一种模糊用户身份的 IMS 网络安全接入算法研究-《计算机技术与发展》

文章信息/Info

Title:: Research on IMS Network Security Access Algorithm Based on Fuzzy User Identity

作者:: 于浩¹; 金鑫¹; 姜元建²; 高亮²; 何晨³; 1. 国网安徽省电力有限公司信息通信分公司,安徽合肥 230061; 2. 南京南瑞信息通信科技有限公司,江苏南京 211000; 3. 南京邮电大学通信与信息工程学院,江苏南京 210003

Author(s):: YU Hao¹; JIN Xin¹; JIANG Yuan-jian² ; GAO Liang² ; HE Chen³; 1. Information and Communication Branch of State Grid Anhui Electric Power Co. ,Ltd. ,Hefei 230061,China; 2. Nanjing Nanrui Information and Communication Technology Co. ,Ltd. ,Nanjing 211000,China; 3.?School of Communication and Information Engineering,Nanjing University of Posts and Telecommunications,Nanjing210003,China

Keywords:: secure access; IMS AKA; fuzzy identity; elliptic curve cryptography

摘要:: 目前,国家电网公司已确立 IP 多媒体子系统(IP multimedia subsystem,IMS) 作为下一代电网行政交换网的主流技术,针对国家电网的信息安全要求,电力 IMS 网络安全接入问题需要进一步的探讨。文中对 IMS 网络的安全架构进行详细分析,综合分析了 IMS AKA(authentication and key agreement) 的接入流程,并指出 IMS AKA 现存的一些安全漏洞。针对这些漏洞,提出了一种模糊用户身份的 IMS 网络安全接入认证算法。该算法首先使用基于模幂运算的无密钥加密技术生成一次性标识来模糊用户身份以达到身份保护的目的,然后再通过椭圆曲线加密技术来优化认证密钥协商模块。通过性能和安全性分析,该算法能够有效降低计算成本,减少存储空间,提高了应对攻击的能力,保证了电力 IMS 业务的安全接入。

Abstract:: At present,the State Grid Corporation of China has established IMS as the main technology of the next-generation grid administrative switching network. In order to meet the information security requirements of the national grid,the IMS network security problem needs further discussion. The security architecture of IMS network and the access process of IMS AKA are analyzed. At the same time,some security vulnerabilities in IMS-AKA are pointed out. In order to solve these weaknesses, we propose an IMS network security access authentication algorithm with fuzzy user identity. This algorithm firstly uses a keyless cryptography based on modular exponentiation to generate a one- time identifier. Furthermore,the protocol preserves performances by reducing the computational cost and the storage space due to the use of elliptic curve cryptography. Through performance and security analysis, it is proved that the proposed algorithm can effectively reduce the computational cost and the storage space, improve the ability to respond to attacks, and ensure the secure access of multimedia services in the IMS network.