Research On Privacy Protection In Access Authentication For Mobile Networks

With the rapid development of mobile communication and computer network, ubiquitous mobility has become the reality. Seamless roaming can be deployed among different types of wireless networks via mobile IP. Then anyone can access network at any time and any place. However, security issues are challenging. Access authentication is the key security defense of mobile network. Its core issue is to make users securely access network. But due to cryptography technology, wireless openness, mobile registration, etc, access authentication is vulnerable to types of attacks. Especially, user privacy is a serious concern. Attackers can learn user secret information from mobile authentication exchanging process, which goes against privacy protection. Thus, it's significant to research privacy protection in access authentication for mobile network, which provides an important guarantee for overall mobile securities.Signature technology has been widely used in mobile network access authentication, which is important in privacy protection. Roaming authentication method is the main form of access authentication. Its design has direct relation with privacy security. Besides, mobile IP can provide global mobile solutions for the next generation mobile network. Its access authentication needs home registration. This makes mobile registration authentication in the important position. Thus, this dissertation focuses on the study of privacy protection in access authentication for mobile network, including signature algorithm, roaming authentication and mobile registration authentication. The main research points and innovations are outlined as follows:1. A new efficient certificateless aggregate signature (CLAS) algorithm is proposed. CLAS solves the issues of certificate overhead and key escrow and can aggregate multiple signatures to one, which has high feasibility. Based on the shared state information mechanism, the new algorithm only involves two group elements and four pairings in aggregate signature length and aggregate verification, respectively, without messages exchanged. Based on the normal security model, the new algorithm can be proven existentially unforgeable under the computational Diffie-Hellman problem. The comparison shows that it wins higher efficiency than the existing ones in transmission and computation.2. A new high security CLAS algorithm is proposed. Based on the strong security model with super sign queries supported, the new algorithm can be proven existentially unforgeable, which proves its high security. The comparison shows it achieves stronger security at some computing costs, which can be utilized in high security scenarios.3. A new universal privacy-preserving roaming authentication method based on CLAS is proposed. The new method only involves mobile node and access sever in the actual authentication process, which is universal. It can meet strong privacy security. Especially, user anonymity and untraceability can be realized by the pre-loaded alias. The key escrow problem can be solved by partial private key. A formal correctness proof based on Protocol Composition Logic (PCL) is provided. The comparing results show that the new method achieves higher security level. Also, a aggregate authentication mechanism is designed to make foreign server improve verifying efficiency. The comparison shows that the new method has low computations and communication costs.4. A new privacy-preserving registration authentication method based on verifier local revocation group signature is proposed, which can separate the registration authentication process of revoked and non-revoked users. First, the new method is mainly used in mobile IP. It can meet strong privacy protection, such as user anonymity, attack-resistances, etc. A formal correctness proof based on PCL is provided. The new method designs concurrency mechanism to separate home registration from user authentication, which can improve the efficiency. Secondly, the new method can be also used in other connection-oriented network (especially vector network). In this case, the new method can pre-established registration path to pass security parameters, which can further improve the method performance.