【作者】 张冬芳；

【导师】 杨义先；

【作者基本信息】 北京邮电大学 ， 密码学， 2010， 博士

【摘要】 身份认证与内容安全是通信安全的两个关键问题,也是3G网络安全研究的两个重要课题。3G网络的主要特点是除了传统话音业务外,还提供丰富的多媒体数据业务,因此又称为移动互联网。业务的多样化对3G的网络接入安全性以及业务数据内容的安全性提出了新的需求。3G网络中,网络接入安全的核心技术之一就是身份认证和密钥协商,因为身份认证与密钥协商是实现安全通信、保护用户与运营商利益的首要保证。作为呼叫建立的一部分,身份认证与密钥协商协议在其中扮演着举足轻重的角色。因此,对3G身份认证和密钥协商协议的安全性分析和改进一直是3G安全研究领域的一个重要课题。3G网络的多媒体数据业务内容安全是近年来出现的研究领域,已有不少研究成果。3G网络的开放特性与多媒体数据的易于无损拷贝、分发等特性,使得多媒体内容的保护与管理技术的研究更有现实意义和应用价值。数字水印技术是近几年发展起来的多媒体信息安全领域的一项重要技术,目前主要的应用领域是数字内容的版权标示与版权保护；内容认证和完整性检验等。本论文以3G网络的认证与密钥协商机制以及以数字版权管理为基础的多媒体内容版权保护技术为研究内容,设计一种可抵抗中间人攻击的认证与密钥协商协议模型和两种用于版权保护的多媒体数字水印算法,并且对3G网络的数字版权管理标准的互联互通问题进行了探讨。本论文的研究工作主要包括以下几个方面：1.对3G网络的身份认证与密钥协商协议进行了安全性分析。在对3G网络的安全框架体系研究的基础上,深入分析了3G网络的身份认证与密钥协商协议的安全性,得出了目前3G网络身份认证与密钥协商的安全隐患。2.设计了一种可抵抗MITM攻击的改进AKA协议。基于对3G网络的身份认证与密钥协商(AKA)协议的安全性分析,提出了一种基于Diffie-Hellman密钥交换算法的AKA协议模型(简称为DH-AKA协议)。该协议模型继承了Diffie-Hellman密钥交换算法的优点,避免了Diffie-Hellman算法的无法进行身份认证的缺点。经过安全性能评估,证明该协议可抵抗MITM攻击,可以实现ME与VLR以及VLR与HLR之间基于共享密钥的双向身份认证机制；此外,“一次一密”的密钥生成机制保证了协议的前向保密性、数据完整性保护等安全性能,提高了3G系统的抗破坏能力。3.提出了一种基于边缘检测的数字图像水印算法。通过对数字图像数据冗余及边缘检测特性的研究,提出一种基于图像边缘检测的图像数字水印算法,该算法将水印信息嵌入到图像的边缘信息中,实现了水印信息与图像中的关键元素的绑定,该算法对无损压缩格式变换具有鲁棒性,可以实施对数字图像有关属性的有效保护。4.提出一种基于多位回声核和时域扩频技术的数字音频水印算法。该算法在深入分析回声隐藏水印技术的基础上,将多位回声核与时域扩频技术相结合,在利用扩频技术对水印信息进行扩展后,利用多位回声核将水印信息嵌入在数字音频中。实验表明,时域扩频技术保证该算法可以抵抗DA和AD转换攻击,多位回声核的优势弥补了扩频技术带来的水印容量损失。5.针对目前的DRM标准没有统一的标准的问题,设计了一种DRM桥机制。针对3G网络与其他网络的DRM标准之间缺乏互操作性的问题,对目前的DRM互联互通研究进行了分析,仿照硬件桥的概念,设计了一种DRM桥机制,各个网络域中由DRM桥负责实现网络间的DRM互操作,其特点是离线工作更多还原

【Abstract】 Authentication and content security are two key issues of the security of 3rd Generation network. The main characteristics of 3rd Generation network, which are called Mobile Internet, are not only the traditional voice services, but also the rich multimedia data services. Business diversification puts forward new demands to the access security and content security of 3rd Generation network.In 3rd Generation network, one of the core technologies of network access security is authentication and key agreement, called AKA, which is the basic guarantee for secure communication and the protection of the interests of users and the network operators. As part of call setup, authentication and key agreement protocol plays a pivotal role. Therefore, the security analysis and improvement for authentication and key agreement protocol of 3rd Generation network has been an important topic in the field.Content security research on multimedia data services of 3rd Generation network is developed in recent years. The open feature of 3rd Generation network and the characteristics of multimedia data, which are easy to copy and distribute, make the researches on multimedia content protection and management are well worth looking into. Digital watermarking technology is an important technology of multimedia information security which is developed in recent years. The key application areas of digital watermarking technology are the copyright of digital content copyright protection; content authentication and integrity inspection.This thesis focuses on the techniques of authentication and key agreement and the multimedia copyright protection of 3rd Generation network. One improved authentication and key agreement protocol which resists against MITM attack are presented, and two digital watermarking algorithms which could be used to the copyright protection are present. Besides, the interlink and intercommunication mechanism between different digital rights managements of 3rd Generation network is discussed. The main content of this thesis is summarized as follows:1. An in-depth analysis of the 3G network authentication and key agreement protocol security are proposed based on the security framework of 3rd Generation network, and the security risks of 3rd Generation network authentication and key agreement are resulted.2. An improved AKA protocol is proposed. Based on the security risks, an improved AKA protocol is proposed, called DH-AKA protocol. DH-AKA protocol could resist against the MITM attack, and implement mutual authentication between VLR and HLR and between ME and VLR.3. A digital watermarking based on edge detecting is proposed. Based on the research of data redundancy and edge detecting, a new watermarking algorithm is proposed, which embed the watermark into the edges of a picture. This new algorithm can resist against the lossless format transformation.4. An improved audio watermarking algorithm which based on time-domain frequency spread technology and echo hiding technology is proposed. This algorithm combines the two technologies together; frequency spread technology makes this new algorithm resisting DA/ADconverting attack, while echo hiding technology compensates the loss of watermark capacity which is reduced by frequency spread technology.5. A DRM bridge mechanism is designed. There is no uniform standard for DRM standards, so based on the research on the interlink and intercommunication mechanism between different digital rights managements, a DRM bridge mechanism is designed, which is responsible for the interlink and intercommunication mechanism between different digital rights managements of 3rd Generation network.更多还原