Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (12): 1-15.doi: 10.11959/j.issn.2096-109x.2018096
• Comprehensive Review • Next Articles
Xinxin HU(),Caixia LIU,Shuxin LIU,Wei YOU,Kang QIAO
Revised:
2018-10-20
Online:
2018-12-15
Published:
2018-12-30
Supported by:
CLC Number:
Xinxin HU, Caixia LIU, Shuxin LIU, Wei YOU, Kang QIAO. Overview of mobile communication network authentication[J]. Chinese Journal of Network and Information Security, 2018, 4(12): 1-15.
"
网络 | 元组 | 鉴权方向 | 优缺点 |
GSM | (SRES(i),RAND,Kc(i)) | 单向 | 具备一定的安全机制,三元组使用后会被破坏,不会重用,使用了A3、A8等算法加密,操作简单。单向鉴权,kc只有64 bit,存在明文发送IMSI情况 |
CDMA | (MIN,ESN,A-KEY,SSD-A,SSD-B) | 单向 | 主密钥A-KEY不直接用于认证,2个SSD共128 bit。单向鉴权,操作复杂,存在明文发送IMSI情况 |
UMTS | (RAND,XRES,CK,IK,AUTN) | 双向 | 提供接入链路的信令数据完整性保护,密钥长度为64/128 bit,安全机制可拓展,双向鉴权避免伪基站,鉴权向量不可重用。存在明文发送IMSI情况 |
LTE | (RAND,AUTN,XRES,Kasme) | 双向 | 分级密钥增强安全性,密钥长度 128 bit,双向鉴权避免伪基站。存在明文发送IMSI情况 |
5G | (RAND、AUTN、XRES*、KAUSF) | 双向 | 部分密钥长度为128/256 bit,采用公私钥的方式加密SUPI不会明文发送SUPI。加密算法复杂,增加UE功耗,可能会增大时延 |
[1] | SHAIK A , BORGAONKAR R , ASOKAN N ,et al. Practical attacks against privacy and availability in 4G/LTE mobile communication systems[C]// Symposium on Network and Distributed Systems Security (NDSS) . 2016. |
[2] | RUPPRECHTD , KOHLS K , HOLZ T ,et al. Breaking LTE on layer two[C]// Symposium on Network and Distributed Systems Security (NDSS) . 2018. |
[3] | 李涛 . 网络安全概论[M]. 北京: 电子工业出版社, 2004. |
LI T . Introduction to network security[M]. Beijing: Publishing House of Electronics IndustryPress, 2004. | |
[4] | 金东勋 . GSM网络安全协议漏洞研究[D]. 北京:北京邮电大学, 2015. |
JIN D X . Research on GSM network security protocol vulnerabilities[D]. Beijing:Beijing University of Posts and Telecommunications, 2015. | |
[5] | FOX D . IMSI-catcher[J]. Datenschutz und Datensicherheit (DuD), 1997,21: 539-539. |
[6] | STROBEL D . IMSI catcher[J]. Seminar Work,Ruhr-Universitat Bochum, 2007. |
[7] | ARAPINIS M , MANCINI L , RITTER E ,et al. New privacy issues in mobile telephony:fix and verification[C]// ACM Conference on Computer and Communications Security. 2012: 205-216. |
[8] | HUSSAIN S R , CHOWDHURY O , MEHNAZ S ,et al. LTE Inspector:a systematic approach for adversarial testing of 4G LTE[C]// Symposium on Network and Distributed Systems Security (NDSS). 2018: 18-21. |
[9] | DAVID B , JANNIK D , LUCCA H ,et al. A formal analysis of 5G authentication[C]// ACM Conference on Computer and Communications Security (CCS). 2018. |
[10] | 罗明星, 杨义先, 王励成 ,等. 抗窃听的安全网络编码[J]. 中国科学:信息科学, 2010,40(2): 371-380. |
LUO M X , YANG Y X , WANG L C ,et al. Secure network coding for anti-eavesdropping[J]. Science in China, 2010,40(2): 371-380. | |
[11] | 黄开枝, 王兵, 许晓明 ,等. 基于安全保护域的增强型多点协作传输机制[J]. 电子与信息学报, 2018,40(1): 108-115. |
HUANG K Z , WANG B , XU X M ,et al. Enhanced multi-point cooperative transmission mechanism based on security protection domain[J]. Journal of Electronics & Information Technology, 2018,40(1): 108-115. | |
[12] | 邓晓明 . 移动无线传感器网络复制节点攻击检测协议的研究[D]. 合肥:中国科学技术大学, 2011. |
DENG X M . Research on attack detection protocol of mobile wireless sensor network replication node[D]. Hefei:University of Science and Technology of China, 2011. | |
[13] | 苏洪斌 . 新技术下的移动通信网络安全[J]. 信息安全与通信保密, 2006(10): 103-105. |
SU H B . Mobile Communication network security under new technology[J]. Information Security & Communication Security, 2006(10): 103-105. | |
[14] | 魏国珩, 秦艳琳, 张焕国 . 基于 ECC 的轻量级射频识别安全认证协议[J]. 华中科技大学学报(自然科学版), 2018(1): 49-52. |
WEI G Z , QIN Y L , ZHANG H G . Lightweight radio frequency identification security authentication protocol based on ECC[J]. Journal of Huazhong University of Science and Technology (Natural Science Edition), 2018(1): 49-52. | |
[15] | 尚青为 . 面向移动通信安全的伪基站识别机制研究[D]. 北京:北京邮电大学, 2015. |
SHANG Q W . Research on pseudo base station identification mechanism for mobile communication security[D]. Beijing:Beijing University of Posts and Telecommunications, 2015. | |
[16] | 谢刚 . 下一代移动通信系统中混合自动重传机制的研究[D]. 北京:北京邮电大学, 2007. |
XIE G . Research on hybrid automatic retransmission mechanism in next generation mobile communication system[D]. Beijing:Beijing University of Posts and Telecommunications, 2007. | |
[17] | 洼田光 . 移动通信系统和重传控制方法:CN,CN 100547959 C[J]. 2009. |
WA T G H . Mobile communication system and retransmission control method:CN,CN 100547959 C[J]. 2009. | |
[18] | 严振亚 . 下一代移动通信系统中的混合自动重传请求技术研究[D]. 北京:北京邮电大学, 2007. |
YAN Z Y . Research on hybrid automatic repeat request technology in next generation mobile communication system[D]. Beijing:Beijing University of Posts and Telecommunications, 2007. | |
[19] | 李锐光, 黄文廷, 王永建 . GPRS网络中恶意代码监测技术研究[J]. 计算机研究与发展, 2012(s2): 64-68. |
LI R G , HUANG W T , WANG Y J . Research on malicious codemonitoring technology in GPRS network[J]. Journal of Computer Research and Development, 2012(s2): 64-68. | |
[20] | 程璟睿, 魏来, 周智 . 中国移动恶意代码检测与治理方案[J]. 电信工程技术与标准化, 2013(2): 61-65. |
CHENG Y R , WEI L , ZHOU Z . China mobile malicious code detection and governance scheme[J]. Telecommunications Engineering Technology and Standardization, 2013(2): 61-65. | |
[21] | 3GPP.Security architecture and procedures for 5G system (Release 15)[S]. 3GPP TS 33.501, 2018. |
[22] | 肖宁 . WCDMA 系统接入安全实现机制的研究[J]. 重庆邮电大学学报(自然科学版), 2004,16(3): 43-46. |
XIAO N . Research on access security implementation mechanism of WCDMA system[J]. Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition), 2004,16(3): 43-46. | |
[23] | 杨先磊 . 无线应用中身份认证技术的研究[D]. 北京:北京邮电大学, 2007. |
YANG X L . Research on identity authentication technology in wireless applications[D]. Beijing:Beijing University of Posts and Telecommunications, 2007. | |
[24] | 王雅宁 . 数字集群通信系统加密机制的研究[D]. 哈尔滨:哈尔滨工业大学, 2006. |
WANG Y N . Research on encryption mechanism of digital trunking communication system[D]. Harbin:Harbin Institute of Technology, 2006. | |
[25] | 牛静媛 . 移动通信系统安全性分析[D]. 北京:北京邮电大学, 2008. |
NIU J Y . Security analysis of mobile communication system[D]. Beijing:Beijing University of Posts and Telecommunications, 2008. | |
[26] | 张磊 . GSM/UMTS 混合网络安全若干关键技术研究[D]. 北京:北京邮电大学, 2011. |
ZHANG L . Research on several key technologies of GSM/UMTS hybrid network security[D]. Beijing:Beijing University of Posts and Telecommunications, 2011. | |
[27] | 刘彩霞, 俞定玖, 邬江兴 . 3G中A-Key的产生和分配机制[J]. 计算机工程与科学, 2002,24(5): 25-27. |
LIU C X , YU D X , WU J X . Generation and distribution mechanism of a-key in 3G[J]. Computer Engineering and Science, 2002,24(5): 25-27. | |
[28] | 800MHz CDMA数字蜂窝移动通信网移动应用部分技术要求[S]. YD/T1202-2002, 2004. |
800MHz CDMA digital cellular mobile communication network mobile application part technical requirements[S]. YD/T1202-2002, 2004. | |
[29] | 陶启茜, 马金兰 . CDMA 用户信息加密关键技术研究与实现方案探讨[J]. 电信科学. 2013(s2): 38-42. |
TAO Q Q , MA J L . Research and implementation of key technologies for CDMA user information encryption[J]. Telecommunications Science, 2013(s2): 38-42. | |
[30] | 樊自甫, 杨俊蓉, 万晓榆 . TD-SCDMA与GSM互操作中基于鉴权原因的切换失败问题分析及解决[J]. 电信科学, 2010,26(4): 52-58. |
