| The wireless communication technique and the Internet technique developing at a very fast speed and syncretizing to each other gradually,makes m-commerce grow vigorously.People who use the m-commerce most concern about security.Because the opening of air interface,so the security issues are more complex between mobile device and server.There are many modes to implement the m-commerce,and the WAP mode becomes the hotspot because it is suitable to variety mobile platform and mobile devices.The security problems in WAP m-commerce are protected by WTLS protocol,which provides the services of confidentiality,integrity and authentication.The security in m-commerce contains security of authentication,security of data transform,system authenticate of base station and fixed network,signature,and authentication is the key value to protect the system.The scheme based on user password and encrypted key exchange can not provide the exactly authenticate of server's identity,only to show the server-side has a legitimate password factor.To authenticate the server's identity,the public key infrastructure and certificate are stilly needed.This paper proposes a new scheme base on a "password + certificate" asymmetric authentication and key agreement.The new scheme combines the server's authentication reliability with the client's authentication convenience.To due with the system parameters complexity selection for ECC in WTLS handshake protocol,uses the XTR instead of ECC.It modifies the WTLS handshake protocol's encryption algorithm and resolves the ECC parameters' selection complexible.The thesis purposes a new end-to-end security reference architecture which deals with the authentication in wireless and the data's transmission.According to the network protocol's security authentication and the performance certification,the thesis researches on the improvement scheme's security and performance.The new scheme's security is verified by using formal verification techniques. The abstract system is described as migration system that has limit statuses,and the nature of the abstract system is proposed,such as:fairness,confidentiality and authentication.The verification is completed by model checking tool SMV.In order to verify the new scheme's performance in actual environment,the OPNET which is network simulation tool is used to verify the scheme in this thesis.In the process of simulation,the thesis sets appropriate environment variables to simulate the actual environment,and confirms network throughout,delay and other network performance indicators.The simulation result confirms the new scheme's advantages over other similar scheme. |
PDF Full Text Request