Key words- Long-Term Evolution (LTE), Multi Hop, Worldwide Interoperable For Microwave Access (Wimax), Elliptic Curve Diffie Hellman (ECDH).

Transcription

1 260 Enhancing the Security and Reliability for Data Transmission in Wireless Networks N.Karpagam 1, S.Nithya 2 II-M.E(CS) 1, Assistant Professor / ECE 2, Dhanalakshmi Srinivasan Engineering College, Perambalur ABSTRACT Microwave Access (WiMAX) and Long-Term Evolution (LTE) are considered the best technologies for vehicular networks. WiMAX and LTE are Fourth-Generation (4G) wireless technologies that have well-defined quality of service (QoS) and security architectures.existing work QoS-aware distributed security architecture using the elliptic curve Diffie Hellman (ECDH) protocol that has proven security strength and low overhead for 4G wireless networks.the proposed distributed security architecture using the ECDH key exchange protocol.ecdh can establish a shared secret over an insecure channel at the highest security strength.limitations of high computational and communication overhead in addition to lack of scalability.so that the proposed work propose an unconditionally secure and efficient SAMA. The main idea is that for each message m to be released, the message sender, or the sending node, generates a source anonymous message authenticator for the message m.the generation is based on the MES scheme on elliptic curves. For a ring signature, each ring member is required to compute a forgery signature for all other members in the AS. IMS (IP Multimedia Subsystem) is a set of specifications to offer multimedia services through IP protocol. These make it possible to include all kinds of services, such as voice, multimedia and information, on reachable platform through any Internet link. A multi-attribute stereo model for IMS security analysis based on ITU-T Recommendation X.805 and STRIDE threat model, which provide a comprehensive and systematic standpoint of IMS. Femtocell access points (H(e)NBs) are close-range, limited-capacity base stations that use residential broadband connections to connect to carrier networks. Final conclution to provide hop-by-hop message Authentication without the weakness of the built in threshold of the polynomial-based scheme, then proposed a hop-by-hop message authentication scheme based on the SAMA. Key words- Long-Term Evolution (LTE), Multi Hop, Worldwide Interoperable For Microwave Access (Wimax), Elliptic Curve Diffie Hellman (ECDH). 1. INTRODUCTION In 4G networks, Worldwide interoperable for Microwave Access (WiMAX) and Long-Term Evolution (LTE) are two emerging broadband wireless technologies aimed at providing high-speed Internet of 100 Mb/s at a vehicular speed of up to 350 km/h. Further, 4G wireless standards provide well-defined QoS and security architecture. For this reason, 4G cellular networks are considered up-and-coming technologies for vehicular multimedia applications. WiMAX and LTE resemble each other in some key aspects, including operating frequency spectrum, large capacity, mobility, strong QoS mechanisms, and strong security with a related key hierarchy from the core network to the access network. However, WiMAX and LTE also differ from each other in assured aspects, as they have evolved from different origins. LTE has evolved from 3rd Generation Partnership Projects (3GPP); therefore, the LTE network has to support the existing 3G users connectivity, but there is no such constraint for WiMAX. Particularly, on the security aspect, the WiMAX authentication process uses Extensive Authentication Protocol Tunneled Transport Layer Security (EAP-TTLS) or EAP- Transport Layer WiMAX is the emerging broadband wireless technologies based on IEEE standard. The security sublayer of the IEEE d standard defines the security mechanisms for fixed and IEEE e standard defines the security mechanisms for mobile network. The security sub layer supports are to: (i) authenticate the user when the user enters in to the network, (ii) authorize the client, if the user is provisioned by the network service provider, and then (iii) provide the necessary encryption support for the key transfer and data traffic. The previous IEEE d standard security architecture is based on PKMv1 (Privacy Key Management) protocol but it has many security issues. A large amount of these issues are resolved by the later version of PKMv2 protocol in IEEE e standard which provides a flexible solution that supports device and user authentication between a mobile station (MS) and the home connectivity service network (CSN). Even though both of these principles brief the medium access control (MAC) and physical (PHY) layer functionality,

2 261 they mainly concentrate on point-to multipoint (PMP) networks. In the concern of security, mesh networks are more vulnerable than the PMP network, but the principles have unsuccessful to concentrate on the mesh mode. Figure 1. WIMAX architecture The requirement for higher data speed is increasing rapidly, reason being the availability of smart phones, at low cost in the market due to competition and usage of social networking websites. Constant improvement in wireless data rate is already happening. Different network technologies are integrated to provide seamless connectivity and are termed as heterogeneous network. Long Term Evolution-Advanced (LTE-A) is known as 4G and it is the solution for heterogeneous networks and wireless broadband services. International Mobile Telecommunication-Advanced (IMT-Advanced) represents a family of mobile wireless technology, known as 4G. Basically IP was termed as a general-purpose data transport protocol in the network layer, but now extended as a carrier for voice and video communications over 4G networks. Wireless networks in the future will be heterogeneous. Different access networks such as Institute of Electrical and Electronics Engineers (IEEE) Wireless Personal Area Network (WPAN), IEEE Wireless Local Area Network (WLAN), IEEE Wireless Metropolitan Area Network (WMAN), General Packet Radio Service (GPRS), Enhanced Data rate for GSM Evolution (EDGE), Wideband Code Division Multiple Access (WCDMA), Code Division Multiple Access (CDMA2000), satellite network etc are integrated. Selecting the suitable access network to meet the QoS requirements of a specific application has become a significant topic and priority is to maximize the QoS experienced by the user. QoS is the ability of a network to provide premier service to some fraction of total network traffic over specific underlying technologies. QoS metrics are delay, jitter (delay variation), service availability, bandwidth, throughput, packet loss rate. Metrics are used to indicate performance of particular scheme employed. QoS can be achieved by resource reservation (integrated services), prioritization (differentiated services). From the QoS point of view, the protocol stack is composed of upper layer protocols (transport and above), on top of IP. Applications can, in this context, be classified according to the data flows they exchange as elastic or real-time. The network layer includes IP traffic control that implements datagram policing and classification, flow shaping, and scheduling. The data link layer may also provide QoS support, by means of transmission priorities or virtual channels. QoS provision in 4G networks is challenging as they support varying bit rates from multiple users and variety of applications, hostile channel characteristics, bandwidth allocation, fault-tolerance levels, and frequent handoff among heterogeneous wireless networks. QoS support can occur at the network, transport, application, user and switching level. To meet QoS, On the other hand, the LTE authentication procedure uses the EAP Authentication and Key Agreement (EAP- AKA) procedure that authenticates only the International Mobile Subscriber Identity (IMSI) burned in a subscriber identity module (SIM) card. Accordingly, the LTE security does not meet the enterprise security requirement, as LTE does not authenticate enterprise controlled security. Figure 2. LTE Architecture Moreover, there is a lack of an integrated study and QoS-aware solutions for multi hop WiMAX and LTE security threats in existing research efforts. Therefore, the third objective of this paper is then to analyze both

3 262 WiMAX and LTE for network convergence that may be useful or even crucial for service providers to support high-speed vehicular applications. To identified the DoS/Reply attack threat in the LTE network during the initial network entry stage of the user equipment (UE). As the WiMAX and LTE networks have similarities in security key hierarchy from the core network to the access network and symmetric key encryption, we further apply the design of ECDH to LTE networks. Device mutual authentication is performed using IKEv2 with public key signature based authentication with certificates Security is arguably one of the primary concerns and will determine the future of IMS deployment. Usually, IPSec will affect the QoS performance, because the IPSec header in each packet consumes additional bandwidth. To mitigate the security threats and performance degradation, propose a distributed security scheme using a protocol elliptic curve Diffie Hellman (ECDH) that has lower overhead than that of IPSec. ECDH is a Layer-2 key agreement protocol that allows users to establish a shared key over an insecure channel. ECDH was investigated, and the results showed that it did not affect the QoS performance much in 4G singlehop