Abstract. Keywords: Mobile Network, Wireless Security, Authentication, Authorization.

Similar documents
An OPNET Modeler Simulation Study of the VISA Protocol for Multi-Network Authentication

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Cellular Communication

authentication will be required between roaming user, visited network and home network.

Due to the many benefits provided by both the third-generation (3G) mobile networks and the IEEE wireless local area networks (WLANs), it is

Performance Evaluation of Wireless n Using Level 2 and Level 3 Mobility

Circuit switched network

and the Forensic Science CC Spring 2007 Prof. Nehru

DETECTING, DETERMINING AND LOCALIZING MULTIPLE ATTACKS IN WIRELESS SENSOR NETWORK - MALICIOUS NODE DETECTION AND FAULT NODE RECOVERY SYSTEM

Trusted Platform for Mobile Devices: Challenges and Solutions

Mobile IP. Mobile Computing. Mobility versus Portability

Fixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering

Federated access service authorization

Requirements for the Operations & Management of 4G Networks

Firewalls, Tunnels, and Network Intrusion Detection

Ju-A A Lee and Jae-Hyun Kim

DESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN

Wireless IP for M2M / IoT 101

TAKEOVER: A New Vertical Handover Concept for Next-Generation Heterogeneous Networks

Mobile Computing Introduction

Federal Information Processing Standard (FIPS) What is it? Why should you care?

312 D.B. Johnson /Scalable support for transparent mobile host internetworking work, it is then delivered to the correct individual host on that netwo

2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media,

Wireless (Select Models Only) User Guide

Distributed AAA: Proposals for Ad Hoc Networks

E2-E3: CONSUMER MOBILITY. CHAPTER-5 CDMA x OVERVIEW (Date of Creation: )

UNIT II NETWORKING

Wireless technology Principles of Security

Secure Smart Homes using Jini and UIUC SESAME

4G Technology in contrast with other G Technologies Raja Solanki,Vineeet Godara, Prashant Solanki, Dhronacharya Engineering College,Gurgaon,India

Boundary control : Access Controls: An access control mechanism processes users request for resources in three steps: Identification:

Broadcasting Scheme for Location Management in Mobile Networks

Next Generation WLAN Technology for School Networks

A Centralized Approaches for Location Management in Personal Communication Services Networks

What to look out for when considering a wi-fi solution

Achieving End-to-End Security in the Internet of Things (IoT)

Define information security Define security as process, not point product.

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

Frequently Asked Questions (FAQ)

AUTHENTICATION MECHANISM FOR FAST HANDOVER PMIPv6 NETWORKS

A Firewall Architecture to Enhance Performance of Enterprise Network

Wireless IP for IoT / M2M 101 The Basics

3.0 NETWORX ARCHITECTURE FOR IP-BASED SERVICES (L ) (M.2.1) (a), M.2.1.1(a))

IP Mobility vs. Session Mobility

Authentication and Authorization Issues For Multi-Hop Networks

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Vertical Handoff Characterization for SIP and msctp Based UMTS-WLAN Integration Solutions

Wireless Network Security Fundamentals and Technologies

Design of Secure End-to-End Protocols for Mobile Systems. Nepean, PO Box 10, Kingswood, NSW 2747, Australia. conclusions. 2.

Broadband Internet Access Disclosure

Chapter 10: Wireless Networking. School of information science and Engineering, SDU

A Secure Wireless LAN Access Technique for Home Network

Mobile IPv4 Secure Access to Home Networks. Jin Tang

Configuring Port-Based and Client-Based Access Control (802.1X)

STUDY ON MOBILE ADHOC NETWORK ROUTING PROTOCOLS

Multi-Factor Authentication FAQs

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

Simple, full featured and budgetary deployment of single AP or distributed APs Hot-Spot for small scale projects.

