WANG Qi-hua,CHEN Qi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.02.049

2005-01-01

Abstract:The GSM and GPRS system provides solutions to a few important aspects of security: subscriber authentication, subscriber identity confidentiality and confidentiality of voice and data over the radio path. An analysis of the security features provided in a GSM and GPRS network is given.

YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Imran Memon,Ibrar Hussain,Rizwan Akhtar,Gencai Chen

DOI: https://doi.org/10.1007/s11277-015-2699-1

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:Past few years, the mobile technology and location based services have experienced a great increment in number of its users. The privacy issues related to these services are becoming main concerns because of the leakage of users' private information and contents. To prevent revelation of private information, many researchers have proposed several secure and authentication schemes which apply various technologies to provide integral security properties, such as symmetric encryption, digital signature, timestamp, etc. Unfortunately, some of these schemes still exhibit security and efficiency issues. In this research paper, we proposed an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme over the wireless system was attempted missing some system detail. We also proposed the prevent user private information and secure communication by asymmetric cryptography scheme. We solved the wireless communication problem in A3 algorithm such as eavesdropping and this problem solved by asymmetric cryptography scheme because of its robustness against this type of attack by providing mutual authentication make the system more secure. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited wireless system and thus availability for real implementation. According to our security analysis and performance, we can prove that our proposed asymmetric cryptography scheme is able to improve wireless communication system security and enhance efficiency in comparison to previous schemes.

Chi-Chun Lo,Yu-Jen Chen

DOI: https://doi.org/10.1109/30.809184

1999-01-01

IEEE Transactions on Consumer Electronics

Abstract:With the advance of wireless communications technology, mobile communications has become more convenient than ever. However, because of the openness of wireless communications, the protection of the privacy between communicating parties is becoming a very important issue. We focus on the security of the Global System for Mobile communication (GSM) networks. A secure communication architecture for the GSM network is proposed. In the proposed architecture, we use public-key cryptography for user authentication and stream cipher for message encryption and decryption. An authentication protocol and a key generation method are presented in conjunction with the proposed architecture. Cryptanalysis and operational analysis show that the authentication protocol is secure and efficient. Simulation results indicate that the key generation method can always produce key strings of evenly distributed 0s and 1s and with infinite period.

telecommunications,engineering, electrical & electronic

Varun Chandrasekaran,Fareeha Amjad,Ashlesh Sharma,Lakshminarayanan Subramanian

DOI: https://doi.org/10.48550/arXiv.1604.04667

2016-04-16

Abstract:The unique identities of every mobile user (phone number,IMSI) and device (IMEI) are far from secure and are increasingly vulnerable to a variety of network-level threats. The exceedingly high reliance on the weak SIM authentication layer does not present any notion of end-to-end security for mobile users. We propose the design and implementation of Secure Mobile Identities (SMI), a repetitive key-exchange protocol that uses this weak SIM authentication as a foundation to enable mobile users to establish stronger identity authenticity. The security guarantees of SMI are directly reliant on the mobility of users and are further enhanced by external trusted entities providing trusted location signatures (e.g. trusted GPS, NFC synchronization points). In this paper, we demonstrate the efficacy of our protocol using an implementation and analysis across standard mobility models.

Cryptography and Security,Networking and Internet Architecture

Forough Sadat Mirkarimzade Tafti,Shahriar Mohammadi,Mehdi Babagoli

DOI: https://doi.org/10.1016/j.jisa.2021.102997

IF: 4.96

2021-11-01

Journal of Information Security and Applications

Abstract:Mobile payments have received a lot of attention because they are available at any time and place. One of the various payment methods is Near Field Communication (NFC) mobile payment. As a result of potential problems that may arise using mobile payments such as fraud and information theft, the security of mobile payment protocols is pivotal. One of the critical stages in mobile payment security is the mutual authentication between the user and the Mobile Network Operator (MNO). Global System for Mobile (GSM) proposed a protocol to mutual authentication using symmetric key cryptographic method. In this paper, we have introduced a new protocol for NFC mobile payment, which improves the GSM authentication protocol due to the existence of symmetric cryptographic security threats, and uses an asymmetric encryption method to mutual authentication. Also, this protocol reduces the number of required key-pairs for authentication. Furthermore, our proposed protocol, increases resistance to attacks such as replay attack, DOS, eavesdropping attacks, repudiation, man in the middle attack and de-synchronization. Because mobile devices have limited resources and processing power, our proposed protocol reduces the signalling overhead and processing load of the client-side as much as possible.

computer science, information systems

M. Toorani,A. A. Beheshti

DOI: https://doi.org/10.1109/NGMAST.2008.88

2012-03-17

Abstract:Recently, the mobile industry has experienced an extreme increment in number of its users. The GSM network with the greatest worldwide number of users succumbs to several security vulnerabilities. Although some of its security problems are addressed in its upper generations, there are still many operators using 2G systems. This paper briefly presents the most important security flaws of the GSM network and its transport channels. It also provides some practical solutions to improve the security of currently available 2G systems.

Cryptography and Security,Networking and Internet Architecture

Mohamed Abid,Songbo Song,Hassnaa Moustafa,Hossam Afifi

DOI: https://doi.org/10.48550/arXiv.1004.0762

2010-04-06

Abstract:Nowadays, the IP Multimedia Subsystem (IMS) is a promising research field. Many ongoing works related to the security and the performances of its employment are presented to the research community. Although, the security and data privacy aspects are very important in the IMS global objectives, they observe little attention so far. Secure access to multimedia services is based on SIP and HTTP digest on top of IMS architecture. The standard deploys AKA-MD5 for the terminal authentication. The third Generation Partnership Project (3GPP) provided Generic Bootstrapping Architecture (GBA) to authenticate the subscriber before accessing multimedia services over HTTP. In this paper, we propose a new IMS Service Authentication scheme using Identity Based cryptography (IBC). This new scheme will lead to better performances when there are simultaneous authentication requests using Identity-based Batch Verification. We analyzed the security of our new protocol and we presented a performance evaluation of its cryptographic operations

Cryptography and Security,Multimedia

Chen Tianzhou,Mao Haixia,Dai Hongjun

2006-01-01

Abstract:This paper briefly analyzes the security mechanisms of GSM/UMTS and finds their security defects, such as unidirectional authentication and cipher key transmission without encryption. For these defects, existing mobile communication systems can not prevent hostile attacks to satisfy high-level security demands. To solve these problems, we propose the robust Middleware Architecture for Mobile Communication Security (MAMCS), which employs new Authentication and Key Agreement (AKA) protocols, chooses different encryption algorithms for different applications and implements integrity control mechanism. In the end, we analyze the performance of MAMCS and show that MAMCS gets a 200%~2% improvement in security only at the cost of 1.51% descent in bandwidth and 18.14 ms extra latency.

Salman Shamshad,Minahil Rana,Khalid Mahmood,Muhammad Khurram Khan,Mohammad S. Obaidat

DOI: https://doi.org/10.1007/s11277-021-09338-7

IF: 2.017

2021-11-15

Wireless Personal Communications

Abstract:With the rapidly growing user experience and traffic growth requirements in the Mobile Edge Computing (MEC) environment, the conventional security protocols are no longer capable of meeting the modern demand. In order to cope with this demand, novel security solution such as identity-based cryptography, which does not require complex calculations, has attracted great attention from the research community. Recently, Li et al. (IEEE Syst J 1937–9234, 2021, https://doi.org/10.1109/JSYST.2020.2979006) devised an identity-based protocol for the MEC environment. They claimed that their protocol offers efficient and secure communication among the involved entities. Nevertheless, after performing a careful analysis of their protocol, we discovered that their protocol is vulnerable to MEC server and mobile user impersonation attacks. Similarly, their protocol has no provision of mobile user anonymity and untraceability. Furthermore, it has incorrectness in the authentication phase. Given these limitations, we have suggested a suitable remedy, which counters all the said vulnerabilities and limitations.

telecommunications

Deepika Parashar,Satyabrata Roy,Nilanjan Dey,Vipin Jain,U. S. Rawat

DOI: https://doi.org/10.1007/978-981-10-8536-9_7

2018-01-01

Abstract:A cellular automaton is one of the most engrossing fields of studies. At the present digital world where almost every communication is being done via the Internet, requirement of security and privacy of information is a must. For securing big or small data over Internet, cryptographic techniques are essential. Usage of cellular automata characteristics in the field of cryptography is still not much explored. Here, the paper presents a symmetric key cryptographic technique of block cipher using cellular automata (CA) rules. Proposed methodology has been implemented in C. This cryptographic technique uses non-complemented cellular automata rules and hybrid CA rule vector to form group cellular automata that would be used to encrypt and decrypt the data.

Mohsin Khan,Valtteri Niemi

DOI: https://doi.org/10.48550/arXiv.1708.01868

2017-08-06

Abstract:Subscription privacy of a user has been a historical concern with all the previous generation mobile networks, namely, GSM, UMTS,and LTE. While a little improvement have been achieved in securing the privacy of the long-term identity of a subscriber, the so called IMSI catchers are still in existence even in the LTE and advanced LTE networks. Proposals have been published to tackle this problem in 5G based on pseudonyms, and different public-key technologies. This paper looks into the problem of concealing long-term identity of a subscriber and presents a technique based on identity based encryption (IBE) to tackle it. The proposed solution can be extended to a mutual authentication and key agreement protocol between a serving network (SN) and a user equipment (UE). This mutual authentication and key agreement protocol does not need to connect with the home network (HN) on every run. A qualitative comparison of the advantages and disadvantages of different techniques show that our solution is competitive for securing the long-term identity privacy of a user in the 5G network.

Cryptography and Security

Xuqiu Chen,Wei Wang,Wei Gan,Yi Yang,Su Yuan,Meng Li

DOI: https://doi.org/10.1007/978-3-030-97774-0_10

2022-01-01

Abstract:With the rapid development of the power mobile Internet, traditional identity authentication and authentication modes still have identity information theft, are unable to prevent illegal behaviors of internal users, etc., which can no longer meet the security requirements of identity authentication in mobile Internet services. In response to this problem, this paper proposes a mobile terminal identity authentication method on the Identity-Based Cryptography (IBC). During registration, the user's voice is collected through the mobile terminal to establish an identity vector (i-vector) voiceprint model, and features are extracted and added to the identity mark to generate a user ID and a corresponding identity password system; during authentication, the legitimacy of the user is judged based on voice recognition to prevent illegal user intrusion, And then based on the identity password combined with the symmetric encryption algorithm AES to encrypt and decrypt data to achieve terminal identity authentication to resist common attacks in the mobile Internet. Finally, the experimental analysis shows that the method effectively improves the security of the power mobile Internet identity authentication process and has the advantages of low cost and high efficiency. In the power mobile Internet business scenario, this method greatly improves the identification ability of illegal users and the resistance to network malicious attacks.

K.S. Kuppusamy,Senthilraja.R,G. Aghila

DOI: https://doi.org/10.5121/ijcseit.2012.2109

2012-03-05

Abstract:The smartphone usage among people is increasing rapidly. With the phenomenal growth of smartphone use, smartphone theft is also increasing. This paper proposes a model to secure smartphones from theft as well as provides options to access a smartphone through other smartphone or a normal mobile via Short Message Service. This model provides option to track and secure the mobile by locking it. It also provides facilities to receive the incoming call and sms information to the remotely connected device and enables the remote user to control the mobile through SMS. The proposed model is validated by the prototype implementation in Android platform. Various tests are conducted in the implementation and the results are discussed.

Cryptography and Security

Li Kuang,Yingjie Xia,Caijun Sun,Jiaming Wu,Liangdi Bao

DOI: https://doi.org/10.19026/rjaset.5.4738

2013-01-01

Abstract:With wide adoption of Service Computing and Mobile Computing, people tend to invoke services with mobile devices, requiring accurate and real-time feedback from services at any time and any place. Among these services, some are private to limited users and require identity authorization before use; hence secure access control in wireless network should be provided. To address the challenge, in this study, we propose the architecture and protocols of a system of access to private services for mobile clients, which combines the technologies of trusted computing, Diffie-Hellman key agreement protocol, digital certificate, DES data encryption algorithm and twice verification. We further show the implementation of the proposed system, in which we have realized the authentication and authorization of mobile clients and then secure data transfer between mobile clients in the unsafe Internet and private services in the Intranet. © 2013 Maxwell Scientific Organization.

O. R. Vincent,T. M. Okediran,A. A. Abayomi-Alli,O. J. Adeniran

DOI: https://doi.org/10.1007/s42979-020-00122-1

2020-03-01

SN Computer Science

Abstract:Security breaches have been observed in different dimensions in mobile payment system. The violation of user's privacy is a common phenomenon in mobile payment transactions. This study presents an improved security scheme for a mobile payment system using elliptic curve cryptography over a binary field with International Mobile Equipment Identity to ensure higher security. The scheme uses a payment gateway for registration and maps all input text to elliptic curve points using ASCII values. Payment details are stored on the gateway, which is encrypted but decrypted only with merchant's decryption key. The proposed scheme was evaluated in terms of key size, security strength, computational power, memory capacity, encryption and decryption time and mobile phone battery. The result shows that the scheme provides integrity, confidentiality and privacy. The result also shows that the proposed scheme is time-efficient and computationally inexpensive for resource-constrained environment like mobile payment system.

Rajakumar Arul,Gunasekaran Raja,Ali Kashif Bashir,Junaid Chaudry,Amjad Ali

DOI: https://doi.org/10.48550/arXiv.1905.07607

2019-05-18

Networking and Internet Architecture

Abstract:The growing popularity of multimedia applications, pervasive connectivity, higher bandwidth, and euphoric technology penetration among the bulk of the human race that happens to be cellular technology users, has fueled the adaptation to Long Term Evolution (LTE)/ System Architecture Evolution (SAE). The LTE fulfills the resource demands of the next generation applications for now. We identify security issues in the authentication mechanism used in LTE that without countermeasures might give superuser rights to unauthorized users. The LTE uses static LTE Key (LTE-K) to derive the entire key hierarchy such as LTE follows Evolved Packet System-Authentication and Key Agreement (EPS-AKA) based authentication which discloses user identity, location, and other Personally Identifiable Information (PII). To counter this, we propose a public key cryptosystem named International mobile subscriber identity Protected Console Grid-based Authentication and Key Agreement (IPG-AKA) protocol to address the vulnerabilities related to weak key management. From the data obtained from threat modeling and simulation results, we claim that the IPG-AKA scheme not only improves the security of authentication procedures, it also shows improvements in authentication loads and reduction in key generation time. The empirical results and qualitative analysis presented in this paper proves that IPG-AKA improves security in authentication procedure and performance in the LTE.

Sanjay Majumder,Sanjay Chakraborty,Suman Das

DOI: https://doi.org/10.5120/16257-5904

2014-06-18

Abstract:Network & internet security is the burning question of today's world and they are deeply related to each other for secure successful data transmission. Network security approach is totally based on the concept of network security services. In this paper, a new system of network security service is implemented which is more secure than conventional network security services. This technique is mainly deals with two essential network security services, one is user authentication and other is data confidentiality. For user authentication this paper introduces Graphical Username & Voice Password approaches which provides better security than conventional username & password authentication process. In data confidentiality section this paper introduces two layer private key for both message encryption & decryption which is mainly applicable on 8 bit plain text data. This paper also provides the hints of introducing other two network security services (integrity and non-repudiation) as a future work.

Cryptography and Security

Safa Hamdare,Varsha Nagpurkar,Jayashri Mittal

DOI: https://doi.org/10.14445/22315381/IJETT-V11P230

2014-05-20

Abstract:Security of financial transaction in e-commerce is difficult to implement and there is a risk that users confidential data over the internet may be accessed by hackers. Unfortunately, interacting with an online service such as a banking web application often requires certain degree of technical sophistication that not all Internet users possess. For the last couple of years such naive users have been increasingly targeted by phishing attacks that are launched by miscreants who are aiming to make an easy profit by means of illegal financial transactions. In this paper, we have proposed an idea for securing e-commerce transaction from phishing attack. An approach already exists where phishing attack is prevented using one time password which is sent on users registered mobile via SMS for <a class="link-external link-http" href="http://authentication.But" rel="external noopener nofollow">this http URL</a> this method can be counter attacked by man in the <a class="link-external link-http" href="http://middle.In" rel="external noopener nofollow">this http URL</a> our paper, a new idea is proposed which is more secure compared to the existing online payment system using OTP. In this mechanism, OTP is combined with the secure key and is then passed through RSA algorithm to generate the Transaction password. A copy of this password is maintained at the server side and is being generated at the user side using a mobile <a class="link-external link-http" href="http://application.So" rel="external noopener nofollow">this http URL</a> that it is not transferred over the insecure network leading to a fraudulent transaction.

Cryptography and Security,Social and Information Networks

Ayu Tiwari,Sudip Sanyal,Ajith Abraham,Svein Johan Knapskog,Sugata Sanyal

DOI: https://doi.org/10.48550/arXiv.1111.3010

2011-11-13

Abstract:Previous Web access authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. This paper proposes a new protocol using multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce extra security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy, that does not require any change in infrastructure or protocol of wireless networks. This Protocol for Wireless Payment is extended to provide two way authentications.

Cryptography and Security