本文選題：3G + SIP協(xié)議��； 參考：《西安電子科技大學(xué)》2014年碩士論文

【摘要】：隨著現(xiàn)代移動(dòng)技術(shù)的蓬勃發(fā)展,第三代移動(dòng)通信即3G技術(shù)已經(jīng)在全球范圍內(nèi)商業(yè)化并且快速的取代了原有的移動(dòng)通信技術(shù)。3G技術(shù)具有很多優(yōu)點(diǎn),例如通信速度快、網(wǎng)絡(luò)性能強(qiáng)、業(yè)務(wù)量承載能力強(qiáng)大等。所以3G技術(shù)的應(yīng)用給人們的生活帶來了前所未有的改變以及發(fā)揮了難以想象的作用。IP多媒體子系統(tǒng)即IMS是3G網(wǎng)中的最核心的一部分,通信網(wǎng)絡(luò)中包括接入層、傳輸層、控制層和應(yīng)用層等都需要通過IMS來控制和交互。而在IMS中,會(huì)話初始協(xié)議即SIP是一個(gè)重要的信令控制協(xié)議。該協(xié)議控制IMS子系統(tǒng)創(chuàng)建、修改和終止一個(gè)或多個(gè)會(huì)話。同時(shí),由于該協(xié)議的重要作用以及其靈活簡(jiǎn)單、開放性強(qiáng)、兼容性好等特點(diǎn),使得該協(xié)議成為了會(huì)話控制協(xié)議的標(biāo)準(zhǔn)協(xié)議。利用SIP協(xié)議,能夠讓用戶體驗(yàn)即時(shí)消息、在線狀態(tài)等新的服務(wù)。雖然目前SIP協(xié)議已經(jīng)被廣泛應(yīng)用,但是其還存在著諸多安全問題�；诖�,HTTP摘要認(rèn)證、S/MIME機(jī)制、TLS機(jī)制、IPsec等機(jī)制都已經(jīng)被開發(fā)并且使用。而HTTP摘要認(rèn)證對(duì)SIP協(xié)議的兼容性最好的,所以該機(jī)制是SIP協(xié)議的缺省安全認(rèn)證機(jī)制,所取得的主要研究成果為:1.簡(jiǎn)要介紹了3G的發(fā)展歷史,詳細(xì)介紹了IMS系統(tǒng)的結(jié)構(gòu)。然后對(duì)SIP協(xié)議進(jìn)行了重點(diǎn)分析和研究。研究了其目前的研究狀態(tài)、研究成果,詳細(xì)分析了其可能面臨的主要攻擊等。2.對(duì)SIP安全問題進(jìn)行全面分析之后,本文針對(duì)與其在安全方面配合良好的HTTP摘要認(rèn)證進(jìn)行研究和分析,并且與其他的安全機(jī)制進(jìn)行比較,例如S/MIME機(jī)制、TLS機(jī)制等。分析結(jié)果表明該機(jī)制非常容易受到例如服務(wù)器攻擊、密碼離線猜測(cè)攻擊、重放攻擊等非法攻擊。3.針對(duì)傳統(tǒng)HTTP摘要認(rèn)證的缺陷,國(guó)內(nèi)有人提出了雙向的HTTP摘要認(rèn)證,本文對(duì)該雙向的認(rèn)證方式進(jìn)行分析研究,并在此基礎(chǔ)上提出了一種改進(jìn)的雙向的HTTP摘要認(rèn)證——sHTTP摘要認(rèn)證。同時(shí),本文結(jié)合服務(wù)器偽裝攻擊、重放攻擊、注冊(cè)劫持攻擊以及離線猜測(cè)這四種攻擊的攻擊方式和攻擊強(qiáng)度,來分析三種摘要認(rèn)證的優(yōu)缺點(diǎn)并且進(jìn)行相互之間的對(duì)比。分析結(jié)果表明本文所提出的sHTTP摘要認(rèn)證能夠很好地防御這四種攻擊。4.本文基于sHTTP摘要認(rèn)證,對(duì)SIP呼叫過程進(jìn)行了改進(jìn),并且對(duì)該改進(jìn)的SIP呼叫過程進(jìn)行安全性分析,其中分別分析了會(huì)話密匙Key、Hash算法和AES加密算法。最后,本文在實(shí)驗(yàn)室利用FETCH消息構(gòu)造了通信函數(shù)并且在服務(wù)器、交換機(jī)等設(shè)備上模擬實(shí)現(xiàn)了該SIP會(huì)話通信。
[Abstract]:With the rapid development of modern mobile technology, the 3G technology has been commercialized in the global scope and replaced the original mobile communication technology. 3G technology has many advantages, such as fast communication speed, strong network performance. Business load bearing capacity is strong, and so on. Therefore, the application of 3G technology has brought unprecedented changes to people's lives and played an unimaginable role. IMS is the core part of 3G network, and the communication network includes access layer and transmission layer. Both the control layer and the application layer need to be controlled and interacted through IMS. In IMS, session initiation protocol (SIP) is an important signaling control protocol. This protocol controls the IMS subsystem to create, modify, and terminate one or more sessions. At the same time, due to the important role of the protocol and its flexible, simple, open, good compatibility and other characteristics, the protocol has become the standard protocol of session control protocol. Using SIP protocol, users can experience new services such as instant messaging, online state and so on. Although SIP protocol has been widely used, there are still many security problems. Based on this, HTTP digest authentication / S / mime mechanism, TLS mechanism and IPsec mechanism have been developed and used. However, HTTP digest authentication has the best compatibility with SIP protocol, so this mechanism is the default security authentication mechanism of SIP protocol. The main research results are: 1: 1. The development history of 3G is briefly introduced, and the structure of IMS system is introduced in detail. Then the SIP protocol is analyzed and researched. This paper studies its current research status, research results, and analyzes in detail the main attacks it may face. 2. 2. After a comprehensive analysis of SIP security issues, this paper studies and analyzes HTTP digest authentication which works well with SIP security, and compares with other security mechanisms, such as Sr mime mechanism and TLS mechanism. The analysis results show that the mechanism is vulnerable to such illegal attacks as server attack, password offline guessing attack, replay attack and so on. In view of the defects of traditional HTTP digest authentication, some people in our country have proposed a bidirectional HTTP digest authentication. This paper analyzes and researches the bidirectional authentication method, and proposes an improved bi-directional HTTP digest authentication, sHTTP digest authentication. At the same time, combined with server camouflage attack, replay attack, register hijack attack and off-line guess attack, this paper analyzes the advantages and disadvantages of the three kinds of digest authentication and compares them with each other. The analysis results show that the sHTTP digest authentication proposed in this paper can protect against these four attacks. 4. 4. In this paper, the SIP call process is improved based on sHTTP digest authentication, and the security of the improved SIP call process is analyzed, in which the session key Hash algorithm and AES encryption algorithm are analyzed respectively. Finally, this paper constructs a communication function using fetch messages in the laboratory and simulates the SIP session communication on servers, switches and other devices.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TN929.53

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 胡聲洲;羅南;盧震輝;;安全協(xié)議重放攻擊的關(guān)聯(lián)性分析[J];電腦知識(shí)與技術(shù)(學(xué)術(shù)交流);2007年20期

2 李金鎖;趙建超;;重放攻擊教學(xué)案例設(shè)計(jì)[J];九江職業(yè)技術(shù)學(xué)院學(xué)報(bào);2011年02期

3 劉家芬;周明天;;對(duì)安全協(xié)議重放攻擊的分類研究[J];計(jì)算機(jī)應(yīng)用研究;2007年03期

4 孫嵐;吳英杰;羅釗;王一蕾;;路網(wǎng)環(huán)境下防止重放攻擊的位置隱私保護(hù)算法[J];華中科技大學(xué)學(xué)報(bào)(自然科學(xué)版);2013年S2期

5 陳宇琦;;一種基于時(shí)間戳的無線射頻重放攻擊抵御方案[J];現(xiàn)代計(jì)算機(jī)(專業(yè)版);2012年09期

6 趙華峰;;密碼協(xié)議中重放攻擊的研究[J];科學(xué)技術(shù)與工程;2008年18期

7 叢延奇,謝君,徐艷;IPSec的抗重放原理及其實(shí)現(xiàn)[J];湖南工程學(xué)院學(xué)報(bào)(自然科學(xué)版);2003年04期

8 逯海軍,祝躍飛;產(chǎn)生“一次一密”會(huì)話密鑰的抗重放攻擊鑒別協(xié)議[J];計(jì)算機(jī)應(yīng)用;2003年07期

9 夏正友,蔣嶷川,鐘亦平,張世永;需求裝載代碼協(xié)議的安全缺陷分析[J];軟件學(xué)報(bào);2005年06期

10 王正才;楊世平;;抗重放攻擊認(rèn)證協(xié)議的設(shè)計(jì)原則和方法研究[J];計(jì)算機(jī)工程與設(shè)計(jì);2008年20期

相關(guān)會(huì)議論文 前1條

1 劉家芬;周明天;;對(duì)安全協(xié)議重放攻擊的分類研究(英文)[A];計(jì)算機(jī)技術(shù)與應(yīng)用進(jìn)展——全國(guó)第17屆計(jì)算機(jī)科學(xué)與技術(shù)應(yīng)用（CACIS）學(xué)術(shù)會(huì)議論文集（下冊(cè)）[C];2006年

相關(guān)博士學(xué)位論文 前1條

1 陶宏才;安全協(xié)議結(jié)構(gòu)及其范式研究[D];西南交通大學(xué);2007年

相關(guān)碩士學(xué)位論文 前3條

1 賈其蘭;3GPP AKA協(xié)議中序列號(hào)的安全性分析與研究[D];天津理工大學(xué);2015年

2 陳晨;3G網(wǎng)絡(luò)信令系統(tǒng)安全關(guān)鍵技術(shù)研究[D];西安電子科技大學(xué);2014年

3 梁德恒;多源隨機(jī)線性網(wǎng)絡(luò)編碼安全的研究[D];暨南大學(xué);2011年

，

本文編號(hào)：2072591