Mohammed Ramadan,Fagen Li,Chunxiang Xu,Abdeldime Mohamed,Hisham Abdalla,Ahmed Abdalla Ali

DOI: https://doi.org/10.6633/ijns.201607.18(4).17

2016-01-01

Abstract:Long Term Evolution LTE is the first technology that provides exclusively packet-switched data and modifies the security architecture of the 2G and 3G systems. The LTE security architecture offers confidentiality, access control, a kind of obscurity and mutual authentication. However, numerous types of attacks can be encountered during the mutual authentication process which is a challenge-response based technique. Therefore, a high secure public key algorithm can be implemented to improve the network security services. As the network operator is often considered as not being a highly trusted party and can thus face threats, the communications ends are the only secure parties to provide such security features. This paper pro- poses a secure mutual authentication and key agreement scheme for LTE cellular system with user-to-user security. The network side in this scheme operates as a proxy and non-trusted party to provide the security architecture with more exibility and reliability. This is achieved by using designated verifier proxy signature and key agreement protocol based bilinear pairing with some changes in both security algorithms and LTE security architecture within the LTE standardization. Our security and performance analysis demonstrated that the proposed scheme is more secure compared to the basic authentication and key agreements schemes.

Zhiyuan Shi,Zhiliang Ji,Zhibin Gao,Lianfen Huang

DOI: https://doi.org/10.1109/icasid.2009.5276930

2009-01-01

Abstract:The Third Generation Partnership Project (3GPP) has been specifying the standards of Long Term Evolution (LTE) for 3G radio access. The security concerns in wireless networks might have prevented its further widespread adoption. Layered security approach in LTE is analyzed, an EAP method EAP-Archie used for authentication and ciphering is introduced in this paper. EAP-Archie which embedded in Open Diameter environment is simulated. The result shows it can authentication successfully.

Yao Zhao,Chuang Lin,Hao Yin

DOI: https://doi.org/10.1109/aina.2006.300

2006-01-01

Abstract:With the development of wireless Internet, the interworking of the Third Generation (3G) wide area wireless networks and Wireless Local Area Networks (WLAN) has become a focus of research. 3G systems have their advantages in charging management, roaming, and security facilities, and WLAN systems have the advantages of high bandwidth and low investment cost. Interworking of 3G-WLAN offers characteristics that complement each other perfectly. Several authentication protocols have been proposed to improve security. In this paper, we firstly introduce the architectures of 3G-WLAN interworking and discuss existing problems related to authentication and key agreement procedures. Then, we present two schemes by applying authentication based on EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) and EAP-TTLS (Tunneled TLS) into integrated 3G and WLAN to achieve high end-to-end security and authentication for the users. Finally, we conduct a series of performance evaluation on the energy consumption and latency of standard authentication protocols.

Xiehua Li,Yongjun Wang

DOI: https://doi.org/10.1109/wicom.2011.6040169

2011-01-01

Abstract:The 3rd Generation Partnership (3GPP) standard is developing System Architecture Evolution(SAE)/Long Term Evolution(LTE) architecture for the next generation mobile communication system. In the LTE/SAE architecture, EPS AKA(Evolved Packet System Authentication and Key Agreement) procedure is used to provide mutual authentication between the user and the network. However the EPS AKA has several vulnerabilities such as disclosure of user identity, man-in-middle attack, etc. Therefore, this paper analyzes the deficiencies of the EPS AKA, and proposes a Security Enhanced Authentication and Key agreement (SE-EPS AKA) based on Wireless Public Key Infrastructure (WPKI). Then, the new SEEPS AKA has been proved with the formal verification method, and the proof result shows that the SE-EPS AKA can satisfy the security and efficiency propoerties in the LTE/SAE architecture.

Jin Cao,Maode Ma,Hui Li,Yueyu Zhang,Zhenxing Luo

DOI: https://doi.org/10.1109/surv.2013.041513.00174

2014-01-01

Abstract:High demands for broadband mobile wireless communications and the emergence of new wireless multimedia applications constitute the motivation to the development of broadband wireless access technologies in recent years. The Long Term Evolution/System Architecture Evolution (LTE/SAE) system has been specified by the Third Generation Partnership Project (3GPP) on the way towards fourth-generation (4G) mobile to ensure 3GPP keeping the dominance of the cellular communication technologies. Through the design and optimization of new radio access techniques and a further evolution of the LTE systems, the 3GPP is developing the future LTE-Advanced (LTE-A) wireless networks as the 4G standard of the 3GPP. Since the 3GPP LTE and LTE-A architecture are designed to support flat Internet Protocol (IP) connectivity and full interworking with heterogeneous wireless access networks, the new unique features bring some new challenges in the design of the security mechanisms. This paper makes a number of contributions to the security aspects of the LTE and LTE-A networks. First, we present an overview of the security functionality of the LTE and LTE-A networks. Second, the security vulnerabilities existing in the architecture and the design of the LTE and LTE-A networks are explored. Third, the existing solutions to these problems are classically reviewed. Finally, we show the potential research issues for the future research works.

Jin Cao,Maode Ma,Hui Li

DOI: https://doi.org/10.1109/GLOCOM.2012.6503964

2012-01-01

Abstract:To achieve seamless handovers between the Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and other access networks is a challenging task as it requires comprehensive real-time interconnectivity in the LTE networks. The third Generation Partnership Project (3GPP) has suggested support the mobility between the E-UTRAN and non-3GPP access networks, which requires full access authentication procedures and distinct procedures for different mobility scenarios, which will bring a lot of message exchanges and increase the system complexity. Besides, the existing handover schemes for other wireless networks are not suitable for the mobility scenarios in the LTE networks due to their inherent vulnerabilities. In this paper, we propose a fast and secure handover authentication scheme to fit in with all of the mobility scenarios in the LTE networks. Compared with other handover schemes, our scheme cannot only provide strong security guarantees including Perfect Forward Secrecy (PFS) and Master Key Forward Secrecy (MKFS) and user anonymity, but also achieve a simple authentication process with robust efficiency in terms of communication cost, storage cost and computational cost. The analysis results show that the proposed scheme is efficient and secure against various malicious attacks.

Rajakumar Arul,Gunasekaran Raja,Ali Kashif Bashir,Junaid Chaudry,Amjad Ali

DOI: https://doi.org/10.48550/arXiv.1905.07607

2019-05-18

Networking and Internet Architecture

Abstract:The growing popularity of multimedia applications, pervasive connectivity, higher bandwidth, and euphoric technology penetration among the bulk of the human race that happens to be cellular technology users, has fueled the adaptation to Long Term Evolution (LTE)/ System Architecture Evolution (SAE). The LTE fulfills the resource demands of the next generation applications for now. We identify security issues in the authentication mechanism used in LTE that without countermeasures might give superuser rights to unauthorized users. The LTE uses static LTE Key (LTE-K) to derive the entire key hierarchy such as LTE follows Evolved Packet System-Authentication and Key Agreement (EPS-AKA) based authentication which discloses user identity, location, and other Personally Identifiable Information (PII). To counter this, we propose a public key cryptosystem named International mobile subscriber identity Protected Console Grid-based Authentication and Key Agreement (IPG-AKA) protocol to address the vulnerabilities related to weak key management. From the data obtained from threat modeling and simulation results, we claim that the IPG-AKA scheme not only improves the security of authentication procedures, it also shows improvements in authentication loads and reduction in key generation time. The empirical results and qualitative analysis presented in this paper proves that IPG-AKA improves security in authentication procedure and performance in the LTE.

Jin Cao,Maode Ma,Hui Li

DOI: https://doi.org/10.1109/twc.2012.081612.112070

IF: 10.4

2012-01-01

IEEE Transactions on Wireless Communications

Abstract:To achieve seamless handovers between the Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and other access networks is a challenging task as it requires comprehensive real-time interconnectivity in the LTE networks. The third Generation Partnership Project (3GPP) has suggested support the mobility between the E-UTRAN and non-3GPP access networks, which requires full access authentication procedures and distinct procedures for different mobility scenarios, which will bring a lot of message exchanges and increase the system complexity. Besides, the existing handover schemes for other wireless networks are not suitable for the mobility scenarios in the LTE networks due to their inherent vulnerabilities. In this paper, we propose a fast and secure handover authentication scheme to fit in with all of the mobility scenarios in the LTE networks. Compared with other handover schemes, our scheme cannot only provide strong security guarantees including Perfect Forward Secrecy (PFS) and Master Key Forward Secrecy (MKFS) and user anonymity, but also achieve a simple authentication process with robust efficiency in terms of communication cost, storage cost and computational cost. The experimental results and formal verification by using the TLA+ and TLC show that the proposed scheme is secure against various malicious attacks.

Jin Cao,Hui Li,Maode Ma,Yueyu Zhang,Chengzhe Lai

DOI: https://doi.org/10.1016/j.comnet.2012.02.012

IF: 5.493

2012-01-01

Computer Networks

Abstract:There are two types of base stations in the Long Term Evolution (LTE) wireless networks, Home eNodeB (HeNB) and eNodeB (eNB). To achieve seamless handovers between the HeNB and the eNB is critical to support mobility in the LTE networks. A handover from an eNB/HeNB to a new eNB/HeNB, suggested by the third Generation Partnership Project (3GPP), requires distinct procedures for different mobility scenarios with a complex key management mechanism, which will increase the system complexity. Besides, it cannot achieve backward security in handover procedures. Furthermore, the existing handover schemes for other wireless networks are not suitable for the mobility scenarios in the LTE networks due to their inherent features. In this paper, we propose a fast and secure handover authentication scheme, which is to fit in with all of the mobility scenarios in the LTE networks. Compared with other handover schemes, our scheme cannot only achieve a simple authentication process with desirable efficiency, but also provide several security features including Perfect Forward/Backward Secrecy (PBS/PFS), which has never been achieved by previous works. The experimental results and formal verification by using the AVISPA tool show that the proposed scheme is efficient and secure against various malicious attacks.

Yi-Li Huang,Fang-Yie Leu,Ilsun You,Yao-Kuo Sun,Cheng-Chung Chu

DOI: https://doi.org/10.1007/s11227-013-0958-z

IF: 3.3

2013-06-14

The Journal of Supercomputing

Abstract:In broadband wireless technology, due to having many salient advantages, such as high data rates, quality of service, scalability, security, mobility, etc., LTE-A currently has been one of the trends of wireless system development. This system provides several sophisticated authentication and encryption techniques to enhance its system security. However, LTE-A still suffers from various attacks, like eavesdropping and replay attacks. Therefore, in this paper, we propose a novel security scheme, called the security system for a 4Genvironment (Se4GE for short), which as an LTE-A-based system integrates the RSA and Diffie–Hellman algorithms to solve some of LTE-A’s security drawbacks where LTE-A stands for LTE-Advance which is a 4G system. The Se4GE is an end-to-end ciphertext transfer mechanism which dynamically changes encryption keys to enforce the security of data transmission in an LTE-A system. The Se4GE also produces several logically connected random keys, called the intelligent protection-key chain, which invokes two encryption/decryption techniques to provide users with broader demands for security services. The analytical results show that the Se4GE has higher security level than that of an LTE-A system.

Xinyang Hu,Yu Jiang,Aiqun Hu

2023-01-01

Abstract:In the 5G network, the access method of IoT terminals is mainly wireless access. Aiming at the high authentication cost in massive access scenarios, this paper proposes a secondary authentication method based on aggregate signcryption for the secondary authentication of 5G-based power terminals. This method not only ensures the security, but also has the characteristics of less computation and storage consumption, and high operation efficiency. At the same time, it avoids the certificate management problem in traditional public key cryptosystem and the key escrow problem in identity-based public key cryptosystem. In this paper, 5G EAP-TLS authentication protocol suitable for this method is studied. 5G EAP-TLS protocol is mainly used for authentication and key agreement in 5G private networks or IoT scenarios. This paper constructs the 5G EAP-TLS protocol model based on TS 33.501 document, uses ProVerif verification tool to verify the security attributes of the protocol, and proposes a modification scheme.

Ruhui Ma,Jin Cao,Dengguo Feng,Hui Li,Yinghui Zhang,Xixiang Lv

DOI: https://doi.org/10.1016/j.adhoc.2018.11.012

IF: 4.816

2018-01-01

Ad Hoc Networks

Abstract:To ensure secure and seamless handovers inter-Evolved Universal Terrestrial Radio Access Network (E-UTRAN) is a key issue in LTE-A networks. Due to the introduction of Home Evolved NodeB (HeNB), there are three different access modes for the HeNB and the mobility scenarios between the eNB and the HeNB in LTE-A networks are rather complicated. Different handover procedures are executed for different mobility scenarios according to the 3GPP committee, which makes the overall system complex. Thus, it is a key point to propose a unified and secure handover scheme to fit in with all the mobility scenarios in LTE-A networks. In this paper, we propose a secure handover authentication scheme based on the certificateless signcryption technique. Our proposed scheme can achieve the unified and secure handover procedure without sacrificing efficiency. The security and performance evaluations demonstrate that our proposed scheme can meet various security requirements including the perfect forward/backward secrecy and privacy preserving. At the same time, our scheme achieves ideal efficiency.

Ai-qin Qi,Yong-jun Shen

DOI: https://doi.org/10.1051/matecconf/20166103010

2016-01-01

MATEC Web of Conferences

Abstract:As the first line of defense in the security application system, Authentication is an important security service. Its typical scheme is challenge/response mechanism and this scheme which is simple-structured and easy to realize has been used worldwide. But these protocols have many following problems In the GSM networks such as the leakage of user indentity privacy, no security protection between home registers and foreign registers and the vicious intruders' information stealing and so on. This paper presents an authentication protocol in GSM networks based on maths operation and modular square root technique. The analysis of the security and performance has also been done. The results show that it is more robust and secure compared to the previous agreements.

Qing Xu,Changsheng Wan,Aiqun Hu

DOI: https://doi.org/10.1109/iscsct.2008.164

2008-01-01

Abstract:With extensions to current EAP key hierarchy, the EAP re-authentication protocol provides a consistent, method-independent and low-latency re-authentication mechanism to support intra-domain handoff authentication. This paper analyzed the efficiency of the EAP re-authentication protocol, and compared it with that of the EAP-TLS protocol. The result shows that the authentication delay of EAP re-authentication protocol is only twentieth of that in the EAP-TLS protocol.

Jin Cao,Zheng Yan,Ruihui Ma,Yinghui Zhang,Yulong Fu,Hui Li

DOI: https://doi.org/10.1109/JIOT.2020.2976740

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:As a development of the next generation of mobile communication networks and systems (5G), the Third-Generation Partnership Project (3GPP) committee has standardized a new 5G authentication and key-agreement (5G-AKA) protocol to ensure the access security of a mobile equipment. However, there are still some security vulnerabilities in the 5G-AKA protocol, and there is no authentication protocol pr...

Su, Li,Du, Haitao

DOI: https://doi.org/10.1007/s00500-023-09486-x

IF: 3.732

2024-01-11

Soft Computing

Abstract:The security context, generally stored in the universal subscriber identity module card or the baseband chip, is the critical information applied by the subscriber to access the 5G network during the fast authentication procedure. Once exposed or illegally used, the security context can be exploited to derive various keys for authentication and encryption. Despite its importance, challenges and questions still remain in the previous relevant research. To fill this gap, by adopting the security protocol verification tool ProVerif, we provide a comprehensive formal model of the fast authentication procedure based on the security context to analyze whether security goals can be met. Unfortunately, we uncover two vulnerabilities, including one never reported before. Our analysis shows that these vulnerabilities stem from fundamental design flaws in the cellular network protocol and thus apply to the 4G network. These vulnerabilities could be exploited to launch several attacks, including impersonation and eavesdropping. We have validated these attacks using 5 mobile phones from 5 different baseband manufacturers through experimentation in three mobile carriers. We find an insecure implementation of one of these phones, which exposed it to replay attacks. And we further discuss the security threats posed by the impersonation attack, such as location spoofing and one-tap authentication bypass, which is verified on 10 popular apps. We finally propose several countermeasures to eliminate these security issues. Actually, we have reported the novel vulnerability to the GSM Association and received a confirmation in the form of a coordinated vulnerability disclosure (CVD) number CVD-2022-0057.

computer science, artificial intelligence, interdisciplinary applications

Chengzhe Lai,Hui Li,Rongxing Lu,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1016/j.comnet.2013.08.003

IF: 5.493

2013-01-01

Computer Networks

Abstract:To support Evolved Packet System (EPS) in the Long Term Evolution (LTE) networks, the 3rd Generation Partnership Project (3GPP) has proposed an authentication and key agreement (AKA) protocol, named EPS-AKA, which has become an emerging standard for fourth-generation (4G) wireless communications. However, due to the requirement of backward compatibility, EPS-AKA inevitably inherits some defects of its predecessor UMTS-AKA protocol that cannot resist several frequent attacks, i.e., redirection attack, man-in-the-middle attack, and DoS attack. Meanwhile, there are additional security issues associated with the EPS-AKA protocol, i.e., the lack of privacy-preservation and key forward/backward secrecy (KFS/KBS). In addition, there are new challenges with the emergence of group-based communication scenarios in authentication. In this paper, we propose a secure and efficient AKA protocol, called SE-AKA, which can fit in with all of the group authentication scenarios in the LTE networks. Specifically, SE-AKA uses Elliptic Curve Diffie-Hellman (ECDH) to realize KFS/KBS, and it also adopts an asymmetric key cryptosystem to protect users’ privacy. For group authentication, it simplifies the whole authentication procedure by computing a group temporary key (GTK). Compared with other authentication protocols, SE-AKA cannot only provide strong security including privacy-preservation and KFS/KBS, but also provide a group authentication mechanism which can effectively authenticate group devices. Extensive security analysis and formal verification by using proverif have shown that the proposed SE-AKA is secure against various malicious attacks. In addition, elaborate performance evaluations in terms of communication, computational and storage overhead also demonstrates that SE-AKA is more efficient than those existing protocols.

Jin Cao,Maode Ma,Hui Li,Yulong Fu,Xuefeng Liu

DOI: https://doi.org/10.1016/j.jnca.2017.11.009

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:Future fifth generation (5G) wireless network will be a flexible, open, and highly heterogeneous with densified small cell deployment and overlay coverage. The design of the access authentication for massive machine type communication (mMTC) devices in 5G heterogeneous networks is the challenging issue to achieve 5G applications security due to stringent latency and concurrent access requirements for 5G multi-tier architecture. The current roaming authentication mechanisms between Long Term Evolution-Advanced (LTE-A) network and Wireless Local Area Network (WLAN) proposed by 3GPP incur several protocol attacks with unacceptable delay for real-time mMTC applications. In this paper, we propose secure and efficient group-based handover authentication and re-authentication protocols for mMTC in 5G wireless networks when mMTC devices simultaneously roam into the new networks. Our proposed protocols outperform the standard mechanisms and other related protocols in terms of authentication signaling overhead and bandwidth consumption with robust handover security requirements. The BAN logic and the formal verification tool by using the AVISPA and SPAN show that our proposed protocols are secure against various malicious attacks.

Yang Liu,Leiqing Ni,Mugen Peng

DOI: https://doi.org/10.1109/jiot.2022.3152900

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The satellite-terrestrial networks (STNs) network has the characteristics of open links, node movement, dynamic network topology, and diverse collaborative algorithms, which will lead to frequent passive handovers and continuous reauthentication of user equipment (UE). This causes a waste of valuable computing and storage resources in the STNs network and seriously affects the user’s network experience. To address this, we propose an access authentication protocol with user anonymity and traceability to reduce the communication delay and signaling cost of access authentication. In addition, we also propose a hierarchical group key distribution scheme to implement cross-domain handover authentication between different groups of UE, thereby effectively avoiding reauthentication. We take strict security analysis to prove that the authentication protocol we propose is secure. Compared with the three-related existing arts, our protocol can greatly reduce the communication interaction delay and improve the efficiency of initial access and handover authentication of UE.

computer science, information systems,telecommunications,engineering, electrical & electronic

Junxian Huang,Feng Qian,Yihua Guo,Yuanyuan Zhou,Qiang Xu,Z. Morley Mao,Subhabrata Sen,Oliver Spatscheck

DOI: https://doi.org/10.1145/2486001.2486006

IF: 1.937

2013-01-01

ACM SIGCOMM Computer Communication Review

Abstract:With lower latency and higher bandwidth than its predecessor 3G networks, the latest cellular technology 4G LTE has been attracting many new users. However, the interactions among applications, network transport protocol, and the radio layer still remain unexplored. In this work, we conduct an in-depth study of these interactions and their impact on performance, using a combination of active and passive measurements. We observed that LTE has significantly shorter state promotion delays and lower RTTs than those of 3G networks. We discovered various inefficiencies in TCP over LTE such as undesired slow start. We further developed a novel and lightweight passive bandwidth estimation technique for LTE networks. Using this tool, we discovered that many TCP connections significantly under-utilize the available bandwidth. On average, the actually used bandwidth is less than 50% of the available bandwidth. This causes data downloads to be longer, and incur additional energy overhead. We found that the under-utilization can be caused by both application behavior and TCP parameter setting. We found that 52.6% of all downlink TCP flows have been throttled by limited TCP receive window, and that data transfer patterns for some popular applications are both energy and network unfriendly. All these findings highlight the need to develop transport protocol mechanisms and applications that are more LTE-friendly.