摘要
由于移动网络环境中,移动信道具有开放、广播的特性,而且移动设备在存储、计算方面资源有限,所以,移动网络的通信数据缺少有效的保护。国内外专家学者设计出大量移动网络中的身份认证与密钥协商协议,解决身份鉴别问题的同时为后续数据的传输建立安全信道。但是,通过研究发现,这类协议大多存在安全缺陷。本文基于Dolev-Yao安全模型,对移动网络环境下的两个具有代表性的匿名身份认证协议进行安全分析,并给出协议产生安全缺陷的原因与改进思路。
In mobile networks,an effective protection for communication data lacks,due to the open and broadcast characteristics of the mobile channel and limited storage and computation resources of the mobile devices.Researchers designed many identity authentication and key agreement protocols for mo⁃bile networks,to address the problem of identity authentication as well as to establish secure channels for subsequent data transmission.However,studies indicate that some security vulnerabilities occur in most of these protocols.Based on the Dolev⁃Yao security model,security analysis of two typical ano⁃nymity identity authentication protocols in mobile networks is performed in this paper,and the causes of the security vulnerabilities and improving ideas are also presented.
作者
王雄
胡宏博
滕源
WANG Xiong;HU Hongbo;TENG Yuan(Department of Cyber Security,Beijing Electronic Science and Technology Institute,Beijing 100070,P.R.China)
出处
《北京电子科技学院学报》
2023年第3期16-26,共11页
Journal of Beijing Electronic Science And Technology Institute
基金
中央高校基本科研业务费资金资助(3282023052)。
关键词
身份认证
移动网络
漫游服务
用户匿名
identity authentication
mobile network
roaming service
user anonymity
