

Study and Design of Short Message Security Mechanism in CDMA Network

【作者】 蒋卓伽

【导师】 罗守山;

【作者基本信息】 北京邮电大学 , 软件工程, 2008, 硕士

【摘要】 当今通信行业的发展中,中国的短消息业务发展位居世界之首,但关于短消息安全的问题投诉越来越多,该问题移动、联通、电信都有相同情况发生,这都归因于目前还没有实现短消息发送全过程的安全保障机制。使目前遇到的短消息安全问题无法解决。由此,本论文的主要工作对短消息接入无线网络的身份鉴权、手机终端短消息的加密方法、短消息中心增值业务平台进行了分析、研究和设计,即通过这几方面解决对短消息接入无线网络时进行用户身份鉴权以及短消息内容在网络传送中的安全保障方案的设计。本文将主要以CDMA(IS-95 CDMA到CDMA2000的短消息发送流程及网络基本不变)网络的短消息安全为设计主体,下面从以下几方面来进行阐述:1.短消息用户接入鉴权机制:深入了解CDMA网络结构及协议,针对目前短消息发送时无用户身份鉴权的情况进行设计。2.CDMA手机终端的研究设计:学习手机UIM卡与CDMA网络编解码情况,根据现有的CDMA手机特性设计在短消息发送时把消息内容和被叫号码做DES加密;设计在手机UIM卡上写入多个密钥号,并且每个密钥号与唯一的密钥对应,消息发送时数据包中发送的只为密钥号,保证消息密钥不在网络中直接传输。3.短消息增值业务平台作为可信第三方的设计:确定增值业务平台在整个系统中应用中的设计位置,对平台的需求设计,以及与短消息中心连接的协议,并使加密的短消息在短消息中心增值平台进行解密。解密是在短消息中心设置密钥库,密钥库的密钥和密钥号与所有手机的密钥都对应,解密后先对被叫号码做二次确认,以实现主叫号码对发送的被叫号码的不可抵赖。4.在后续工作中思考短消息安全在未来商务应用中的各种安全问题。希望本论文能更好的保障用户的短消息业务服务质量及信息安全,使中国通讯行业的短消息技术将向着更成熟的方向发展。

【Abstract】 Nowadays, the Short Message Service of communication industry in China has developed as the first places in the world. But Short Message Service problems are more and more complained. And this issue also has the same situation in China Unicom and China Mobile and China telecom. This is because there isn’t a safe mechanism about Short Message Authentication of user identities and Short Message content security. We haven’t any good method to guarantee or confirm the security of Short Message.Therefore, this paper studies and designs mainly the Identity authentication and certification and the encryption on the handsets and decryption on the Value-Added platform of the Short Message Center as a whole. That is, to resolve the Identity authentication of Short Message accessing CDMA wireless network and the safety of message content when delivering should be realized by these designs. This paper will be mainly designed by CDMA network (from IS-95 CDMA to CDMA2000, short message processes and network structure are the same essentially). This program is a new idea in the Short Message area, the design is following: 1. Short Message authentication of user’s identity: it should study in-depthly structure of CDMA network and communication protocol. This paper designs a reasonable Short Message authentication mechanism when user access CDMA network according to no safety mechanism at present.2. According to CDMA mobile terminal characteristics, The Short Message content and recipient numbers finish DES encryption when Short Message sent. In the mobile terminal UIM card is written a sets of key-rows or more key-rows. And each key-row is the counterparts with key. When Short Message sent, the Short Message data packets carry only key-row number to ensure that The Short Message key doesn’t transfer directly in the network.3. Short Message value-added business platform is designed as the third-party credible side. And the position of value-added business platform is confirmed in the application of the system. And the Short Message Center confirms the demand for the platform, as well as the agreement when value-added platform connect to Short Message Center. Others, the encrypted Short Message is decrypted on the value-added platform.There is another most important function. The Short Message is decoded on the value-added platform of the Short Message Center when the Short Message is sent. The main idea is we design a Key data in library on the value-added platform of the Short Message Center. Between the Key data in library and the key in the all kinds of mobile phones are counterparts. After the Short Message is decoded, the called number being decoded should be checked once more. Therefore, we can confirm the truth of the caller number which calling user sent in the Short Message Center, and the calling user isn’t able to deny the message.4.I would be considered continually that various security problems are encountered on Short Message business in the future.I hope this design could confirm the quality of service and information security in the communication industry in the future. And the Short Message communication technology in China would develop more mature.

  • 【分类号】TN929.533
  • 【下载频次】120