Research On A New Authentication Protocol WCAP For Wireless Communication Network Based On WiMAX

Along with the rapid development of the Internet and mobilecommunication technology, wireless communication Internet is increasinglydrawing people's attention. It enables global network infrastructure to beachieved at any time, anywhere and seamlessly access, which hasfundamentally changed the face of the global communication industry. Atpresent, it is the research hotspot of wireless communication technology toexpand the wireless application scope of Internet through the WiMAXstandard.While wireless communication network is growingpopular rapidly, thecorresponding security issue has become more and more apparent. Openchannel leads to all kinds of security threats, and wireless communicationnetwork equipment is not able to provide better security protection becauseofvarioushardwarelimitations.BecauseIEEE802.16eworksinthewirelessenvironment, transmitting data using wireless medium that lacks inherentprotection, it makes any equipment with a capacity of receiving carry outnetwork eavesdropping at any time. Therefore, the security problem inwirelesscommunicationnetworksismuchmoreseriousthancablenetworks.Generally speaking, there are at least two major security threats in wirelesscommunication network: one is the illegal access to network, the other iseavesdropping. The former is often called"identification", and the latter iscommonly known as"secrecy". Meanwhile, as IEEE802.16e supportsmobility and roaming, replay and forgery attack are even more serious,which can bind each message with the corresponding protocol example.Clearly, the safety mechanism of WiMAX needs to improve in theagreement and algorithm to overcome the security loopholes, so that it willnotaffectthepopularizationofWiMAXapplication. Thethesismainlystudies howtoachievethesecuritygoalsforwirelesscommunication network using encryption technology, focusing on thedesign and implementation of a new security authentication protocol.Wireless communication network itself and kinds of business it bears are invarious need of security, at the same time, there are many differencesbetween the network environment and networking characteristics comparedwith cable networks. Therefore, a good few of existing safety techniquesand methods in cable networks are not suitable for wireless communicationnetworks any more. Besides, as for different types and purposes of wirelesscommunication networks, the requirements for security and relatedtechniques are quite unlike. What's more, due to the complexity andinstability in wireless environment, it's very hard to achieve securityobjectives. Then, to design the wireless communication security protocols,we have to take into account not only the special features and variousrestrictions, but also the facing security threats and specific applicationenvironment. Recently, more and more concerns are put on the securityissues for wireless communication networks, and a lot of fresh new securitytheories and related technologies are put forward and developed. Theseresearch results havecovered all kinds ofnetworks; however, authenticationandkeyestablishment havealways beenthemost essential,whichthethesiswillfocuson.In the thesis, essential issues of security methods and techniques forwireless communication network based on WiMAX, that is, design, safetyanalysis and concrete realization of authentication protocol, are mostlyresearched.Thekeycontributionsareasfollow:To begin with, after researching the characteristics of wirelesscommunication networks, it is pointed out that these features are supposedto be fully considered while designing wireless network security. Securityrequirements in present wireless communication network, especially based on WiMAX, are analyzed. Besides, it is also pointed that the main securitythreats in wireless communication network based on WiMAX are illegalaccess,eavesdropping,replayandforgeryattacks,especiallythelattertwo.Secondly, upon analysis on the existing security models andcombination with the wireless safety features, we choose Dolev-Yao threatmodel for the design, analysis and implementation of the protocol. That isbecause it is much more conducive to security analysis for wirelesscommunicationnetwork.Thirdly, the wireless environment based on WiMAX is structured andalso in high demand of security, therefore, the design adopts the dual-keyauthentication scheme based upon trusted third party. After studying thefundamental means and techniques, a fresh new wireless communicationauthentication protocol called WCAP is advanced and designed. Then, wecarry out security analysis of WCAP, by two means of technical realizationand formal analysis, to validate that WCAP achieves the original designgoals. As WCAPis a non-monotonic agreement, Rubin logic is used duringthe formal analysis. Meanwhile, comparison and analysis with the typicalwirelessauthenticationprotocolinperformanceisdone.Then, an integrated security authentication module is devised, usingOpenSSL algorithm library to achieve the authentication protocol, whichprovidesasecurecommunicationmechanismforwirelesscommunication.Finally, according to the specific environment in the laboratory, we setup a system test environment to test function and performance of WCAP.Moreover,wealsoanalyzethetestresultsandthenverifyitscorrectnessandperformance.Generallyspeaking,theanalysisandtestresultsshowthatWCAPhasagood manyWiMAX-based wireless characteristics, and ensures the securityand validity as well as flexibility and efficiency. The protocol is devised toprovide both communication sides confirmed session key and to achieve entityauthentication, what's more, it can resist all kinds of possible securitythreats. (1) Mobile end identity is encrypted during transmission in order toimprove the execution efficiency of the protocol. (2) Public key certificatebelonging to mobile terminal is also encrypted during the transmission inorder to realize the anonymity and untraceability. (3) Random numbermechanismisintroducedtoensurefreshmessage toprevent"replayattack".(4) Acredible third party is used while both communication sides exchangepublic keys, which can implement identity authentication andnon-repudiation to prevent middleman from tampering message. (5) Duringthe process of the session key generating, fresh parameters are involved,thus, the protocol can keep it fresh. At the same time, the protocol can alsoprovide mutual session key confirmation. Then, both communication sidesbelievethatthesessionkeyisshared,confirmedandalsofresh.