移动网络接入认证的隐私保护研究

发布时间：2018-07-12 10:44

本文选题：移动安全 + 隐私保护　；参考：《北京交通大学》2014年博士论文

【摘要】：随着移动通信和计算机网络的飞速发展,移动的无处不在性逐渐成为现实,能够通过移动IP实现不同无线网络之间的无缝漫游,使人们可以随时随地接入网络。在移动网络蓬勃发展的同时,严峻的安全挑战也随之而来。接入认证为移动网络安全提供关键技术防线,其核心问题是确保用户安全地接入网络。然而受到密码学、无线开放性、移动注册等因素的影响,接入认证容易遭受各种类型的攻击。其中隐私攻击尤为突出,攻击者能从认证交互过程中获知用户身份等私密信息,与用户的隐私保护愿望相违背。因此,移动网络接入认证的隐私保护研究对保障移动网络的整体安全性具有重要意义。在移动网络接入认证中,签名有着广泛应用,是实现隐私保护的重要技术之一。在移动过程中,漫游认证方法是接入认证的主要实现形式,它的设计直接关系到隐私保护强度。同时移动IP为下一代移动网络提供全球性移动解决方案,其接入认证还涉及一个注册过程,这使得移动注册认证的隐私保护问题处于特殊地位。因此,本文研究了移动网络接入认证的隐私保护问题,主要包括签名算法、漫游认证及移动注册认证,主要研究成果和创新点如下： 1.提出了一种新的高效无证书聚合签名算法。签名是实现移动接入认证隐私保护的重要技术之一,而无证书聚合签名解决了证书开销和密钥托管问题,且能压缩多个签名为一个,进行高效验证,是一种可行的技术。基于共享状态信息机制,新算法无需进行信息交互,聚合签名只需2个群元素,聚合验证只需4个双线性对,并在普通安全模型下,基于计算性Diffie-Hellman难题证明了新算法的不可伪造性。对比分析表明新算法在传输效率和签名验证的计算性能上有明显优势。 2.提出一种新的高安全性无证书聚合签名算法。在支持超级签名查询的强安全模型下,证明了新算法的不可伪造性,也证明了该算法的高安全性。对比分析表明新算法牺牲一定计算性能以达到了更高的安全强度,可以满足高安全需求的应用场景。 3.给出了一种统一的隐私保护漫游认证方法,这个方法是基于无证书聚合签名实现的。新方法在实际认证过程中只需要移动节点和接入服务器,具有统一性的特点,简化了传统的三方认证。新方法满足强隐私安全性,尤其是通过预装载别名保证了用户隐匿性和不可追踪性以及通过颁发部分私钥解决了密钥托管问题,并采用协议组合逻辑对新方法安全性进行了形式化证明,对比分析表明新方法具有更多的安全属性,提供更高的安全级。新方法设计了一种聚合验证机制,使服务器能够批验证多个签名,提高了认证效率,对比分析表明新方法支持较低的计算和通信开销。 4.提出了一种隐私保护注册认证方法,这种方法基于本地验证撤销群签名技术,能够进行撤销或非撤销用户的差别移动注册认证。首先,新方法主要应用于移动IP,可以同时满足认证、多种攻击抵御、用户隐匿、动态撤销等隐私保护需求,并基于协议组合逻辑进行了形式化证明,对比分析表明新方法支持更强的安全性。新方法设计了并发机制,使用户认证和移动注册并发执行,提高了通信效率。其次,除了移动IP,新方法也可以应用于其它有连接的网络,尤其是向量网,能够在移动时,预先建立注册路径,提前传递认证参数,进一步提高注册认证效率。
[Abstract]:With the rapid development of mobile communication and computer network, the ubiquity of mobile is becoming a reality. It can realize seamless roaming between different wireless networks through mobile IP, so that people can access the network anytime and anywhere. While the mobile network is booming, the severe security challenge is followed. The access authentication is a mobile network. The key problem of the network security is to ensure the security of the network. However, the access authentication is vulnerable to various types of attacks, such as cryptology, wireless openness, and mobile registration. The privacy attacks are particularly prominent, and the attacker can learn the privacy of the user from the authentication interaction. Interest is contrary to the user's desire for privacy protection. Therefore, the study of privacy protection for mobile network access authentication is of great significance for ensuring the overall security of the mobile network.
In mobile network access authentication, the signature is widely used, it is one of the important technologies to realize privacy protection. In the mobile process, the roaming authentication method is the main realization form of the access authentication. Its design is directly related to the privacy protection intensity. At the same time, mobile IP provides a global mobile solution for the next generation mobile network, which is connected to the next generation mobile network Authentication also involves a registration process, which makes the privacy protection of mobile registration authentication in a special position. Therefore, this paper studies the privacy protection of mobile network access authentication, mainly including signature algorithm, roaming authentication and mobile registration authentication, the main research results and innovation points are as follows:
1. a new efficient certificateless aggregation signature algorithm is proposed. Signature is one of the important technologies for realizing privacy protection of mobile access authentication, and certificate free aggregation signature solves certificate overhead and key escrow problem, and it can compress multiple signatures as one and perform efficient verification. It is a feasible technique based on shared state information mechanism. The new algorithm needs no information interaction, the aggregation signature only needs 2 group elements, the aggregation verification only needs 4 bilinear pairs, and under the common security model, the unforgability of the new algorithm is proved based on the computational Diffie-Hellman problem. The comparative analysis shows that the new algorithm has obvious advantages in the transmission efficiency and the signature verification performance.
2. a new high security certificateless aggregation signature algorithm is proposed. Under the strong security model supporting the super signature query, the new algorithm is proved to be non forgery, and the high security of the algorithm is proved. The contrast analysis shows that the new algorithm can achieve higher security strength at the expense of certain computing performance and can meet the high security requirements. Application scene.
3. a unified privacy protection roaming authentication method is presented. This method is based on the certificate free aggregation signature. The new method only needs mobile node and access server in the actual authentication process. It has the characteristics of unity and simplifies the traditional three party authentication. The new method satisfies the strong privacy security, especially by preloading the load. The name guarantees the user's concealment and untraceability and solves the key trusteeship problem by issuing some private keys, and uses the protocol combination logic to formally prove the security of the new method. The contrast analysis shows that the new method has more security properties and provides higher security level. It enables the server to batch verify multiple signatures and improve the authentication efficiency. Comparative analysis shows that the new method supports lower computation and communication overhead.
4. a new method of privacy protection registration authentication is proposed. This method is based on local verification of revocation of group signature technology and can carry out revocation or non revoking users' differential mobile registration authentication. First, the new method is mainly applied to mobile IP, which can meet the requirements of privacy protection, such as authentication, multiple attacks, concealment, dynamic revocation and so on. A formal proof based on protocol combination logic is carried out, and the contrast analysis shows that the new method supports stronger security. The new method designs concurrent mechanism, uses user authentication and mobile registration to execute concurrent execution, and improves communication efficiency. Secondly, in addition to mobile IP, the new method can also be applied to other connected networks, especially vector networks. When moving, the registration path is pre established, and the authentication parameters are passed ahead of schedule to further improve the efficiency of registration and authentication.
【学位授予单位】：北京交通大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】