移动网络环境下可控匿名漫游认证方案

An Anonymous Roaming Authentication Scheme for Mobile Network

随着移动通信技术的快速发展,移动终端的漫游接入、用户隐私保护等问题日益突出,面向移动网络的匿名漫游认证方案相继被提出.其中,部分方案通过生成临时身份代替真实身份的方法实现用户身份匿名性,并通过更新认证身份的方法防止攻击者跟踪;部分方案将漫游认证信息交由家乡认证服务器验证的方式实现移动终端的身份确认.上述方案普通存在认证效率低或认证时延长的问题.鉴于此,基于代理签名的思想,提出了一种移动网络匿名漫游认证方案.利用家乡认证服务器的代理授权,移动终端生成代理签名信息,外地认证服务器通过认证代理签名信息可直接完成对移动终端身份的合法性验证.分析表明,该方案实现了移动终端的匿名性、不可否认性、无关联性、抗伪造攻击等安全功能,同时,与既有方案相比降低了移动终端的计算负载和通信时延.

With the widespread use of mobile devices,issues like roaming authentication and identification privacy become increasingly prominent.Many anonymous authentication protocols have been proposed in recent years.Among them,some schemes depend on a temporary identity instead of real identity and prevent attackers from tracking by updating authentication identities.Other schemes verify the identity of mobile terminals with the help of home server.However,these schemes generally have the problem of low authentication efficiency or increased authentication delay.In view of this,an anonymous roaming authentication scheme is proposed based on the idea of proxy signature.Mobile terminal generates proxy signature information by using the proxy authorization of the home server.Remote authentication servers can directly verify the identity of mobile terminals without the help of home server.Analysis shows that this scheme achieves security features such as anonymity of mobile terminal,non-repudiation,unlikability and resistance to forgery attacks,while also reducing the computational load of and communication delay for the mobile terminal compared to existing schemes.