- 學位論文
行動網路安全機制之研究
A Research on Security Mechanisms in Mobile Networks
摘要
在現代通訊中,無線移動網路扮演著重要角色。使用者可使用行動裝置隨時隨地存取無線移動網路且取得所需資料。全球移動網路(Global Mobile Network)可在異地網路提供由本地代理支援的漫遊服務。但由於傳輸媒體的特質,任何人都可以竊聽或攔截無線傳輸的訊息。此屬性使得身份驗證對在安全性的確保上為一重要因素。 最近,Madhusudhan和Shashidhara提出了一種用於全球移動網路中漫遊服務的認證方案。他們聲稱他們的方案可以確保使用者匿名和不可追踪性、相互驗證、完美的前向保密、本地密碼驗證、會談金鑰安全性和公平性、無時間同步問題及用戶友好性。在分析了他們的方案後,我們發現它存在一些缺陷。首先,惡意使用者可以取得會談金鑰。其次,惡意使用者可以冒充合法使用者。第三,他們的方案無法抵禦去同步攻擊。第四,他們的方案無法確保外地代理與本地代理間的相互認證。 此外,Gupta和Chaudhari在2018年為全球移動網路中的漫遊服務提出了匿名雙因素身份驗證協議。他們聲稱,他們的方案不僅可確保強大的用戶匿名性、相互身份驗證和完美的前向保密,還可抵禦去同步攻擊、密碼猜測攻擊,重播攻擊和內部攻擊。在分析了他們的方案後,我們發現它存在一些缺陷。首先,外地代理無法確定本地代理是誰以及所接收的請求是否傳送予自己。其次,本地代理無法成功記錄認證失敗的次數。第三,外地代理無法確定本地代理發送的消息是否傳送予自己。第四,惡意使用者可發動平行攻擊來獲取未經授權的服務。 在本研究中,我們將詳細說明上面兩個為全球移動網路設計的安全方案所無法抵禦之攻擊及安全缺失。
並列摘要
In contemporary communications, wireless mobile networks play an important role. Users use mobile devices to access wireless mobile networks anytime and anywhere to get the needed data. Global Mobile Network (GLOMONET) provides roaming services supported by a home agent in any foreign network. Due to the nature of transmission media, anyone can eavesdrop or intercept the messages transmitted wirelessly. This property makes authentication important to ensure security. Recently, Madhusudhan and Shashidhara proposed an authentication scheme for roaming service in global mobile networks. They claimed that their scheme could ensure user anonymity and untraceability, mutual authentication, perfect forward secrecy, local password verification, session key security and fairness, no time synchronization problem, and user friendliness. After analyzing their scheme, we find that it suffers from some flaws. First, a session key can be retrieved by a malicious user. Second, a malicious user can impersonate a legal user. Third, their scheme suffers from de-synchronization attack. Fourth, mutual authentication between the foreign agent and the home agent is not ensured as claimed. Meanwhile, Gupta and Chaudhari proposed an anonymous two factor authentication protocol for roaming service in global mobile networks in 2018. They claimed that their scheme could not only ensure strong user anonymity, mutual authentication and perfect forward secrecy but also resist desynchronization attack, password guessing attack, replay attack, and insider attack. After analyzing their scheme, we find that it suffers from some flaws. First, the foreign agent cannot determine who the home agent is and whether the received request is for itself or not. Second, some operation cannot be executed by the home agent to record the number of authentication failure. Third, the foreign agent cannot determine whether the message received sent by the home agent is for itself or not. Fourth, a malicious user can mount parallel attack to obtain the unauthorized service. In this thesis, we will show the security flaws that these two schemes designed for Global Mobile Network suffer from.
參考文獻
延伸閱讀
- Lin, C. H. (2008). 行動通訊的安全機制之設計與應用 [master's thesis, National Taichung University of Science and Technology]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0061-1811200915323698
- 林勤經、樊國楨、方仁威、黃景彰(2002)。資訊安全管理系統建置工作之研究。資訊管理研究,4(2),43-64。https://doi.org/10.6188/JEB.2002.4(2).02
- Chen, W. Z. (2008). 通訊協定與網路應用程式安全性驗證方法之研究 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2008.00991
- 范又升(2007)。安全的感測網路定位技術之研究〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2007.00533
- Wu, W., & Yang, C. Y. (2022). An Overview on Network Security Situation Awareness in Internet. International Journal of Network Security, 24(3), 450-456. https://doi.org/10.6633/IJNS.202205_24(3).08