, and encrypts the session key to ensure to provide security for the user's network service.
出处
《信息网络安全》
2014年第7期53-56,共4页
Netinfo Security
基金
黑龙江省自然科学基金[F201229]
哈尔滨市科技创新人才研究专项基金[2012RFXXG086]
关键词
安全性
匿名技术
公钥
EAP-AKA
EAP-AKA
security
anonymous technology
public key