Security-Enhanced Research On 3G And The Design Of Authentication And Key Agreement Protocol

In this thesis, the security mechanism of 3GPP access network is deeply researched, and the authentication and key agreement protocol (3GPP-AKA) is emphatically analyzed. There are some deficiencies in the mechanism: the subscriber's permanent identity information is easy to be wiretapped, bidirectional authentication of identity is not complete, and the operation of sequence numbers is difficult, etc., so it cannot fulfil the security requirements of the special departments which require a very high-level confidentiality.To ensure the subscribers' access to the 3G network securer, the three-dimensional framework is presented, which is instructional to the design of cryptosystem of 3G, and the security-enhanced protocol of authentication and key agreement (SE-AKA) is designed, including four sub-protocols: Roaming full AKA, Roaming fast re-AKA, Non-Roaming full AKA and Non-Roaming fast re-AKA. Firstly, logic SVO is applied to formally describe the security requirements of protocol SE-AKA. And then, the key-establishment framework and the authentication framework of the protocol are researched, the top-layer abstract model of authentication and key agreement is ascertained. And the four sub-protocols of SE-AKA are designed respectively according to the model. Lastly, the most complicated sub-protocol (Roaming full AKA) is picked out and its security is formally analyzed based on logic SVO, and the security of SE-AKA is compared with that of 3GPP-AKA.The conclusion indicates that protocol SE-AKA can provide security services of identity secrecy, bidirectional authentication of identity, secure agreement of keys and non-repudiation service, etc., which are all superior to security of 3GPP-AKA, so that the access network of UMTS can defeat redirection attack and active attack. And the re-synchronization mechanism is eliminated, so that the harmness caused by the difficulty of sequence numbers' operation is avoided. These security functions fulfil the high-level security requirements of the special departments under the circumstance of the 3G network.