基于TD-LTE集群通信系统的鉴权加密机制研究

发布时间：2018-03-10 22:53

本文选题：TD-LTE　切入点：集群　出处：《哈尔滨工业大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着我国城市化程度越来越高,城市在公共事务方面的管理,特别是对突发事件处理能力的要求也变得越来越高,专用的数字集群系统在协助各部门处理公共事务方面能够起到很重要的作用。基于TD-LTE公网建立的宽带集群通信系统具有成本低、带宽大、安全性高、业务覆盖范围广等特点,能够更好的满足政府和其它企事业单位的通信需求,因此具备了广泛的应用前景。由于集群通信系统的安全等级要求较高,公网现在的鉴权加密机制不能满足宽带集群通信系统中的安全要求。所以本文致力于对宽带集群通信系统的鉴权加密机制的研究。针对系统结构的需求,本文首先针对现有加密算法在安全性和复杂度上的不足,提出了采用高级加密算法祖冲之(ZUC)算法来获取鉴权所需的密钥流,并采用加密算法(128-EEA3)和完整性保护算法(128-EIA3)对通信数据的安全性和完整性进行保护,实验结果表明了其加密性能的优越性。其次,为了使宽带集群通信系统的密钥衍生机制更加复杂和多样化,本文将ZUC算法加入到密钥衍生机制中,跟公网相比本文提出的密钥衍生机制中增加了4种加密算法选择组合,并且最大计算消耗与公网最大计算消耗相比增加69%,大大提高了系统的安全性。针对集群通信系统中用户存在不同安全等级,本文改进了初始密钥的处理方式,实现了基于用户安全等级的初始密钥生成机制,能够为不同等级用户提供安全性和复杂度相适应的密钥。最后,由于公网的安全机制不能直接运用在集群脱网模式中,为了保障宽带集群通信系统在脱网模式的安全通信,以前面的研究内容为基础,本文提出了一种脱网直通模式下的鉴权机制,通过用户之间的相互认证,实现了在直通模式情况用户之间的安全通信。论文对TD-LTE公网背景下,假设虚拟集群专网的特殊结构和需求进行分析,从鉴权机制、信息加密、密钥衍生等多个角度提升系统的安全性能,实现了密钥等级和加密算法的多样化,并且给出了系统故障脱网时的参考工作机制,对于完善系统的加密鉴权机制。本文的研究成果对于提升系统的密钥等级和加密算法多样化,保障系统的安全运行,有较强的理论意义和实用价值。
[Abstract]:With the increasing degree of urbanization in China, the management of urban public affairs, especially the ability to deal with emergencies, has become more and more demanding. The dedicated digital trunking system can play a very important role in assisting all departments to deal with public affairs. The broadband trunking communication system based on TD-LTE public network has the characteristics of low cost, large bandwidth, high security, wide service coverage and so on. It can better meet the communication needs of the government and other enterprises and institutions, so it has a broad application prospect. The authentication encryption mechanism of public network can not meet the security requirements of broadband trunking communication system. Therefore, this paper is devoted to the research of authentication encryption mechanism in broadband trunking communication system. In this paper, aiming at the shortage of security and complexity of the existing encryption algorithms, this paper proposes an advanced encryption algorithm Zu Chongzhi ZUC-based algorithm to obtain the key stream required for authentication. The encryption algorithm (128-EEA3) and the integrity protection algorithm (128-EIA3) are used to protect the security and integrity of the communication data. The experimental results show the superiority of the encryption performance. In order to make the key derivation mechanism of wideband trunking communication system more complex and diversified, this paper adds ZUC algorithm to the key derivation mechanism. Compared with the public network, four encryption algorithms are added to the key derivative mechanism proposed in this paper. Compared with the maximum computing consumption of the public network, the maximum computing consumption increases 69%, which greatly improves the security of the system. In view of the different security levels of users in the trunking communication system, this paper improves the processing method of the initial key. An initial key generation mechanism based on user security level is implemented, which can provide security and complexity appropriate keys for users of different levels. Finally, the security mechanism of public network can not be directly used in the cluster delamination mode. In order to ensure the secure communication of the broadband trunking communication system in the off-network mode, based on the previous research content, this paper proposes an authentication mechanism under the de-netted pass-through mode, which can authenticate each other among users. Under the background of TD-LTE public network, this paper analyzes the special structure and requirements of virtual cluster private network, from the authentication mechanism, information encryption, Key derivation improves the security performance of the system, realizes the diversification of key levels and encryption algorithms, and gives the reference working mechanism when the system is disconnected from the network. For improving the encryption authentication mechanism of the system, the research results of this paper have strong theoretical significance and practical value to improve the system key level and encryption algorithm diversification, to ensure the system safe operation.
【学位授予单位】：哈尔滨工业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN929.52;TN918.4

【参考文献】