【作者】 杨欣；

【导师】 季新生；

【作者基本信息】 解放军信息工程大学 ， 计算机软件与理论， 2010， 博士

【摘要】 泛在网络是目前无线移动通信网络的重要发展趋势之一,其中多种异构无线网络的融合研究是一大热点问题。本文依托国家“863”计划探索导向类课题—“一种基于无冗余标识的通用可信接入机制及关键技术研究”,针对异构无线网络融合中的统一用户标识问题展开深入研究,具有较强的理论探索和实际应用价值。目前各种网络架构和接入技术不同,所使用的用户身份标识信息也有较大区别,如果在网络融合过程中针对同一用户仍然使用多种身份,不同网络同时维护多套认证设施,则一方面会大大降低异构融合网络的接入效率,另一方面会因多套认证机制中的短板效应而降低融合网络中的安全性能。为此,本文基于用户、位置、寻址等信息分离的技术思路,研究统一的用户标识设计、认证及切换支持等技术,建立完备的身份隐替机制,解决异构网络和移动终端的统一接入、安全认证、移动性支持等问题,主要的研究与创新点如下:首先在异构无线融合网络环境里建立新的标识应用方案,即用户的身份隐替机制,统一了用户接入标识,构建了完整的标识映射关系的建立、分发、存储、查询、更新等机制,通过认证和通信中用户身份标识的分离存储、替换传输降低用户敏感信息的泄漏;其次,借鉴3G网络中的认证与密钥协商协议,对其存在的对认证者缺乏认证和密钥明文传输问题进行改进,并融入异构无线融合网络,建立了基于身份隐替机制的EAP-TAKA协议,统一了异构无线网络的接入认证方案,并应用形式化分析的方法对其正确性进行了证明;进一步,针对认证协议的发展趋势,研究在异构无线网络里引入EAP-TLS认证,并针对EAP-TLS协议缺乏对接入端认证及管理帧明文传输等出现的安全问题进行改进,进一步增强了统一认证协议的安全性;最后,结合课题中用户身份标识与地址标识分离的特点,提出了基于身份标识替换机制的异构网络移动切换方案,从注册、认证、更新三个方面对所提出的移动管理机制进行阐述,实现对各种接入终端的管理。通过性能分析和仿真验证可知,本文提出的异构无线融合网络中统一用户标识、身份隐替机制、统一的接入认证方案、移动切换机制能够有效解决用户敏感信息的隐藏,最大程度的增强认证协议安全性,提高用户和网络的安全防护能力,为进一步解决通用可信接入和无缝漫游问题提供技术支撑。更多还原

【Abstract】 The ubiquitous network is one of the important trends of currently wireless mobile communication network, in which heterogeneous wireless network integration is a hot spot issue. The paper relies on the national 863 project "Based on redundancy identifier a common credible access mechanism and the key technology research", and makes a thorough research on aiming at the problems of the unified user identity in heterogeneous wireless integration network, which has the strong theoretical exploration and the practical application value.At present, there are various network architectures and access technologies, and user identity information also has the great differences using in the network. If in the process of integration the same user still uses several different identity and different networks maintenance multi-authentication facilities together, then the access efficiency will be reduced largely, and it will reduce the security performance because of the short slab effect of several kinds of authentication mechanism.Therefore, based on the idea of the separation of identity, position and addressing information, the unified user identity design, authentication and handoff has been researched. The complete identity hiding and substitution mechanism has established, and the problems of the heterogeneous network and mobile terminal, such as the unified access, safe authentication, mobility have been soluted. The main research and innovation points as follows:Firstly, to build new identity application scheme in heterogeneous wireless integration network, namely the user’s identity hiding and substitution mechanism, unified user access identifier, and build a complete mechanism of user identifier mapping relationship such as establishment, distribution, storage, update and so on.Secondly, borrowing ideas from the authentication and key agreement protocol of 3G, it improves the existence problems of the lack certification to authenticator and key plaintext transmission, and blends which into heterogeneous wireless network, builds EAP-TAKA based on identity hiding and substitution mechanism, unifies the access authentication plan in heterogeneous wireless networks, and takes applicants the formal analysis method to prove its correctness.Thirdly, focusing on the development trend of the certification agreement, the paper researches how to introduce EAP - TLS in heterogeneous wireless networks, and improves the exited security problems in the handshake process and the management frame plaintext transmission, and further enhances the unified authentication safety.Finally, combined with the characteristics of user identity and location identifier separation in project, the paper puts forward the handoff proposal based on identity hiding and substitution mechanism in heterogeneous wireless networks. It introduces mobile management from register, authentication and update such three aspects.Through the analysis and simulation, in heterogeneous wireless integration network, unified user identity, identity hiding and substitution mechanism, unified access authentication proposal and mobile handoff management are put forward in this paper, which can effectively solve the user sensitive information hiding, enhance the authentication protocol security in the largest degree, improve the security protection ability of user and network, and offer technology support for further solving the general credible access and seamless roaming problem.更多还原