信息网络安全 ›› 2014, Vol. 14 ›› Issue (10): 24-30.doi: 10.3969/j.issn.1671-1122.2014.10.005

• 技术研究 • 上一篇    下一篇

3G-WLAN安全接入方案的研究与分析

苗俊峰1, 马春光1, 2, 黄予洛1, 李晓光1   

  1. 1.哈尔滨工程大学计算机科学与技术学院,黑龙江哈尔滨 150001;
    2.哈尔滨工程大学国家保密学院,黑龙江哈尔滨 150001
  • 收稿日期:2014-07-15 出版日期:2014-10-01
  • 作者简介:苗俊峰(1987-),男,河南,硕士研究生,主要研究方向:信息安全;马春光(1974-),男,黑龙江,教授,博士,主要研究方向:密码学、信息安全、传感网与物联网、网络编码;黄予洛(1989-),男,河南,硕士研究生,主要研究方向:信息安全、物联网隐私保护;李晓光(1988-),男,河南,硕士研究生,主要研究方向:网络与信息安全、移动应用安全。
  • 基金资助:
    黑龙江省自然科学基金[F201229]、哈尔滨市科技创新人才研究专项基金[2012RFXXG086]

Research and Analysis on 3G-WLAN Security Access Scheme

MIAO Jun-feng1, MA Chun-guang1, 2, HUANG Yu-luo1, LI Xiao-guang1   

  1. 1. College of Computer Science and Technology, Harbin Engineering University, Harbin Heilongjiang 150001, China;
    2 . College of National Secrecy, Harbin Engineering University, Harbin Heilongjiang 150001, China
  • Received:2014-07-15 Online:2014-10-01

摘要: 目前,3G和WLAN两种无线通信技术是最具代表性的技术,同时二者各自的优缺点使3G与WLAN融合网络成为备受业界和学术界关注的焦点。3G-WLAN网络融合可以充分利用两者的优点,优势互补,用户既可以享受3G网络中完善的漫游、鉴权以及计费机制,也可以享受WLAN的高速数据传输速率,这样用户不仅享受优质的网络服务,也使得网络资源利用最大化。但3G与WLAN融合网络需要同时应对来自两方的安全威胁。由于3G和WLAN网络安全威胁存在差异,因此对于各自的安全解决方案也存在很大差异,如何解决融合网络的安全威胁是亟待解决的问题。文章对802.11i和WAPI接入认证安全性和密钥协商灵活性进行了分析和研究,并总结出其各自的优缺点;针对3G-WLAN融合网络中EAP-AKA协议,分析了其存在的漏洞与不足,然后综合802.11i和WAPI安全协议的优势,文章提出了一种新的3G-WLAN安全接入方案EAP-WPI。新协议采用802.11i的EAP认证框架封装认证和WAPI的ECDH密钥协商算法,实现用户终端与后台认证服务器的认证交互以及高安全性的密钥协商,并在认证过程中采用无证书的公钥密码技术免除了部署PKI的负担,并对其进行安全性分析以及仿真测试,其结果表明文章提出的协议具有较高的安全性及执行效率。

关键词: 802.11i, WAPI, EAP认证, ECDH密钥协商

Abstract: At present, 3G and WLAN, two kinds of wireless communication technology is the most representative. But because of between the shortcomings and advantages, resulting in 3G and WLAN fusion network is being the focus of the industry and academia, but also one of the most attractive. 3G-WLAN network can make full use of their advantages, which are mutually complementary. Users can enjoy 3G network perfect roaming, authentication and accounting mechanism, also can enjoy high-speed data transmission rate in WLAN. So users not only to enjoy the service network quality, but also makes more use of cyber source. But 3G and WLAN fusion network also need to address security threats from two parties. Because of the difference of 3G and WLAN network security threats, their own safety solutions are also very different and how to solve the security threat fusion network is an urgent problem to be solved. This paper analyzed and studied the 802.11i and WAPI in the access security of authentication and key negotiation flexibility and draws their respective strengths. The 3G-WLAN fusion network EAP-AKA protocol analyze its loopholes and defects, then synthesize 802.11i and WAPI protocol security advantages, this paper proposes a new 3G-WLAN security access scheme of EAP-WPI. The new protocol uses EAP authentication framework package certification of 802.11i and ECDH key agreement algorithm of WAPI, to achieve the user terminal and the backend authentication server authentication interaction, highly secure key agreement, and the use of public key cryptography without certificates in the certification process from the deployment of the PKI burden and makes security analysis and simulation test, which show that the paper which has proposed the protocol has higher of the safety and efficiency.

Key words: 802.11i, WAPI, EAP authentication, ECDH key agreement

中图分类号: