標題: 以群組認證金鑰支援跨網域漫遊的認證與金鑰分配機制
Group Authentication Key-based Authentication and Key Agreement for Inter-networks Roaming
作者: 陳鈺玟
Yu-Wen Chen
曾建超
資訊科學與工程研究所
關鍵字: 群組;認證;認證與金鑰分配機制;群組金鑰;漫遊;網路;security;group key;AKA (Authentication and Key Agreement);roaming;wireless network;authentication
公開日期: 2006
摘要: 本論文提出一個群組認證與金鑰分配機制,這個機制可以減少行動台(mobile station; MS)的服務網路(Serving Network; SN)與家網路(Home Network; HN)之間的認證訊息流量。在傳統的無線網路認證與會議金鑰產生機制中,SN對於每一個來訪的MS都會發出認證需求,要求MS的HN進行MS的認證並回傳MS的認證資料,因此當有多個MSs漫遊至同一SN時,這些MS的認證需求會產生SN與HN之間的訊息流量以及網路延遲,影響即時通訊系統的服務品質。因此本篇論文以群組認證的概念,利用群組成員經常一起漫遊或漫遊於相同路線的特性,讓第一個執行認證程序的MS在認證同時,順便幫同群組的其他MS取得可共享的群組認證資料。若群組成員想在同一個SN上認證,則SN上的認證者(Authenticator)可直接利用先前取得的群組認證金鑰來與MS進行近端認證(Local Authentication),不用再向MS的HN發送認證的訊息。因此可以減少SN與HN之間的訊息流量與認證延遲,大幅改善MS於無線網路漫遊時的認證速度與效能,更提昇了即時通訊的服務品質。
This thesis presents a Group Key-based Authentication and Key Agreement (GK-AKA) mechanism to reduce the number of authentication messages exchanged between a serving network (SN) and the home network (HN) of a mobile station (MS). Current Authentication and Key Agreement (AKA) protocols are designed for an SN to authen-ticate each individual MS in wireless environments. Therefore, when multiple MSs from the same network visit an SN, the SN needs to ask the HN of the MSs to authenti-cate each MS and return the MS’s authentication data individually. Each of these au-thentications will cause a number of authentication messages exchanged between the SN and HN of the MSs, and lengthen the handover latency, which may degrade the quality of real-time services. In this thesis, we propose a GK-AKA mechanism that adopts the concept of group authentication to eliminate the number authentications between the SN and HN of the MSs. In many circumstances, a group of MSs may roam together or along the same path, or visit the same SN. In GK-AKA, when the first MS of an MS group visits an SN, the SN will perform a “full” authentication with the MS’s HN, and obtain the authentication data not only for the first MS but also for the rest of the MSs of the same group. Later on, when an MS of the same group visit the SN, the SN can authenticate the MS locally, without sending authentication request to the MS’s HN. Performance analysis shows that GK-AKA can reduce the authentication signal overhead between SN and HN sig-nificantly.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT009455608
http://hdl.handle.net/11536/82127
Appears in Collections:Thesis