Research and Analysis on 3G-WLAN Security Access Scheme

doi:10.3969/j.issn.1671-1122.2014.10.005

Abstract

Abstract: At present, 3G and WLAN, two kinds of wireless communication technology is the most representative. But because of between the shortcomings and advantages, resulting in 3G and WLAN fusion network is being the focus of the industry and academia, but also one of the most attractive. 3G-WLAN network can make full use of their advantages, which are mutually complementary. Users can enjoy 3G network perfect roaming, authentication and accounting mechanism, also can enjoy high-speed data transmission rate in WLAN. So users not only to enjoy the service network quality, but also makes more use of cyber source. But 3G and WLAN fusion network also need to address security threats from two parties. Because of the difference of 3G and WLAN network security threats, their own safety solutions are also very different and how to solve the security threat fusion network is an urgent problem to be solved. This paper analyzed and studied the 802.11i and WAPI in the access security of authentication and key negotiation flexibility and draws their respective strengths. The 3G-WLAN fusion network EAP-AKA protocol analyze its loopholes and defects, then synthesize 802.11i and WAPI protocol security advantages, this paper proposes a new 3G-WLAN security access scheme of EAP-WPI. The new protocol uses EAP authentication framework package certification of 802.11i and ECDH key agreement algorithm of WAPI, to achieve the user terminal and the backend authentication server authentication interaction, highly secure key agreement, and the use of public key cryptography without certificates in the certification process from the deployment of the PKI burden and makes security analysis and simulation test, which show that the paper which has proposed the protocol has higher of the safety and efficiency.

Key words: 802.11i, WAPI, EAP authentication, ECDH key agreement

CLC Number:

TP309

MIAO Jun-feng, MA Chun-guang, HUANG Yu-luo, LI Xiao-guang. Research and Analysis on 3G-WLAN Security Access Scheme[J]. 信息网络安全, 2014, 14(10): 24-30.

References

[1] 张帆,马建峰. WAPI认证机制的性能和安全性分析[J]. 西安电子科技大学学报,2005,32（2）：210-215.
[2] Ferrus R, Sallent O, Agusti R. Interworking in heterogeneous wireless networks: comprehensive framework and future trends[J]. Wireless Communications, IEEE, 2010, 17(2): 22-31.
[3] Hwang M S, Chong S K, Ou H H. On the security of an enhanced UMTS authentication and key agreement protocol[J]. European Transactions on Telecommunications, 2011, 22(3): 99-112.
[4] 3GPP.TS 33.234 Wireless Local Network(WLAN) Interworking Security[S]. Valbonne: 3GPP,2005.
[5] Tseng Y M. GPRS/UMTS-aided authentication protocol for wireless LANs[J]. IEE Proceedings-Communications, 2006, 153(6): 810-817.
[6] 李亚晖,杨卫东,马建峰. 一种高效的3G-WLAN互联网络认证协议[J]. 西安电子科技大学学报,2008,35（3）：464-468.
[7] Ntantogian C, Xenakis C. One-pass EAP-AKA authentication in 3G-WLAN integrated networks[J]. Wireless personal communications, 2009, 48(04): 569-584.
[8] 王赜,刘文菊,柯永振. 3G用户在WLANs间的快速认证方法[J]. 计算机工程,2010,36（10）：170-172.
[9] 刘云,范科峰,张素兵,等. 一种改进的WLAN-3G融合网络认证协议[J]. 电子学报,2010,38（02）：399-404.
[10] Dankers J, Garefalakis T, Schaffelhofer R, et al. Public key infrastructure in mobile systems[J]. Electronics & Communication engineering journal, 2002, 14(5): 180-190.
[11] Al-Riyami S S, Paterson K G. Certificateless public key cryptography[C]//Advances in Cryptology-ASIACRYPT 2003. Springer Berlin Heidelberg, 2003: 452-473.
[12] 朱彦军,王斌君. 基于3G网络的多VPN通道系统设计与实现[J]. 信息网络安全,2012,（6）：72-75.
[13] 李剑. 基于Mobile IPv6的3G-WLAN网络切换策略研究[J]. 大众科技,2012,14（6）：73-75.
[14] 郑园,蒋天发. 一种基于3G网络端到端加密的新型密钥管理方案研究[J]. 信息网络安全,2011,（5）：58-60.
[15] 沈雷. 基于EAP-TTLS的3G-WLAN融合网络认证方法[J]. 电子科技,2011,24（3）：108-111.
[16] 许子先,陈燕. WLAN无线接入设备安全研究[J]. 信息网络安全,2013,（4）：53-55.
[17] 黄波. 基于链路层的WLAN加密与认证安全研究[J]. 信息网络安全,2012,（6）：47-50.
[18] 何清林,武传坤. 3G-WLAN互联网络中一种新的快速重认证方案[J]. 计算机应用研究,2008,25（4）：1123-1126.
[19] 史永贺,刘焕淋. 基于3G/WLAN交互网络的认证方法改进[J]. 信息网络安全,2008,（8）：43-46.