Anonymous Roaming in Heterogeneous Wireless Networks
|School||Xi'an University of Electronic Science and Technology|
|Course||Computer System Architecture|
|Keywords||heterogeneous wireless networks security protocols roaming authentication anonymous identity-based public key crytography two-factor security security integration|
One of the main trends in next generation wireless networks is the all-IP based heterogeneous wireless network integration with the coexistence of a number of wireless access technologies, which is to provide diversified and ubiquitous access services. Roaming is the key enabling technology for ubiquitous wireless access. However, roaming security faces many challenges. Firstly, due to the openness of wireless channel and resource constraints of wireless devices, wireless networks suffers more severe threats than their wired counterparts. Secondly, a large number of operators coexist and cooperate, and each wireless access systems has addressed security in different ways. Finally, privacy protection during roaming process has become an increasing concern for people. Therefore, the study of anonymous roaming is of great significance. The main contributions are as follows.1. The security flaws of an identity-based authentication model are analyzed. The scheme fails to achieve entity authentication due to identity impersonation attack. Then, an improved authentication scheme is proposed to realize anonymous roaming in wireless networks. Our authentication scheme improves the original one in two aspects. Firstly, our scheme remedies the security flaws and is provably secure in the CK model. Secondly, our scheme simplifies the protocol interaction and is more efficient.2. A hybrid authentication scheme integrating certificate based and identity based public key cryptography is analyzed. It is demonstrated that the scheme suffers from mobile node spoofing attack and rogue network attack, and the key updating fails to possess backward secrecy, the scheme also has low scalability. Then, an improved authentication scheme is proposed, which remedies the security flaws and improves the scalability. Security analysis shows that the improved scheme is provably secure in the CK model. Meanwhile, performance comparison indicates that the improved scheme maintains the merit of low computation cost in Zhu et al.’s scheme.3. A smart card and password based two-factor anonymous authentication protocol for wireless roaming is analyzed. It is demonstrated that the scheme fails to achieve strong two-factor security, and suffers from domino effect, privileged insider attack and no password change option, etc. Then, an improved authentication scheme, which achieves strong two-factor security, is proposed and analyzed in the CK model. In particular, a smart card and password based two-factor authenticator is constructed. Security analysis shows that the improved scheme is provably secure. Compared with the original protocol, our improved protocol remedies its security flaws and enhances its security strength, with a slightly higher computation cost.4. How to integrate the vastly different security architectures used in each access network and unify user management is to be solved in urgent need. To achieve the security integration of 3G and WAPI based WLAN, a USIM based certificate distribution protocol is proposed. Two security integration schemes, i.e., loosely coupled and tightly coupled, are presented, which unify user management of 3G security architecture and WAPI, and realize WAPI based network access for 3G subscribers and identity privacy protection. The entity authentication and anonymity of the certificate distribution protocol is analyzed in CK model, and the results show that the protocol is provably secure.