| To acheive secure communication in 3G communication networks, Authentication and Key Agreement(AKA) protocol provides mutual authentication between the user and the network, generates the cipher key and integrity key. 3GPP AKA protocol uses Sequence Number(SQN) to ensure freshness of messages for resisting replay attacks. However, some problems still need to be solved for the SQN operations.SQN in 3GPP AKA protocol is analyzed in the thesis, the security problems caused by using SQN are studied. The details are as follows:1. Three scenarios of replay attack are simulated. Based on 3GPP AKA protocol process, three possible attack scenes against SQN are simulated, the attacks are named "replay this-time certification messages" attack, "request triggered replay the past authentication messages" attack and "active replay past authentication messages" attack, and the safety performance of 3GPP AKA protocol is analyzed, the cost of authenticated tripartite entities and attacker during resisting replay attacks is summarized; the simulation shows that 3GPP AKA protocol can effectively resist "replay this-time certification messages" attack and "request triggered replay the past authentication messages" attack, but can not resist "active replay past authentication messages" attack.2. Three improved protocols are analyzed in this paper, and compares the performance of AP-AKA, AKA based on public key cryptography and S-AKA which using one-time random number or accumulator instead of SQN to resist replay attacks. The simulation results show that S-AKA can resist "replay this-time certification messages" attack and "request triggered replay the past authentication messages" attack, but can not resist "active replay past authentication messages" attack; AP-AKA and AKA based on public key cryptography can resist all three types replay attacks; and AP-AKA resisting performance is the best, but when there is not attack in the network, the storage space and communication cost of AP-AKA are higher than 3GPP AKA.3. An adaptive selection AS-AKA protocol based on early warning mechanism is put forward in this paper. Through the attacks scenario analysis, the network characteristics are summarized, based on the characteristics early warning mechanism is proposed; when the mechanism detects the system may exist replay attacks, the service network will switch to AP-AKA protocol; and when no attack warning, carry out original agreement. The simulation results show that AS-AKA protocol can effectively resist three kinds of replay attacks, compared with 3GPP AKA and AP-AKA, AS-AKA protocol achieves a balance between security and the cost price. |
PDF Full Text Request