摘要
全球微波接入互操作性(WiMAX:World Interoperability for Microwave Access)作为一种极具竞争力的无线接入技术,众多的运营商都在关注着它的进展,并着力将其推向市场。然而由于无线城域网的传输媒介的开放性,安全问题也备受关注,安全机制完善如否,接入控制策略是否合理,已经成为WiMAX网络产品化和市场化成功与否的关键性因素之一,因此,本论文对于WiMAX网络安全机制和接入控制问题的研究具有非常重要的意义。
首先,论文针对IEEE 802.16协议中的安全子层,论述了IEEE 802.16-2004和IEEE 802.16-2005标准的安全机制,建立起基站和用户站在认证机制,密钥分配,数据加密这一系列过程中的交互流程。针对该流程进行了安全分析,分析其对经典攻击的响应,通过分析,发现协议对一些安全问题没有给出详细的定义,其认证体系存在一定的缺陷,且移动终端处理能力弱,这些问题都会造成一定的安全漏洞,带来安全隐患。
其次,在分析安全漏洞的基础上,引入了无线公钥体系(Wireless Public Key Infrastructure:WPKI)到WiMAX,并针对WiMAX的特点做出了修正和改进,提出了基于WPKI技术的认证机制,基于AES算法的数据传输安全机制,基于SSL技术的基站间安全通信机制,改进了WiMAX系统中的安全体系,并对该安全体系进行了安全和性能分析,分析表明,改进的WiMAX安全体系在一定程度上解决了WiMAX中存在的安全隐患,同时兼顾了移动终端处理能力弱,存储空间小的问题,提高了安全体系的性能。
接着,本文对WiMAX系统对接入控制的定义做了分析,对传统蜂窝网络和3G系统的接入控制算法做了全面深入的研究,比较了各种接入控制算法的适用条件和优缺点,针对WiMAX系统的特点,依据接入控制的衡量指标,提出了基于QoS优先级的接入控制机制,并对该机制进行了仿真,仿真结果验证本文算法的有效性和可靠性。
最后,文章进行了全文总结,并对未来工作做出了展望。
As a highly competitive wireless access technology, WiMAX (WorldInteroperability for Microwave Access) and its marketing are concerned by manyoperators. However, as the opening nature of WMAN's transmission medium, thesecurity and admission control issues are concerned. How to provide a perfectsecurity mechanism becomes a key problem in WiMAX networking products'marketization. So the research on security mechanism and admission controlalgorithm of WiMAX network is of great significance.
First of all, According to security sublayer in IEEE 802.16 standard, thesecurity mechanism of IEEE 802.16-2004 and IEEE 802.16-2005 is discussed first,the process in authentication mechanisms, key distribution, data encryption andestablish between base station and mobile station is established. The mechanism'sresponse against the classic attacks is analyzed. Then, we found that lack ofdefinition on some security problems, the vulnerability of authorization mechanismand the weak ability of the mobile terminal would bring some security problems.
Secondly, on this basis, WPKI (Wireless Public Key Infrastructure) isintroduced into WiMAX, and adjustments and improvements are proposedaccordingto WiMAX's features. We propose WPKI technology for the authenticationmechanism, security mechanism based on the AES algorithm for data transmission,SSL-based secure communications between base station and mobile station. Thesecurity mechanism in WiMAX systems is improved, the performance and securityof this scheme is analyzed. The result shows that our security scheme solves somesecurity problems in WiMAX, while the ablility of mobile terminal is considered toimprove the performance.
Then, the paper analyzed the definition of Access Control Mechanism forWiMAX system. Access control algorithms in traditional cellular networks and 3Gsystem is studied, the applicable conditions and the shortcomings of differentalgorithms are compared. According to the feature of WiMAX system, Access control mechanism based on the QoS priority is proposed, and the mechanism is simulated todemonstrate its effectiveness.
At last, the summary of the paper is proposed, and the future work is advised.
引文
[1] IEEE Std. 802.16~(TM)-2004. IEEE Standard for Local and Metropolitan Area Networks-Part 16: Air Interfacefor Fixed Broadband Wireless Access Systems [S]. 2004, IEEE Press
[2] IEEE Std. 802.16~(TM)-2005. IEEE Standard for Local and Metropolitan Area Networks-Part 16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems Amendment 2: Physical and Medium Access Control Layers for Combined Fixed and Mobile Operation in Licensed Bands [S]. 2005, IEEE Press
[3] 梁安.WiMax的应用与发展电子技术[J],2006,Vol.09(1):31~36
[4] Arbaugh W.A. Wireless security is different [J]. IEEE Computer, 2003, Vol.36 (8): 99~101.
[5] WooT., Yacobi Y. Topics in wireless security [J]. IEEE Wireless Communications, 2004, Vol.11 (1): 6~7.
[6] 高文字,陈松乔,王建新.接纳控制研究综述[J].计算机工程,2005,Vol.01(1):56~59
[7] 王春波,蒋智宁,李春旭.WiMAX网络端到端的QoS策略[J].电信科学,2005,Vol.05(3):82~85
[8] 金纯,郑武,陈林星.无线网络安全一技术与策略fM].电子工业出版社:北京,2004
[9] 龚文斌,甘仲民.无线移动通信系统中的呼叫接入控制[J].通信学报,2003,Vol.24(8):135~143
[10] S.K.Miller. Facing the Chalenges of Wireless Secttrity [J]. IEEE Computer, 2001, Vol.34 (4): 46~48
[11] 朱建明.无线网络安全方法与技术研究[D]:[博士学位论文].西安:西安电子科技大学,2004
[12] A.K.Ghosh, T.M.Swaminatha. Software security and privacy risks in mobile e-commerce [J]. Communicationsof the ACM, 2001, Vol.44 (2): 51-57
[13] C.S.Park. On Certificate-Based Security Protocols for Wireless Mobile Communication Systems [J]. IEEE Network, 1997, Vol.23 (4): 50-55
[14] 刘子龙,卢正新,黄载禄.2G与3G移动网系统安全兴及用户鉴权[J].通信学报,2002,Vol.2(8):119~119
[15] ETSI GSM 02.09.Digital cellular telecommunications system (Phase 2+) (GSM). Security aspects[S]. ETSI GSM
[16] ETSI GSM 02.20.Digital cellular telecommunications system (Phase 2+) (GSM). Security aspects[S]. ETSI GSM
[17] Ravi S., Raghunathan A., Chakradhar S. Embedding security in wireless embedded systems [J]. IEEE Computer Society, 2003:269~270
[18] C.H.Lee, M.S. Hwang, and W.P. Yang. Enhanced privacy and authentication for the global system for mobile communications [J]. Wireless Networks, Vol.5(4), 1999:231~243
[19] 3GPP TS21.133. 3rd Generation Partnership Project (3GPP); Technical Specification Group (TSG) SA. 3G Security; Security Threats and Requirements [S]. 3GPP, 1999
[20] Georgios Kambourakis, Angelos Rouskas. Performance evaluation of public key-based Authentication in future mobile communication systems [J]. EURASIP Journal on Wireless Comm and Networking, 2004, Vol. 1(1):184-197
[21] E1-Fishway, N., Tadros, A. On the design of authentication protocols for third generation mobile communication systems [C]. Proc.of conf.on 20th National Radio science, 2003: C24_1~C24_10
[22] 朱红儒,肖国镇.基于整个网络的3G安全体制的设计与分析[J].通信学报,2002,Vol.23(4):117~122
[23] 郑宇,何大可,梅其祥.基于自验证公钥的3G移动通信系统认证方案[J].计算机学报,2005,Vol.26(8):132~133
[24] ISDN0273812181225. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications ANSI/IEEE STD 802.11 [S]. IEEE 802.11, 2002
[25] 孙宏,杨义先.无线局域网协议802.11安全性分析[J].电子学报,2003,Vol.33(7):1098~1100.
[26] 严宏,何晨.有线等价私密算法的安全性能分析与改进[J].上海交大学报,2004,Vol.38(5):693~700
[27] Majstor F., WLAN security threats&solutions [C]. Proc.of the 28th Int.conf.on Annual Local Computer Networks, 2003:650~653
[28] David Johnston, Jesse Walker. Overview of IEEE 802.16 security [J]. IEEE Security&Privacy, 2004:40~48
[29] Derrick Boom. Denial of Service Vulnerabilities in IEEE 802.16 wireless Networks [J]. Security&Privacy, 2004:66~80
[30] 李惠忠,陈惠芳,赵问道.IEEE802.16安全漏洞及其解决方案[J].现代电信科技,2005, Vol.1:24~27
[31] 张雪.无线移动网中呼叫接入控制模型分析[J].通信学报,2005,Vol.26(8):99~106
[32] Leong, C.W., Zhuang, W. Novel system modeling in call admission control for wireless personal communications[C]. Global Telecommunications Conference, 2000
[33] Wieselthier, J. E., Ephremides, A. Fixed-and movable-boundary channel-access schemes for in tegrated voice/data wireless networks [J]. Communications, IEEE Transactions, 1995, Vol.43(1): 64~74
[34] Ma, M., Gunawan, E. Performance of CDMA-based MAC protocol for integrated voice/data wireless networks [J]. Electronics Letters, 2000, Vol.36 (17):1491~1492
[35] Tonguz, O.K, Xhafa, A. Improving handover performancein wireless networks: dynamic priority queuing versus guard channel method [J]. Electronics Letters, 2002, Vol. 38(7): 338~339
[36] Jae Young Lee, Saewoong Bahk. Simple admission control schemes supporting QoS in wireless multimedia networks [J]. Electronics Letters, 2001, Vol.37(11): 712~713
[37] Cui, W, Shen, X. User movement tendency prediction and call admission control for cellular networks [J]. IEEE International Conference on, 2000, Vol.2(5): 18~22
[38] Levine, D.A., Akyildiz, l. E, Naghshineh, M.. A resource estimation and call admission alg orithm for wireless multimedia networks using the shadow cluster concept [J]. Networking, IEEE/ACM Transactions, 1997, Vol.5(1): 1~12
[39] Haitang Wang, Bing He and Dharma P. Agrawal. Admission Control and Bandwidth Allocation above Packet Level for IEEE 802.16 Wireless MAN [C]. Proceedings of the 12th International Conference on Parallel and Distributed Systems, 2005, Vol.6(1): 108~112
[40] Haitang Wang, Wei Li, Dharma P. Agrawal. Dynamic Admission Control and QoS for 802.16 Wireless MAN [J]. Wireless Telecommunications Symposium, 2005:60~66
[41] 王育民,刘建伟.通信网的安全一理论与技术[M].陕西:西安电子科技大学出版,2000:25~53
[42] 卢开澄.计算机密码学一计算机网络中的数据保密与安全(第2版)[M].北京:清华大学出版社,2000:35~67
[43] H.Krawczyk, M.Bellare.HMAC. Keyed-Hashing for Message Authentication [R]. RFC2104, Intenet Eng.Task Force, 2006
[44] Kin K. Leung, Sayandev Mukherjee. Mobility Support for IEEE 802.16d Wireless Networks [J]. IEEE Communications Society, 2005:1446~1452
[45] IEEE STD 802.11i~(TM). IEEE Standard for Information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Medium Access Control (MAC) Security Enhancements [S]. 2004, IEEE Press
[46] J-Z Sun, D. Howie. Mobility management techniques for the next generation wireless networks [C]. Proceedings of SPIE #4586, Nov. 2001.
[47] J. Arkko, H. Haverinen. Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA) [R]. RFC4178, Intenet Eng.Task Force, 2006
[48] Chrisos xenakis, lazaros merakos. Security in third generation mobile networks [J]. Computer communications, 2004:308~313
[49] Koien, G.M. An introduction to access security in UMTS [J]. ISSS wireless communtication, 2004:8~18
[50] Kyungah Shim, Young-Ran Lee.Security flaws in authentication and key establishment protocols for mobile communications Applied [J].Mathematics and Computation, 2005, Vol.16(9):62~74
