A Design of Authentication Protocol for a Limited Mobile Network Environment

Transcription

1 Vol.29 (SecTech 2013), pp A Design of Authentication Protocol for a Limited Mobile Network Environment Minha Park 1,1, Yeog Kim 2, Okyeon Yi 3 1, 3 Dept. of Mathematics, Kookmin University, Korea, 2 Cryptography & Information Security Institute, Kookmin University, Korea, 1, 3 {mhpark, oyyi}@kookmin.ac.kr, 2 yeogkim@gmail.com Abstract. Many people demand more convenience and smarter service. Due to demand, smart devices have begun to take center stage in terms of portability and functionality in wireless environments, especially mobile communications. To provide secure service, authentication between networks and users devices is necessary with proper efficiency. In this paper, we propose an advanced authentication protocol to increase the efficiency of data memory usage during operation in various limited environments. This protocol should also solve the problems in the 3rd Generation Partnership Project Authentication and Key Agreement (3GPP-AKA) protocol. Keywords: 3GPP, authentication, AKA, efficiency 1 Introduction Today, smart devices have begun to take center stage in terms of portability and functionality in wireless environments, especially mobile communications. Communications services are usually provided in wireless environments, which are prone to security threats, such as forgery. To deal with these threats, wireless networks and users devices must confirm the legitimacy of the other through mutual authentication. Furthermore, authentication should be required to ensure efficient operation. For example, there is mutual authentication built into 3G networks: AKA [1]. A typical 3G network consists of mobile stations (MSs); a serving network (SN), which provides direct communications with MSs and shares home networks role of ensuring the efficiency of network operation; and home network (HN), which manage and authenticate MSs[2] [4]. These issues include 1) the increasing of SN bandwidth consumption and storage overhead due to many authentication vectors (AVs) needing authentication [2]; 2) the synchronization of SQN, which is used for fresh authentication [2], 3) a weakening of SN reliability [3], 4) and the invasion of MS privacy [4]. The proposed protocol considers efficiency and minimum data memory usage for smart devices and solves all of the above-mentioned problems. Consequently, it can be applied not just to 3G networks, but also to other This work was supported by the IT R&D program of MKE/KEIT [ , Development on spectrum efficient multiband WPAN system for smart home networks]. ISSN: ASTL Copyright 2013 SERSC

2 Vol.29 (SecTech 2013) environments that have limited resources. In Section 2, we arrange protocols, improved weakness of 3GPP-AKA. In Section 3, we describe the proposed protocol in detail. In Section 4, we compare existing protocols to the proposed protocol in terms of their solutions to problems and how data memory is used. The last section gives our conclusions. 2 Problem Deduction and its Solutions 2.1 Problems Raised in Earlier Studies and Improved Studies Table 1. Solutions to problems given in earlier studies. Problems Solutions Related Studies SN bandwidth consumption and storage overhead Using only one AV [2], [3], [4] Synchronization of SQN Using timestamps instead of SQN [2], [3], [4] Weakness of SN reliability Using SN information or random numbers [3], [4] Invasion of MS privacy Masking IMSI with secret tokens [4] 1) SN bandwidth consumption and storage overhead: Authentication is performed periodically to maintain the reliability of entities and the security of shared keys. In 3GPP-AKA, HN generates many AVs and sends them to SN, which use them without HN s extra permission. This process increases bandwidth consumption and SN storage overhead. [2], [3], and [4] use only one AV for solving this problem. 2) Synchronization of SQN: AVs are divided by SQN which provides freshness and they use different AV for each AKA procedure. Considering SQN s gap of MS and HN for movement of MS, MS checks whether it is within the reasonable range. If not, SQN and AVs are all updated by re-synchronization. Using timestamps instead of SQN solves this problem [2], [3], [4]. 3) Weakness of SN reliability: SN conducts authentication between MS and HN, and thus needs to be reliable. In 3GPP-AKA, since SN just delivers authentication value, it is difficult to trust SN. Generating SN authentication value [3] and using LAI (which is where SN is located) information [4] will help improve SN reliability. 4) Invasion of MS privacy: International mobile subscriber identity (IMSI) is sent in the clear to SN in order to check MS IDs, so the invasion of MS privacy can occur. Masking IMSI with secret tokens provides MS with privacy [4]. 2.2 Consideration of the Proposed Protocol Use minimum data memory: For operational efficiency, the proposed protocol reduces the usage of authentication values. Use only one AV: HN generates only one AV, which is sent to SNs. This reduces bandwidth consumption and SN storage, and also skips SQN comparisons. Use SN information: Using SN LAI improves SN reliability. 42 Copyright 2013 SERSC

3 Use MS TID (Temporary ID): After initial authentication, MS uses TIDs for privacy. 3 Proposed Protocol 3.1 Full Authentication Protocol Fig. 1. Full authentication and key protocol When an MS approaches to an SN, a full authentication is operated as the process described in Figure 1. After the full authentication, the SN sends MS s TID to the MS, which uses the TID for privacy. 4 Analysis of the Proposed Protocol Compared to Other Protocols 4.1 Comparison of Improvements Table 2 lists the improvements offered by several studies through the solving of 3GPP-AKA problems. The proposed protocol improves all of these areas, while the earlier studies only improved a few areas. Table 2. Lists of improvements List 3GPP- UMTS Kim- Proposed PE-AKA AKA X-AKA AKA AKA Reduce SN bandwidth consumption and Storage X O O O O Skip SQN synchronization X X O O O Provide MS privacy O - X O O Improve SN reliability X X O O O Suggest the authentication of handovers O O O O O

4 Vol.29 (SecTech 2013) 4.2 Analysis of Data Memory Usage Since we have shown the efficiency of the propose protocol, we will now analyze its data memory usage and data size, which are used to calculate MS, SN, and HN authentication. Table 3. Data memory usage and ratio Entities and Sections 3GPP-AKA UMTS X-AKA Kim-AKA PE-AKA Proposed AKA MS 688 5% % % % 656 MS SN % % % % 560 SN % % % % 576 SN HN 720 4% % % % 688 HN 688 5% % % % 656 Total % % % % 3136 Table 3 gives each entity and section s data memory usage (left side), as well as their ratio of consumption (right side), which shows the data memory usage changes compared to proposed protocol. The proposed protocol uses 37% data memory than the others. Consequently, the proposed protocol is more efficient than those of earlier studies. Therefore, according to the above analysis, the proposed protocol not only solves all design problems, but also takes into account data memory usage efficiency. 5 Conclusion The authentication of communications entities is necessary in radio environments, where many threats exist such as forgery, wiretapping. In this paper, we proposed a new protocol that increased efficiency, minimized data memory usage, and solved all 3GPP-AKA problems. For efficiency, the proposed protocol uses minimal authentication values and only one AV for decreasing bandwidth consumption and storage overhead, so SQN synchronization is not needed. It also uses SN LAI and MS TID for SN reliability and MS privacy. As a result, the proposed protocol can be expected to more efficient than other protocols, reducing data memory usage by 37%. The communication service can thus provide better service, as mutual authentication provides many functions and efficient data memory usage. References 1. 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security architecture (Release 5), 3GPP TS v5.7.0 ( ) 2. C. Huang and J. Li. Authentication and Key Agreement protocol for UMTS with low bandwidth consumption, Proceedings of the 19th International Conference on Advanced Information Networking and Application 2005, pp , Mar Copyright 2013 SERSC

5 3. D.Kim and S.Jung. Improved AKA Protocol for Efficient Management of Authentication Data in 3GPP Network, Korea Institute of Information Security & Cryptology Vol.19 No.2 April S.Jeon and S.Oh. An Efficient Authentication Mechanism Strengthen the Privacy Protection in 3G Network, Korea Academia Industrial Cooperation Society Vol.11 No.12 pp , 2010