Designing Authentication for Wireless Communication Security Protocol

Similar documents
GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017

Secure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography.

City Research Online. Permanent City Research Online URL:

Security functions in mobile communication systems

NS-AKA: An Improved and Efficient AKA Protocol for 3G (UMTS) Networks

International Journal of Scientific & Engineering Research, Volume 4, Issue 11, November-2013 ISSN

Design of a Routing Mechanism to Provide Multiple Mobile Network Service on a Single SIM Card Boobalan. P, Krishna. P, Udhayakumar. P, Santhosh.

Basics of GSM in depth

Network Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Diminishing Signaling Traffic for Authentication in Mobile Communication System

Communication Networks 2 Signaling 2 (Mobile)

Chapter 3 GSM and Similar Architectures

CHAPTER 4 SYSTEM IMPLEMENTATION 4.1 INTRODUCTION

Efficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection

Security of Cellular Networks: Man-in-the Middle Attacks

Contents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications

Pertemuan 7 GSM Network. DAHLAN ABDULLAH

Information Technology Mobile Computing Module: GSM Handovers

Mobility and Security Management in the GSM System

Cellular Mobile Systems and Services (TCOM1010) GSM Architecture

Threat patterns in GSM system. Basic threat patterns:

EUROPEAN ETS TELECOMMUNICATION November 1996 STANDARD

ETSI TS V3.4.0 ( )

E2-E3: CONSUMER MOBILITY. CHAPTER-5 CDMA x OVERVIEW (Date of Creation: )

Cellular Communication

GSM System Overview. Ph.D. Phone Lin.

Sniffer. J.DEEPTHI Associate Professor & HOD, Department of CSE,

UNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase

COMP327 Mobile Computing Session: Lecture Set 5 - Wireless Communication Part 2

A Centralized Approaches for Location Management in Personal Communication Services Networks

Mobile Communications

GPRS security. Helsinki University of Technology S Security of Communication Protocols

A Design of Authentication Protocol for a Limited Mobile Network Environment

authentication will be required between roaming user, visited network and home network.

ETSI TR V ( )

Request for Comments: Cisco Systems January 2006

International Journal of Innovative Research in Advanced Engineering (IJIRAE) ISSN: Volume 1 Issue 6 (July 2014)

Integration of voice and data in an m-commerce situation

Nexus8610 Traffic Simulation System. Intersystem Handover Simulation. White Paper

EUROPEAN ETS TELECOMMUNICATION July 1998 STANDARD

Questioning the Feasibility of UMTS GSM Interworking Attacks

GPRS billing: getting ready for UMTS

PORTABLE communication systems (PCSs) do not require

Security Management System of Cellular Communication: Case Study

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.

Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm.

GSM Security Overview

Data and Voice Signal Intelligence Interception Over The GSM Um Interface

Practical Operator Considerations Cellular Analog Cellular Rogue Base Station Tumbling Cloning

GSM. Course requirements: Understanding Telecommunications book by Ericsson (Part D PLMN) + supporting material (= these slides) GPRS

GPRS Security for Smart Meters

Security issues in mobile communications

UMTS System Architecture and Protocol Architecture

A secure GSM-based electronic Murabaha transaction. 2. Background

Wireless Communications

A NEW ALGORITHM FOR CALL SETUP FROM A FIXED WIRELINE TO A ROAMING MOBILE STATION IN AN ADJACENT NETWORK

Wireless and Mobile Network Architecture

Secure 3G user authentication in ad-hoc serving networks

Understanding Carrier Wireless Systems

ETSI TS V3.5.0 ( )

Network Node for IMT-2000

Hands-On Modern Mobile and Long Term Evolution LTE

3G TS V3.1.0 ( )

Mobile Security Fall 2013

Please refer to the usage guidelines at or alternatively contact

REPORT ON GUEST LECTURER (INDUSTRY) BTS, GSM ARCHITECTURE & CALL FLOW IN GSM

Radiator. EAP-SIM and EAP- AKA Support

GSM Open-source intelligence

Session key establishment protocols

ETSI TS V6.4.0 ( )

Session key establishment protocols

GSM Hacking. Wireless Mobile Phone Communication 30 th January 2014 UNRESTRICTED EXTERNAL

Key Management Protocol for Roaming in Wireless Interworking System

Defeating IMSI Catchers. Fabian van den Broek et al. CCS 2015

Telecommunication Services Engineering Lab

Mobile Security / /

Mobility Management usually includes two parts: location management and handoff management.

Radiator. EAP-SIM and EAP- AKA Support

Formal Methods for Assuring Security of Computer Networks

Evolution from GSM to UMTS

REGULATORY FRAMEWORK FOR THE ACTIVITY OF MOBILE VIRTUAL NETWORK OPERATORS (MVNO)

Client Server Programming and GSM Networking Protocols (SS7 Signaling)

Avoidance of Bottleneck in PCS Network

ON THE IMPACT OF GSM ENCRYPTION AND MAN-IN-THE-MIDDLE ATTACKS ON THE SECURITY OF INTEROPERATING GSM/UMTS NETWORKS

3GPP TR V4.0.0 ( )

ETSI TS V7.1.1 ( )

Past & Future Issues in Smartcard Industry

Technical description of international mobile roaming May 2010

Connecting Mobile Phones to the Internet Simply (CoMPIS) IETF London DISPATCH WG Jim Forster, Mike Iedema, Harvind Samra - Range Networks Tim Panton

2001, Cisco Systems, Inc. All rights reserved. Copyright 2001, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.

Enhanced Delegation Based Authentication Protocol for Secure Roaming Service with Synchronization

Short Message Service (SMS)

ETSI TS V3.1.0 ( )

Wireless Security Security problems in Wireless Networks

Identity Management in a Fixed Mobile convergent IMS environment

Mobility: vocabulary

Advanced Computer Networks Exercise Session 4. Qin Yin Spring Semester 2013

Advanced Security for Systems Engineering VO 10: Mobile Applications

Private Identification, Authentication and Key Agreement Protocol with Security Mode Setup

Point-to-Point Extensions Working Group Internet Draft April EAP SIM Authentication (Version 1) draft-haverinen-pppext-eap-sim-01.

Transcription:

Designing Authentication for Wireless Communication Security Protocol Ms. Roshni Chandrawanshi, Prof. Ravi Mohan, Mr. Shiv Prakash Chandrawanshi Abstract Security is considered an important issue for mobile communication systems. In particular, the design of authentication mechanisms has received considerable research interest recently. However, most of the current authentication schemes for mobile systems only have simple security functions and usually have some weaknesses, such as leakage of user identities and high update overhead of temporary identities. Moreover, these schemes cannot fulfill the security requirements specified in third generation mobile systems (IMT-2000, UMTS). In this paper, we propose a secure and flexible authentication framework for mobile communication systems. In the proposed framework, service providers can dynamically choose authentication mechanisms without the cooperation of network operators in visited domains. Based on the new framework, a secure authentication protocol is proposed. The proposed protocol can satisfy the security requirements of third generation mobile communication systems. behaviors of the original object, while it abstracts from other aspects. In general, the objects of interest may be anything, like complex physical phenomena or computer systems composed of parallel processes executing together. The objects we consider are security protocols, also known as cryptographic protocols. Security protocol principals, such as human beings or computers, execute a security protocol by exchanging messages over a medium to achieve some particular goal. We assume that such a medium (the network) is not private to the principals, but shared between all other participants. This implies that other participants not taking part in the execution may still see messages passing by, and potentially play an active role in the communication. Moreover, participants do not necessarily trust each other, and thus principals executing the security protocol cannot rely on other participants to simply avert their eyes and behave honestly. A prominent example of such a medium is the Internet. On the other hand, a good identity authentication system means that no unauthorized user gets the required services from the home system. In the original design, mobile users are authenticated by using a shared secret cryptographic system. To equip the GSM system with better power of security, in this paper, we shall focus on developing the solutions to possible user authentication. Index Terms network security, flexible authentication framework, authentication protocol, mobile networks, 3G communication systems. 1.. INTRODUCTION An analysis model is a description specifically created to examine and evaluate an object. Such description is realized using a formal language and it reflects properties or Manuscript received Sep 15, 2012. Ms. Roshni Chandrawanshi, Electronics & communication shri ram institute of science & technology, jabalpur, m.p. India. Jabalpur M.P., India Prof. Ravi Mohan, Electronics & communication shri ram institute of science & technology, jabalpur, m.p. India. Mr. shiv prakash Computer science, HCET Jbp. M.P. India. 2. GSM Network: In the GSM Network, three subsystems involved are the mobile station (MS) subsystem, the base station subsystem, the home subsystem. The MS subsystem consists of the mobile equipment (ME) and the smart card called equipment is uniquely identified by the international mobile equipment identity. The SIM card contains the International subscriber to the system, a secret key for authentication, and subsystem consists of the Base Transceiver Station (BTS) and the Base Station Controller (BSC). These are the connections between the mobile stations and the Mobile Switching Centre (MSC). The home subsystem is composed of five parts, the Mobile Switching Center (MSC), the 202