CompTIA CAS-003. CompTIA Advanced Security Practitioner (CASP)

SMart esolutions Information Security

Dimensioning enterprise cloud platforms for Bring Your Own Devices (BYOD) BYOD Device Emulation and Policy Analysis

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

NGN: Carriers and Vendors Must Take Security Seriously

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

E-guide Getting your CISSP Certification

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

International Journal of Scientific & Engineering Research, Volume 4, Issue 11, November-2013 ISSN

Wireless Attacks and Countermeasures

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

AAA Authentication: New Use Cases

Efficient RFID Authentication protocol for Ubiquitous Computing Environment

Wireless (Select Models Only) User Guide

Quality of Service and Security as Frameworks toward Next-Generation Wireless Networks

CIS 5373 Systems Security

Mobile SCTP for IP Mobility Support in All-IP Networks

Chapter 11: Networks

An Authentication Service Based on Trust and Clustering in Mobile Ad Hoc Networks

Outline. CS5984 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Host Mobility Problem Solutions. Network Layer Solutions Model

SUMMERY, CONCLUSIONS AND FUTURE WORK

MODULE NO.28: Password Cracking

Cisco How Virtual Private Networks Work

Custom Connect. All Area Networks. customer s guide to how it works version 1.0

Advanced Computer Networks Exercise Session 4. Qin Yin Spring Semester 2013

Mobility: vocabulary

Outline. CS6504 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Dr. Ayman Abdel-Hamid. Mobile IPv4.

Introduction and Statement of the Problem

RSA SecurID Implementation

APPLICATION TO OPEN PORTS THROUGH THE FIREWALL

Nigori: Storing Secrets in the Cloud. Ben Laurie

1-7 Attacks on Cryptosystems

Subject: Adhoc Networks

DELIVERING MULTIMEDIA CONTENT FOR THE FUTURE GENERATION MOBILE NETWORKS

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 5, Oct-Nov, 2013 ISSN:

2001, Cisco Systems, Inc. All rights reserved. Copyright 2001, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.

Cryptography and Network Security. Sixth Edition by William Stallings

Cisco 5921 Embedded Services Router

5. Execute the attack and obtain unauthorized access to the system.

Transcription:

Mobile Assisted Bit Sequence Authentication and Authorization (MABSAA) Pankaj Aggarwal, Kartikeya Tripathi, Janise McNair, Haniph A. Latchman Department of Electrical and Computer Engineering, University of Florida Abstract This paper introduces a novel scheme for mobile handset authentication and authorization in a geographically wide spread area spanning the coverage of multiple network service providers. The existing set up involves the exchange of a large number of control signals between the foreign network and mobile node, and between foreign network and home network for authentication and authorization, which is therefore vulnerable to eavesdropping and malicious attacks. Our scheme provides a lesser number of transactions for this purpose and incorporates multiple layers of security against hacks. First, the mobile device is equipped with an encrypted bit sequence that contains its authentication and authorization information. Then, when it moves into the domain of a foreign network, its bit sequence is read in order to provide it with the appropriate services. In essence, this procedure eliminates the need for the foreign network to communicate with the home network for establishing the mobile s identity. We show its effectiveness by comparing the authentication time between the existing set up and the proposed scenario. Keywords: Mobile Network, Wireless Security, Authentication, Authorization. 1. Introduction With the gradual advent of third generation technologies in the world of mobile and cellular systems and a growing user base demanding reliable and high data rate Internet based services (both commercial and personal), extensive business deals between various service providers for anywhere-anytime coverage have begun to be forged [1]. As a result, the issues of seamless internetwork handoffs in conjunction with the problems of eavesdropping and service theft are now being dealt with comprehensively [2] [3]. AAA is the authentication, authorization and accounting scheme that maintains the status of the user in a network in terms of letting the right people use the correct services (the ones they are entitled to), and maintaining log of their usage for billing purposes [4]. Authentication is to establish the identity of a user to check if that user is actually recognized by the system. It is based on password oriented access to services. The second step, authorization, checks precisely which services the user can access. Accounting is a tab of how long the service has been used. The existing cellular schemes use established infrastructures such location databases for the home network and visitor databases for authenticating mobile users traveling from one coverage area to another. This entails information exchange between the location registers, leading to a large overhead and drop in throughput. Current research focuses on the optimization of this exchange between foreign network and home network during the time of a hand-off [5], [6]. Our scheme investigates a mobile-assisted authentication protocol that reduces the involvement of inter-system information exchange between location registers by employing a unique code for each user that can be exchanged locally between the user and a foreign network. This paper introduces a novel decentralized authentication methodology applicable in large scale integrated wireless networks. Section 2 gives the overall view of the MABSAA protocol. Section 3 discusses the procedure to acquire the MABSAA bit sequence. Section 4 discusses the MABSAA bit sequence structure, and Section 5 shows the performance analysis. Section 6 concludes the paper. 2. MABSAA The new Mobile Assisted Bit Sequence Authentication and Authorization (MABSAA) is based on a simple idea that information about the user is encrypted in the mobile node itself, in the form of a pre-defined sequence of bits set in its memory. This sequence follows a fixed format, and the bits are set by the home network at the time of purchase of the device. The information can be reconfigured by home network if required, as described in a later section on sequence acquisition. Each segment of the sequence signifies some attribute of the user in terms of its identity and privileges. When the mobile user wanders into the coverage area of a foreign network that has a business association with the home network to provide services to its users, the user can be authenticated by the foreign network. The foreign network reads the user s bit sequence, decrypts it on the basis of a shared secret key, and provides services accordingly. Figure 1 shows the basic difference between MABSAA and common procedures of existing systems. In the existing system, there are 4 sets of signals being exchanged amongst the mobile, the foreign network and the home network. The mobile first contacts the foreign network with its Electronic Serial Number (ESN) and Mobile Serial Number (MSN). The foreign network then

contacts the relevant home network asking for confirmation on identity of the user and the types of services for which the user is authorized to have access. The home network processes this request, updates its location database, and sends back the desired information. The foreign network, on receiving this information, updates its visitor database and sends confirmation to the mobile node. sequence, and the foreign network s code opens a readonly port. On proper authorization (authentication), the interface either transmits the encrypted bit sequence or changes it. The new MABSAA procedures are shown in figure 2. Here, the foreign network, on detecting the mobile node s presence, reads the encrypted bit sequence, processes the information, and allows the mobile node to access its services as if the mobile were at home in its network. Meanwhile, the foreign network simultaneously informs the home network of the presence of this node. This parallel processing significantly reduces the time of authentication from the sequential nature of the existing system. Original New MABSAA HN HN Figure 1 MN MN FN FN 3. Sequence Acquisition The MABSAA bit sequence is both readable (by the home network and any authorized foreign network) and writable (only by the home network-for example in case some of the privileges have to be changed; the foreign network and the mobile user should not be able to change the sequence). To facilitate these operations, and to prevent accidental or malicious access to the sequence, it is encapsulated by a software interface that acts as an upper layer, as shown in the figure 2 below. The interface has two Access Codes - one that can be matched only by the home network and the other that can be matched by any legitimate foreign network. The home network s code opens a read/write port to the bit Figure 2: MABSAA Bit Sequence Encapsulation by the software Interface At the time of establishment of a business policy, the following entities are given to the foreign network by the home network- access code for the interface (all the foreign networks are given the same code), and a secret key with which to decrypt the received bit sequence. So any network in contract with several other networks will have the guest s network ID, the access code from that network, and the shared secret key from that network. 4. MABSAA Bit Sequence Structure The structure of the MABSAA bit sequence is clearly predefined, where specific combinations of bits represent specific aspects of the user s profile. We envision the following coverage of the sequence- for authentication: Home Network ID and Mobile Identification Number, for authorization: various aspects like Data Rate, Video on Demand, Voice over IP, Priority Calling, Roaming allowance etc. Each of these parameters is assigned a fixed number of bits (1 for priority calling, 1 for video on demand, 2 for data rate, etc.) Figure 3 shows an example structure for the bit sequence. Most of the attributes are of 1 bit, signifying only the absence or presence of that service for the user. The data rate is of 2 bits, indicating 4 levels of maximum data rate that can be provided. There may be other services that can be provided by the networks, and some space for future expansion is also reserved. As an example, one bit could be reserved for service active aspect. That is, if a person wants to suspend service for a period of time when they know they would not be using their mobile phone, this bit can

be set to zero for that amount of time, making the service inactive. The total size of the sequence is a matter of protocol design, and can be optimized with respect to the industry standard. 1 2 3 4 5 6 7 1: Network ID (includes mobile ID) 2: Roaming (1 bit) 3: Video on Demand (1 bit) 4: Data Rate (2 bit) 5: Internet Surfing (1 bit) 6: Priority calling (1 bit) 7: Other services and future use 4.1 Key Management One of the improvements of MABSAA over the existing system is the increased protection against unauthorized access. However, even in MABSAA, the exchange of bit sequences can be intercepted and the decryption key can be figured using many samples of the bit sequence (statistical analysis of encrypted data is possible). To prevent this, the home network periodically changes the encryption key for its set of mobile nodes. For this to happen, the mobile node has to be in the domain of its home network, so that its bit sequence can be rewritten in accordance with the new key. The home network also distributes the new key to other partner foreign networks. In case the mobile node is not present in its home network, it will be bookmarked for change whenever it comes in the home network territory. The foreign network maintains both the present key and the old key for a guest network. When a visitor mobile node comes in, the latest key is used first to decrypt the bit sequence. If the mobile node hasn t had its bit sequence rewritten in accordance with the new key, the foreign network would not be able to read it. In fact it would recognize the fallacy of the decryption by the garbled network ID that doesn t match any existing guest network s ID. Then the previous key will be applied to the sequence for decryption. This way, the exchange of bit sequence will be more reliable and less prone to hacker intrusions. 4.2 Example MABSAA Authentication Consider a situation with 4 networks. The information maintained by one of them might look as follows: ID of Guest Network Figure 3: Example Bit Sequence Access Code Table 1 Shared Secret Key (present) Shared Secret Key (old) 1 A 100 200 2 B 101 201 3 C 102 202 Self Self (for R/W) Self key (present) Self Key (old) When a mobile node visits a foreign network, the foreign network applies all its access codes. If the mobile is from an accredited network, one (and only one) of the access codes will work and the foreign network will retrieve the encrypted bit sequence. On receiving the encrypted bit sequence, the foreign network will use the corresponding secret key to decrypt it (this will add another level of reliability). The home network will be informed of this user s presence, the mobile will be provided the demanded services, and an account of usage will be made. This account will be sent to the home network periodically. A verage tim e to authenticate (in sec) 5. Performance Analysis Com parison oftim e to Authenticate 0.4 0.35 0.3 0.25 0.2 0.15 0.1 0.05 0 0 50 100 150 Num ber offoreign users in a network Figure 4 Original System M ABSAA The equations used to compare performance are as follows: For original model: T = t Fms + t Fp + t FH + t Hp + t HF + t Fsm (1) For MABSAA model: T = t Fms + t Fp + t Fsm (2) Where T = Total time to authenticate t Fms =Time to transmit from mobile to server in foreign N/W t Fp = Processing time in foreign N/W t FH =time to transmit from foreign N/W to home N/W t Hp =processing time in home N/W t HF = Time to transmit form home N/W to foreign N/W t Fsm =Time to transmit from server to mobile in foreign N/W

The system is more secure too, since the number of information carrying signals that can be eavesdropped on is reduced. There is actually a two-tier security in MABSAA, one at the access code level and the other at the bit sequence level. Furthermore, the authentication is bi-directional too- it s not only the mobile node being authenticated but also the foreign network to get access to the mobile. All together, it is a more robust, more secure and faster system that the existing set-up. 6. Conclusions The goal of MABSAA is to significantly optimize resource utilization. As mentioned earlier, the current methodologies require the exchange of control and identification messages between home and foreign networks, apart from the extensive data base management for location databases. Our technique will not only limit the use of bandwidth for sending such signals and the delays incurred therewith, but also reduce the infrastructural and maintenance costs. In addition, the fact that the foreign network can simultaneously perform the two steps of providing services to the user and informing the home network of the user s presence will cause the system to be much quicker. Results shown above exhibit this clearly. 6. References [1] L. Robert, N. Pissinou and S. Makki, Third Generation Wireless Network: The Integration of GSM and Mobile IP, IEEE 2000, pp 1291-1296. [2] W. Stallings, Cryptography and Network Security, Second Edition [3] J..McNair, F.Zhu, Vertical Handoff Fourth Generation Multi-Network Environments, IEEE Wireless Communication Magazine, June 2004 [4] B. Aboba et al., Authentication, Authorization and Accounting (AAA) Transport Profile, RFC 3539, June 2003. [5] A. Platt, Cost Implications of Mobility management, Networking Aspects of Radio Communication Systems, IEE Colloquium, Mar 1996. [6] H. Kim, H. Afifi, Improving Mobile Authentication with New AAA Protocols, IEEE International Conference on Communications, Volume: 1, Pages: 497-501, 2003

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback