IMS下WAPI安全接入的研究与实现
摘要
IMS是基于SIP的系统,它为多媒体服务提供了一整套标准体系架构。作为日趋成熟的标准体系,IETF、3GPP、OMA等国际标准组织都在定义和完善IMS标准,IMS被认为是下一代网络的核心。但由于IP协议存在的固有的缺陷和漏洞,因而IMS网络并不十分安全,容易遭受攻击。IMS网络支持多种接入方式,其中WLAN的接入尤为引人关注。WAPI是一种全新的WLAN的安全架构,他的存在保证了WLAN接入网的安全,这样,WAPI接入IMS网络成为了一个重要的课题。
本课题就是在以上背景下展开研究的。本文首先介绍了IMS网络面临的安全问题,IMS的安全框架,并分析了3GPP关于UMTS与WLAN互联的相关协议和WAPI无线局域网鉴别与保密基础结构。接着在此基础上提出了一种WAPI接入IMS的安全策略,分析了相应的安全方案及认证鉴权过程。最后,基于IMS网络的WAPI客户端的要求,设计系统基本框架和主要功能模块,实现了接入IMS网络的WAPI客户端功能。
本文的研究成果为在IMS中安全接入WAPI客户端,从而实现多网络的融合,打下了良好的基础。
As the system based on SIP, IMS provide a set of standard platform architecture for multimedia services. IMS is defined and improved by several international standard organization such as IETF, 3GPP and OMA, and has been regarded as the core of the next generation network. But because of the inherent limitation of IP protocol, IMS is not secure at all. IMS accepts multiple way of access, especially the WLAN. WAPI is new security architecture of WLAN, and it provides security for WLAN access network. So, the way WAPI access IMS network becomes an important research topic.
This paper is studied on the above background. Firstly, it introduces the secure problem IMS may meet , IMS security architecture, and analyses 3GPP UMTS-WLAN security solution and Wireless Authentication Privacy Infrastructure (WAPI). And then, it provides a security strategy that WAPI access IMS network, and analyses the corresponding security theme and authentication procedure. At last, based on the demand of WAPI client based on IMS network, it designs the system frame and main function modules, and realizes the WAPI client which could access IMS network.
The outcome of this thesis lays a good foundation for the research on the way WAPI client access IMS network.
本课题就是在以上背景下展开研究的。本文首先介绍了IMS网络面临的安全问题,IMS的安全框架,并分析了3GPP关于UMTS与WLAN互联的相关协议和WAPI无线局域网鉴别与保密基础结构。接着在此基础上提出了一种WAPI接入IMS的安全策略,分析了相应的安全方案及认证鉴权过程。最后,基于IMS网络的WAPI客户端的要求,设计系统基本框架和主要功能模块,实现了接入IMS网络的WAPI客户端功能。
本文的研究成果为在IMS中安全接入WAPI客户端,从而实现多网络的融合,打下了良好的基础。
As the system based on SIP, IMS provide a set of standard platform architecture for multimedia services. IMS is defined and improved by several international standard organization such as IETF, 3GPP and OMA, and has been regarded as the core of the next generation network. But because of the inherent limitation of IP protocol, IMS is not secure at all. IMS accepts multiple way of access, especially the WLAN. WAPI is new security architecture of WLAN, and it provides security for WLAN access network. So, the way WAPI access IMS network becomes an important research topic.
This paper is studied on the above background. Firstly, it introduces the secure problem IMS may meet , IMS security architecture, and analyses 3GPP UMTS-WLAN security solution and Wireless Authentication Privacy Infrastructure (WAPI). And then, it provides a security strategy that WAPI access IMS network, and analyses the corresponding security theme and authentication procedure. At last, based on the demand of WAPI client based on IMS network, it designs the system frame and main function modules, and realizes the WAPI client which could access IMS network.
The outcome of this thesis lays a good foundation for the research on the way WAPI client access IMS network.
引文
[1] Miikka Poiskselka, Georg Mayer, Hisham, Khartbil, Aki Niemi. The IMS: IP Multimedia Concepts and Services in the Mobile Domain. JohnWiley&Sons, June, 2004
[2]3GPP TS 33.203: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Access security for IP-based services".
[3]3GPP TS 23.234: "3GPP system to Wireless Local Area Network (WLAN) interworking; (Release 7)".
[4] 蒋纯波,毛幼菊,徐大雄. "UMTS 引入 WLAN 技术的研究", 数据通信, 2004.03
[5]3GPP TS 33.102: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security architecture".
[6]3GPP TS 21.133: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security Threats and Requirements".
[7] 3GPP TS 33.220: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Generic bootstrapping architecture".
[8]3GPP TS 33.222: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Access to Network Application Functions using HMS ".
[9]3GPP TS 29.109: "3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the Diameter protocol".
[10]3GPP TS 33.210: "3G security; Network Domain Security (NDS); IP network layer security (SA3) ".
[11]3GPP TS 33.141: "Presence service; Security"
[12]IETF RFC 3261: "SIP: Session Initiation Protocol"
[13]3GPP TS 22.228: "IP multimedia subsystem; Stage 1 (SA1) "
[14]3GPP TS 22.340: "IMS Messaging; Stage 1".
[15] 3GPP TS 26.141: "IMS messaging and Presence; Media formats and codecs".
[16]3GPP TS 23.221: "Architectural requirements (SA2) "
[17]SIP: session initiation protocol .IETF RFC3261, 2002.
[18]SDP:session description protocol.IETF RFC2327.1998.