WiMAX networks. Therefore, ECDH is adopted in this research in dealing with the existing Layer-2 security threats for 4G multihop networks. This paper proposes a multi-attribute stereo model for IMS security analysis based on ITU-T Recommendation X.805 and STRIDE threat model, which provides a comprehensive and systematic perspective of IMS. A threat analysis of IMS network is made by adopting the model. Attack is avoided at H(e(NB by allowing only IKE negotiations and ESP-encrypted traffic using IKEv2. During setup of the tunnel, the H(e)NB includes a list of supported ESP authentication transforms and ESP encryption transforms as part of the IKEv2 signaling. The SeGW selects an ESP authentication transform and an ESP encryption transform and signal this to the H(e)NB. 2. RELATED WORKS In this paper [2] Muhammed Mustaqim, Khalid Khan, Muhammed Usman represent QoS support can occur at the network, transport, application, user and switching levels. To meet QoS, address the following issues like encryption protocols, security and trust of information, dissimilar rates, fault profiles, latencies, burstiness, dynamic optimization of scarce resources and fast handoff control. In this paper [3] M. Purkhiabani and A. Salahi proposed authentication and key agreement protocol for next generation Long term evolution/ System Architecture Evolution(LTE/SAE) networks and compared its enhancements with contrast to Universal Mobile Terrestrial System- Authentication and Key Agreement( UMTS-AKA), then, offers a new improvement protocol which increases performance of authentication procedure. In fact the new proposed protocol by sharing serving network with Home Subscription Server (HSS) for execution of authentication procedure and increasing a little computation in Mobility Management Entity(MME) and generated joined authentication vectors in both MME and HSS can remove aforementioned problems during authentication process. The proposed-aka with contrast to original-aka, the more MS and service request rate, the more considerable deduction of authentication load for HSS. In this paper [4] H-M. Sun, Y-H. Lin, and S-M.Chen, proposed Several fast authentication schemes have been proposed based on pre authentication concept in /WLAN networks. These schemes present different methods to enhance the efficiency and security of re-authentication process. By using the pre authentication notion, suggest a pre-authentication system for WiMAX infrastructures in this paper. Due to elasticity and refuge, the proposed scheme is joint with the PKI architecture. It provides a safe and fast reauthentication procedure during macro-handover in /WiMAX networks. In this paper [6] J. Donga, R. Curtmolab, and C. N. Rotarua proposed to identify two general frameworks (inter-flow and intra-flow) that encompass several network coding-based systems proposed in wireless networks. The systematic study of the mechanism of these frameworks reveals vulnerabilities to a wide variety of attacks, which may severely degrade system presentation. Then, recognize security goals and design challenges in achieving security for network coding systems. Adequate sympathetic of both the threats and challenges is essential to effectively design secure practical network coding systems. This paper should be viewed as a reproving note pointing out the frailty of current network coding-based wireless systems and a general guideline in the effort of achieving security for network coding systems. In this paper [9] Wang, F. Yang, Q. Zhang and Y. Xu proposed an analytical model for multi hop IEEE networks to calculate how a lot bandwidth can be utilized along a path without violating the QoS requirements of existing rate-controlled traffic flows. To analyze the path capacity, a notion of "Free channel time" is introduced. It is the time allowed for a wireless link to transmit data. The model characterizes the unsaturated traffic condition to attain goal. The node

4 263 depicts the interaction between the newly injected traffic and the hidden traffic which would have an effect upon the new traffic. 3. DESCRIPTION OF THE PROPOSED SCHEME WiMAX and LTE are Fourth-Generation (4G) wireless technologies that have well-defined quality of service (QoS) and security architectures. The numbers of users communicate to the Mobile Station through the Base Station. During the data transmission the attackers easily hack the data. To overcome this problem, in the proposed scheme, the wireless nodes are initially authenticated by the home network and then authorized by the access node. The proposed scheme requires only a slightly higher Bandwidth and computational overhead than the default standard scheme. The Proposed a distributed security architecture using the ECDH algorithm in Layer 2 for 4G multihop wireless networks. The proposed scheme provides strong security and hasty authentication for handover users without affecting the QoS performance. The proposed security schemes, measuring and analyzing both the security level and QoS performance is mandatory for 4G vehicular networks, as they intend to provide high QoS and security for their customers. To analyze the security and QoS performance of the proposed ECDH security for both WiMAX and LTE networks. The QoS performance metrics used in the experiments are subscriber stations (SSs) connectivity latency, throughput, frame loss, and latency. For the ECDH scheme, the handover latency is significantly reduced versus that of the default security scheme; thus, the ECDH scheme improves the QoS performance of the vehicular users. To establish hop-by-hop authentication and to reduce the computational overhead for the centralized node, distributed security architecture is necessary for multihop networks. Further, the centralized security mode introduces longer authorization and SA delay than that of the distributed mode, which affects the QoS performance in vehicular networks. In multihop LTE networks, the security architecture defined by the 3GPP standard is a distributed scheme. On the other hand, selection of the distributed security mode in WiMAX is optional, but data transfer using the tunnel mode is still an open issue. Hence, proposed the distributed security architecture using ECDH for multihop WiMAX networks. For multihop (nth hop) connectivity using ECDH, the cell-edge RS broadcasts its public key, ECDH global parameters, RS-ID, and system parameters in the DCD broadcast message. 3.1 Security Analysis There are three security schemes considered for this analysis: 1) default MAC-layer security defined by standards; 2) IPSec security on top of the MAC-layer security; and 3) the proposed ECDH protocol at the MAC layer with default security. First, we explain how the proposed ECDH protocol overcomes the existing security threats in each category for both WiMAX and LTE networks. Later, we compare the performance of these three security schemes in Table VIII, where we enhanced our previous analysis Analysis on ECDH Protocol against Security Threats in WiMAX Networks: 1) Ranging attacks: In our proposed security architecture, RNG_REQ and RNG_RSP messages are encrypted by the public key of the receiver. Hence, the intermediate rogue node has difficulty in processing the message in a short period, and the system is free from DoS/Replay and other attacks during initial ranging. 2) Power-saving attacks: Already, the IEEE m standard provides an option for encrypting the control messages in a power-saving mode. For IEEE standards, the network may use ECDH implementation to overcome the power-saving attacks. 3) Handover attacks: The MOB NBR-ADV attacks do not exist in the IEEE network because the BS can encrypt the message. For other networks, the messages are encrypted using ECDH to overcome those security threats. For latency issues during handover, two scenarios are considered: 1) RS mobility (e.g., RS is installed on top of a train, and WiMAX users are inside the train), and 2) MS mobility. For RS mobility in the proposed security architecture, reauthentication for RS is not necessary, because the BS or the target RS knows the list of RSs and the corresponding RS_ID in the network. Otherwise, if the target node is another BS, the serving BS can send the RS authentication information including AK in a secured manner, as defined in IEEE m. 4) Miscellaneous attacks: For downgrade attack, if the level of security is low in the MS basic capability request message, the BS should ignore the message. For bandwidth spoofing, the BS should allocate the bandwidth only based on the provisioning of the MS. These downgrade attack and bandwidth spoofing can be solved by using basic intelligence in the BS. 5) Multihop security threats: One of the major issues in a multihop wireless network is the introduction of rogue node in a multihop path. In our distributed security mode, once the joining node is authenticated by the home network (AAA server), mutual authentication takes place between the joining node and the access node (RS or BS). Hence, the new node identifies the rogue

5 264 node during the mutual authentication step, and no other credential information is shared. Thus, the proposed solution avoids the introduction of the rogue node problem. For tunnel mode security support, the communication between the BS and the access RS is encrypted using the ECDH public key of the receiver. Hence, the network supports tunnel mode operation using the ECDH tunnel. 6) Other security threats: Other security threats such as attacks against WiMAX security, multicast/broadcast attacks, and mesh mode attacks do not exist in IEEE m networks. Otherwise, if the network uses ECDH implementation, the control messages are encrypted. Hence, those security threats are avoided Analysis on ECDH Protocol against Security Threats in LTE Networks: 1) LTE system architecture security threats: Security threats such as injection, modification, eavesdropping attacks, HeNB physical intrusions, and rogue enb/rn attacks still exist with ECDH implementation. 2) LTE access procedure attacks: Similar to WiMAX networks, the intruder can introduce a DoS/Replay attack during the random-access process, as the messages are in plain text. In our proposed security architecture, the random-access Request message is encrypted by the public key of enb, and the response message is encrypted by the public key of UE. Hence, the messages exchanged during the random-access process are encrypted, and the DoS/Replay attack is avoided. For IMSI water torture attacks, we suggest EAP-based authentication that is similar to WiMAX, where the Attach Request message is encrypted by home network shared secrets. For disclosure of the user s identity privacy, the Attach Request message is encrypted by enb s public key in ECDH implementation. Hence, it is difficult for the attacker to decrypt the Attach Request message to know the IMSI. Thus, disclosure of the user s identity is avoided. 3) Handover attacks: Location tracking is possible by eavesdropping the CRNTI information in a handover command message. However, this attack is avoided with the proposed scheme, because the CRNTI information is now encrypted. Other security threats, lack of backward secrecy, and desynchronization attacks still exist in ECDH implementation. 4) Miscellaneous attacks: If the attacker eavesdrops the CRNTI information in the random-access response or the handover command message, they can send a fake bandwidth request or false buffer status to allocate bandwidth unnecessarily. Using ECDH, enb encrypts the random access response message using UE s public key. Hence, bandwidth-stealing attack is avoided. The lack of SQN synchronization is similar to the desynchronization attack and still exists in ECDH implementation. 3.2 Analysis on ECDH Protocol Against Pollution and Entropy Attacks in Multihop WiMAX/LTE Networks: Pollution and entropy attacks are the major security threats in multihop wireless networks, when network coding is used for data transmissions. Since packets are unencrypted, attackers may introduce the polluted or stale packets that lead to pollution and entropy attacks. In our approach, every RS authenticates the neighbor RSs and shares the digital signatures. Hence, the attackers have difficulty in introducing the pollution attack. For the entropy attack, the RS may introduce a time stamp field in the message header. Subsequently, the RS can verify the time stamp of a received packet with the older packets. If the time stamp is older, then the RS may drop the packet to avoid the entropy attacks. 4. EXPERIMENT AND RESULTS 4.1 Throughput performance The throughput performance of the system for both the default and the IPSec security schemes. Provisioning of uplink and downlink wireless link for both the SSs in the AAA server is varied from 0 to 20 Mb/s. Using an IXIA traffic generator, traffic is transmitted for the total provisioned wireless capacity, and the received traffic is also noted. From the results, it is clear that the throughput for the IPSec security scheme is less than that for the MAC-layer security scheme. Initially, when the wireless link capacity is small, corresponding payloads (1500-byte packet) in the traffic are small. Hence, the drop is negligible. 4.2 Frame loss performance The end-to-end frame loss performance with respect to the total link capacities of the two SSs. Initially, as the number of packets (payload) is small at low wireless link capacity, frame loss is small (< 40) until the input traffic reaches. The frame losses in the IPSec scheme increases as the link capacity increases. The frame loss increases almost linearly for the IPSec scheme between the input traffic 8 Mb/s and 12 Mb/s. The packet drop increases in both schemes when the input traffic exceeds the practical system capacity of 18.5 Mb/s. 4.3 Latency performance The delay experienced by the traffic in the IPSec security scheme steadily increases from 4 to 9 Mb/s. The delay for the IPSec scheme is much higher than that for the MAC security scheme when the wireless link

6 265 capacity reaches 10 Mb/s. After 10 Mb/s, the average delay experienced by the IPSec is more than double when compared with the default MAC security. PERFORMANCE COMPARISON Method Throughput Frame Latency loss Existing 74% 80% 92% system Proposed system 93% 45% 37% 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Existing System Proposed System For the ECDH scheme, the handover latency is significantly reduced versus that of the default security scheme; thus, the ECDH scheme improves the QoS performance of the vehicular users. Consequently, suggest the ECDH protocol for 4G multihop wireless networks, and it is suitable for vehicular networks, since the proposed security scheme aids in hasty authentication without compromising the QoS performance. 5. CONCLUSION This paper, therefore, presented an integrated view with emphasis on Layer-2 and Layer-3 technologies for WiMAX and LTE security, which is useful for the research community. In addition, the performance of the proposed and other security schemes is analyzed using simulation and testbed implementation. Existing work QoS-aware distributed security architecture using the elliptic curve Diffie Hellman (ECDH) protocol that has proven security strength and low overhead for 4G wireless networks.the proposed distributed security architecture using the ECDH key exchange protocol.ecdh can establish a shared secret over an insecure channel at the highest security strength.limitations of high computational and communication overhead in addition to lack of scalability.so that the proposed work propose an unconditionally secure and efficient SAMA. The main idea is that for each message m to be released, the message sender, or the sending node, generates a source anonymous message authenticator for the message m.the generation is based on the MES scheme on elliptic curves. For a ring signature, each ring member is required to compute a forgery signature for all other members in the AS. The QoS measurement using the testbed implementation and theoretical studies show that the IPSec scheme provides strong security for data, but not for the control messages. Consequently, suggest the ECDH protocol for 4G multihop wireless networks, and it is suitable for vehicular networks, since the proposed security scheme aids in hasty authentication without compromising the QoS performance Final conclution to provide hop-byhop message Authentication without the weakness of the built in threshold of the polynomial-based scheme, then proposed a hop-by-hop message authentication scheme based on the SAMA. REFERENCES [1] N. Seddigh, B. Nandy, and R. Makkar, Security advances and challenges in 4G wireless networks, in Proc. 8th Annu. Conf. Privacy, Security, Trust, 2010, pp [2] Muhammed Mustaqim, Khalid Khan, Muhammed Usman, LTEadvanced: Requirements and technical challenges for 4G cellular network, Journal of Emerging Trends in Computing and Information Sciences, vol.3, Issue.5, pp , May [3]M. Purkhiabani and A. Salahi, Enhanced authentication and key agreement procedure of next generation evolved mobile networks, in Proc. 3 rd Int. Conf. Commun. Softw. Netw., 2011, pp [4] H-M. Sun, Y-H. Lin, and S-M. Chen, Secure and fast handover scheme based on pre-authentication method for WiMAX, in Proc. IEEE Region 10 Conf., 2007, pp [5] T. Shon and W. Choi, An analysis of mobile WiMAX security: Vulnerabilities and solutions, in Lecture Notes in Computer Science, T. Enokido, L. Barolli, and M. Takizawa, Eds. Berlin, Germany: Springer-Verlag, 2007, pp [6] J. Donga, R. Curtmolab, and C. N. Rotarua, Secure network coding for wireless mesh networks threats challenges and directions, J. Comput. Commun., vol. 32, no. 17, pp , Nov [7] L. Yi, K. Miao, and A. Liu, A comparative study of WiMAX and LTE as the next generation mobile enterprise network, in Proc. 13th Int. Conf. Adv. Comm. Tech., 2011, pp

7 266 [8] H. Jin, L. Tu, G. Yang, and Y. Yang, An improved mutual authentication scheme in multi-hop WiMax network, in Proc. Int. Conf. Comput. Elect. Eng., 2008, pp [9] K. Wang, F. Yang, Q. Zhang and Y. Xu, "Modeling path capacity in multi-hop IEEE networks for QoS service," IEEE Transactions on Wireless Communications, Vol.6, No.2, pp , February [10] T. Han, N. Zhang, K. Liu, B. Tang, and Y. Liu, Analysis of mobile WiMAX security: Vulnerabilities and solutions, in Proc. 5th Int. Conf. Mobile Ad Hoc Sensor Syst., 2008, pp Karpagam received the B.E degree in Electronics and Communication Engineering from Anna University, India in She is currently pursuing M.E degree in Communication Systems, Anna University, India. Her research interests mainly include Networks. Nithya received the B.E degree in Electronics and Communication Engineering from Anna University, India and the M.E degree in Communication Systems, Anna University, India. She is currently working as an assistant professor in the department of ECE, Dhanalakshmi Srinivasan Engineering College, Perambalur. Her research interests mainly include Networks.