A Design of Authentication Protocol for a Limited Mobile Network Environment

Similar documents
NS-AKA: An Improved and Efficient AKA Protocol for 3G (UMTS) Networks

Defeating IMSI Catchers. Fabian van den Broek et al. CCS 2015

USIM based Authentication Test-bed For UMTS-WLAN Handover 25 April, 2006

Improved One-Pass IP Multimedia Subsystem Authentication for UMTS

Implementation of Enhanced AKA in LTE Network

Design and Implementation of Secure OTP Generation for IoT Devices

Designing Authentication for Wireless Communication Security Protocol

A Virtual-Synchronized-File Based Privacy Protection System

UNIVERSAL MOBILE TELECOMMUNICATIONS

A Study on the IoT Sensor Interaction Transmission System based on BigData

authentication will be required between roaming user, visited network and home network.

Key Management Protocol for Roaming in Wireless Interworking System

ON THE IMPACT OF GSM ENCRYPTION AND MAN-IN-THE-MIDDLE ATTACKS ON THE SECURITY OF INTEROPERATING GSM/UMTS NETWORKS

City Research Online. Permanent City Research Online URL:

Private Identification, Authentication and Key Agreement Protocol with Security Mode Setup

Application of ESA in the CAVE Mode Authentication

Robust EC-PAKA Protocol for Wireless Mobile Networks

ETSI TS V3.4.0 ( )

Secure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography.

Analysis and Modeling of False Synchronizations in 3G- WLAN Integrated Networks

ETSI TS V3.5.0 ( )

Analysis of a Multiple Content Variant Extension of the Multimedia Broadcast/Multicast Service

The Modified Scheme is still vulnerable to. the parallel Session Attack

Partial Caching Scheme for Streaming Multimedia Data in Ad-hoc Network

Building Ubiquitous Computing Environment Using the Web of Things Platform

Efficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection

Diminishing Signaling Traffic for Authentication in Mobile Communication System

Cryptanalysis and Improvement of a New. Ultra-lightweight RFID Authentication. Protocol with Permutation

Security functions in mobile communication systems

Federated access service authorization

Application of Fuzzy Logic Control to Dynamic Channel Allocation of WiMedia UWB Networks

Improved MAC protocol for urgent data transmission in wireless healthcare monitoring sensor networks

QoS based vertical handoff method between UMTS systems and wireless LAN networks

Questioning the Feasibility of UMTS GSM Interworking Attacks

UMTS System Architecture and Protocol Architecture

EFFICIENT MECHANISM FOR THE SETUP OF UE-INITIATED TUNNELS IN 3GPP-WLAN INTERWORKING. 1. Introduction

Security Enhanced IEEE 802.1x Authentication Method for WLAN Mobile Router

Cryptanalysis on Efficient Two-factor User Authentication Scheme with Unlinkability for Wireless Sensor Networks

New Privacy Issues in Mobile Telephony: Fix and Verification

Cryptanalysis of a Markov Chain Based User Authentication Scheme

Cryptanalysis and Improvement of a Dynamic ID Based Remote User Authentication Scheme Using Smart Cards

Design of Secure End-to-End Protocols for Mobile Systems. Nepean, PO Box 10, Kingswood, NSW 2747, Australia. conclusions. 2.

LTE Security How Good Is It?

A Study on Development of Azimuth Angle Tracking Algorithm for Tracking-type Floating Photovoltaic System

Causal Order Multicast Protocol Using Different Information from Brokers to Subscribers

GPRS Security for Smart Meters

Cross-layer Optimized Vertical Handover Schemes between Mobile WiMAX and 3G Networks

M2MD Communications Gateway: fast, secure, efficient

3GPP security. Valtteri Niemi 3GPP SA3 (Security) chairman Nokia

ETSI TS V (201

Basic SAE Management Technology for Realizing All-IP Network

Fall 2010/Lecture 32 1

Network Working Group Request for Comments: 3310 Category: Informational V. Torvinen Ericsson September 2002

Security Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement

Development of Smart-CITY Based Convergent Contents Platform Using Bluetooth Low Energy Beacon Sensors

Implementation of a Dual-Mode SDR Smart Antenna Base Station Supporting WiBro and TDD HSDPA

A Centralized Approaches for Location Management in Personal Communication Services Networks

Design of Secure End-to-End Protocols for Mobile Systems

Ubiquitous One-Time Password Service Using Generic Authentication Architecture

ETSI TR V ( )

A Mobile Device Classification Mechanism for Efficient Prevention of Wireless Intrusion

Network Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Realtime C&C Zeus Packet Detection Based on RC4 Decryption of Packet Length Field

Secured Cost Effective Group based Handover Authentication Scheme for Mobile WiMAX Networks

Delegation Scheme based on Proxy Re-encryption in Cloud Environment

An Efficient Flow Table Management Scheme for SDNs Based On Flow Forwarding Paths

A Gateway Selections Using Signal Strength among Clusters in Ad Hoc Networks

Source Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network

An Efficient Provable Data Possession Scheme based on Counting Bloom Filter for Dynamic Data in the Cloud Storage

