计算机应用研究---3G_WLAN互联网络中一种新的快速重认证方案

:2007202209;:2007205210:863(2006AA01Z423):(19812),,,3G3G2WLAN(heqingling@is.iscas.ac.cn);(19642),,,.3G2WLAN31,2,1(1.,100080;2.,100049):,3G,WLAN3G,,3GWLAN:;AKA;;;:TP393117:A:100123695(2008)0421123204Newfastre2authenticationschemein3G2WLANinterworkingHEQing2lin1,2,WUChuan2kun1(1.StateKeyLaboratoryofInformationSecurity,InstitutieofSoftware,ChineseAcademyofSciences,Beijing100080,China;2.GraduateSchool,ChineseAcademyofSciences,Beijing100049,China)Abstract:TheproposedschemeprovidedamechanismthatWLANcouldntforgeauthenticationinformationtothe3Gnet2work,andwhatsmore,thismechanismimpliedanewwaytosolvethebillingproblembetween3GnetworkandWLAN.Keywords:3G2WLAN;AKA;localized;fast;re2authentication,,(WLAN)(3G)3G,,,3G144Kbps2MbpsWLAN3G,802.11654Mbps,WLAN3GWLAN3GPP3GWLAN[13]3G2WLAN,,(3GPP)3G2WLANEAP2AKA[4],EAP2AKAUMTSAKA[5]EAP[6],3G2WLANEAPUMTSAKA,,,EAP2AKA,,3GPP[1]3G2WLAN[2]3G2WLAN[3]3G2WLAN,3G2WLANWLANWLAN2UE3GPPAAA2server,3G2WLANEAP2AKA[4]3G2WLAN:a)WLAN2UE3G2WLAN,WLAN,USIMUSIM3GK,KEAP2AKAb)WLAN2AN,WLAN2UE3G2WLANc)3GPPAAA2server3GPP3G2WLANd)HSS/HLR,(K),EAP2AKAUMTSAKA[4]EAP[6]EAP2AKA(1):EAPRequest/identityEAPResponse/identity:[IMSIorNAI]EAPResponse/identity:[IMSIorNAI]EAPRequest/AKAChallenge:[RAND,TUTN,Nextre2authid,MAC]EAPRequest/AKA2Challenge:[RAND,TUTN,Nextre2authid,MAC]EAPResponse/AKA2Challenge:[RES,MAC]EAPResponse/AKA2Challenge:[RES,MAC]EAPRequest/Notification:[Success]EAPRequest/Notification:[Success],3GPPAAA2serverWLAN2UE,3GPPAAA2ser2verHLR/HSSWLAN2UEAV,AVRANDIKCKXRESAUTN3GPPAAA2server25420084ApplicationResearchofComputersVol.25No.4Apr.2008RANDAUTN,EAPRequest/AKAChallenge,WLAN2UEEAPRequest/AKA2Challenge,WLAN2UERAND,AUTN,AKA[1],,IKCKRES,EAPResponse/AKA2Challenge3GPPAAA2serverEAPResponse/AKA2ChallengeRESXRES,,WLAN2UEEAP2AKA,WLAN2UE3GPPAAA2server,,IKCK;3GPPAAA2serverWLAN2AN;WLAN2UEWLAN2AN2,EAP,EAPAKA,,EAP,,,,,[4],,[7],1.244s,0.605s,46%,2,:EAPRequest/identityEAPResponse/identity:[Nextre2authid]EAPResponse/identity:[Nextre2authid]EAPRequest/Re2authentication:[Counter,Nonce,Nextre2authid,MAC]EAPRequest/Re2authentication:[Counter,Nonce,Nextre2authid,MAC]EAPResponse/AKARe2authentication:[Counter,MAC]EAPResponse/AKARe2authentication:[Counter,MAC]EAPRequest/Notification:[Success]EAPRequest/Notification:[Success],WLAN2ANWLAN2UE,WLAN2UE,Nextre2authid3GPPAAA2serverWLAN2UENextre2authid,WLAN2UECounterNonceMACNextre2authidCounter(counter1),Counter,Nextre2authidNonceUMTSAKARAND,MAC,NonceCounterNextre2authidNonceWLAN2UE,,MAC,Counter,WLAN2UENextre2authid,CounterMAC,MACNonce,,IKCKWLAN2UE3GPPAAA2serverMACWLAN2UEUMTSAKAIKCK,3GPPAAA2serverIKCK,3GPPAAA2serverWLAN2AN,WLAN2UEWLAN2AN3GPPAAA2serverWLAN2ANIKCK,WLAN2AN,WLAN2ANCounternonceID,MAC,WLAN2AN3GPPAAA2server;,WLAN2ANWLAN2UE,3GPPAAA2serverWLAN2UEWLAN2AN3GPPAAA2server3GPPAAA2serverWLAN2ANWLAN2UE,,,WLAN2UE3GPPAAA2serverIKCK,,3GPPAAA2ser2verWLAN2ANWLAN2UEWLAN2AN,WLAN2UE3GPPAAA2serverIKCK,IKCKWLAN2AN,WLAN2AN[7],EAP,01605s3G2WLAN,3GPPAAA2server,3G,,3G,WLAN2AN,EAPWLAN2UEWLAN2AN,WLAN2AN,WLAN2UEWLAN2AN421125WLAN2UE3G,3GPPAAA2serverWLAN2UE,WLAN2AN3GPPAAA2server,,3G,WLAN2UEWLAN2AN,WLAN2AN3G,3GWLANEAP,s,h,hi(s)=h((h(s)))si3GPPAAA2server,:a)1,EAPRequest/AKA2ChallengeEck(s),WLAN2UEs,CKsEck(s)b)1,EAP2Request/AKA2NotificationEck(n)n3GPPAAA2server,n,EAP,WLAN2UEs3GPPAAA2server,WLAN2UE,WLAN2UEh1(s),h2(s),,hn-1(s),IKCKWLAN2UEWLAN2ANTK3GPPAAA2serverIKCKTK,hn(s),hn(s)Sig(hn(s)),{Nextre2authid,TK,n,hn(s),Sig(hn(s))}WLAN2AN,3GPPAAA2server3,WLAN2UEWLAN2ANa)WLAN2ANWLAN2UE:EAPRequest/Identity;b)WLAN2UENextre2authidWLAN2AN:EAPResponse/Identity:[Nextre2authid];c)WLAN2ANNextre2authid,WLAN2UENonce,Nextre2authid,i(,in-1,n-2,),TKNonceMAC,WLAN2UE:EAPRequest/AKARe2authentication:[Nonce,Nextre2authid,i,MAC];d)WLAN2UEEAPRequest/AKARe2authentication,i1,MAC,WLAN2UEWLAN2ANihi(s),WLAN2AN:EAPResponse/AKARe2authentication:[i,hi(s)];e)WLAN2ANEAPResponse/AKARe2authenticationhi(s),h(hi(s)),,WLAN2ANWLAN2UE,hi(s);WLAN2ANWLAN2UE:EAPSuccess1,,:a)WLAN2UEWLAN2ANEAP,WLAN2UEWLAN2ANTKTKMAC,WLAN2UEEAPRequest/AKA2Re2authenticationMAC,WLAN2ANWLAN2ANWLAN2UEEAPWLAN2AN3GPPAAA2serverhn(s);WLAN2ANWLAN2UEEAPRe2sponse/AKA2Re2authenticationhn-1(s)h(hn-1(s))=hn(s),WLAN2UEWLAN2ANhn-1(s),,,nWLAN2UEEAPResponse/AKARe2authentica2tionsb)WLAN2UEWLAN2ANEAPRequest/AKA2Re2authentication,i11WLAN2UE,3G,,,EAP,WLAN2UEh1(s),h2(s),,hn-1(s),,WLAN2UEMAC,WLAN2UE,,1,3GPPAAA2ser2verWLAN2UEWLAN2AN,52114,:3G2WLANWLAN2AN3GPPAAA2serverWLAN2ANhn-1(s),hn-2(s),,h(s),s,EAP3GPPAAA2serverhn(s),Sig(hn(s))3GPPAAA2serverhn(s),WLAN2ANhn(s),WLAN2ANs,hn-1(s),hn-2(s),,h(s)WLAN2AN{Sig(hn(s),(hn(s)),hn-1(s),,h(s),s)}WLAN2AN(5min)WLAN2UE,{Sig(hn(s),(hn(s)),hn-1(s),,h(s),s)}WLAN2UEWLAN,3GWLAN3G2WLAN,,,,3G,,WLAN3G:[1]3GPPTR23.934v6.2.0,Feasibilitystudyon3GPPsystemtowire2lesslocalareanetwork(WLAN)interworking[EB/OL].(2003209).[2]3GPPTS23.234v7.4.0,3GPPsystemstowirelesslocalareanet2work(WLAN),release6[EB/OL].(2006212).[3]3GPPTS33.234v7.3.0,3Gsecurity;wirelesslocalareanetwork(WLAN)interworkingsecurity,release6[EB/OL].(2006212).ht2tp://ftp.3gpp.org