[1]邢媛,蒋睿.基于串空间模型的UMTS AKA协议安全分析与改进[J].东南大学学报(自然科学版),2010,40(6):1163-1168.[doi:10.3969/j.issn.1001-0505.2010.06.007]
 Xing Yuan,Jiang Rui.Security analysis and improvement of UMTS AKA protocol based on strand space model[J].Journal of Southeast University (Natural Science Edition),2010,40(6):1163-1168.[doi:10.3969/j.issn.1001-0505.2010.06.007]
点击复制

基于串空间模型的UMTS AKA协议安全分析与改进()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
40
期数:
2010年第6期
页码:
1163-1168
栏目:
计算机科学与工程
出版日期:
2010-11-20

文章信息/Info

Title:
Security analysis and improvement of UMTS AKA protocol based on strand space model
作者:
邢媛 蒋睿
东南大学信息科学与工程学院,南京 210096
Author(s):
Xing Yuan Jiang Rui
School of Information Science and Engineering, Southeast University, Nanjing 210096, China
关键词:
AKA协议 认证 安全 UMTS 串空间模型 认证测试
Keywords:
authentication and key agreement(AKA)protocol authentication security universal mobile telecommunications system(UMTS) strand space model authentication test
分类号:
TP393
DOI:
10.3969/j.issn.1001-0505.2010.06.007
摘要:
通过分析Oh等设计的T-AKA协议,发现该协议无法实现网络对用户的正确认证及消息的新鲜性验证,并利用该安全漏洞构造出了伪冒用户的攻击方法.然后,在3GPP规范的基础上,在服务网络端引入公钥机制,提出了改进的认证与密钥协商协议.最后,应用串空间模型理论及认证测试方法,对改进协议的机密性和双向认证正确性进行了形式化证明.研究结果表明:改进协议能够保证消息的新鲜性和网络-用户间的双向认证,克服T-AKA协议中存在的伪冒用户攻击及其他重放、伪冒攻击,具有高的安全性; 协议设计中保留了3GPP规范的框架,避免了用户终端进行繁重的公钥运算,具有强的实用性.
Abstract:
The ticket based authentication and key agreement(T-AKA)protocol proposed by Oh et al is analyzed. Its weaknesses that the network cannot correctly authenticate subscribers and the freshness of the message is not guaranteed are pointed out, and an impersonation attack is given. Then, based on the specification of the third generation partnership project(3GPP), the public key mechanism is introduced at the service network end, and a new improved universal mobile telecommunications system(UMTS)AKA protocol is proposed and analyzed. Finally, the confidentiality and the mutual authentication of the proposed protocol are formally proved by the strand space model theory and the authentication test method. The results indicate that in the new protocol, the freshness checking of the message and the mutual authentication between the subscriber and the network can be guaranteed. The impersonation attack to the T-AKA protocol and other possible attacks can be overcome. In addition, the framework of the 3GPP original protocol is preserved and the heavy computation at the user end is avoided. Hence, the new protocol is of high security and strong practicability.

参考文献/References:

[1] ETSI.GSM technical specification-GSM 02.09 security aspects(version 3.1.0)[EB/OL].(1995-01-01)[2010-03-10].http://www.3gpp.org/ftp/Specs/archive/02-series/02.09/0209-310.zip.
[2] 3GPP.3rd generation partnership project; technical specification group services and system aspects; 3G security; security architecture [EB/OL].(2009-12-18)[2010-03-10].http://www.3gpp.org/ftp/Specs/archive/33-series/33.102/33102-910.zip.
[3] 蒋睿,李建华,潘理.基于串空间模型的3GPP认证密钥交换协议分析 [J].上海交通大学学报,2006,40(5):791-795.
  Jiang Rui,Li Jianhua,Pan Li.Formal analysis of 3GPP authentication and key agreement based on the strand space model[J].Journal of Shanghai Jiaotong University,2006,40(5):791-795.(in Chinese)
[4] Zheng Xiankun,Liu Changjiang.An improved authentication and key agreement protocol of 3G [C] //International Workshop on Education Technology and Computer Science.Wuhan,China,2009:733-737.
[5] Al-Saraireh J,Yousef S.A new authentication protocol for UMTS mobile networks [C] //Proceedings of the 17th IASTED International Conference on Modelling and Simulation.Montreal,Canada,2006:128-133.
[6] Deng Yaping,Fu Hong,Xie Xianzhong,et al.A novel 3GPP SAE authentication and key agreement protocol [C] //Proceedings of the 2009 IEEE International Conference on Network Infrastructure and Digital Content.Beijing,China,2009:557-561.
[7] Huang Chungming,Li Jianwei.Authentication and key agreement protocol for UMTS with low bandwidth consumption [C] //Proceedings of the 19th International Conference on Advanced Information Networking and Applications.Washington DC,USA,2005:392-397.
[8] Oh K K,Lee T Y,Nam C S,et al.Strong authentication and key agreement protocol in UMTS [C] //Proceedings of the Fifth International Joint Conference on INC,IMS and IDC.Seoul,Korea,2009:917-920.
[9] Fábrega J T,Jonathan C H,Joshua D G.Strand spaces:proving security protocols correct [J].Journal of Computer Security,1999,7(2/3):191-230.
[10] Joshua D G,Fábrega J T.Authentication tests [C] //Proceedings of the 2000 IEEE Symposium on Security and Privacy.Berkeley,California,USA,2000:96-109.

相似文献/References:

[1]宋宇波,陈开志,姚冰心.基于自我加密的无线局域网快速切换认证[J].东南大学学报(自然科学版),2007,37(6):945.[doi:10.3969/j.issn.1001-0505.2007.06.001]
 Song Yubo,Chen Kaizhi,Yao Bingxin.Fast handoff authentication scheme of WLAN based on self-encryption[J].Journal of Southeast University (Natural Science Edition),2007,37(6):945.[doi:10.3969/j.issn.1001-0505.2007.06.001]

备注/Memo

备注/Memo:
作者简介: 邢媛(1989—),女,硕士生; 蒋睿(联系人),男,博士,副教授,R.Jiang@seu.edu.cn.
基金项目: 国家自然科学基金资助项目(60902008)、常州市高技术研究重点实验室开放课题资助项目(CM20103003).
引文格式: 邢媛,蒋睿.基于串空间模型的UMTS AKA协议安全分析与改进[J].东南大学学报:自然科学版,2010,40(6):1163-1168. [doi:10.3969/j.issn.1001-0505.2010.06.007]
更新日期/Last Update: 2010-11-20