Home Location Register (HLR), the Visitor Location Register (VLR), the Center (AuC), and the Equipment Identity Register (EIR). We explain the diff HLR and VLR as follows. The HLR is a database that contains complete information of the local customer. It is the main database. The VLR contains the roamer information. The VLR make sure that you are a valid subscriber and then retrieves distant HLR to manage your call. authentication has been performed, the authentication proxy is then capable of authenticating the client when subsequent authentication is required. That is, the proposed authentication framework contains two operation modes for initial and subsequent authentication 3.1 Initial Authentication: When the client c leaves his home domain and roams to a visited domain, the initial authentication shown in Fig. 2 is performed among the three parties. First, the request message Request c is generated by the client c and sent to the authentication proxy p in the visited domain. Since the authentication proxy is unable to authenticate the client c by Itself, it generates a Forwarded Request c containing the Request c and forwards it to the designated authentication server s in c s home domain. The verification procedure is performed by the authentication server s, and a response message Response s is generated Corresponding to the authentication result. The authentication proxy forwards the Forwarded Response s containing the Response s to the client and decides whether or not to provide the service to the client according to the authentication result. Figure 1: GSM architecture. 3. The Operation Modes: In our framework, the authentication server maintains the profiles and privileges of registered clients. Thus, only the client s home authentication server has the ability to initially authenticate the client. Another entity, the authentication proxy, is mainly responsible for forwarding the client s authentication request to the authentication server. In the proposed framework, after initial Here, the authentication Proxy caches some authentication information, which can be used in subsequent Authentication. The response message Response c lets the client c know whether the authentication was successful or not. After the initial authentication, both the proxy p and client c obtain the authentication result from the authentication server and share some secret information. 203

Figure 3 GSM authentication protocols (2) After receiving the TMSI, the new VLR can use the TMSI to get the IMSI from the old VLR. Then the new VLR sends the IMSI to HLR. Figure 2: Initial Authentication 4. Analysis of current GSM Authentication protocol- 4.1 Working of Protocol Let s first see the working of the existing GSM authentication protocol as shown in the figure 3. The details are described as follows: (1) When MS enters a new visiting area and requires new communication services, he/she sends an authentication request to the visited VLR. The request contains the TMSI and the LAI. (3) The HLR/AuC then generates n copies of the triplet authentication parameters {RAND, SRES, Kc} at a time for the mobile station to use later for each call, and then the HLR sends them to the VLR through a secure channel. (4) After receiving these authentication parameters, the VLR keeps them in its own database and then he/she selects a triplet {RAND, SRES, Kc} to authenticate the mobile station for each call. Then the VLR forwards the selected RAND to the MS. (5) When the MS receives RAND, he/she can compute SRES and Kc and send the computed SRES back to the VLR. Then the MS keeps Kc for secret communication. (6) Once the VLR receives SRES from the MS, it compares it with the selected SRES. If they are the same, the MS is authenticated; otherwise, the MS is not a legal user. 5. Drawbacks of Existing Protocols - (a) Not supporting Bilateral Authentication: This is the major setback of the existing protocol, in which the MS can be authenticated by the VLR but VLR cannot be authenticated by the MS thus supporting unilateral authentication. (b) Huge Bandwidth consumption between VLR and HLR: As per the existing protocol each time when MS wants to establish a session, VLR has to request for the authenticity of that MS from the HLR thus consuming huge bandwidth. 204

