Please use this identifier to cite or link to this item:
標題: 免授權行動接取安全機制之研究與改善
A study and improvement of the Unlicensed Mobile Access security mechanism
作者: 陳盈龍
Chen, Ying-Long
關鍵字: UMA;免授權行動接取;GSM;UMTS;GAN
出版社: 資訊科學與工程學系所
引用: 參考文獻 [1] 溫晉宏,A study of User Authentication Protocols in UMTS, 中原大學電機工程學系碩士學位論文, June 2002. [2] 顏春煌,無線區域網路理論與實務,旗標出版股份有限公司,2004. [3] 賴榮樞, IPsec簡介, profwin/13-IPSec-1.mspx#EIB [4] 3GPP, Generic Access Network (GAN); Stage 2, ftp/specs/html-info/43318.htm [5] 3GPP, Generic Access Network (GAN); Mobile GAN interface layer 3 specification, [6] UMA Specifications , stage 1~stage 4, specifications/index.htm [7] 3GPP, Review of recently published papers on GSM and UMTS security, February 2005. [8] Ulrike Meyer and Susanne Wetzel, THE IMPACT OF GSM ENCRYPTION AND MAN-IN-THE-MIDDLE ATTACKS ON THE SECURITY OF INTEROPERATING GSM/UMTS NETWORKS, February 2005. [9] Martin Eriksson, Security in Unlicensed Mobile Access, Master''s thesis, August 2005. [10] Sandro Grech and Pasi Eronen, Implications of Unlicensed Mobile Access (UMA) for GSM security, Proceedings of the First International IEEE Conference on Security and Privacy for Emerging Areas in Communications Networks, 2005. [11] UMA overview, [12] K. Boman, G. Horn, P. Howard and V. Niemi, UMTS security, ELECTRONICS & COMMUNICATION ENGINEERING JOURNAL OCTOBER 2002. [13] Hahnsang Kim and Hossam Afifi, Improving Mobile Authentication with New AAA Protocols, 6.pdf, 2003. [14] Andres Arjona and Hannu Verkasalo, Unlicensed Mobile Access (UMA) Handover and Packet Data Performance Analysis, IEEE Second International Conference on Digital Telecommunications, 2007. [15] Siao-Jie Cai, Chih-Hsuan Lee, Han-Hsing Chiu, Chih-Hsiang Hsueh, Jui-Yi Chen, Chien-Chia Chen, and Jyh-Cheng Chen, Design and Implementation of WIRE1x EAP-SIM Module, January 2, 2007. [16] Peter Howard, G¨unther Horn, Review of third generation mobile system security architecture, Proceedings of ISSE 2000, September 2000. [17] H. Haddad, M. Berenjkoub, and S. Gazor, A Proposed Protocol for Internet Key Exchange (IKE), Electrical and Computer Engineering, 2004 Canadian Conference, May, 2-5, 2004, pp. 2017-2020. [18] H. Haddad and H. Mirmohamadi, Comparative Evaluation of Successor Protocols to Internet Key Exchange (IKE), Industrial Informatics 2005, 3rd IEEE International Conference, Aug. 10-12, 2005, pp. 692-696. [19] IETF. Internet draft - Internet Key Exchange (IKEv2) Protocol, 17 edition, September 2004.
免授權行動接取(Unlicensed Mobile Access或UMA)技術利用無線區域網路或藍芽等通訊技術,將原先透過GSM或UMTS網路所傳遞的語音或資料,轉而透過IP網路傳輸。在UMA中是利用IPsec來確保資料在IP網路中傳遞時的安全性。IPSec最大好處為提供加密及認證的通訊協定以維護IP網路通訊的安全。在IPsec規格書中說明了IPSec Tunnel的建立必須先透過IKE來做雙向認證,目前最新的版本為IKEv2。然而為了方便與暨有的GSM或UMTS認證機制整合,故在UMA的規格書中採用IKEv2搭配EAP-SIM/EAP-AKA的方式來認證,兩者都是一種基於挑戰/回應的認證機制及對稱式密碼學的認證方法,而前者是在GSM(2G)中使用,使用SIM卡來認證,後者則在UMTS(3G)中使用,使用USIM來認證。此二種認證方式皆會產生洩露使用者的ID給偽造的回應者的問題,然而因GSM/UMTS屬於封閉的網路,因此攻擊者很難實作類似的攻擊行為,但UMA係建立於開放的IP網路中,攻擊者將有機會透過IP的網路取得使用者的ID。因此本論文提出了透過公開金鑰的方式,來改善UMA的認證過程(EAP-SIM/EAP AKA),並避免使用者的ID洩露予偽造的回應者。

Unlicensed Mobile Access (UMA) is a new technology that provides access to GSM/UMTS voice or data services over Wireless LAN or Bluetooth networks. It uses IPsec to ensure the security of data transmission in IP networks. The major advantage of IPsec is that it can provide encryption and authentication protocols to secure IP communications. The specifications of IPsec indicate that two-way IKE authentication is required before an IPsec Tunnel can be established. The latest version of IKE is IKEv2. However, in order to facilitate the integration with the existing authentication mechanisms of GSM or UMTS, it has been noted in the specifications of UMA that an integrated authentication method with IKEv2 and EAP-SIM/EAP-AKA will be adopted. Both authentication methods are based on challenge/response authentication and symmetric cryptography. The former is used in GSM(2G) and authenticates with the SIM card, while the latter is used in UMTS(3G) and authenticates with USIM. Both methods have the risk of exposing user ID to forged responders. As GSM/UMTS are closed networks, such attack is hard to implement. However, UMA is built on public IP networks, so attackers have the opportunity to retrieve user ID via IP networks. Therefore, this study proposed to use Public Key to improve UMA authentication (EAP-SIM/EAP AKA) and avoid leaking user ID to forged responders.
其他識別: U0005-0707200811045100
Appears in Collections:資訊科學與工程學系所

Show full item record

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.