Mutual authentication, confidentiality, and key management (MACKMAN) system for mobile radio networks.

摘要

This research addresses network security issues in mobile radio networks. The objective of this research is to provide secure communication to legitimate users, and to prevent fraudulent use of network resources by unauthorized individuals. The Mutual Authentication, Confidentiality, and Key MANagement (MACKMAN) system addresses some of the deficiencies in the security services of the current mobile radio networks, such as GSM, CDPD, and Digital PCS. MACKMAN system provides a more secure registration and authentication service for mobile radio communication. Capabilities provided by the MACKMAN system include registration of mobile stations with the network, mutual authentication of the mobile station and the underlying network entity, data integrity, information confidentiality, location confidentiality, and non-repudiation of origin. Mutual authentication can be further divided into entity authentication, data origin authentication, and transaction authentication.; The constraints of the underlying system need to be considered when designing a security system. Air-link is used to broadcast signaling and data in mobile radio environments. With no fixed topology, there is no physical protection against illegal access and eavesdropping. In addition to the broadcast nature of communication, mobile devices have limited battery power. In a protocol designed for such an environment, the number of required computations should be minimized, and they should be made as efficient as possible. Since limited bandwidth is available for communication, the security schemes also need to be efficient in the number and size of messages exchanged. The authentication protocols for the initial registration, certificate application, and network authentication and key exchange phases are designed around these constraints.; Public key encryption is used to mutually authenticate the mobile station and the base station. MACKMAN provides link-by-link, or link-level confidentiality between the mobile station and the base station. Information confidentiality is provided using symmetric encryption. A session key is exchanged during network authentication, which is used to encrypt data. Digital signatures are used to provide data integrity and non-repudiation of origin. Aliases are used to provide user anonymity and location confidentiality. MACKMAN system assumes the availability of an established infrastructure of certification authorities for management and distribution of public encryption keys and signature verification keys.