[19]黄振海等.GB 15629.11—2003信息技术 系统间远程通信和信息交换局域网和城域网特定要求第11部分:无线局域网媒体访问控制和物理层规范,北京:中国标准出版社,2003
[20]赖晓龙等.GB 15629.11—2003/XG1—2006信息技术系统间远程通信和信息交换局域网和城域网特定要求第11部分:无线局域网媒体访问控制和物理层规范第一号修改单,北京:中国标准出版社,2006
[21]张浩军,祝跃飞.无线局域网认证基础架构研究与设计[C].第11届中国青年通信学术会议,2006
[22]孙宏,杨义先.无线局域网协议802.11安全性分析[J].电子学报2003
[23]张帆,马建峰.WAPI认证机制的性能和安全性分析[J],西安:电子科技大学学报(自然科学版),2005
[24]刘元安等.宽带无线接入和无线局域网(第一版)[M].北京:北京邮电大学出版社,2000
[25]张绪武.IP多媒体子系统中的接入安全机制研究[D].南京:南京邮电大学,2003
[26]李臻立,基于软交换的SIP软终端的研究与实现[J],光通信研究,2005(03)
[27]申国勇,万仁福.UMTS的IP多媒体子系统[J],现代电子技术,2004(18)
[28]阮国伟,黄本雄.UMTS中的IP多媒体子系统及其业务架构[J].中国数据通信,2004(02)
[29]万仁福,李方伟.GPRS与UMTS系统网络接入安全机制的比较与研究[J].重庆邮电学院学报(自然科学版),2005(01).
[30]谢军伟,李小文.UMTS系统接入安全技术的研究[J].重庆邮电学院学报(自然科学版),2006(02).
[31]梁景原,丁世杰,陈杰.WLAN接入GPRS核心网的认证机制[J].电信工程技术与标准化,2003(02).
[32]诺基亚IP多媒体子系统(IMS)及其应用[J].通信世界,2004(45)
[33]林鸿,陈自力,王松.IMS客户端技术标准及软件特性分析[J].电信科学,2007(01)
[34]樊灿,汪小燕.3G中IP多媒体子系统体系结构[J].通信技术,2002(10)
[2]3GPP TS 33.203: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Access security for IP-based services".
[3]3GPP TS 23.234: "3GPP system to Wireless Local Area Network (WLAN) interworking; (Release 7)".
[4] 蒋纯波,毛幼菊,徐大雄. "UMTS 引入 WLAN 技术的研究", 数据通信, 2004.03
[5]3GPP TS 33.102: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security architecture".
[6]3GPP TS 21.133: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security Threats and Requirements".
[7] 3GPP TS 33.220: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Generic bootstrapping architecture".
[8]3GPP TS 33.222: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); Access to Network Application Functions using HMS ".
[9]3GPP TS 29.109: "3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the Diameter protocol".
[10]3GPP TS 33.210: "3G security; Network Domain Security (NDS); IP network layer security (SA3) ".
[11]3GPP TS 33.141: "Presence service; Security"
[12]IETF RFC 3261: "SIP: Session Initiation Protocol"
[13]3GPP TS 22.228: "IP multimedia subsystem; Stage 1 (SA1) "
[14]3GPP TS 22.340: "IMS Messaging; Stage 1".
[15] 3GPP TS 26.141: "IMS messaging and Presence; Media formats and codecs".
[16]3GPP TS 23.221: "Architectural requirements (SA2) "
[17]SIP: session initiation protocol .IETF RFC3261, 2002.
[18]SDP:session description protocol.IETF RFC2327.1998.
[19]黄振海等.GB 15629.11—2003信息技术 系统间远程通信和信息交换局域网和城域网特定要求第11部分:无线局域网媒体访问控制和物理层规范,北京:中国标准出版社,2003
[20]赖晓龙等.GB 15629.11—2003/XG1—2006信息技术系统间远程通信和信息交换局域网和城域网特定要求第11部分:无线局域网媒体访问控制和物理层规范第一号修改单,北京:中国标准出版社,2006
[21]张浩军,祝跃飞.无线局域网认证基础架构研究与设计[C].第11届中国青年通信学术会议,2006
[22]孙宏,杨义先.无线局域网协议802.11安全性分析[J].电子学报2003
[23]张帆,马建峰.WAPI认证机制的性能和安全性分析[J],西安:电子科技大学学报(自然科学版),2005
[24]刘元安等.宽带无线接入和无线局域网(第一版)[M].北京:北京邮电大学出版社,2000
[25]张绪武.IP多媒体子系统中的接入安全机制研究[D].南京:南京邮电大学,2003
[26]李臻立,基于软交换的SIP软终端的研究与实现[J],光通信研究,2005(03)
[27]申国勇,万仁福.UMTS的IP多媒体子系统[J],现代电子技术,2004(18)
[28]阮国伟,黄本雄.UMTS中的IP多媒体子系统及其业务架构[J].中国数据通信,2004(02)
[29]万仁福,李方伟.GPRS与UMTS系统网络接入安全机制的比较与研究[J].重庆邮电学院学报(自然科学版),2005(01).
[30]谢军伟,李小文.UMTS系统接入安全技术的研究[J].重庆邮电学院学报(自然科学版),2006(02).
[31]梁景原,丁世杰,陈杰.WLAN接入GPRS核心网的认证机制[J].电信工程技术与标准化,2003(02).
[32]诺基亚IP多媒体子系统(IMS)及其应用[J].通信世界,2004(45)
[33]林鸿,陈自力,王松.IMS客户端技术标准及软件特性分析[J].电信科学,2007(01)
[34]樊灿,汪小燕.3G中IP多媒体子系统体系结构[J].通信技术,2002(10)
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |