臺灣博碩士論文加值系統

在UMTS(屬第三代行動通訊系統)和IEEE 802.11 WLAN共同涵蓋區域中，為其交握機制提出安全交換的認證策略，Dynamic Session Key Policy (DSKP)。這個策略改良自DKEP (Dynamic Key Exchange Protocol)。它利用非對稱和對稱加密法補強了通訊連結中的機密性，並對原有DKEP中一些曝露在外的資料重新做一評估安排，使攻擊者無法利用這些資料破壞攻擊。DSKP利用One Time Password系統加強了協定中狀態之間的轉換，並重新改良使各通訊狀態間為無縫轉換，使攻擊者無法冒用。依照目前3G行動通訊系統安全要求和IEEE 802.11 WLAN的安全要點分析，DSKP可避免在無線環境下可能發生的任何攻擊事件。從我們的安全分析中，和目前WLAN中常用的兩個認證協定EAP-SIM和EAP-AKA做一比較， DSKP有較好的安全評分。

We propose a security authentication policy, Dynamic Session Key Policy (DSKP), for a secure handoff between the UMTS and IEEE 802.11 WLAN. This policy is founded and improved from DKEP (Dynamic Key Exchange Protocol). It redeems the confidentiality of the communication association using the asymmetric and symmetric encryption. The exposed data in DSKP are fixed and useless for the enemy. The one time password system is used for the key exchange of the sessions. The transition of the communication states in DSKP are seamless and cannot be personated. From the security analysis using the security requirements of the 3G mobile communication system and the security claims of the IEEE 802.11 WLAN, DSKP can avoid possible attack in wireless circumstance. DSKP is also compared with the EAP-SIM and EAP-AKA, which are used commonly as the authentication protocol in the present WLAN. From our analysis, DSKP gets better security grades.

Contents

1 Introduction………………………………………………………………………..1
1.1 Occasion..................................................................................................................1
1.2 The introduction to current wireless security..........................................................2
1.3 Contributions...........................................................................................................3
1.4 Organization of this thesis...………………………………………...…………….4

2 Related Work and Summary of Security for Wireless Environment...5
2.1 Related work……………………………….……………………………………...5
2.1.1 Integration approaches between 3G and WLAN……………………………..5
2.1.2 Mobile IP……………………………………………………………………..5
2.1.3 Vertical handoff………………………………………………………………6
2.2 Security for wireless access networks.....................................................................7
2.2.1 Encryption………….………………………………………………………...7
2.2.2 Authentication…...............................................................................................8
2.3 UMTS core network nodes......................................................................................9
2.3.1 UMTS packet domain PLMN backbone networks….......................................9
2.3.2 GGSN……………………………………………………………………….10
2.3.3 SGSN………………………………………………………………………..10
2.3.4 HLR …………………………………..…………….………………………11
2.3.5 Mobile Stations (A/Gb mode)……...................………..................................11

2.4 UMTS security......................................................................................................11
2.4.1 Introduction of UMTS security………….………………………………….11
2.4.2 Authentication and key agreement.................................................................15
2.5 The authentication process in EAP-SIM…………………………..………….…19
2.6 The authentication process in EAP-AKA..............................................................23

3 Secure Vertical Handoff Policy between UMTS and WLAN…………26
3.1 Background........................................................................................................26
3.2 Architecture for integration of 802.11 WLAN and the UMTS.....…………....27
3.3 Schemes of secure handoff between UMTS and WLAN………………......…30
3.3.1 Handoff process from UMTS to 802.11 WLAN…………….………...31
3.3.2 Handoff process from WLAN to UMTS……………………….…...…32
3.4 Dynamic Session Key Policy………………………………………………....34
3.4.1 Initialization phase of the DSKP………………………………………35
3.4.2 Transmission phase of the DSKP………………………..…………….37
3.4.3 Re-authentication phase of the DSKP…………………………………39

4 Security Analysis of the DSKP……………………………………………….41
4.1 Aspects of the security analysis…….……………………………………...….41
4.2 Security analysis and comparison……………………………………………..43
4.2.1 Ciphersuite negotiation………………………………………………...43
4.2.2 Initial vector……………………………………………………………44
4.2.3 Key reuse………………………………………………………………45
4.2.4 Dynamic re-key………………………………………………………..46
4.2.5 ID confidentiality………………………………………………………47
4.2.6 Data confidentiality……………………………………………………48
4.2.7 Session hijack attack…………………………………………………...49
4.2.8 Replay attack…………………………………………………………..50
4.2.9 Repudiation resistant…………………………………………………..51
4.2.10 Plain ID transmission…………………………………………………52
4.2.11 Data integrity…………………………………………………………53
4.2.12 Entity authentication………………………………………………….54
4.2.13 Re-authentication……………………………………………………..55
4.3 Judgment of the analysis and comparison…………………………………….55

5 Conclusions………………………………………………………………………..57
5.1 Conclusions……………………………………………………………….......57
5.2 Some other issues……………………………………......................................58
5.3 Future works…………………………………………………………………..58

