Study On Key Security Techniques Of Mobile Communication Network Oriented To Convergence

More external interfaces are provided by mobile communication network in the framework of fixed mobile convergence (FMC), which has the characteristics of sufficient opening. The insecurity factors of mobile system completely exposed as major security threats. At the same time, a number of security threats and vulnerabilities in fixed network have been inherited into mobile communication network for the introduced of all-IP technology. In general, security threats faced by mobile communication network become more complicated and various.The existing security technologies of mobile network can not cope with the challenges of convergence, security technology of IP network is not quite fit the resource-constrained mobile network. The security threats of mobile network in convergence environment are unique and complex. Therefore, it has important theoretical and practical meaning to research appropriate security technologies and solutions for mobile network.The technologies of trusted computing and next steps in signaling are studied firstly. On analyzing security threats of terminals, radio access network and core network in converged network, trusted computing and NSIS based security protection for converged network is proposed. A number of important conclusions and results are obtained, which including.(1) The formal analysis methods of trusted computing modelsFormal analysis method for the emotional trust based on fuzzy set, formal analysis methods for the rational trust based on predicate logic and condition predicate logic were proposed after comprehensively studying the technologies of trusted computing. Trusted computing models were analyzed with the proposed methods. Analyzing results show that trusted computing system can be precisely, correctively analyzed and the vulnerabilities can be found with the proposed formal analysis methods. The effective way is provided for formalizing trusted computing with the proposed methods.(2)Secure schemes of mobile terminal and radio access network based on trusted computingThe schemes that trusted mobile terminal and trusted access are proposed based on trusted computing. With the proposed schemes, not only the authentication of mobile user and network is concerned about, but the health status of mobile platforms is verified. The insecure terminals were prevented form accessing UMTS network, which can protect network security from the source. New solution to security problems in convergence network is provided with the introduction of trusted computing.(3) Designing, validating the NSIS based application signaling protocol for access control and network managementSignaling protocols for access control and network management are proposed respectively based on the NSIS technology, and logic correctness and performance of the protocols are analyzed. The results show that the introduction of NSIS signaling mechanism in convergence network can ensure the security and reliability of the signaling information transmission, which provides new ideas and methods of network control and management in convergence network. New solution to security problem in convergence network is proposed with the introduction of trusted computing.(4) NSIS based dynamic defensive system in 3G core networkNSIS based dynamic defensive system in UMTS core network are proposed. Technologies of multi-source information integration and cluster analysis are taken in defensive system, and attacks against core network are detected and prevented real time with NSIS control signaling protocol. The problems of existed linkage protocols are resolved based on NSIS signaling mechanism introduced, and signaling information is transported securely and reliably. The attacks to core network are effectively resisted.This research is partly supported by the national science funds of China under Grant Nos. 60602061, and the National High-Tech Research and Development Plan of China under Grant Nos.2006AA01Z413. The work and conclusions have been applied to the actual prototype system and product development.