MS—CHAPv2双向鉴权机制的研究

通过对第一、二代通信系统的安全性进行分析,提出了在第三代移动通信系统中采用MS—CHAPv2双向鉴权机制来提高系统的安全性。对MS—CHAPv2双向鉴权机制如何进行双向鉴权进行了具体分析。     

CDMA移动通信系统中用户鉴权算法的研究

本文介绍了CDMA移动通信系统中用户鉴权的原理、鉴权流程以及所涉及到的相关参数;分析了基于分组DES密钥的原理及设计原则;提出了对第二代移动通信系统鉴权算法中计算AUTHR值的改进新算法。同时分析了该算法的性能,并与目前第二代移动通信系统的鉴权算法作了比较,说明了该算法的优越性。     

基于小型核心网的LTE鉴权的一种新实现

LTE移动通信系统采用3GPP认证与密钥协商机制来加强对用户的保护。为了节约成本,在用户容量较小和一般性研发测试的环境下,引入一种小型核心网来满足特殊的需求。鉴权过程需要核心网向HSS服务器申请鉴权参数,通过一定的算法来对UE进行鉴权。主要提出了一种针对这种小型核心网的鉴权实现方法,将计算鉴权参数的过程集成到核心网。该实现方法不需要HSS服务器的参与,实现更简单方便,节约开发成本。     

数学移动通信中的用户鉴权

本文分析和比较了目前第二代数字移动通信中的两大有代表性的用户鉴权体系,并对未来移动通信中的用户鉴权提出了意见和建议.     

数字移动通信中的用户鉴权

本文分析和比较了目前第二代数字移动通信中的两大有代表性的用户鉴权体系，并对未来移动通信中的用户鉴权提出了意见和建议。     

GSM系统与WCDMA系统用户鉴权体系的比较分析

本文以用户接入网络的过程为主对GSM系统与WCDMA系统用户鉴权体系进行了比较分析,并对未来移动通信中的用户鉴权体系进行了展望.     

CDMA中的鉴权和加密

鉴权和加密是移动通信系统必须要面对的问题。随着诸如电子商务等新业务的应用,这些问题 变得越来越重要。本文重点介绍了CDMA中的鉴权:包括CAVE鉴权算法,密钥体系以及鉴权流程,同时对CDMA 中的通信安全性问题也做了阐述。最后本文指出了在第三代移动通信中鉴权和加密的发展趋势。     

GSM系统与WCDMA系统用户鉴权体系的比较分析

本文以用户接入网络的过程为主对GSM系统与WCDMA系统用户鉴权体系进行了比较分析,并对未来移动通信中的用户鉴权体系进行了展望。     

一种改进的基于HLR/VLR体系结构的终身号码方案

在PCS系统中，终身号码允许用户在改变运营商时保留其原有电话号码，本文提出的基于HLR/VLR体系结构Cache改进算法，能保证用户在多次改变运营商时，使用户实现真正的号码携带。在当前无线网络运营中，基于HLR/NLR体系结构位置管理的无线网络取得了极大成功，使得研究基于HLR/NLR体系结构的终身号码方案具有非常重要的现实意义。与原基于HLR／VLR位置管理Cache算法相比，本文算法的实现只需要软件升级和存储器扩容。随着软硬件技术的发展，使本文提出的方案具有较强的可行性。     

中兴450MHz CDMA移动通信系统介绍

中兴450MHz CDMA移动通信系统产品介绍 中兴通讯着眼于市场,本着“精诚服务,凝聚顾客身上”用户服务的宗旨,自主研发成功450 MHzCDMA移动通信系统,以满足市场对450MHzCDMA移动通信系统的需求。中兴通讯450MHzCDMA移动通信系统包括基站控制器BSC、基站收发信机BTS、移动交换中心/拜访位置寄存器MSC/VLR、归属位置寄存器/鉴权中心HLR/AUC等全套系列产品。     

3G认证和密钥分配协议的形式化分析及改进

介绍了第三代移动通信系统所采用的认证和密钥分配(AKA)协议,网络归属位置寄存器/访问位置寄存器(HLR/VLR)对用户UE(用户设备)的认证过程和用户UE对网络HLR/VLR的认证过程分别采用了两种不同的认证方式,前者采用基于"询问-应答"式的认证过程,后者采用基于"知识证明"式的认证过程.使用BAN形式化逻辑分析方法分别对这两种认证过程进行了分析,指出在假定HLR与VLR之间系统安全的前提下,基于"知识证明"式的认证过程仍然存在安全漏洞.3GPP采取基于顺序号的补充措施;同时,文中指出了另一种改进方案.     

个人通信系统中的用户登记认证

个人通信系统(PCS)的智能网络层上每个结点的数据库采用全分布式结构。根据PCS的智能层数据库结构特点以及X.509目录认证架构,提出了一种移动用户登记认证方案。此方案克服了X.509所具有的“静态”特性,使其能够满足PCS用户移动性及终端移动性的要求。在进行用户登记认证的同时,用户与本地的访问网络之间还建立起一个秘密数据。基于这一秘密数据,用户与网络之间可以在呼叫建立阶段进行相互认证。这就避免了现有的移动通信系统(如GSM,IS-41等)呼叫建立阶段的认证受归属网位置登记数据库(HLR)控制的缺陷。因此,用于位置修订和查询的信令负荷大大减小;同时,有关骨干网络(如PSPDN或共路信令网)安全的假定也可以被取消。     

cdma2000 1x的无线接入安全

cdma2000lx无线接入安全基于对称密钥技术，为用户提供匿名服务、基于质询/应答的认证服务、语音保密、控制信令加密和用户数据加密，采用CAVE、专用长码掩码、ORYX和E-CMEA四种安全算法。安全协议依赖于主密钥(A-Key)和移动台的电子序列号(ESN)，A-Key仅对移动台和归属位置寄存器，认证中心是可知的。不直接参与认证和保密，而是用于产生共享秘密数据(SSD)，再由SSD生成子密钥用于语音、信令和用户数据的保密。本研究上述安全机制，分析其安全漏洞。     

Development of the Home Location Register/Authentication Center in the CDMA Mobile System

In this paper, a home location register (HLR) for CDMA mobile communication system (CMS) is introduced. It stores the mobile station (MS) subscribers’ locations and supplementary service information. Call processing procedures for HLR are developed to receive and store subscriber's location coming from mobile exchange (MX) during the location registration, and to transfer subscriber's location and supplementary service information to the MX during the mobile-terminated call setup. For fast call processing by increasing database access speed, a memory-resident database management system is devised. For easy and secure HLR operation, administration and maintenance functions and overload control mechanisms are implemented. Designed HLR hardware platform is expandable and flexible enough to reallocate software blocks to any subsystems within the platform. It is configurable according to the size of subscribers. An authentication center (AC) is developed on the same platform. It screens the qualified MS from the unqualified. The calls to and from the unqualified MS are rejected in CMS. To authenticate the MS, the AC generates a new authentication parameter called “AUTHR“ using shared secret data (SSD) and compares it with the other AUTHR received from the MS. The AC also generates and stores seed keys called “A-keys” which are used to generate SSDs. The HLR requirements, the AC requirements, software architecture, hardware platform, and test results are discussed.     

Location Management in PCS Networks by Caching Two-Level Forwarding-Pointers

One of the challenging tasks in Personal Communication Services (PCS) is to efficiently maintain the location of PCS subscribers who move from one region to another (hereafter called mobile users). When a mobile user receives a call, the network has to quickly determine its current location. The existing location management scheme suffers from high signaling traffic in locating the mobile users. Two-level forwarding pointer scheme has been proposed from per-user forwarding pointer scheme to reduce the cost of signaling traffic. In this paper, we enhance the two-level forwarding pointer scheme. When a mobile user moves from its current Registered Area (RA), which is served by Mobile Switching Center (MSC), to another RA the local switch that acts as a parent of those two MSCs maintains this movement in its memory (hereafter called cache entry). A cache entry is used to locate rapidly the mobile user instead of querying the Home Location Register (HLR) and waiting for its reply. HLR is centralized in the network and far away from the mobile users so that the signaling traffic crossing it is expensive. Sometimes the cache entry may be failed to reach the mobile user then a two-level forwarding pointers will be created from the corresponding Visitor Location Register (VLR), attached to its MSC, through a correct path to locate the mobile user. Thus, there is a saving in cost of querying the underlying HLR. The analytical results indicate that such proposal efficiently reduces the signaling traffic cost for all values of Call to Mobility Ratio (CMR), this is especially considerable when CMR ≥1, without any increase in the call setup delay. Salah M. Ramadan (samohra@yahoo.com) received the BS and MS degrees from Computers Engineering Department, Al-Azhar University, Cairo, Egypt, in 1995 and 2002, respectively. From 2002, he was a Ph.D. student in Computers Engineering Department at Al-Azhar University and is currently pursuing the Ph.D. degree, where he is a research assistant in the Wireless Networks Branch. His research interests include traffic management in ATM networks, routing protocols, mobility management in PCS networks, and mobile computing. He is currently an instructor in Cisco Academy, Egypt. Ahmed M. El-Sherbini (Sherbini@mcit.gov.eg) received the Ph.D. in Electrical and Communication Engineering, Case Western University, U.S.A. March 1983 and M.Sc. in Communication Engineering, Cairo University, Giza, Egypt, June 1980. (M. Sc. Research Studies at the Ecole Nationale Superieure des Telecommunications (ENST), Paris, France). He is the Director, National Telecommunication Institute – Ministry of Communications and Information Technology, Egypt and Professor of Electrical and Communication Engineering Dept. Faculty of Engineering, Cairo University, Egypt. M. I. Marie received his B.Sc., M.Sc. and Ph.D. in electronic and communication engineering from Cairo University on 1972, 1981, 1985, respectively. Now he is a professor of communications at Computer and System Engineering department Al-Azhar University, Cairo, Egypt. His fields of interest includes digital communication, computer networks and protocols development. M. Zaki (azhar@mailer.scu.eun.eg) is the professor of software engineering, Computer and System Engineering Department, Faculty of Engineering, Al-Azhar University at Cairo. He received his B.Sc. and M.Sc. degrees in electrical engineering from Cairo University in 1968 and 1973 respectively. He received his Ph.D. degrees in computer engineering from Warsaw Technical University, Poland in 1977. His fields of interest include artificial intelligence, soft computing, and distributed system.     

ATCA架构HLR数据管理流程分析

HLR是移动通信系统电路域核心网和分组域核心网的共用设备.HLR网元的主要作用是实现移动用户管理功能,存储移动用户开户信息（电信业务签约数据和用户状态）、移动台位置信息、MSISDN、IMSI等.ATCA架构HLR从逻辑上划分为BE（Back End）和FE（Front End）两部分,实现用户数据与业务逻辑处理的分离.通过对HLR用户数据管理流程的分析,结合网络组网结构,可以快速、准确地实现业务部署,有效进行问题定位处理.     

Efficient identity-based signature scheme with batch authentication for delay tolerant mobile sensor network

Identity-based cryptography （IBC） has drawn a lot of attentions in delay tolerant environment. However, the high computational cost of IBC becomes the most critical issue in delay tolerant mobile sensor network （DTMSN） because of the limited processing power. In this paper, an efficient identify-based signature scheme with batch authentication （ISBA） is proposed for DTMSN. ISBA designs an online/offline signature with batch authentication to reduce the computational cost, and improves data delivery mechanism to increase the number of messages for each batch authentication. Simulation results show that ISBA not only realizes a lower computational cost than existed schemes, but also does not induce negative impact on the delivery performance.     

A Robust Authentication Protocol with Non-Repudiation Service for Integrating WLAN and 3G Network

The third-generation cellular systems provide great coverage, complete subscriber management and nearly universal roaming. Nevertheless, 3G systems suffer the high installation cost and low bandwidth. Though WLAN provides hot spot coverage with high data rates, it lacks roaming and mobility support. From users' points of views, the integration of WLAN and 3G systems is an attractive way that will provide them a convenient access to network. When integrating WLAN and 3G, there are still some problems should be concerned in terms of authentication and security, such as authentication efficiency and repudiation problem. In this paper, we review the authentication scheme for WLAN and 3G/UMTS interworking which is specified by 3GPP and propose a robust localized fast authentication protocol with non-repudiation service for integrating WLAN and 3G network. The localized re-authentication protocol can shorten the authentication time delay. On the other hand, with the non-repudiation service, the assumption, that subscriber has to fully trust 3G home operator, can be deleted and the trust management between the independent WLAN operator, 3G visited operator and 3G home operator can be eliminated. In other words, our proposed protocol provides legal evidences to prevent the 3G home operator from overcharge toward the subscriber and also prevent the WLAN operator and 3G visited operator from overcharge toward the 3G home operator. The authentication protocol employs HMAC, hash-chaining techniques, and public-key digital signature to achieve localized fast re-authentication and non-repudiation service.     

基于“北斗”的战场移动装备域间身份认证方法

为了实现对移动装备在不同管理域间切换时身份的快速、安全认证,基于“北斗”卫星导航系统所提供的安全可靠的短报文通信功能和高精度的授时功能,提出了一种基于“北斗”的战场移动装备域间身份认证方法,设计了基于“北斗”的战场移动装备域间身份认证体系结构和战场移动装备域间身份认证协议。该认证体系采用两级认证机制。整个移动网络通过“北斗”系统的高精度授时实现全网时钟的精确同步,将“北斗”系统提供的时钟信息作为时间戳加入到身份认证信息中,并利用“北斗”系统传输身份认证信息。经过对协议的安全性分析表明,该协议安全可靠,可以实现域间身份认证时新管理域中的认证中心与移动装备的双向认证,也可以实现移动装备的匿名认证,同时具有抗重放攻击能力。此外,该协议有效地减小了家乡域认证中心的开销。     

AAA authentication for network mobility

Network mobility (NEMO) is a protocol proposed for the mobility management of a whole network.It offers seamless Internet connectivity to the mobile end users.However,the NEMO protocol has not been wid...