Reference…………………………………………………………………………….59

Reference


[1] “IEEE Standard for Local and metropolitan area networks — Port-Based Network Access Control”, June 14, 2001, IEEE Std 802.1X-2001.
[2] “IEEE Standard for Information technology — Telecommunications and information exchange between systems — Local and metropolitan area networks — Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Medium Access Control (MAC) Security Enhancements”, June 24, 2004, IEEE Std 802.11iTM-2004.
[3] 3GPP TR 22.934, “Feasibility study on 3GPP system to Wireless Local Area Network (WLAN) interworking (Release 6)”, September 30, 2003.
[4] 3GPP TS 23.234, “3GPP system to Wireless Local Area Network (WLAN) Interworking, System description (Release 6)”, September 2004.
[5] 3GPP TS 23.060, “3GPP General Packet Radio Service (GPRS), Service description, Stage 2 (Release 6) ”, June 2003.
[6] 3GPP TS 33.102, “3G Security, Security architecture (Release 6)”, December 2004.
[7] M. Buddhikot, G. Chandranmenon, S. Han, Y. W. Lee, S. Miller, and L. Salgarelli. “Integration of 802.11 and Third-Generation Wireless Data Networks”. In Proceedings of the IEEE INFOCOM’03, April 2003.
[8] M. Jaseemuddin, “An architecture for integrating UMTS and 802.11 WLAN networks”, IEEE Symposium on Computers and Communication, 2003. (ISCC 2003). Proceedings. Eighth IEEE International Symposium on, pp. 716 -723, June 30 - July 3 2003.
[9] M. Buddhikot, G. Chandranmenon, S. Han, Y.W. Lee, S. Miller, L. Salgarelli, “Integration of 802.11 and third-generation wireless data networks”, IEEE INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies, Volume: 1 , pp. 503 -512, March 30 – April 3 2003.
[10]K. Ahmavaara, H. Haverinen, R. Pichna, “Interworking Architecture Between 3GPP and WLAN Systems”, Nokia Corporation, Finland, IEEE Communication Magazine, November 2003.
[11]GSM Association, PRD: SE.27, “Services, Ease of Use, and Operator Considerations in Interworked WLAN-Cellular Systems”, May 28, 2003.
[12]G. M. Koien, T. Haslestad, “Security Aspects of 3G-WLAN Interworking”, IEEE Communication Magazine, November 2003.
[13] “IP Mobility Support”, IETF RFC 2002, October 1996.
[14]G. Dommety et al, “Fast Handovers for Mobile IPv6”, Internet Draft, draft–ietf-mipshop-fast -mipv6-03.txt, Expires 25 April 2005.
[15]N. Haller and C. Metz, “A One-time password System,” IETF RFC 1938.
[16]Y. C. Ouyang, J. H. Chiu, C. B. Jang, “A Secure Vertical Handoff Scheme for UMTS-WLAN Interworking”, International Conference on System & Signals, 2005.
[17]Y. C. Ouyang, R. L. Chang and J. H. Chiu, “A New Security Key Exchange Channel for 802.11 WLANs”, IEEE Security Technology, 2003, Carnahan Conference, October 14 – 16, 2003.
[18]J. Zhu, J. Ma, “A New Authentication Scheme with Anonymity for Wireless Environments”, Member, IEEE, 2004.
[19]B. Aboba, M. Beadles, “The Network Access Identifier”, IETF RFC 2486, January 1999.
[20]A. Mishra and W. A. Arbaugh, “An Initial Security Analysis of the IEEE 802.1X Standard,” Department of Computer Science University of Maryland, Feb 6, 2002, CS-TR-43228.
[21]L. SALGARELLI, M. BUDDHIKOT, J. GARAY, S. PATEL, S. MILLER, “Efficient Authentication and Key Distribution in Wireless IP Networks”, BELL LABORATORIES, LUCENT TECHNOLOGIES, IEEE Wireless Communication, December 2003.
[22]S. Sharma, I. Baek, Y. Dodia, Tzi-cker Chiueh, “OmniCon: A Mobile IP-based Vertical Handoff System for Wireless LAN and GPRS Links”, IEEE Computer Society, 2004.
[23]B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, H. Levkowetz, “Extensible Authentication Protocol (EAP)”, IETF RFC 3748, June 2004.
[24]D. Stanley, J. Walker, B. Aboba, “Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs”, IETF RFC 4017, March 2005.
[25]D. Mitton, M. St.Johns, S. Barkley, D. Nelson, B. Patil, M. Stevens, B. Wolff, “Authentication, Authorization, and Accounting: Protocol Evaluation”, IETF RFC 3127, June 2001.
[26]P. Calhoun, J. Loughney, E. Guttman, G. Zorn, J. Arkko, “Diameter Base Protocol“, IETF RFC 3588, September 2003.
[27]H. Haverinen, J. Salowey, “Extensible Authentication Protocol Method for GSM Subscriber Identity Modules (EAP-SIM)”, Internet draft, draft-haverinen- pppext-eap-sim-16.txt, December 21, 2004.
[28]J. Arkko, H. Haverinen, “Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)”, Internet Draft, draft-arkko-pppext-eap-aka-15.txt, December 21, 2004.
[29]M. Stem, R. Katz, “Vertical Handoffs in Wireless Overlay Networks”, In ACM Mobile Networking (MONET), Special Issue on Mobile Networking in the Internet, 1997.
[30]STD-T64-S.S0055-A, “Enhanced Cryptographic Algorithms (Release-A)”, Version 2.40, February 5, 2004.