Computer Department of Tsinghua University Guo Bao'an
1、 Introduction
The security of mobile communication systems is becoming more and more important in modern communication systems. Cryptography is the core to ensure secure communication. It requires not only data encryption on wireless channels, but also identity authentication and key generation and distribution GSM In the system, the password algorithms used are:
A3 Algorithm, which is the authentication algorithm
A5/1 Algorithm, which is an aerial voice encryption algorithm (strong)
A5/2 Algorithm, which is the voice encryption algorithm in the air (weak)
A8 Algorithm, which provides key generation algorithm for voice encryption algorithm
These algorithms have great security risks in terms of password strength, but they have been awarded by the International Union of Mobile Communications( MOU )The majority of members support, so our existing GSM The security risks of the communication system are very prominent. How to solve the contradiction between the secure mobile communication system used by special departments and personnel and Global Communications is one of the important topics in the current research of mobile communication system security.
On the basis of traditional mobile communication voice transmission, developing value-added services is a new field for system operators. Mobile e-commerce is one of the driving forces to promote the rapid development of wireless network technology, which enables busy business people to conveniently manage bank accounts anytime, anywhere. Mobile commerce is usually involved in the management of personal accounts through mobile devices such as mobile phones. STK , SIM Application Toolkit As a platform for ordinary users to conduct mobile commerce, it has achieved great success.
However, how to ensure the information security of mobile e-commerce is the current key PKI The application of technology to mobile commerce is a development trend, WPKI The R&D and application of technology will greatly promote the development of mobile commerce.
2、 Localization of mobile communication encryption technology
In the mobile communication system, the domestic encryption technology can realize the transformation of mobile communication from two aspects to ensure its security.
one 、 A3,A5,A8 Replacement and transformation of algorithm
A3 And A8 Algorithm in mobile phone card( SIM Card), which is mainly used for user identity authentication and key generation. The current smart card technology can fully realize the localization of these two algorithms by downloading.
A5 The algorithm connects the security encryption of the mobile phone and the base station, replacing A5 Algorithm. The voice encryption chip is developed to realize replacement A5 The key of the algorithm is also one of the difficulties in the localization of cryptographic technology.
Changing the password algorithm can not fully solve the security problem of the mobile communication system. It is also necessary to scientifically analyze the security protocol of the entire system and use our own security protocol to ensure the security of the entire mobile communication system.
In practical applications, there is still a lot of research and development work to be done at the base station end. A lot of manpower, material resources and financial support are needed, and it will take quite a long time to realize these.
two , end - End encryption
How to solve the problem of encrypted communication in current mobile communication - The encryption scheme of the end is an effective method, which avoids the transformation of the existing communication network, and the key does not land in the system.
Voice encryption:
Using the existing communication system, the base station will not be modified by password technology. First, the voice signal will be modeled at the sending end (mobile phone or mobile phone) - Number( A/D )It is converted into digital signal, encrypted and transmitted to the receiving end. After decryption at the receiving end (mobile phone or phone) - Die( D/A )Convert to voice. At present, there are many separate plug-in encryption schemes to achieve, which have low integration, and need to transform the existing mobile phones. Domestic complete machine manufacturers lack of research and development in this regard, and the launch of complete machine safety mobile phones still needs continuous research and development. The fixed telephone system needs digital transformation.
The voice encryption can be realized by using the encryption chip approved by the state.
Key exchange can adopt D-H Protocol, on SIM Elliptic curve for card( ECC )Implementation. It has independent intellectual property rights, high speed, short key, strong security and other advantages.
set up ECC The system parameters of are :E:y two =x three +ax+b mod p, p Is a large prime number, E Order of #E Is a prime number, E It is the safety curve approved by the national competent department, P zero =( x zero ,y zero ) ∈ E, a,b,p, P zero And related algorithms in CPU Card.
1 , Sender A use IC Card generates true random number x, use IC Stuck ECC Upper calculation x P 0, take xP zero Send to receiver B;
2 , Receiver B use IC Card generates true random number y, use IC Stuck ECC Upper calculation y P 0, take yP zero To sender A;
3 、 A,B Use your own x,y And received x P 0, yP zero Calculated xy P zero =(u,v),
4 , Get u,v As the session key of voice encryption chip.
The security of this scheme is ECC Algorithm, high speed, double point operation x P zero stay SIM Up to per second on the card fifty About times( 192bit )。 The entire key exchange time is 40ms about.
The user management should also be strengthened. Since the key of each call is a temporary key, the user management must be strengthened.
Data encryption:
For data services (such as SMS, image transmission), it is not necessary to A/D,D/A Conversion, using the above D-H Protocol, which can be directly used for encrypted transmission.
In order to strengthen the supervision and management of users and further promote the development of mobile commerce PKI Technology is an effective way to solve problems. It is also a relatively complete solution.
3、 Mobile e-commerce
WAP Mobile phone is the main direction of developing mobile commerce, and some relevant regulations have been formulated WPKI But it is not well popularized and applied in our country. We must develop our own WPKI And make contributions to China's mobile e-commerce industry.
Establishing the certificate system of China's independent wireless communication system can not only complete the above key exchange protocol, but also provide security guarantee for the value-added services of system operators.
stay SIM During the issuance of the card, the certification center is used( CA ), for each user's SIM Card issuance ECC Certificates.
Both sender and receiver( A,B )The process of determining the session key can be changed to:
All users of the system have ECC system parameter a,b,p,P zero =( x zero ,y zero ) , CA And its own private key and certificate.
1 , on A ON B After, B First give its certificate to A, A use CA The public key of is used to verify its validity.
two 、 A Generate random number k, use B 's public key will k Encrypt, sign, give B,
three 、 B Verify signature and decrypt k, take k As the session key, voice encryption chip is used to encrypt voice data.
This will increase the key negotiation time and reduce the connection speed. Currently ECC The algorithm can meet its performance requirements. About 200ms, The above systems can be realized by completing key exchange.
Joined in mobile communication system WPKI After that, in addition to the above key exchange function, you can Internet On PKI Similarly, it supports various e-commerce applications.
With WPKI After the system, secure wireless gateway, directory server, blacklist management server and other devices can be developed to create a better security environment for further development of mobile e-commerce (value-added services).
