| In recent years, as the growing of the technology and the evolution of the network, various wireless networks are gradually moving towards integration of complementary when at the same time compete with each other. It is the trend of the future wireless networks that providing a unified mobility management system to integrate these wireless network in order to provide ubiquitous network access services to the mobile users all the time. As the representative of mobile communication systems, the 3G mobile communication network can provide a good range of wide-area roaming, but it provides low data transfer rates and network bandwidth, and is expensive. As the most common wireless access technology, WLAN can provide a higher rate, is suitable to transmit large amounts of multimedia information, and is inexpensive, but the network coverage is small. The integration of 3G and WLAN can take full advantage of them, and provide users with better services.It is a very complicated system engineering to integrate 3G and WLAN network, needs to consider many key issues, one of which is security. In the network integrating 3G and WLAN, it is necessary to provide common authentication and billing mechanisms independent of the underlying wireless technology.In this dissertation, we studied anonymous authentication and undenial charging protocols in 3G-WLAN integrated networks, and several improvements to the standard proposed by 3GPP were put forward as follow.(1) An anonymous authentication protocol for WLAN Direct IP Access was proposed, which is based on proxy signature and the elliptic curve encryption, allows a pair of proxy signature keys to be shared among some mobile devices randomly, not only archives mutual authentication and master key agreement between user equipment and 3GPP AAA Server, distribution of the session master key between user and WLAN, but also addressing the security holes in the original protocol such as identity leak, DoS attacks and false AP attacks.(2) A new fast re-authentication protocol for WLAN Direct IP Access was proposed based on dual hash chains mechanism, which not only realizes the mutual authentication between user equipment and 3GPP AAA Server, the secure distribution of the session master key between user and WLAN, and anti-replay attack, but also achieves anti-DoS attack which can't be provided by the original protocol. To resolve the issue that the maximum times of re-authentication is limited to the length of hash chain, we proposed a simple algorithm for hash chain regeneration, compared to one-time-signature-based algorithm, the proposed algorithm greatly reduces the computational load and communication load.(3) An efficient WLAN 3GPP IP access authentication protocol was proposed, which makes full use of the result of WLAN direct IP access authentication to avoid the duplicated mutual authentication between UE and the 3GPP AAA Server, reduces the computational load and communication load. At the same time, as EAP-AKA procedure is omitted, the proposed protocol does not require authentication vectors from HSS/HLR, which reduces the workload of HSS/HLR.(4) A non-repudiation offline charging protocol was proposed based on hash chain, which settles the matter that the original off-line charging protocol can't resolve the billing dispute which would happen between the UE and WLAN or between the UE and the visited network. As the computing load or storage load will be high when the length of hash chain is long, we proposed an efficient hash chain traversal algorithm based on binary tree, and realized the complexity analysis. The analysis results show that, when the length of the hash chain is n, the auxiliary space that the proposed algorithm needs is |log2 n|+1, and the number of hash calculations that the proposed algorithm needs during traverse is not larger than n|log2 n|/2. Further more, the algorithm can reduce time complexity by increasing space complexity, visa verse.
|
PDF Full Text Request