Trusted Authentication In Wireless Networks

With the rapid development of wireless networks, new types of technology and application are constantly emerging, and the security of wireless networks becomes the focus. The openness of transmission media, the mobility of wireless terminals and the dynamic changing of topology make wireless networks more vulnerable to attacks. With trusted computing technology to enhance general security of mobile, computing terminals and existing wireless network security authentication frame-work, it becomes an effective and measurable solution to the problem of wireless network security. Trusted computing technology and its authentication method, which provide new ideas to solve the wireless network terminals certification and are able to give high reliability, high security, and high reliability authentication services, can facilitate the wide and convenient application of wireless mobile net-works. We make an in-depth research on the trusted authentication in wireless networks in this thesis, and the main contributions are as follows:1. Only user identity has been authenticated in most of the wireless authenti-cation protocols, which can cause potential risk because of the insecurity exiting of user platforms. Based on the trusted computing and remote attestation, a trusted and anonymous wireless authentication protocol was proposed by using temporary identities and one time secret keys, both of user identity and platform be authen-ticated in the proposed protocol. It has demonstrated that the proposed scheme is secure and reliable, it can provide identity anonymity and platform anonymity, with domain separation property and fair key agreement, computation costs and rounds of message exchange meet the demand of wireless IP networks security.2. Not only user identities but also the platforms need to be authenticated in wireless networks under trusted computing environment. Based on direct anony-mous attestation of trusted computing, a wireless anonymous authentication scheme is proposed, the platform of the mobile node was verified by the foreign agent and the identity of the mobile node user was authenticated by the home agent and the foreign agent together. By using temporary identities and one time secret keys, iden-tity anonymity and domain separation property are achieved. The analysis shows that our scheme is secure, reliable, and more efficient.3. The Direct Anonymous Attestation (DAA) scheme adopted by TCG in remote attestation is designed for single trusted domain. It can not be applied in wireless mobile networks due to wireless terminal mobility. Based on delegation of trusted relationship, a new cross-domain direct anonymous attestation scheme for wireless mobile networks is proposed. Proxy signature is used for delegation among domains, and the DAA method is used for mobile terminal authentication when roaming to another domain. The remote attestation system is security enhanced by key agreement. The authentication protocol is analyzed in CK model, and the results show that the protocol is provably secure. The further analysis shows that our proposal can resist reply attacks and platform masquerade attacks; the scheme is effective and suitable for the mobile trusted computing platforms.4. Only identities of the server and the user are authenticated in traditional smart cards based password authentication schemes, but whether the platform is trusted or not is not verified, and they cannot provide enough protection on personal information of users. A trusted mutual authentication scheme based on smart cards is proposed, in which hash functions are used to authenticate identities, and remote attestation is used to verify the platform. Analysis showed that our scheme can resist most of the possible attacks, is secure and efficient, and fulfills the designed security goals, such as session key agreement, user identity anonymity, passwords free changing, platform certification updating.