(c) Storage space overhead in VLR: Since each time HLR sends the n copies of RAND number to the VLR, thus VLR have to save all these n copies in its database thus making the database of VLR overloaded. (d) Overload in HLR with authentication of MS: Since every time VLR request to the HLR for the authenticity of MS thus making the database of the HLR overloaded. (e) Man- In- Middle attack: Since in the existing protocol there is unilateral authentication, so any unauthorized user can be able to know the contents of the session that is going on between MS and VLR because VLR is not authenticated by the MS. (f) Impersonating attacks: Any attacker can impersonate himself as VLR and try to get the required data for him because this existing protocol supports unilateral authentication and MS can easily be fooled by the attacker. 6. Distribution of IDv to each VLR- In this phase HLR will distribute a unique identification value to each VLR which comes under its region. This IDv help the VLR to be authenticated by the mobile station when the certificate is generated with the help of Ki and A3 security algorithm. Figure 4: Mutual authentication phase 6.1 Mutual Authentication Phase- This is the last phase of our proposed protocol, in this phase mobile station and the VLR will be authenticated by each other during the calls made and attended by the mobile station with the help of HLR. So this proposed protocol will provide the mutual authentication between MS and VLR. Figure 5: Mutual Authentication Phase 205

7. Conclusion- Nowadays, 3G mobile systems are becoming more and more popular in the market. However, the cost for base station construction is still very high. Many telecommunication companies still use the old standard of GSM or integrate the GSM system with their 3G systems. Therefore, the GSM system is still popular and widespread because of its simplicity and efficiency. Many authentication protocols have been developed to improve the original authentication protocol of GSM, but mostly cannot solve the problems without modifying the architecture of GSM. In the authentication framework, the authentication server can dynamically choose which authentication mechanism to use for each authentication request. Moreover, this property provides service providers with the ability to develop proprietary authentication mechanisms and adjust the security policy in run time. In this paper, we have pointed out the drawbacks of the GSM authentication protocol and presented a new authentication protocol that can fix all the drawbacks. Also, the concept of this protocol can also be applied to 3G mobile systems. Conference on Networks/ International Conference on Information Engineering 93, Vol. 1, 1993, pp. 421-425. 8. S. Putz, S. Putz and R. Schmitz, Secure interoperation between 2G and 3G mobile radio networks, The 1rst International Conference on 3G Mobile Communication Technologies, 2000, pp. 28-32. 9. S. Miller, C. Neuman, J. Schiller, and J. Saltzer, Section E.2.1: Kerberos authentication and authorization system, M.I.T. Project Athena, Cambridge, Massachusetts, 1987. 10. Chin-Chen Chang*, Jung-San Lee, Ya-Fen Chang(2005). ) Efficient authentication protocols for GSM.Computer Communications,28,921-928. References- 1. G. Horn, K. M. Martin, and C. J. Mitchell, Authentication protocols for mobile network environment value-added services, IEEE Transactions on Vehicular Technology, Vol. 51, 2002, pp. 383-392. 2. M. Looi, Enhanced authentication services for internet systems using mobile networks, IEEE Global Telecommunications Conference, Vol. 6, 2001, pp. 3468-3472. 3. G. Vanneste et al., Authentication for UMTS: introduction and demonstration, The 2nd International Distributed Conference on Network Interoperability, 1997, pp. 715-721. 4. WAP Forum, Wireless application protocol 2, WAP 2.0 Technical White Paper, http://www.wapforum.org/, 2002. 5. J. Kim, M. Oh, and T. Kim Security requirements of next generation wireless communications, in Proceeding of International Conference on Communication Technology, Vol. 1, 1998, pp. S2802-1-6. 6. ITU-R Rec. M.1078, Security principles for international mobile telecommunications- 2000 (IMT-2000), 1997. 7. A. Barba, F. Recacha, and J. L. Melus Security architecture in the third generation networks, in Proceedings of IEEE Singapore International 206

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback