Efficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection

Similar documents
NS-AKA: An Improved and Efficient AKA Protocol for 3G (UMTS) Networks

Security functions in mobile communication systems

Defeating IMSI Catchers. Fabian van den Broek et al. CCS 2015

Efficient password authenticated key agreement using bilinear pairings

Private Identification, Authentication and Key Agreement Protocol with Security Mode Setup

ETSI TS V3.4.0 ( )

Secure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography.

Designing Authentication for Wireless Communication Security Protocol

City Research Online. Permanent City Research Online URL:

Authenticated Key Agreement Without Using One-way Hash Functions Based on The Elliptic Curve Discrete Logarithm Problem

PORTABLE communication systems (PCSs) do not require

Secure Smart Card Based Remote User Authentication Scheme for Multi-server Environment

GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017

EFFICIENT MECHANISM FOR THE SETUP OF UE-INITIATED TUNNELS IN 3GPP-WLAN INTERWORKING. 1. Introduction

A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS

A Smart Card Based Authentication Protocol for Strong Passwords

Authentication in the Smart Grids

Network Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Efficient remote mutual authentication and key agreement

Secure 3G user authentication in ad-hoc serving networks

Security of Cellular Networks: Man-in-the Middle Attacks

Wireless Communications and Mobile Computing

Request for Comments: Cisco Systems January 2006

SSL/TLS. How to send your credit card number securely over the internet

Remote User Authentication Scheme in Multi-server Environment using Smart Card

On the Security of Yoon and Yoo s Biometrics Remote User Authentication Scheme

ISSN X INFORMATION TECHNOLOGY AND CONTROL, 2011, Vol.40, No.3. ISSN X INFORMATION TECHNOLOGY AND CONTROL, 2011 Vol.?, No.?, 1?

GPRS security. Helsinki University of Technology S Security of Communication Protocols

Contents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications

Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm.

EUROPEAN ETS TELECOMMUNICATION July 1998 STANDARD

Key Management Protocol for Roaming in Wireless Interworking System

Mobile Security Fall 2013

Auth. Key Exchange. Dan Boneh

Cryptanalysis. Ed Crowley

ETSI TS V3.5.0 ( )

Smart-card-loss-attack and Improvement of Hsiang et al. s Authentication Scheme

Wireless Security Security problems in Wireless Networks

Cryptography ThreeB. Ed Crowley. Fall 08

Mobility and Security Management in the GSM System

New Privacy Issues in Mobile Telephony: Fix and Verification

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Cryptanalysis on Four Two-Party Authentication Protocols

GSM Mobility Management

Enhanced Delegation Based Authentication Protocol for Secure Roaming Service with Synchronization

Provably Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks *

Secure Algorithms for SAKA Protocol in the GSM Network

UNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase

Past & Future Issues in Smartcard Industry

Security Management System of Cellular Communication: Case Study

A Review of 3G-WLAN Interworking

Data Integrity. Modified by: Dr. Ramzi Saifan

Security issues in mobile communications

Questioning the Feasibility of UMTS GSM Interworking Attacks

authentication will be required between roaming user, visited network and home network.

A Pattern Language for Mobility Management [1] Petri Jokela

Chapter 3 GSM and Similar Architectures

ETSI TS V3.1.0 ( )

A Hash-based Strong Password Authentication Protocol with User Anonymity

CSCE 813 Internet Security Symmetric Cryptography

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Threat patterns in GSM system. Basic threat patterns:

Cryptography and Network Security

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

ISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 10, April 2014

Key Establishment and Authentication Protocols EECE 412

IEEE WiMax Security

Diminishing Signaling Traffic for Authentication in Mobile Communication System

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Chapter 13 Location Privacy

A Design of Authentication Protocol for a Limited Mobile Network Environment

A robust smart card-based anonymous user authentication protocol for wireless communications

Security Requirements

Wireless and Mobile Network Architecture

CIS 4360 Secure Computer Systems Applied Cryptography

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Security Handshake Pitfalls

A New Anonymous Channel Protocol in Wireless Communications

(2½ hours) Total Marks: 75

GSM Mobility Databases

Application of ESA in the CAVE Mode Authentication

Securing Your Wireless LAN

ONE TIME SECRET KEY MECHANISM FOR MOBILE COMMUNICATION

A secure GSM-based electronic Murabaha transaction. 2. Background

HOST Authentication Overview ECE 525

Expert Systems with Applications

The security of existing wireless networks

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.

Security Handshake Pitfalls

Wireless Communications

Practical Operator Considerations Cellular Analog Cellular Rogue Base Station Tumbling Cloning

Network Working Group Request for Comments: 3310 Category: Informational V. Torvinen Ericsson September 2002

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Network Encryption 3 4/20/17

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

CSC 774 Network Security

L13. Reviews. Rocky K. C. Chang, April 10, 2015

3GPP TSG SA WG3 Security S November 19-22, 2002 Oxford, UK. WLAN Pseudonym Generation for EAP-SIM/AKA Discussion and decision

Communication Networks 2 Signaling 2 (Mobile)

Transcription:

Efficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection Author: Jing-Lin Wu, Wen-Shenq Juang and Sian-Teng Chen Department of Information Management, Shih Hsin University, Taipei, Taiwan.

