authentication will be required between roaming user, visited network and home network.

Transcription

1 Classification of Security Authentication for Roaming User in Mobile Networks Ja afer AL-Saraireh & Sufian Yousef Anglia Ruskin University Chelmsford UK Abstract-This paper proposed classification of security for authentication process for a roaming user in mobile networks into different levels. Appropriate protocol is used for each level to support kind of security according to relationship between home network and visited networks. The proposed protocol for each level of security for authentication roaming user in mobile network is minimized the authentication delay for mobile networks compared with current authentication technique by minimize the intervention of the roaming user home network. These protocols reducing the message transmissions delay between roaming user home network and visited networks. The proposed method performs locally mutual authentication between the visited network and the roaming user by generating authentication key that shared between the visited network and the roaming user to use this key when a new authentication process is required for this user. The roaming user is selected a level of security is needed according to the agreement between the roaming user, the home network and the visited networks. The user selects the required level of security that is needed by the function provided by his terminal. Selection of security level depends on the circumstances of the home network and the visited networks security that are supported. Keywords: Roaming, Home Network, Visited Network, Authentication, Security. I. INTRODUCTION Roaming is the ability for a user to function when the serving network is different from their home network. In the current authentication protocol for roaming mobile, the authentication center of the visited network does not have any information that related to the roaming user such as share a secret key with a roaming user. When the user moves to another networks, then the roaming user needed to authenticate himself to the visited network. All the existing solutions require the intervention of user s home network for authentication. The roaming user and visited network do not share any private key in advance. Fig. 1, illustrates roaming user is belonging to home network A. Mobile share a secret key with it is authentication center (AuC). When the mobile travels into visited network B, the authentication center of network B does not have a shared secret key with the roaming mobile. At this moment, when the roaming mobile enters the visited network B and the roaming mobile home networks have roaming agreement with visited networks then a mutual authentication will be required between roaming user, visited network and home network. AuC File Server AuC Home Network A Visted Network B Roaming Mobile Mail Server mail.yourcompany.com File Server AuC Fixed Network Visted Network C Fig. 1. Roaming from one network to another network In the current 3G authentication protocol, the home network of roaming user is responsible for generating authentication vector (AV). The visited network frequently request home network to generate AV when user enters the visited network and when mobile is traveling from cell to another in the visited network. Each AV is good for one authentication and key agreement between the roaming user and the visited network. The roaming user uses its key and the synchronized sequence number to verify part of the AV in order to validate the visited network. The visited network compares the received response from the mobile terminal with the expected one from the home network. The current authentication mechanism incurs more time delay for authentication as a result of the extra communication between the visited network and the user home network and also any possible failure of the home network would prevent a roaming user from being authenticated. II. BACKGROUND AND RELATED WORK The authentication technique based on distributed security management for the global mobility network is proposed by [1]. The proposed authentication technique consists of tow phases.

