摘要： 针对3G入网认证中存在的安全漏洞，利用PKI的密钥验证协议管理方便的特点，提出适用于B3G环境下的安全分层管理体系结构。同时结合此体系，采用椭圆曲线算法将对称和非对称加密有机结合，提高了协议的安全性，防止了用户身份的泄漏。通过与Zheng Yu、Georgios Kambourakis等人提出的方案进行比较，证明了相较于前者该方案虽增加了1次哈希计算，却减少了3次对称加密，而相较于后者不仅没有给终端带来计算负担，还减少了6次以上空中接口通信。

关键词: PKI体系, 用户身份标识, 混合密码, 密钥验证协议, 3G入网认证

Abstract: To solve security bugs of access authentication in 3G and take advantage of convenience of Authentication and Key Agreement(AKA) in PKI, a new certificate authority chain is introduced, which can well satisfy B3G hierarchical security. Based on this chain and elliptic curve cryptography, symmetric and asymmetric cryptography is properly combined which successfully prevents disclosure of user’s identity. Through comparing with schemes suggested by Zheng Yu, Georgios Kambourakis, et al, it is proved that for the former, this scheme has reduced three computations of asymmetric cryptography although adding one Hash. And as to the latter, it has decreased more than six times of transmission in the air but does not bring computation burdens to terminal.

Key words: PKI system, International Mobile Subscriber Identification(IMSI), hybrid encryption, Authentication and Key Agreement(AKA), 3G access authentication

中图分类号: 

• TP393.08