| In 2008,3GPP proposed a unified plan for the LTE/SAE to support the integration of non-3GPP network access Evolved Packet Core(EPC).Broadband wireless access technologies represented by WLAN is characterized by its high bandwidth,low cost,free spectrum,flexible networking and easy expansion,and has a natural integration advanta ge with LTE.Based on the heterogeneity between LTE and WLAN,3GPP adopted The Extensible Authentication Protocol and Authentication Key Agreement(EAP-AKA)as the security authentication mechanism when UE had a vertical handover(VH)between the LTE and the WLAN.But there are some defects in EAP-AKA and its improved version EAP-AKA'.And relevant scholars have been committed to the study of their improvement,but most of the existing authentication mechanisms are still complex and vulnerable to network attacks,it is difficult to meet both security requirements and performance requirements.This paper focuses on the security and performance issues in the access authentication mechanism of LTE-WLAN integrated network,builds an LTE-WLAN access authentication model,and an improved access authentication mechanism MEAP-AK A is proposed.The main works are shown as follows:(1)After deeply analyzing the security problems existing in the EAP-AKA' key hierarchy,a shared key LSK is designed.LSK is generated locally by the UE,WAAA and 3GPP AAA after three handshakes exchange parameters.Because LSK does not participate in the exchange of messages,it is more secure.In addition,using the concept of extending key hierarchy,two-layer keys DSRK and DSUSRK are extended from MSK and EMSK to realize the separation of re-authentication and handover keys,improving the security of the key hierarchy.(2)In order to prevent the leakage of user identity information and avoid sending IMSI in clear text,a dynamic ID update mechanism is designed in this paper.This mechanism randomly generates a temporary anonymous ID when UE accesses the network,which effectively protects the user's identity information.(3)By analyzing the existing performance problems of existing mechanisms,considering the type of handover in re-authentication process,two fast re-authentication protocols inter-FRP and intra-FRP are proposed for two different handover scenarios in this paper.This effectively reduces the number of message rounds and improves the efficiency of authentication.Finally,the proposed mechanism MEAP-AKA are verified using Automated Validation of Internet Security Protocols and Applications(AVISPA),the results show that the MEAP-AKA can satisfy the various sec urity of preset target,and can effectively prevent all kinds of attacks.In addition,the performance of MEAP-AKA is compared with the existing mechanisms in terms of authentication delay,signaling overhead,communication overhead and energy consumption using MATLAB software.The results indicate that the MEAP-AKA is more secure and efficient,and the efficiency of authentication is also improved. |
PDF Full Text Request