2 The objective of the first phase is to generate authentication key (K auth ), this key is cached in the visited network. In this phase the visited network (), home network (HN) and the roaming user mobile terminal (MS) are contributing to generate authentication key. But the objective of second phase is to perform locally authentication between the roaming user and the visited network. The objective of two phases is to involve home network only once, during the first phase and in this phase, a secret key is established between the visited networks and the roaming user with the helping of his home network. When the roaming user stays in the visited network, the secret key is used when roaming user sends authentication request to the visited network. Three attacks on the authentication protocol that has been proposed by [1] are presented by [2] for global mobility networks. A self encryption mechanism for authentication of roaming user is proposed by [3]. This technique based on the concept of distributed security manager. There are two security managers, the first is the original security manger, that administrates the original authentication key secrete key which shared between the home network and the roaming user. This key is acquired when a user makes contracts with his home network. The second manager is temporary security manager, this manager active when there is roaming user in the visited network. III. PROPOSED AUTHENTICATION PROTCOLS BASED ON CLASSIFICATION OF SECURITY LEVELS The concept of security levels becomes widely used for security evaluation [4, 5]. The security level is to indicate the level of protection provided by the authentication for the roaming user in the visited networks. The classification of security levels is shown in Table 1. In the following will be describe the security levels for authentication in details. There is a private key K VH, that is shared between the home network (HN) and the visited network () and private key K MH is shared between the roaming user mobile station or roaming user (MS) and the home network (HN), and there is key generated is called authentication key (K auth ), this key is used to authenticate the roaming user with the visited network without any intervention with roaming user home network when a new authentication request. TABLE 1 Classification of Security Security Level Level 1 Level 2 Level 3 Level 4 Level 5 and Level 6 Conditions Connection between visited network and home network is secured (i.e. fixed network is secured) Connection between visited network and home network is not secured (i.e. fixed network is not secured) Fixed network is not secured and there are two users belong to the same HN, both of them are legitimate but one of then is malicious, he is intruder and impersonate the visited network Visited network can be trusted with home network (i.e. home network not acquire authentication of key and misuse it Visited network can t trusted with home network (i.e. home network is not trusted). A. Security Level 1 In this level of security, we assume that the connection between home network (HN) and the visited network () is secure, the two networks are connected via fixed networks, and this mean that the fixed network is secured. This level of security provides authentication between home network and the visited networks, authenticate the roaming user and the visited network and a shared private key (K auth ) is created and shared between roaming user and visited network secrete. This key used later for any authentication request that are generated from roaming user while roaming user is residence in the visited network, then the visited network is responsible for generating authentication vector and authenticate the roaming user. The authentication of the roaming user in this kind of security level is shown in Fig. 2. The authentication method which is shown in Fig 2, is described in detailed as follow 1. MS sends authentication request to 2. generates random number (rand 1 ) and sends it to HN. This message is challenge for authenticating HN. HN encrypts by using the private key K VH which is shared between and HN, also the HN generates Rand 2 and sends the message to. This message is challenge for authenticating. 3. The is performed the following: i. verifies that this message is sent from HN for the roaming user, by decrypting the message [f(, K VH )] to get X and compare X with which it is generated by. If comparison is successful then known that this message is sent from HN for roaming user MS, else rejects the authentication. ii. generates authentication key K auth and temporary cipher key K temp. iii. encrypts Rand 2 which received it from HN, this encryption done by using the K VH. f (Rand 2, K VH ) iv. encrypts K auth by using the K temp and the result of the encryption also encrypted by K VH. f [f (K auth, K temp ), K VH ].After that send response to HN.3 Rand 3, K temp, ƒ[ƒ(k au th, K temp ), K MH ] ƒ[, K auth ] ƒ(rand 2, K VH ), ƒ[ƒ(k auth, K temp ), K VH ] ƒ[ƒ(k auth, K temp ), K MH ] Fig. 2 Authentication Mechanism in Level 1 of the security

3 4. The HN is performed the following i. HN verifies that this message is sent from, by decrypting the message to [f(rand 2, K VH )], gets XRand 2 and compare XRand 2 with Rand 2. If comparison is successful then HN known that this message is sent from, else reject the authentication. ii. Also HN decrypts f [f (K auth, K temp ), K VH ] to get message that encrypted by K temp and HN can t known the K auth and K temp,the result of decryption is F f(k auth, K temp ) and this resulting is encrypted by the key that shared between MS and it is HN this key is called K MH and then send the resulting of encryption to 5. generates Rand 3 which is send to MS as challenge authenticating for MS, and passes the message which received from HN to MS with K temp, which is used for ciphering K auth. 6. The MS decrypts the message f [f (K auth, K temp ), K MH ] by using K MH and decrypts the result of decryption by using K temp to get K auth. Then MS stores the K auth and sends response to by encrypting Rand 3 by using K auth. 7. verifies that this message is sent from MS, by decrypting the message f(rand 3, K auth ) to get XRand 3 and compare XRand 3 with Rand 3 which it is generated.. If comparison is successful then known that this message is sent from MS, else reject the authentication. And also encrypted the message which is encrypted by K auth also encrypted again with the same key K auth. And send it to MS 8. MS decrypts the message then if MS get Rand 3 then it known that the message is received from. B. Security Level 2 In this level of security, we assume that the connection between the home network and the visited network is not secure; this mean that the fixed network is not secured. If the fixed network is not secured then the security level 1 enables intruder to hacking the networks. If there are two roaming users (called User1 and Uesr2) belong to the same home network and stay in the same visited network. Assume the intruder user (User2) eavesdropped User1 and recorded the protocol when it is run with the User2, and gets the message (4) by impersonate the home network and modified this message to get K auth and K temp for the User 1. The attack of the authentication mechanism for security level 1 is shown in Fig. 3. The above attack based on modifies the message 4 which are sent between the visited network and home network, the weakness of the fixed networks allows to replace a part of message 4 which belong to user 2, with the corresponding part from another protocol that run for user1. This kind of attacks for the level 1 can be avoided by prevents the replay of message 4 or any part of it. This done by encrypted the message 4 and using identification (ID) for each entity that involved in authentication process. The authentication of roaming user in level 2 is shown in Fig. 4. Rand 3, K temp, ƒ[ƒ(k aut h, K temp), K MH] ƒ[, K auth ] User 1 ƒ(rand 2, K VH), ƒ[ƒ(k auth, K temp), K VH] ƒ[ƒ(k auth, K temp), K MH] Roaming User Visited Network Home Ne twork Rand' 1 Rand' 2, ƒ(rand' 1, K VH ) User2 Impersonate HN and recieved ƒ(rand' 2, K VH), ƒ[ƒ(k auth, K temp), K Message 4 which related to User 1 VH] Modify the orginal Message ƒ[ƒ(k aut h, K temp), K XH] Rand' 3, K temp, ƒ[ƒ(k aut h, K temp), K XH] ƒ(rand' 3, K auth ) ƒ[ƒ(rand' 3 K aut h ), K aut h ] User 2 The orginal message is ƒ(rand' 2, K VH), ƒ[ƒ(k' auth, K' temp), K VH] Figure 3 Attacks for the Security Level 1, in Case of Fixed Network is not Secure. Rand 3, K temp, ƒ[id,ƒ(k aut h, K temp ), K MH ] ƒ[, K auth ] ƒ[rand 2,ID MS, ƒ(k auth, K temp ), K VH ] ƒ[id,ƒ(k au th, K temp ), K MH ] Figure 4 Authentication Mechanisms in level 2 of the security C. Security Level 3 This level of security is applied when the fixed network is not secured and there are two users belong to the same HN, both of them are legitimate but one of them is malicious, he is intruder and impersonate the visited network. The level 2 can t prevent any attack form legitimate intruder that resides in the same visited networks as other legitimate user that belongs to the same home network. Assume the intruder user (User2) impersonate the visited network to the user 1. The user 2 have old authentication key k* auth, old cipher key K* temp, and the ciphering message ƒ[ƒ(k* auth, k* temp ),K vh ). The attack of the authentication mechanism for security level 2 is shown in Fig. 5. This kind of attacks for the level 2 can be avoided by that roaming user (User1) generates random number when authentication request is generated. The visited network received authentication request and random number from roaming user. The visited network passes this random number to home network, the random number for the roaming user is included in message 1, 4 and 5. The authentication of roaming user in level 3 is shown in Fig. 6.

4 User 2 Impersonate the and recieved requiest form User1 User2 Rand' 3, K* temp, ƒ[ƒ(k* auth, K* tem p), K MH] User2 ƒ(rand' 3, K* auth ) ƒ[ƒ(rand 3, K* auth ), K* auth ] User 1 User 2 Roaming User ƒ(rand 2, ID MS, K VH), ƒ[ƒ(k auth, K temp), K VH] ƒ[id, ƒ(k auth, K temp), K MH] User2 User2 Request, Authentication Rand 0 ƒ[rand 0, Rand 2,ID MS, K auth, K VH ] ƒ[rand 0,ID,K auth, K MH ] Rand 3, K temp, ƒ[rand 0, ID, K auth, K MH ] ƒ[, K auth ] Figure 5 Attacks for the Security Level 2, in case of Fixed Network is not Secure and Intruder Impersonate Visited Network., Rand 0 Rand 3, K temp, ƒ[rand 0, ID,ƒ(K auth, K temp ), K MH ] ƒ[, K auth ] ƒ[rand 0, Rand 2,ID MS, ƒ(k auth, K temp ), K VH ] ƒ[rand 0,ID,ƒ(K au th, K temp ), K MH ] Figure 6 Authentication Mechanisms in Level 3 of the Security This protocol is robust if the visited network trusted with the home network. In this protocol the home network can be easily obtain the authentication key (K auth ), which it is intended to be shared secret between the roaming user and the visited network. If the home network eavesdrops the communication between the roaming user and the visited network, the home network cached the message 4 and get ƒ(k auth, k temp ). Also the home network eavesdrops the message 6 to get K temp, then home network can get k auth by decrypting the message ƒ(k auth, k temp ). The protocol of level 3 is not secure if HN can t be trusted. D. Security Level 4 This level of security is applied when the visited network and the roaming user can be trusted with home network (i.e. home network not acquire authentication of key and misuse it). Because the home network is trusted, then no need for encrypted of K auth by using K temp. The authentication of the roaming user in level 4 is shown in Fig. 7. Figure 7 Authentication Mechanisms in Level 4 of the Security E. Security Level 5 This level of security is applied when the visited network and the roaming user can t be trusted with home network (i.e. home network acquires authentication of key and misuse it). This level of security used public key for roaming user (K pu ) to encrypte message 4, 5 and 6 instead of K temp. The authentication of the roaming user in level 5 is shown in Fig. 8., Rand 0, K pu Rand 3, K temp, ƒ[rand 0, ID, ƒ(k auth, K pu ), K MH ] ƒ[, K auth ], K pu ƒ[rand 0, Rand 2,ID MS, ƒ(k aut, K pu ), K VH ] ƒ[rand 0,ID,ƒ(K au th, K pu ), K MH ] Figure 8 Authentication Mechanisms in Level 5 of the Security F. Security Level 6 In this level of security the visited network is responsible for generated key authentication (K auth ) and it is not necessary to send it to home network. The visited network after generated K auth, must be encrypted it by K pu and send it directly to roaming user and not send it to home network. The authentication of roaming user in level 6 is shown in Fig. 9. G. Security Level 7 In this level of security the visited network is generated K auth. The authentication of roaming user in level 7 is shown in Fig. 10. An intruder in this level has no way to impersonate home network and visited network and replay attack is impossible. The level 7 is more efficient and support high level.

5 , Rand 0, K pu ƒ[rand 0, Rand 2,ID MS, K VH ] ƒ[rand 0,ID,, K MH ] Rand 3, K temp, ƒ[rand 0, ID, ƒ(k auth, K pu ), K MH ] ƒ[, K auth ] Figure 9 Authentication Mechanism in level 6 of the security ID MS, ID HN, ƒ(rand 0,K MH ) ƒ(rand 0 ID,K MH ) ƒ(, K auth ) compare the Rand 0 which recieved with rand 0 which is generated and K auth = rand 1 ƒ(rand 0,K MH ), ƒ(id MS Time,K VH ) Verfiy the Time is responsible and ID MS belong to one who Have K MH ƒ(rand 0 ID,K MS ), ƒ(, K VH ) compare the K auth which recieved with K auth which is computed before compare the Rand1which recieved with rand 1 which is generated and K auth = rand 1 Figure 10 Authentication Mechanism in level 7 of the security IV. ANALYSIS SECURITY In this analysis, we have the following assumption, there is a share private key (K MH ) between roaming user and it is home network, and there is a share private key (K VH ) between the visited network and the roaming user home network. These keys are kept secretly and intruder can t obtain its. The authentication protocol which support level 1 is secure, if we assumed that the connection between home network and the visited networks is secure. But if the connection is not secured then intruder (User2) which it is legitimate but it is a malicious user eavesdropped legitimate user (User1) and recorded the protocol when it is run and gets the message (4) by impersonate the home network and modified this message to get K auth and K temp for the User 1. These meaning the replay, impersonate of home network and eavesdropped attack is available in level 1, if fixed network which connect home network with visited network is not secure. The level 2 is suffering from that the intruder impersonate the visited network to the user 1 and then modified the message the authentication message which generated from home network to replace a part from old authentication that belong to the intruder. The level 3 is providing high level of security if the visited network and home network is trusted. An intruder in this level has no way to impersonate home network and visited network and replay attack is impossible. The level 4, 5 and 6 have the same level for security as level 3, but level 4 is more efficient than level 3 because no need to temporary ciphering key and for encryption of the authentication key. Level 5, 6 and 7 is support high level if security if visited network not trusted with home network, and in this level public key to encrypted the authentication key. In level 6, there is no needed to send encrypted authentication key to home network, the authentication key is directly send to roaming user. But in level 7 less transmission is needed between entities. V. COMARISON BETWEEN THE LEVELS OF SECURITY TABLE 2 summarizes comparison between security level protocols that proposed. Effect of Single Pont Failure) Effect of Time Comm. HN and # MS and # and HN Execute Cryptography Algorithm Total Size for MS and 640/ Auth. Total Size for and 640/ Auth. 3G 5/ 5/ Protocol High High Auth. Auth. 15 Level 1 Low Low Level 2 Low Low Level 3 Low Low Level 4 Low Low Level 5 Low Low Level 6 Low Low Level 7 Low Low VI. Conclusion Different levels of security are classified to provide secure authentication process depend on the security of the connection between home network and the visited network. These classifications simplify the authentication protocol. The proposed techniques reduce the number of transmissions between entities during the authentication process. After create key authentication and shared between the visited network and the roaming user, the mutual authentication between the roaming user and the visited network that is performed locally without any intervention for home network. REFERENCES [1]. S. Suzuki and K. Nakada, An authentication technique based on distributed security management for the global mobility network, IEEE Journal Selected Areas Communication Vol. 15, pp , [2]. L. Buttyán, C. Gbaguidi, S. Staamann, and U. Wilhelm, Extensions to an authentication technique proposed for the global mobility network, IEEE Trans. Communications, Vol. 48, no. 3, 2000, pp [3]. K. Hwang and C. Chang, A self-encryption mechanism for authentication of roaming and teleconference

6 services, IEEE Trans. Wireless Communications, vol. 2, no. 2, 2003, pp [4]. E. Bertino, S. Jajodia, L. Mancini, and I. Ray. Advanced Transaction Processing in Multilevel Secure File Stores, IEEE Transactions on Knowledge and Data Engineering, 10(1): , February [5]. D. Rosenthal and F. Fung. A Test for Non-disclosure in Security Level Translations, In Proceedings of the 1999 IEEE Symposium on Security and Privacy, pages , May [6]. Yi-Bing Lin, Yuan-Kai Chen, "Reducing authentication signaling traffic in third-generation mobile network, IEEE Transactions on Wireless Communications, vol. 2, no. 3, May 2003 pp [7]. Wei Liang and Weny Wang, A Quantitative Study of Authentication and QoS in Wireless IP Networks, IEEE INFOCOM'05, Miami, FL, USA, March, [8]. H. Kim and H. Afifi, Improving mobile authentication with new AAA protocols, in Proc. IEEE Conference on Communications (ICC), vol. 1, May 2003, pp [9]. G. Horn, K. Martin, and C. Mitchell, Authentication protocols for mobile network environment value-added services, IEEE Trans. Vehicular Technology, vol. 51, no. 2, 2002, pp