【作者】 姜春林；

【导师】 贾维嘉；

【作者基本信息】 中南大学 ， 计算机应用技术， 2012， 博士

【摘要】 随着无线网络及移动通信技术的发展与成熟,异构无线网络的大规模互联成为大势所趋。由于无线信号是通过公共环境传输的,因此无线漫游网络的音视频通信面临诸多安全问题。认证及密钥协商(AKA)协议是安全的前提和基础,而设计保护用户隐私特别是满足用户在无线网络中漫游时匿名性要求的AKA协议是其中一个重要内容。现今无线信道的带宽普遍不高,但是大部分匿名AKA协议在用户漫游至外地访问服务器时都需要归属服务器参与认证,从而导致认证轮数较多。因此设计无归属服务器实时参与的安全高效的无线漫游网络音视频通信匿名AKA协议将作为本文的研究目标。数字签名是认证系统的主要内容,它提供了认证性、完整性和不可否认性的重要技术。研究具有特殊性质及用途的数字签名是认证理论的一个重要方向。群签名(Group Signature)和代理签名(Proxy Signature)是两种具有特殊性质的数字签名,而票据(Ticket)是具有特殊用途的数字签名,它们在现实生活中有着非常广泛的应用前景。由于时间和篇幅有限,本文主要使用具有特殊性质及用途的数字签名来对匿名认证协议进行重点研究,并取得了以下成果：1.基于群签名提出四个性能都比Yang GM协议要好且保持强匿名性的改进方案。虽然群签名能够提供强匿名认证,但是非常耗费终端的计算量,因此提出首次认证采用群签名、而漫游时通过认证上下文传递协议(ACTP)简化重认证过程的四个改进方案。其中方案1采用对称加密,运算速度快,性能好,但归属服务器不能揭示用户的真实身份；方案2采用消息认证码(MAC)值,保持高性能的同时能有效揭示用户身份,但由于没有经过形式化设计,其形式化安全仍然有待证明；方案3使用CK模型对协议进行形式化设计来提高安全性,虽然终端的计算量比方案1和2要大,但是减少了一轮的消息交互次数；方案4采用椭圆曲线公钥加密(ECC)来提高性能,不仅保证了形式化安全性,也保持了高性能。2.基于代理签名提出三个适用于无线漫游网络的匿名认证协议。第一个协议是对基于部分委托代理签名的匿名认证协议的改进方案,该方案减少了一半的消息交互轮数,并提高了安全性。另外两个协议是基于委托书代理签名并使用椭圆曲线密码机制提出的新协议。通过比较分析可知,虽然基于代理签名的匿名认证协议匿名强度弱,但总体性能比基于群签名的协议要好,因此适合于终端计算能力有限但对匿名强度要求不高的场合。3.基于票据提出了一个实用的无线漫游网络匿名认证协议。该协议利用CK模型进行形式化设计,因此具有会话密钥安全性(SK-secure);由于票据可多次使用、票据产生阶段不需要访问服务器参与且漫游认证阶段不需要归属服务器参与,因此交互轮数少,具有较高的效率。分析表明,该协议能够达到安全性、匿名强度与协议性能之间的平衡,在保护用户身份信息的同时可以提供方便可靠的认证,适合于移动用户频繁漫游时需要多次认证的大规模应用环境中。更多还原

【Abstract】 With the development and maturity of wirless and mobile communication technology, the large-scale interconnection of heterogeneous networks has been a trend. As the wireless signal is transmitted through the public environment, roaming communication especially audio and video communication across wireless networks faces many problems such as security and performance. Design of authentication and key agreement (AKA) protocol to protect users’ privacy when roaming in foreign networks has become an important element of security research, especially user anonymity of audio and video communication across roaming networks. Most existing AKA protocols require user’s home server to be involved when user roams to a foreign network, resulting in many message flows, which makes AKA difficult to realize in low-bandwidth wireless networks. Therefore, this study will focus on the design of secure and efficient anonymous authentication protocols without the need for home server in the mobile audio and video communications.Digital signature is the main content of authentication system. It provides the important technology of authentication, integrity and non-repudiation. Special digital signature which fully meets the needs of special purpose is an important research direction. Group signature and proxy signature are two special digital signatures, and ticket is a special-purpose digital signature. They have a very wide range of applications in real life. Due to limited time and space, this paper mainly focused on anonymous authentication protocols based on special signatures, and achieved the following results:1. Based on group signature, four improvements which have better performance than Yang GM protocol are proposed for heterogeneous roaming networks. Although group signature can provide strongly anonymous authentication, it consumes computation of mobile nodes, so four improvements making use of authentication context transfer protocol (ACTP) to simplify the re-authentication process are proposed. The first one uses symmetric encryption to get good performance, but its security is low; the second one uses a message authentication code (MAC) value to maintain high performance as well as moderate security, but without formal design, its formal proof of security remains to be proved; the third one formally designs the protocol based on CK model to improve security, though it imposes more burden on the mobile terminals than the former, it needs less message flows; the last one is formally designed making use of elliptic curve public key cryptography (ECC) to improve performance, so not only its safety is assured, but also its performance is better than the third one.2. Based on proxy signature, three anonymous authentication protocols fit for wireless roaming networks are proposed. One of them is an improvement of an anonymous authentication protocol based on partial delegation, the other two are new protocols based on delegation by warrant. By comparison analysis, the performance of anonymous authentication protocol based on proxy signature is better than that based on group signature, but the anonymity of the former is weaker than that of the latter, so the former is appropriate for environments which the terminal has limited computing power but anonymity intensity is not critical.3. Based on ticket, a practical anonymous authentication protocol for mobile networks is proposed. The protocol has the following advantages: it is formally designed using CK model, so it is secure (SK-secure); the ticket, which can be used repeatedly, is issued without the participation of visited server; the roaming authentication phase does not require the involvement of home server, so fewer rounds of interaction, which means few message flows are needed. Analysis shows that the protocol has high security, user anonymity and efficiency for mobile networks, so it is suitable for large-scale and practical application.更多还原