| With the development of mobile communication technology, mobile communication system provides us more and more new business. While those new business enriched our life, the security of the network was an emerged problem. More and more attacks destroy the information security transfer and legal usage of the network resource, after false base station attack fashion.In order to prevent attacks from network,3G make use of the Authentication and Key Agreement (AKA) protocol as security measures in access domain. They can give a security protection for mobile communication networks. Basing on the vulnerability researches in the 2G, AKA protocol is security criterion put forward by international mobile communication organization 3GPP (The Third Generation Partnership Project), which aim at the security demands on access domain in 3G. Employing on challenge-response mechanism, AKA accomplishs the identity authentication between use and servers. At the same time, basing on the identity authentication AKA negotiates about the communication encryption key. In defending attacks, there are some approaches which can authenticate and encrypt the information. It is better to safeguard resources of mobile communication networks. However, the protocol also has some weaknesses, and the research methods have localization. There are some more research demands on many aspects, such as protocol modeling, attacking modeling, improved scheme and validity.In this dissertation, it makes a deep study of the security architecture and Authentication and Key Agreement protocol in 3G system and has a detailed analysis on the vulnerability of the AKA protocol. In the aspects of AKA protocol models, the AKA protocol attacking models, attacking models validation and the improved scheme on AKA protocol, the dissertation puts forward some new designs and implements. The productions of the paper will provide the academic base to construct a relative secure 3G network in access domain. The main work of the paper is as follows:1. In the aspect of 3G security protocol, the dissertation thoroughly analyzes the security architecture in 3G, security mechanism of AKA protocol and authenticating process of the AKA protocol, and points out the weaknesses of the existed AKA protocol. In the aspect of protocol analysis, deeply analyzes the SVO logic formal analysis method.2. In the aspect of protocol model, the dissertation establishs an AKA protocol state machine using the automata theory, which standardized the implementation of the AKA process. The dissertation offers the modeling of the AKA participants, which formally describes the functions, behavior of the participants, authentication information of the AKA scattered in the protocol. This is a basement in security analysis of AKA protocol.3. In the aspect of attacking modeling, basing on the analysis of the protocol authentication process, the dissertation puts forward the Man-in-the-Middle DoS attack models, which aims at the existed weaknesses in AKA authentication process. From attacking point, the dissertation analyzes the security threats in the wireless and wired domain. The attacking models cover with wired and wireless domain, which own universality. Basing on theory, it can help us to analyze the weaknesses in AKA protocol.4. In the aspect of the model validity, in the light of the AKA protocol state model, the dissertation validates the validity of the Man-in-the-Middle DoS attack models in this dissertation. It can help us to improve the security mechanism in AKA protocol.5. In the aspect of improved scheme and validity attest, aiming at the existed threats in AKA authentication process, the dissertation puts forward an improved authentication scheme basing on random number, encryption mechanism and signature mechanism. In the same time, the dissertation validates the improved scheme basing on SVO logic, which proved the high security of the scheme. It can theoretically support us to construct a relative secure access domain in 3G.
|
PDF Full Text Request