LTE网络中的端到端安全研究

发布时间：2018-01-30 11:09

本文关键词： 安全协议通用认证架构密钥协商端到端安全机器类型通信　出处：《西安电子科技大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着移动网络的发展，，建立在其上面的应用也越来越多，用户和应用服务器之间的安全更加受到关注，因此很多应用都需要在用户端和应用服务器之间实现端到端安全。GAA(Generic Authentication Architecture)架构提供了一种通用的鉴权机制，它定义了如何将蜂窝网络安全基础设施用来提供用户和服务器之间通用认证服务的标准，避免了为每一种服务都提供独有的认证，解决了不同用户和应用服务之间的双向认证问题。但是在应用服务器通信受限和MTC（Machine Type Communication）通信两种网络环境下，如果使用GAA认证，则会造成认证效率低下，认证时延增大。如果出现这种情况，将会使得服务质量无法得到保障。本文针对这两种通信环境分别提出了端到端方案，对于应用服务器通信受限下的研究，基于Needham-Schroeder协议的框架提出了改进的认证方案，解决了这种网络环境下的认证问题。对于MTC通信环境下的研究，将批量验证技术应用到MTC通信应用层上，缓解了MTC通信的认证信令拥塞问题。对两个方案的分析表明本文提出的方案性能良好，安全性达到了应用需求。上述方案不仅弥补了GAA认证在两种网络环境下的不足，而且缩短了认证时延，提高了认证效率。
[Abstract]:With the development of mobile network, more and more applications are built on it, and the security between users and application servers is more and more concerned. As a result, many applications need to implement end-to-end security between the client and the application server. Architecture provides a common authentication mechanism. It defines the standard of how to use cellular network security infrastructure to provide generic authentication services between users and servers, avoiding the provision of unique authentication for each service. Resolves bidirectional authentication between different users and application services. But in application server communication is limited and MTC(Machine Type communication). Communication in two network environments. If GAA authentication is used, the authentication efficiency will be low and the authentication delay will increase. If this happens, the quality of service will not be guaranteed. In this paper, end-to-end schemes are proposed for these two communication environments, and the application server communication constraints are studied. Based on the framework of Needham-Schroeder protocol, an improved authentication scheme is proposed to solve the authentication problem in this network environment. Batch verification technology is applied to MTC communication application layer to alleviate the problem of authentication signaling congestion in MTC communication. The analysis of the two schemes shows that the proposed scheme has good performance. The above scheme not only makes up for the deficiency of GAA authentication in two network environments but also shortens the authentication delay and improves the authentication efficiency.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】