ImageVerifierCode 换一换
格式:PDF , 页数:24 ,大小:332.65KB ,
资源ID:801550      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-801550.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ITU-T Q 3202 1-2008 Authentication protocols based on EAP-AKA for interworking among 3GPP WiMax and WLAN in NGN (Study Group 11)《基于下一代网络(NGN)中第三代合作伙伴项目(3GPP) 全球微波接入互操作性(WiMax)和无线局域.pdf)为本站会员(twoload295)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ITU-T Q 3202 1-2008 Authentication protocols based on EAP-AKA for interworking among 3GPP WiMax and WLAN in NGN (Study Group 11)《基于下一代网络(NGN)中第三代合作伙伴项目(3GPP) 全球微波接入互操作性(WiMax)和无线局域.pdf

1、 International Telecommunication Union ITU-T Q.3202.1TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (05/2008) SERIES Q: SWITCHING AND SIGNALLING Signalling requirements and protocols for the NGN Signalling and control requirements and protocols to support attachment in NGN environments Authenticati

2、on protocols based on EAP-AKA for interworking among 3GPP, WiMax, and WLAN in NGN Recommendation ITU-T Q.3202.1 ITU-T Q-SERIES RECOMMENDATIONS SWITCHING AND SIGNALLING SIGNALLING IN THE INTERNATIONAL MANUAL SERVICE Q.1Q.3 INTERNATIONAL AUTOMATIC AND SEMI-AUTOMATIC WORKING Q.4Q.59 FUNCTIONS AND INFOR

3、MATION FLOWS FOR SERVICES IN THE ISDN Q.60Q.99 CLAUSES APPLICABLE TO ITU-T STANDARD SYSTEMS Q.100Q.119 SPECIFICATIONS OF SIGNALLING SYSTEMS No. 4, 5, 6, R1 AND R2 Q.120Q.499 DIGITAL EXCHANGES Q.500Q.599 INTERWORKING OF SIGNALLING SYSTEMS Q.600Q.699 SPECIFICATIONS OF SIGNALLING SYSTEM No. 7 Q.700Q.79

4、9 Q3 INTERFACE Q.800Q.849 DIGITAL SUBSCRIBER SIGNALLING SYSTEM No. 1 Q.850Q.999 PUBLIC LAND MOBILE NETWORK Q.1000Q.1099 INTERWORKING WITH SATELLITE MOBILE SYSTEMS Q.1100Q.1199 INTELLIGENT NETWORK Q.1200Q.1699 SIGNALLING REQUIREMENTS AND PROTOCOLS FOR IMT-2000 Q.1700Q.1799 SPECIFICATIONS OF SIGNALLIN

5、G RELATED TO BEARER INDEPENDENT CALL CONTROL (BICC) Q.1900Q.1999 BROADBAND ISDN Q.2000Q.2999 SIGNALLING REQUIREMENTS AND PROTOCOLS FOR THE NGN Q.3000Q.3999 General Q.3000Q.3029 Network signalling and control functional architecture Q.3030Q.3099 Network data organization within the NGN Q.3100Q.3129 B

6、earer control signalling Q.3130Q.3179 Signalling and control requirements and protocols to support attachment in NGN environments Q.3200Q.3249 Resource control protocols Q.3300Q.3369 Service and session control protocols Q.3400Q.3499 Service and session control protocols supplementary services Q.360

7、0Q.3649 NGN applications Q.3700Q.3849 Testing for NGN networks Q.3900Q.3999 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T Q.3202.1 (05/2008) i Recommendation ITU-T Q.3202.1 Authentication protocols based on EAP-AKA for interworking among 3GPP, WiMax, and WLAN in

8、NGN Summary In Recommendation ITU-T Q.3202.1, a couple of authentication protocols for heterogeneous access authentication are discussed. 3GPP has standardized the 3GPP system-based EAP-AKA for interworking 3GPP and WLAN networks. The WiMax or WLAN device requires an external UICC reader for applyin

9、g the current EAP-AKA defined in 3GPP TS 33.234. This Recommendation proposes to apply the EAP-AKA protocol to non-3GPP network devices not equipped with UICC for interworking among 3GPP, WiMax, and WLAN in NGN. Source Recommendation ITU-T Q.3202.1 was approved on 22 May 2008 by ITU-T Study Group 11

10、 (2005-2008) under Recommendation ITU-T A.8 procedure. ii Rec. ITU-T Q.3202.1 (05/2008) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication S

11、tandardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA)

12、, which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall wit

13、hin ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recomme

14、ndation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as

15、 “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendati

16、on may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval o

17、f this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent

18、 database at http:/www.itu.int/ITU-T/ipr/. ITU 2009 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T Q.3202.1 (05/2008) iii CONTENTS Page 1 Scope 1 1.1 Relationship 1 2 References. 1 3 Abbreviations 1

19、 4 Security Requirements for Authentication Interworking . 2 5 Network architecture for access authentication interworking in NGN 3 6 Authentication protocols based on EAP-AKA for heterogeneous access authentication 5 7 Security considerations. 5 Appendix I Example authentication in heterogeneous en

20、vironments. 7 I.1 Example using EAP-AKA with UICC authentication mechanism 7 I.2 Example using EAP-AKA based on a password and the Diffie-Hellman algorithm. 10 I.3 Example of fast re-authentication procedure 14 Bibliography 16 Rec. ITU-T Q.3202.1 (05/2008) 1 Recommendation ITU-T Q.3202.1 Authenticat

21、ion protocols based on EAP-AKA for interworking among 3GPP, WiMax, and WLAN in NGN 1 Scope This Recommendation describes the authentication protocol based on the EAP-AKA for interworking 3GPP, WiMax b-IEEE 802.16e, and WLAN b-IEEE 802.11 access in NGN. 3GPP has standardized the 3GPP system-based EAP

22、-AKA for interworking 3GPP and WLAN networks. The WiMax or WLAN device, however, requires an external UICC reader. Without UICC, the EAP-AKA mechanism loses its own advantages in security and portability aspects. This Recommendation proposes a modified version of the EAP-AKA protocol for extending i

23、ts usage to existing WiMax/WLAN devices. In this Recommendation, two EAP-AKA full authentication protocols are described and proposed. Also, the fast re-authentication procedure of EAP-AKA is described. 1.1 Relationship Work for this Recommendation is based upon the context of ITU-T Q.3201. This Rec

24、ommendation complies with the EAP-based security signalling architecture for network attachment in ITU-T Q.3201, and considers the compatibility with the functional architecture in ITU-T Y.2012. This Recommendation refers to ETSI TS 133 234 for authentication protocol based on EAP-AKA with UICC and

25、fast re-authentication procedure. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other

26、 references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The refe

27、rence to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T Q.3201 Recommendation ITU-T Q.3201 (2007), EAP-based security signalling protocol architecture for network attachment. ITU-T Y.2012 Recommendation ITU-T Y.2012 (2006), Fu

28、nctional requirements and architecture of the NGN Release 1. ETSI TS 133 102 ETSI TS 133 102 (2006), Universal Mobile Telecommunications System (UMTS); 3G security; Security architecture (3GPP TS 33.102 version 7.1.0 Release 7). ETSI TS 133 234 ETSI TS 133 234 (2007), Universal Mobile Telecommunicat

29、ions System (UMTS); 3G security; Wireless Local Area Network (WLAN) interworking security (3GPP TS 33.234 version 7.5.0 Release 7). 3 Abbreviations This Recommendation uses the following abbreviations: AAA Authentication, Authorization and Accounting 2 Rec. ITU-T Q.3202.1 (05/2008) ACR Access Contro

30、l Router AK Authentication Key AKA Authentication and Key Agreement AM-FE Access Management Functional Entity AS Authentication Server AV Authentication Vector CK Confidentiality Key DH Diffie-Hellman EAP Extensible Authentication Protocol EP Enforcement Point GGSN Gateway GPRS Support Node ID IDent

31、ity IK Integrity Key IMSI International Mobile Subscriber Identity MAC Message Authentication Code NACF Network Attachment Control Functions RAS Radio Access Station SGSN Serving GPRS Support Node TAA-FE Transport Authentication and Authorization Functional Entity TUP-FE Transport User Profile Funct

32、ional Entity UE User Equipment UICC UMTS IC Card USIM Universal Subscriber Identity Module UTRAN UMTS Terrestrial Radio Access Network VPLMN Visited Public Land Mobile Network WAG Wireless Access Gateway WiMax Worldwide Interoperability for Microwave Access WLAN Wireless Local Area Network 4 Securit

33、y Requirements for Authentication Interworking The EAP-AKA authentication protocol shall be applied easily to any mobile networks in NGN. Mobile terminals equipped with UICC Mobile terminals not equipped with UICC Authentication mechanisms in NGN shall include mutual authentication and key agreement

34、. The key distribution and freshness for protecting signalling and user data on the wireless link shall be supported. Rec. ITU-T Q.3202.1 (05/2008) 3 Authentication protocols shall be secure against several attacks: Man-in-the-middle attack (MITM) Replay attack Impersonation attack Forgery attack Di

35、ctionary attack Eavesdropping A full re-authentication procedure shall be supported. A fast re-authentication procedure may be supported. 5 Network architecture for access authentication interworking in NGN This clause describes the network model for access authentications interworking among the 3GP

36、P, WiMax, and WLAN in NGN. There are two approaches. One approach is to apply WLAN authentication model based on the 3GPP system, defined in ETSI TS 133 234, for heterogeneous access authentication. Figure 1 shows the 3GPP system-based authentication. Figure 1 3GPP system-based authentication model

37、The other proposal is the authentication model, based on the function entities of NGN, as shown in Figure 2. The network architecture might be classified into four components of NGN: AR-FE, AM-FE, TAA-FE, and TUP-FE. This Recommendation describes signalling protocols for access authentication in thi

38、s architecture. Also, the signalling protocols based on authentication model specified in ITU-T Q.3201 are provided. Figures 3 and 4 show an integrated authentication model defined in ITU-T Q.3201. 4 Rec. ITU-T Q.3202.1 (05/2008) Figure 2 An example authentication architecture for interworking among

39、 wireless access networks in NGN Figure 3 shows an integrated authentication model, which is being controlled by an authenticator. The peer sends authentication information to the enforcement point, and the enforcement points forward it to the authenticator. This architecture helps the authenticator

40、 manage the authentication procedure. Figure 3 Integrated authentication model Figure 4 illustrates an integrated authentication model in NGN. It is assumed that the network attachment control function entities are the authenticator (AM-FE) and authentication server (TUP-FE/TAA-FE), and the AR-FE in

41、 access transport acts as the enforcement point. The AR-FE performs filtering data packet allowing only the authenticated packets. After successful authentication of the end-user function, the access transport allows the packets from the end-user function to be entered into the access network. Rec.

42、ITU-T Q.3202.1 (05/2008) 5 Figure 4 An example of an integrated authentication model in NGN 6 Authentication protocols based on EAP-AKA for heterogeneous access authentication The authentication protocols based on EAP-AKA for heterogeneous access authentication are shown in Appendix I. Appendix I de

43、scribes how three authentication protocols based on EAP-AKA, two EAP-AKA authentication protocols for interworking authentication in wireless access (e.g., 3GPP, b-IEEE 802.16e, and b-IEEE 802.11) and the fast re-authentication procedure of the EAP-AKA in NGN, could be used to provide authentication

44、 in heterogeneous access network. The existing EAP-AKA with UICC is basically used for access authentication mechanism in 3GPP, WiMax, and WLAN networks. This scheme requires that the WiMax or WLAN UE should be equipped with UICC card for access authentication. To solve this problem, this Recommenda

45、tion proposes an access authentication scheme without UICC: EAP-AKA based on a password. The EAP-AKA based on a password provides access authentication for the UE without UICC. The UE equipped with the AKA algorithm uses Diffie-Hellman key instead of the long-term secret key stored in UICC. 7 Securi

46、ty considerations Since the 3GPP system-based EAP-AKA uses a long-term key shared between the UICC and HSS/HLR, it can provide strong security and portability. Compared to the 3GPP system-based EAP-AKA, the proposed EAP-AKA based on non-UICC can also provide robust and enhanced security functions. T

47、he dictionary attack in authentication protocol based on a password is the most critical attack. In the proposed protocol with non-UICC, it is impossible for an attacker to guess a legitimate password by obtaining public values during authentication session. The password in the authentication messag

48、es is protected against dictionary attack owing to the one-way hash function, random numbers, and discrete logarithm problem (DLP). The perfect forward secrecy (PFS) and perfect backward secrecy (PBS) are very important security requirements, which mean that disclosure of a long-term key in the EAP-

49、AKA should not reveal all the previous and upcoming communications. If an attacker gets a UICC, the attacker can disclose a long-term key by a physical access to the storage medium, which means that PFS and PBS are not provided. The EAP-AKA with non-UICC, however, provides PFS and PBS because the DH session 6 Rec. ITU-T Q.3202.1 (05/2008) key is changed whenever the authentication procedure for generating a set of AVs is performed. In other words, it uses a short-term key. The proposed EAP-AK

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1