Wireless Security Security problems in Wireless Networks

A Personal Information Retrieval System in a Web Environment

Design of a Processing Structure of CNN Algorithm using Filter Buffers

A Design of Distributed Data Traffic Algorithm based on Hierarchical Wireless/Mobile Networks

Security Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards

A Review of 3G-WLAN Interworking

Secure Data De-Duplication With Dynamic Ownership Management In Cloud Storage

ETSI TR V1.1.1 ( )

A Study on Effective Hash Routing in MANET

Why IIJ Seeks to Become a Full MVNO

Federated Identity Management and Network Virtualization

Delay Reduced MAC Protocol for Bio Signal Monitoring in the WBSN Environment

Security Analysis of Two Anonymous Authentication Protocols for Distributed Wireless Networks

Research on Autonomic Control System Connection Goal-model and Fault-tree

Chapter 13 Location Privacy

Secure 3G user authentication in ad-hoc serving networks

A Preliminary Study on Daylighting Performance of Light Shelf according to the Depth of Space

A Study on Secure SDLC Specialized in Common Criteria

Byte Index Chunking Approach for Data Compression

5G SIM: Maximising MNO Investment in 5G Networks

A Review on Security in Smart Grids

A Two-Fold Authentication Mechanism for Network Security

ETSI TS V (201

Trust-Propagation Based Authentication Protocol in Multihop Wireless Home Networks

Survey of security features in LTE Handover Technology

An OPNET Modeler Simulation Study of the VISA Protocol for Multi-Network Authentication

M2MD Communications Gateway: fast, secure and efficient

Mobile Agent Driven Time Synchronized Energy Efficient WSN

Wireless Network Security

Prevention of Black Hole Attack in AODV Routing Algorithm of MANET Using Trust Based Computing

A Load Balancing Scheme for Games in Wireless Sensor Networks

Transcription:

Vol.29 (SecTech 2013), pp.41-45 http://dx.doi.org/10.14257/astl.2013.29.08 A Design of Authentication Protocol for a Limited Mobile Network Environment Minha Park 1,1, Yeog Kim 2, Okyeon Yi 3 1, 3 Dept. of Mathematics, Kookmin University, Korea, 2 Cryptography & Information Security Institute, Kookmin University, Korea, 1, 3 {mhpark, oyyi}@kookmin.ac.kr, 2 yeogkim@gmail.com Abstract. Many people demand more convenience and smarter service. Due to demand, smart devices have begun to take center stage in terms of portability and functionality in wireless environments, especially mobile communications. To provide secure service, authentication between networks and users devices is necessary with proper efficiency. In this paper, we propose an advanced authentication protocol to increase the efficiency of data memory usage during operation in various limited environments. This protocol should also solve the problems in the 3rd Generation Partnership Project Authentication and Key Agreement (3GPP-AKA) protocol. Keywords: 3GPP, authentication, AKA, efficiency 1 Introduction Today, smart devices have begun to take center stage in terms of portability and functionality in wireless environments, especially mobile communications. Communications services are usually provided in wireless environments, which are prone to security threats, such as forgery. To deal with these threats, wireless networks and users devices must confirm the legitimacy of the other through mutual authentication. Furthermore, authentication should be required to ensure efficient operation. For example, there is mutual authentication built into 3G networks: AKA [1]. A typical 3G network consists of mobile stations (MSs); a serving network (SN), which provides direct communications with MSs and shares home networks role of ensuring the efficiency of network operation; and home network (HN), which manage and authenticate MSs[2] [4]. These issues include 1) the increasing of SN bandwidth consumption and storage overhead due to many authentication vectors (AVs) needing authentication [2]; 2) the synchronization of SQN, which is used for fresh authentication [2], 3) a weakening of SN reliability [3], 4) and the invasion of MS privacy [4]. The proposed protocol considers efficiency and minimum data memory usage for smart devices and solves all of the above-mentioned problems. Consequently, it can be applied not just to 3G networks, but also to other This work was supported by the IT R&D program of MKE/KEIT [10041864, Development on spectrum efficient multiband WPAN system for smart home networks]. ISSN: 2287-1233 ASTL Copyright 2013 SERSC

Vol.29 (SecTech 2013) environments that have limited resources. In Section 2, we arrange protocols, improved weakness of 3GPP-AKA. In Section 3, we describe the proposed protocol in detail. In Section 4, we compare existing protocols to the proposed protocol in terms of their solutions to problems and how data memory is used. The last section gives our conclusions. 2 Problem Deduction and its Solutions 2.1 Problems Raised in Earlier Studies and Improved Studies Table 1. Solutions to problems given in earlier studies. Problems Solutions Related Studies SN bandwidth consumption and storage overhead Using only one AV [2], [3], [4] Synchronization of SQN Using timestamps instead of SQN [2], [3], [4] Weakness of SN reliability Using SN information or random numbers [3], [4] Invasion of MS privacy Masking IMSI with secret tokens [4] 1) SN bandwidth consumption and storage overhead: Authentication is performed periodically to maintain the reliability of entities and the security of shared keys. In 3GPP-AKA, HN generates many AVs and sends them to SN, which use them without HN s extra permission. This process increases bandwidth consumption and SN storage overhead. [2], [3], and [4] use only one AV for solving this problem. 2) Synchronization of SQN: AVs are divided by SQN which provides freshness and they use different AV for each AKA procedure. Considering SQN s gap of MS and HN for movement of MS, MS checks whether it is within the reasonable range. If not, SQN and AVs are all updated by re-synchronization. Using timestamps instead of SQN solves this problem [2], [3], [4]. 3) Weakness of SN reliability: SN conducts authentication between MS and HN, and thus needs to be reliable. In 3GPP-AKA, since SN just delivers authentication value, it is difficult to trust SN. Generating SN authentication value [3] and using LAI (which is where SN is located) information [4] will help improve SN reliability. 4) Invasion of MS privacy: International mobile subscriber identity (IMSI) is sent in the clear to SN in order to check MS IDs, so the invasion of MS privacy can occur. Masking IMSI with secret tokens provides MS with privacy [4]. 2.2 Consideration of the Proposed Protocol Use minimum data memory: For operational efficiency, the proposed protocol reduces the usage of authentication values. Use only one AV: HN generates only one AV, which is sent to SNs. This reduces bandwidth consumption and SN storage, and also skips SQN comparisons. Use SN information: Using SN LAI improves SN reliability. 42 Copyright 2013 SERSC

Use MS TID (Temporary ID): After initial authentication, MS uses TIDs for privacy. 3 Proposed Protocol 3.1 Full Authentication Protocol Fig. 1. Full authentication and key protocol When an MS approaches to an SN, a full authentication is operated as the process described in Figure 1. After the full authentication, the SN sends MS s TID to the MS, which uses the TID for privacy. 4 Analysis of the Proposed Protocol Compared to Other Protocols 4.1 Comparison of Improvements Table 2 lists the improvements offered by several studies through the solving of 3GPP-AKA problems. The proposed protocol improves all of these areas, while the earlier studies only improved a few areas. Table 2. Lists of improvements List 3GPP- UMTS Kim- Proposed PE-AKA AKA X-AKA AKA AKA Reduce SN bandwidth consumption and Storage X O O O O Skip SQN synchronization X X O O O Provide MS privacy O - X O O Improve SN reliability X X O O O Suggest the authentication of handovers O O O O O

Vol.29 (SecTech 2013) 4.2 Analysis of Data Memory Usage Since we have shown the efficiency of the propose protocol, we will now analyze its data memory usage and data size, which are used to calculate MS, SN, and HN authentication. Table 3. Data memory usage and ratio Entities and Sections 3GPP-AKA UMTS X-AKA Kim-AKA PE-AKA Proposed AKA MS 688 5% 912 28% 1252 48% 1316 50% 656 MS SN 464 21% 708 21% 656 15% 964 42% 560 SN 688 16% 912 37% 1336 57% 1060 46% 576 SN HN 720 4% 580 19% 576 19% 872 21% 688 HN 688 5% 548 20% 548 20% 756 13% 656 Total 3248 3% 3660 14% 4368 28% 4968 37% 3136 Table 3 gives each entity and section s data memory usage (left side), as well as their ratio of consumption (right side), which shows the data memory usage changes compared to proposed protocol. The proposed protocol uses 37% data memory than the others. Consequently, the proposed protocol is more efficient than those of earlier studies. Therefore, according to the above analysis, the proposed protocol not only solves all design problems, but also takes into account data memory usage efficiency. 5 Conclusion The authentication of communications entities is necessary in radio environments, where many threats exist such as forgery, wiretapping. In this paper, we proposed a new protocol that increased efficiency, minimized data memory usage, and solved all 3GPP-AKA problems. For efficiency, the proposed protocol uses minimal authentication values and only one AV for decreasing bandwidth consumption and storage overhead, so SQN synchronization is not needed. It also uses SN LAI and MS TID for SN reliability and MS privacy. As a result, the proposed protocol can be expected to more efficient than other protocols, reducing data memory usage by 37%. The communication service can thus provide better service, as mutual authentication provides many functions and efficient data memory usage. References 1. 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security architecture (Release 5), 3GPP TS 133.102 v5.7.0 (2005-12) 2. C. Huang and J. Li. Authentication and Key Agreement protocol for UMTS with low bandwidth consumption, Proceedings of the 19th International Conference on Advanced Information Networking and Application 2005, pp. 392-937, Mar. 2005. 44 Copyright 2013 SERSC

3. D.Kim and S.Jung. Improved AKA Protocol for Efficient Management of Authentication Data in 3GPP Network, Korea Institute of Information Security & Cryptology Vol.19 No.2 April. 2009. 4. S.Jeon and S.Oh. An Efficient Authentication Mechanism Strengthen the Privacy Protection in 3G Network, Korea Academia Industrial Cooperation Society Vol.11 No.12 pp. 5049-5057, 2010

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback