摘要： 3GPP 认证密钥交换协议存在两大安全缺陷：(1)该协议假设在VLR 和HLR 间的通信信道必须是安全的，因而易遭受攻击者接入信道后的主动攻击；(2)该协议对于移动用户易遭受重定向攻击。该文提出了一种新型增强3GPP 认证密钥交换协议，克服了原协议的安全缺陷，确保了在不安全的信道上实现安全的通信，同时很好地防止了对于用户的重定向攻击，并且该新型增强协议的实施无须改动3GPP的安全体系结构。

关键词: 3GPP；认证协议；密钥交换协议；安全协议

Abstract: The 3GPP authentication and key agreement has two security shortages. One is that it needs a strong secure channel assumption between the VLR and the HLR, and will easily suffer from the active attack after the adversary accesses the channel. The other is that it easily suffers from the re-direction attack for the users. In this paper, a new enhanced 3GPP authentication and key agreement is proposed to overcome the two security shortages. The new enhanced 3GPP AKA protocol can ensure the secure communication in the insecure channel and defeat the re-direction attack for the users. In addition, it can be implemented without modification of SGPP AKA security architecture.

Key words: 3GPP；认证协议；密钥交换协议；安全协议