FAN Z F , YANG J R , WAN X Y . Analysis and solution of switching failure problem based on authentication reason in TD-SCDMA and GSM interoperation[J]. Telecommunications Science, 2010,26(4): 52-58. | |
[31] | 3GPP.Security related network functions[S]. 3GPP TS 43.020, 2000. |
[32] | 3GPP.Security architecture (release 6)[S]. 3GPP TS 33.102, 2001. |
[33] | 3GPP.Security objectives and Principles[S]. 3GPP TS 33.120, 2001. |
[34] | 付航 . GSM网络安全问题分析及3G可信网络架构探讨[J]. 电信技术, 2009,1(7): 76-77. |
FU H . Analysis of GSM network security issues and 3G trusted network architecture[J]. Telecommunications Technology, 2009,1(7): 76-77. | |
[35] | 张方舟, 叶润国, 冯彦君 ,等. 3G接入技术中认证鉴权的安全性研究[J]. 微电子学与计算机, 2004,21(9): 33-37. |
ZHANG F Z , YE R G , FENG Y J ,et al. Security research of authentication and authentication in 3G access technology[J]. Microelectronics & Computer, 2004,21(9): 33-37. | |
[36] | 冒海霞, 陈天洲, 戴鸿君 . 高强度的移动通信安全中间件架构[J]. 计算机应用研究, 2006,23(8): 91-94. |
MAO H X , CHEN T Z , DAI H J . High-strength mobile communication security middleware architecture[J]. Journal of Computer Applications, 2006,23(8): 91-94. | |
[37] | ARAPINIS M , MANCINI L , RITTER E ,et al. New privacy issues in mobile telephony:fix and verification[C]// ACM Conference on Computer and Communications Security. 2012: 205-216. |
[38] | 曹俊华, 李小文 . LTE/SAE 安全体系的研究及其在终端的实现[J]. 电信科学, 2010,26(7): 50-54. |
CAO J H , LI X W . Research on LTE/SAE security system and its implementation in terminal[J]. Telecommunications Science, 2010,26(7): 50-54. | |
[39] | 3GPP.3GPP System architecture evolution (SAE); security architecture[S]. 3GPP TS 33.401, 2011. |
[40] | 3GPP.3G security; security architecture[S]. 3GPP TS33.102, 2014. |
[41] | 3GPP.3G Security; document2:algorithm specification[S]. 3GPP TS 35.206, 2012. |
[42] | 3GPP.Non-access-stratum (NAS) protocol for evolved packet system (EPS); stage 3[S]. 3GPP TS 24.301, 2011. |
[43] | 3GPP.evolved universal terrestrial radio access (E-UTRA); Radio resource control (RRC) protocol specification[S]. 3GPP TS 36.331, 2011. |
[44] | CAO J , LI H , MA M ,et al. A simple and robust handover authentication between HeNB and eNB in LTE networks[J]. Computer Networks, 2012,56(8): 2119-2131. |
[45] | DABROWSKI A , . The messenger shoots back:network operator based IMSI catcher detection[C]// International Symposium on Research in Attacks,Intrusions,and Defenses. 2016. |
[46] | 陈飞, 毕小红, 王晶晶 ,等. DDoS攻击防御技术发展综述[J]. 网络与信息安全学报, 2017,3(10): 16-24. |
CHEN F , BI X H , WANG J J ,et al. Overview of DDoS attack defense technology development[J]. Journal of Network and Information Security, 2017,3(10): 16-24. | |
[47] | 3GPP.System architecture for the 5G System[S]. Stage 2.3GPP TS23.501, 2018. |
[48] | SMART N P , . The exact security of ECIES in the generic group model[M]// Cryptography and Coding. Berlin Heidelberg:Springer, 2001: 73-84. |
[49] | IETF.Elliptic curves for security[S]. IETF RFC 7748, 2016. |
[50] | SECG SEC 2.Recommended elliptic curve domain parameters[S]. Certicom Research, 2010. |
[51] | BASIN D , DREIER J , HIRSCHI L ,et al. A formal analysis of 5G authentication[C]// ACM Conference on Computer and Communications Security, 2018. |
[52] | ZHANG X , KUNZ A , SCHR?DER S . Overview of 5G security in 3GPP[C]// Standards for Communications and Networking. IEEE, 2017. |
[53] | PRASAD , ANAND R ,et al. 3GPP 5G Security[J]. Journal of ICT Standardization,6.1, 2018. 137-158. |
[54] | Study on the security aspects of the next generation system[R]. 3GPP TR33.899, 2017. |
[55] | IMT-2020.5G 网络安全需求与架构白皮书[R]. 2017. |
IMT-2020.5G Network security requirements and architecture white paper[R]. 2017. | |
[56] | IETF RFC 3748 . Extensible authentication protocol (EAP)[S].2004. 2004. |
[57] | 冯登国, 徐静, 兰晓 . 5G 移动通信网络安全研究[J]. 软件学报, 2018(6). |
FENG D G , XU J , LAN X . Research on 5G mobile communication network security[J]. Journal of Software, 2018(6). |
[1] | Renfeng CHEN, Hongbin ZHU. Research on credit card transaction security supervision based on PU learning [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 73-78. |
[2] | Jingyi YUAN, Zichuan LI, Guojun PENG. EN-Bypass: a security assessment method on e-mail user interface notification [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 90-101. |
[3] | Chuntao ZHU, Chengxi YIN, Bolin ZHANG, Qilin YIN, Wei LU. Forgery face detection method based on multi-domain temporal features mining [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 123-134. |
[4] | Genlin XIE, Guozhen CHENG, Yawen WANG, Qingfeng WANG. Software diversity evaluating method based on gadget feature analysis [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 161-173. |
[5] | Peng HOU, Zhixin LI, Fei ZHANG, Xu SUN, Dan CHEN, Yihao CUI, Hanbing ZHANG, Yinan JIN, Hongfeng CHAI. Technology and practice of intelligent governance for financial data security [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 174-187. |
[6] | Jinyin CHEN, Rongchang LI, Guohan HUANG, Tao LIU, Haibin ZHENG, Yao CHENG. Survey on vertical federated learning: algorithm, privacy and security [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 1-20. |
[7] | Heli WANG, Qiao YAN. Selfish mining detection scheme based on the characters of transactions [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 104-114. |
[8] | Xiaochen SHEN, Yinhui GE, Bo CHEN, Ling YU. Research on construction technology of artificial intelligence security knowledge graph [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 164-174. |
[9] | Beiyuan YU, Shanyao REN, Jianwei LIU. Overview of blockchain assets theft attacks and defense technology [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 1-17. |
[10] | Jin CAO, Xiaoping SHI, Ruhui MA, Hui LI. Fusion of satellite-ground and inter-satellite AKA protocols for double-layer satellite networks [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 18-31. |
[11] | Xunxun CHEN, Mingzhe LI, Ning LYU, Liang HUANG. Intrinsic assurance: a systematic approach towards extensible cybersecurity [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 92-102. |
[12] | Kexian LIU, Jianfeng GUAN, Wancheng ZHANG, Zhikai HE, Dijia YAN. Multiple redundant flow fingerprint model based on time slots [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 115-129. |
[13] | Hui GUO, Yong LUO, Xiaolu GUO. Automotive ethernet controller authentication method based on national cryptographic algorithms [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 20-28. |
[14] | Ganqin LIU, Hui LI, Hui ZHU, Yukun HUANG, Xingdong LIU. Public key cryptographic algorithm SM2 optimized implementation on low power embedded platform [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 29-38. |
[15] | Xue BAI, Baodong QIN, Rui GUO, Dong ZHENG. Two-party cooperative blind signature based on SM2 [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 39-51. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|