3G網(wǎng)絡(luò)信令系統(tǒng)安全關(guān)鍵技術(shù)研究
本文選題:3G + SIP協(xié)議; 參考:《西安電子科技大學》2014年碩士論文
【摘要】:隨著現(xiàn)代移動技術(shù)的蓬勃發(fā)展,第三代移動通信即3G技術(shù)已經(jīng)在全球范圍內(nèi)商業(yè)化并且快速的取代了原有的移動通信技術(shù)。3G技術(shù)具有很多優(yōu)點,例如通信速度快、網(wǎng)絡(luò)性能強、業(yè)務(wù)量承載能力強大等。所以3G技術(shù)的應用給人們的生活帶來了前所未有的改變以及發(fā)揮了難以想象的作用。IP多媒體子系統(tǒng)即IMS是3G網(wǎng)中的最核心的一部分,通信網(wǎng)絡(luò)中包括接入層、傳輸層、控制層和應用層等都需要通過IMS來控制和交互。而在IMS中,會話初始協(xié)議即SIP是一個重要的信令控制協(xié)議。該協(xié)議控制IMS子系統(tǒng)創(chuàng)建、修改和終止一個或多個會話。同時,由于該協(xié)議的重要作用以及其靈活簡單、開放性強、兼容性好等特點,使得該協(xié)議成為了會話控制協(xié)議的標準協(xié)議。利用SIP協(xié)議,能夠讓用戶體驗即時消息、在線狀態(tài)等新的服務(wù)。雖然目前SIP協(xié)議已經(jīng)被廣泛應用,但是其還存在著諸多安全問題;诖,HTTP摘要認證、S/MIME機制、TLS機制、IPsec等機制都已經(jīng)被開發(fā)并且使用。而HTTP摘要認證對SIP協(xié)議的兼容性最好的,所以該機制是SIP協(xié)議的缺省安全認證機制,所取得的主要研究成果為:1.簡要介紹了3G的發(fā)展歷史,詳細介紹了IMS系統(tǒng)的結(jié)構(gòu)。然后對SIP協(xié)議進行了重點分析和研究。研究了其目前的研究狀態(tài)、研究成果,詳細分析了其可能面臨的主要攻擊等。2.對SIP安全問題進行全面分析之后,本文針對與其在安全方面配合良好的HTTP摘要認證進行研究和分析,并且與其他的安全機制進行比較,例如S/MIME機制、TLS機制等。分析結(jié)果表明該機制非常容易受到例如服務(wù)器攻擊、密碼離線猜測攻擊、重放攻擊等非法攻擊。3.針對傳統(tǒng)HTTP摘要認證的缺陷,國內(nèi)有人提出了雙向的HTTP摘要認證,本文對該雙向的認證方式進行分析研究,并在此基礎(chǔ)上提出了一種改進的雙向的HTTP摘要認證——sHTTP摘要認證。同時,本文結(jié)合服務(wù)器偽裝攻擊、重放攻擊、注冊劫持攻擊以及離線猜測這四種攻擊的攻擊方式和攻擊強度,來分析三種摘要認證的優(yōu)缺點并且進行相互之間的對比。分析結(jié)果表明本文所提出的sHTTP摘要認證能夠很好地防御這四種攻擊。4.本文基于sHTTP摘要認證,對SIP呼叫過程進行了改進,并且對該改進的SIP呼叫過程進行安全性分析,其中分別分析了會話密匙Key、Hash算法和AES加密算法。最后,本文在實驗室利用FETCH消息構(gòu)造了通信函數(shù)并且在服務(wù)器、交換機等設(shè)備上模擬實現(xiàn)了該SIP會話通信。
[Abstract]:With the rapid development of modern mobile technology, the 3G technology has been commercialized in the global scope and replaced the original mobile communication technology. 3G technology has many advantages, such as fast communication speed, strong network performance. Business load bearing capacity is strong, and so on. Therefore, the application of 3G technology has brought unprecedented changes to people's lives and played an unimaginable role. IMS is the core part of 3G network, and the communication network includes access layer and transmission layer. Both the control layer and the application layer need to be controlled and interacted through IMS. In IMS, session initiation protocol (SIP) is an important signaling control protocol. This protocol controls the IMS subsystem to create, modify, and terminate one or more sessions. At the same time, due to the important role of the protocol and its flexible, simple, open, good compatibility and other characteristics, the protocol has become the standard protocol of session control protocol. Using SIP protocol, users can experience new services such as instant messaging, online state and so on. Although SIP protocol has been widely used, there are still many security problems. Based on this, HTTP digest authentication / S / mime mechanism, TLS mechanism and IPsec mechanism have been developed and used. However, HTTP digest authentication has the best compatibility with SIP protocol, so this mechanism is the default security authentication mechanism of SIP protocol. The main research results are: 1: 1. The development history of 3G is briefly introduced, and the structure of IMS system is introduced in detail. Then the SIP protocol is analyzed and researched. This paper studies its current research status, research results, and analyzes in detail the main attacks it may face. 2. 2. After a comprehensive analysis of SIP security issues, this paper studies and analyzes HTTP digest authentication which works well with SIP security, and compares with other security mechanisms, such as Sr mime mechanism and TLS mechanism. The analysis results show that the mechanism is vulnerable to such illegal attacks as server attack, password offline guessing attack, replay attack and so on. In view of the defects of traditional HTTP digest authentication, some people in our country have proposed a bidirectional HTTP digest authentication. This paper analyzes and researches the bidirectional authentication method, and proposes an improved bi-directional HTTP digest authentication, sHTTP digest authentication. At the same time, combined with server camouflage attack, replay attack, register hijack attack and off-line guess attack, this paper analyzes the advantages and disadvantages of the three kinds of digest authentication and compares them with each other. The analysis results show that the sHTTP digest authentication proposed in this paper can protect against these four attacks. 4. 4. In this paper, the SIP call process is improved based on sHTTP digest authentication, and the security of the improved SIP call process is analyzed, in which the session key Hash algorithm and AES encryption algorithm are analyzed respectively. Finally, this paper constructs a communication function using fetch messages in the laboratory and simulates the SIP session communication on servers, switches and other devices.
【學位授予單位】:西安電子科技大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TN929.53
【相似文獻】
相關(guān)期刊論文 前10條
1 胡聲洲;羅南;盧震輝;;安全協(xié)議重放攻擊的關(guān)聯(lián)性分析[J];電腦知識與技術(shù)(學術(shù)交流);2007年20期
2 李金鎖;趙建超;;重放攻擊教學案例設(shè)計[J];九江職業(yè)技術(shù)學院學報;2011年02期
3 劉家芬;周明天;;對安全協(xié)議重放攻擊的分類研究[J];計算機應用研究;2007年03期
4 孫嵐;吳英杰;羅釗;王一蕾;;路網(wǎng)環(huán)境下防止重放攻擊的位置隱私保護算法[J];華中科技大學學報(自然科學版);2013年S2期
5 陳宇琦;;一種基于時間戳的無線射頻重放攻擊抵御方案[J];現(xiàn)代計算機(專業(yè)版);2012年09期
6 趙華峰;;密碼協(xié)議中重放攻擊的研究[J];科學技術(shù)與工程;2008年18期
7 叢延奇,謝君,徐艷;IPSec的抗重放原理及其實現(xiàn)[J];湖南工程學院學報(自然科學版);2003年04期
8 逯海軍,祝躍飛;產(chǎn)生“一次一密”會話密鑰的抗重放攻擊鑒別協(xié)議[J];計算機應用;2003年07期
9 夏正友,蔣嶷川,鐘亦平,張世永;需求裝載代碼協(xié)議的安全缺陷分析[J];軟件學報;2005年06期
10 王正才;楊世平;;抗重放攻擊認證協(xié)議的設(shè)計原則和方法研究[J];計算機工程與設(shè)計;2008年20期
相關(guān)會議論文 前1條
1 劉家芬;周明天;;對安全協(xié)議重放攻擊的分類研究(英文)[A];計算機技術(shù)與應用進展——全國第17屆計算機科學與技術(shù)應用(CACIS)學術(shù)會議論文集(下冊)[C];2006年
相關(guān)博士學位論文 前1條
1 陶宏才;安全協(xié)議結(jié)構(gòu)及其范式研究[D];西南交通大學;2007年
相關(guān)碩士學位論文 前3條
1 賈其蘭;3GPP AKA協(xié)議中序列號的安全性分析與研究[D];天津理工大學;2015年
2 陳晨;3G網(wǎng)絡(luò)信令系統(tǒng)安全關(guān)鍵技術(shù)研究[D];西安電子科技大學;2014年
3 梁德恒;多源隨機線性網(wǎng)絡(luò)編碼安全的研究[D];暨南大學;2011年
,本文編號:2072591
本文鏈接:http://sikaile.net/kejilunwen/wltx/2072591.html