Agenda Introduction Review related work Our proposed scheme Security and performance analysis Discussion Conclusion 2

Introduction GSM System is used widely Privacy issue Some problems on GSM - Attacks on GSM - Bill controversy 3

GSM AKA Review work - Being pointed some security problem Choi et al. s AKA scheme - Improve partially the privacy problem - Scheme for MS receiving an identity request - More efficient 4

Choi et al s GSM AKA Depend on A3, A5 and A8 algorithm Security - Mutual authentication - Having completely privacy protection on location privacy attack? - Withstand the redirection attack and the corrupted network attack? Efficiency - Using the temporary key mechanism 5

tations HLR VLR TMSI IMSI LAI A3() A5() A8() K VH SRES w i The Home location register. The visitor location register. The temporary mobile subscriber identity. The international mobile subscriber identity. The location area identity. The authentication algorithm. The encryption algorithm. The cipher key generation algorithm. The common shared key between HLR and MS. The symmetric encryption/decryption key between VLR and HLR The expected response. The secret token The concatenation symbol. 6

Choi et al. s AKA while MS receiving an identity request MS 1. Identity request VLR HLR 2. AL, HLR_ID,SRES1, (RAND) EK u 3. VLR_ID, E VH (AL), EK u (RAND) 5. E TK (TMSI new ), RAND? SRES1 = SRES2 4. SRES2, HLR_ID, E VH (RAND TK IMSI) K u =f(imsi HLR_ID K) 7

Some problems of Choi et al. s AKA Partially privacy protection - Easy to be traced by using the alias Vulnerable to some attacks - The redirection attack - The corrupted network attack - The modification attack - TMSI verifying 8

Our proposed schemes Proposed scheme - Proposed scheme while MS receiving an identity request Improved some problems of Choi et al. s scheme - Fully privacy protection for MS - Based on A3, A5 and A8 algorithm - Secret token for protecting IMSI 9

Proposed scheme while MS receiving an Identity request MS Identity request 1. N 3 VLR HLR 2. P i, ID HLR, SRES1,VAC, RAND, r i 3. ID VLR,P i, SRES1,VAC, RAND, r i P i =IMSI w i =IMSI A3(x r i ) 4. N 4, E VH (IMSI TK SRES2 T i+1 MAC r i+1 ) 5. AUTH, T i+1, r i+1, MAC, N 4, E TK (TMSI new ) T i+1 =w i+1 A3(K r i+1 ) 10

Security analysis Mutual authentication Identity privacy protection Secret token protection Withstanding attacks - Man-in-the-middle attack - Dictionary attack -Replay attack - Modification attack 11

Security comparisons Our scheme Chang et al. Choi et al. GSM Peinado S1 Partial S2 S3 S4 S5 S6 N/A N/A S7 S1: Identity privacy; S2: Mutual authentication between MS and VLR; S3: Preventing the replay attack S4: Preventing the redirection attack; S5: Preventing the corrupted network attack; S6: Preventing the modification attack while VLR assigns a new TMSI; S7: time synchronization problem. 12

Functionality comparisons Our scheme Chang et al. Choi et al. GSM Peinado C1 High C2 High High C3 C4 High C5 High C1: The computation cost for MS; C2: The computation cost for HLR; C3: The computation cost for VLR; C4: The communication cost between HLR and VLR; C5: The space overhead for VLR 13

Performance considerations while MS receiving an identity request E1 E2 E3 E4 E5 E6 Our scheme 352 bits 160 bits 320 bits 1 Sym + 1 H + 2 XOR 2 Sym + 1H Chang et al. 128 bits 146 bits 128 bits 2 Sym + 2 H 2 Sym 2 H 1 Sym + 7 H + 2 XOR Choi et al. 192 bits 160 bits 192 bits 2 Sym + 3 H 3 Sym 3 Sym + 3 H GSM 192 bits (224 n) bits 128 bits 1 Sym + 2 H 1 Sym (2 n) H Peinado 832 bits 146 bits 640 bits 1 Exp + 1 Sym + 3 H 1 Sym 1 Exp + 2 H E1: Memory needed in MS; E2: Memory needed in VLR; E3: Memory needed in HLR; E4: Computation cost for MS; E5: Computation cost for VLR; E6: Computation cost for HLR; Exp: Exponential operation; Sym: Symmetric encryption/decryption operation; H: Hash operation; XOR: Exclusive-or operation; n: numbers of authentication vectors. 14

Discussions An alternative way for protecting the secret token - Symmetric cryptosystem Specifying the life time of a temporary key - Embedded in authenticator 15

Conclusions Identity privacy protection complete for IMSI Mutual authentication Efficiency Withstand attacks, i.e., the redirect attack and the corrupted network attack 16

The End

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback