Current location - Education and Training Encyclopedia - Graduation thesis - Research on the security of 3G technology! ! ! (thesis)
Research on the security of 3G technology! ! ! (thesis)
3 G is a network system that covers and uses the whole world. The transmission of information should not only be through a completely open wireless link, but also through an open global wired network. At the same time, in the third generation mobile communication system, in addition to the traditional voice services, it also provides multimedia services, data services, e-commerce, e-commerce, Internet services and other information services. Therefore, how to ensure the security of business information and the use of network resources in the third generation mobile communication system has become an important security requirement in the 3 G system (1) 1 3 G system. To ensure service access, except for emergency calls, any 3 G mobile communication system service should need an effective U.S.I.M. The network will decide whether emergency calls need U.S.I.M. We should prevent intruders from illegally accessing 3G services by pretending to be legitimate users. Users can verify that the service network is legal in the process of service startup and transmission, and provide 3G services in the user's home environment. (2) In order to meet the needs of service provision, service providers can verify the legitimacy of users in the process of service startup and transmission, and prevent intruders from accessing 3 G services through disguise or abuse of authority. Should be able to detect and prevent fraudulent use of business and security-related events, be able to alert service providers and generate corresponding records. We should prevent using special USIM to access 3G services. For some users, the home environment provided by the service network can immediately stop all the services it provides. For the service network, the initiator, signaling data and control data of the user service can be verified on the wireless interface. Restrict access to business by logical means to prevent intruders. For network operators, the security of the basic network should be strengthened. (3) In order to meet the needs of system integrity, unauthorized modification of user services and some signaling data and control data should be prevented, especially on the wireless interface. Prevent user-related data modified beyond authority from being downloaded or stored in the terminal or USB IM. Prevent unauthorized modification of user-related data stored or processed by providers. (4) The requirements for protecting personal data should ensure the confidentiality of some signaling data, control data, user services, user identity data and user location data, especially on the wireless interface, to prevent the user location data participating in a specific 3 G service from being unnecessarily leaked to other participants in the same service. Users can check whether their business and information related to the call need to be kept confidential. It should be possible to ensure the confidentiality of user-related data stored or processed by the presenter. (5) The terminal SIM is required to be able to control the access to UsIM, so that users can only use it to access 3G services. Access to data in USIM can be controlled, for example, some data can only be obtained through authorized home environment. (6) Requirements for legal eavesdropping According to relevant national laws, 3 G can provide law enforcement agencies with detection and eavesdropping on every call and call attempt, as well as other services. 2 .3G security technology 3G analysis: 2. 1 The secure user information of the access network is transmitted through an open wireless channel, so it is vulnerable to attack. The security standard of the second generation mobile communication system also pays attention to the security performance of wireless access from the mobile station to the network. In 3G system, it provides stronger security access control than G S M, and considers the compatibility with GSM, which makes GSM transition to 3G smoothly. Like GSM, the security of user access network in 3 G is based on a physically and logically independent smart card device, namely USIM. The future access network security technology will mainly focus on how to support global seamless roaming among different access media including cellular networks, wireless local area networks and fixed networks. This will be a brand-new research field. 2.2 The core network security technology is the same as the second generation mobile communication system, and the 3 G PPP organization did not define the core network security technology at the beginning. However, with the continuous development of technology, the core network security has also been widely concerned by people, and it will be included in the standardization regulations of 3 G P P in the foreseeable future. At present, an obvious trend is that the 3 G core network will transition to the all-I P network, so it will inevitably face a series of problems inherent in the I P network. Internet security technology will also play an increasingly important role in 3 G networks. The Mobile Wireless Internet Forum (MwiF) is committed to defining a unified structure for 3GPP. 2.3 transport layer security Although various security measures have been taken to resist the attacks of the network layer, with the wide use of W A P and I n t e r n e t services, the security of the transport layer has been paid more and more attention. Related protocols in this field include Wireless Transport Layer Security (WTLS) of WAP Forum, Transport Layer Security (TLS) defined by IEFT or Socket Layer Security (SSL) previously defined. These technologies mainly use public key encryption method, so we can use P K I technology to carry out necessary digital signature authentication and provide security for those entities that need to establish secure communication at the transport layer. Similar to the security of access network, the security of the transport layer at the user end is also based on smart card devices. W I M is defined in W A P, but in practical application, WIM can be embedded in USIM. When the mobile agent node using WAP protocol wants to communicate with the network provider based on I P technology, it needs to pass through WAP gateway, and the security protection of WTLS stops at identifying WAP gateway. How to provide complete end-to-end security protection has become a hot issue in W A P forum and IETF. 2.4 Application layer security In 3 G system, in addition to providing traditional voice services, new services such as e-commerce, e-commerce and network services will become important business development points of 3 G. Therefore, 3 G will give more consideration to providing security protection mechanisms at the application layer. By using the standardized S. I. M application toolkit, end-to-end security and digital signature can be realized, and a secure channel can be established between S. I. M/US I M and the network SIM application tool provider. The security definition of SIM application toolkit can be found in 3 GPPGSMTS303.48. 2.5 code security. In the second generation mobile communication system, the services that can be provided are fixed and standardized, but in the 3G system, various services can be customized through the standardized toolkit defined by the system (such as MExE defined by 3GPPTS23.057). MExE provides a series of standardized toolkits, which can support mobile terminals to download new services and functions. In this process, although a certain security protection mechanism is considered, it is relatively limited. The use of MExE enhances the flexibility of the terminal, but it also enables malicious attackers to use pseudo "code transfer" or "virus" to destroy the mobile terminal software. In order to resist attacks, MExE defines a limited part of the security mechanism, as follows: First, it defines three trust domain nodes, which are controlled by operators, manufacturers and third-party service providers respectively, and also defines an untrusted sending node. The executable functions of mobile code on these nodes are strictly defined by standardized lists. Of course, trust domain nodes have a certain priority. Before the mobile code performs a specific function, the MExE terminal will first check the digital signature of the code to verify whether the code is authorized. The use of digital signature in M E x E requires the use of appropriate P K I technology for digital authentication. The trust node of public key system is the root public key with the highest authentication level. MExE allows the root public key to be embedded in three trust domain node devices, and it controls which entity objects are authenticated. However, how to ensure that the trust chain established by digital signature can really provide users with secure application services is still a problem to be solved. 2.6 Personal wireless network security 3 G terminal hardware equipment diversification. For example, a wireless local area network using Bluetooth technology allows various physical terminal devices to join and exit freely. These terminals include mobile phones, electronic wallets, PDAs and other * * * enjoyment devices. Communication security in personal wireless LAN also needs to be considered. Conclusion 3 G is a brand-new system, which puts high demands on emerging new data services, especially on data security. At present, the 3 G system is only put into trial operation in a few countries, but there is a lot of room for development in the future, so it is of great practical significance to study the security of 3 G, and I hope it will help you! !