Minglei Shu,Chengxiang Tan,Haihang Wang

DOI: https://doi.org/10.1109/ssme.2009.43

2009-01-01

Abstract:Identity authentication is the first line of defense in the security application system to access the mobile network resources. However, as the means of attacking become variety, new requirements have been brought forward for the technology of identity authentication. To improve performance of mobile authentication, this paper presents a novel mobile authentication scheme, which transmits message encrypted with digital certificate to implement authentication between the mobile phone and the server. Theoretical analysis and experiments indicate the scheme satisfies security, non-repudiation and mutual authentication.

Mohammed Ramadan,Fagen Li,Chunxiang Xu,Abdeldime Mohamed,Hisham Abdalla,Ahmed Abdalla Ali

DOI: https://doi.org/10.6633/ijns.201607.18(4).17

2016-01-01

Abstract:Long Term Evolution LTE is the first technology that provides exclusively packet-switched data and modifies the security architecture of the 2G and 3G systems. The LTE security architecture offers confidentiality, access control, a kind of obscurity and mutual authentication. However, numerous types of attacks can be encountered during the mutual authentication process which is a challenge-response based technique. Therefore, a high secure public key algorithm can be implemented to improve the network security services. As the network operator is often considered as not being a highly trusted party and can thus face threats, the communications ends are the only secure parties to provide such security features. This paper pro- poses a secure mutual authentication and key agreement scheme for LTE cellular system with user-to-user security. The network side in this scheme operates as a proxy and non-trusted party to provide the security architecture with more exibility and reliability. This is achieved by using designated verifier proxy signature and key agreement protocol based bilinear pairing with some changes in both security algorithms and LTE security architecture within the LTE standardization. Our security and performance analysis demonstrated that the proposed scheme is more secure compared to the basic authentication and key agreements schemes.

Daojing He,Maode Ma,Yan Zhang,Chun Chen,Jiajun Bu

DOI: https://doi.org/10.1016/j.comcom.2010.02.031

IF: 5.047

2011-01-01

Computer Communications

Abstract:Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.

Cai-Xia LIU,Xin-Sheng JI,Jiang-Xing WU

DOI: https://doi.org/10.11897/SP.J.1016.2018.00275

2018-01-01

Abstract:In this study,we focus on addressing the issue of cellphone user data security in mobile communication networks.The cellphone user data (Hereinafter referred to as user data)contain cellphone users' identification,location identification,routing identification,security parameter set,service profile,and the like.In recent years,facts and studies have shown that these user data are facing serious security problems like being illegally acquired and tampered due to the vulnerabilities in the No.7 Signaling System (SS7) that is used as one of the fundamental protocols in mobile communication networks.User data,as carriers of user's privacy as well as the fundamental data related to mobile communication,once being illegally acquired or tampered,will lead to user location tracking,fraud,denial of service,or even call interception.Some researchers have mentioned the abusing access way to SS7 networks to acquire or tamper user data,an through the abusing access way we infer that attackers can apply normal SS7 protocol to access core network databases or intercept signaling transmission paths to attack user data,so,conventional passive protection mechanisms powered by anomaly access detections are inadequate.On the other hand,cellphone user's MSISDN numbers (i.e.,cellphone number),which are used as communication identifiers,are normally open to the public,while MSISDN numbers are usually stored and transmitted in mapping state with other data (e.g.,IMSI,location identification,subscribed service list,security parameters set),and based on the mapping relationship,almost all the other data items can be retrieved according to MSISDN numbers.Thus,once a cellphone users' MSISDN numbers have been known,it is easy for attackers to access to the user's other data.We infer that user data's mapping-relationship may be a main way that leads to user data leakage.As a result,we dope out a proactive cellphone user data security defense thoughts:to break or conceal the mapping-relationships between users' MSISDN numbers and other data in the insecure SS7 networks.The basic idea of our solution is to establish a Dynamic and Virtual Mapping between cellphone user's MSISDN numbers and other data through adopting dynamic manipulation technique,as such to diversify the mapping relationship.We call this defense mechanism MDM (Mimic Defense Mechanism).The mechanism is characterized by no change in the existing mobile communication network protocol system,and to ensure that one cellphone user's open MSISDN number is the only real.We investigated MSISDN number's attributes,spatiotemporal characteristics,and spatiotemporal mapping-characteristic,demonstrated its feasibility,presented the core idea of MSISDN number dynamics and virtualization,and gave the implementation scheme.In the end,a theoretical analysis model is built to evaluate the MDM's security efficiency.The results show that the proposed MDM mechanism can achieve security improvement without changing the existing network architecture,communication protocol and traffic provision mechanism.In addition,we studied the impacts of multiple parameters (e.g.,MSISDN number dynamic-manipulation time interval and the occurrence probability) on security improvement.Such quantitative evaluations offer practical underpinnings of optimizing MDM for other specific application domains.

Liling Cao,Zhang Yu,Yuqing Liu,Shouqi Cao

DOI: https://doi.org/10.1109/access.2021.3080839

IF: 3.9

2021-01-01

IEEE Access

Abstract:Aiming at to avoid the drawbacks of the identity privacy protection scheme in Long Term Evolution-Wireless Local Area Network (LTE-WLAN) heterogeneous converged network proposed by the 3rd Generation Partnership Project (3GPP), an improved scheme based on identity index is proposed to achieve anonymity, untraceability and dynamic identity. Security analysis shows that our proposed scheme can prevent replay attack and man-in-the-middle attack for network layer authentication. The results of comparison with the related schemes show that security and efficiency of our proposed scheme is prior to some other existing ones with low computation cost and short time delay.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yurong Luo,Jin Cao,Maode Ma,Hui Li,Ben Niu,Fenghua Li

DOI: https://doi.org/10.1109/iccnc.2019.8685543

2019-01-01

Abstract:The future fifth-generation (5G) mobile communications system has already become a focus around the world. A large number of late-model services and applications including high definition visual communication, internet of vehicles, multimedia interaction, mobile industry automation, and etc, will be added to 5G network platform in the future. Different application services have different security requirements. However, the current user authentication for services and applications: Extensible Authentication Protocol (EAP) suggested by the 3GPP committee, is only a unitary authentication model, which is unable to meet the diversified security requirements of differentiated services. In this paper, we present a new diversified identity management as well as a flexible and composable three-factor authentication mechanism for different applications in 5G multi-service systems. The proposed scheme can provide four identity authentication methods for different security levels by easily splitting or assembling the proposed three-factor authentication mechanism. Without a design of several different authentication protocols, our proposed scheme can improve the efficiency, service of quality and reduce the complexity of the entire 5G multi-service system. Performance analysis results show that our proposed scheme can ensure the security with ideal efficiency.

Mohsin Khan,Valtteri Niemi

DOI: https://doi.org/10.48550/arXiv.1708.01868

2017-08-06

Abstract:Subscription privacy of a user has been a historical concern with all the previous generation mobile networks, namely, GSM, UMTS,and LTE. While a little improvement have been achieved in securing the privacy of the long-term identity of a subscriber, the so called IMSI catchers are still in existence even in the LTE and advanced LTE networks. Proposals have been published to tackle this problem in 5G based on pseudonyms, and different public-key technologies. This paper looks into the problem of concealing long-term identity of a subscriber and presents a technique based on identity based encryption (IBE) to tackle it. The proposed solution can be extended to a mutual authentication and key agreement protocol between a serving network (SN) and a user equipment (UE). This mutual authentication and key agreement protocol does not need to connect with the home network (HN) on every run. A qualitative comparison of the advantages and disadvantages of different techniques show that our solution is competitive for securing the long-term identity privacy of a user in the 5G network.

Cryptography and Security

王晓明,常祖领,陈鲁生,符方伟

DOI: https://doi.org/10.3321/j.issn:1000-436x.2002.11.018

2002-01-01

Abstract:In this paper, a new user authentication scheme for digital mobile communication network is proposed based on the Schnorr signature.This scheme can realize mutual authentication, withstand all attacks.Calculation in advance is introduced and the cost of calculation is reduced in user end, so the scheme can satisfy real time request of mobile communication. Furthermore, the security and complexity of the scheme are analyzed and the result is get that the scheme is higher security, lower complexity.

Yu Zheng,Jingchun Xia,Dake He

DOI: https://doi.org/10.1109/ISBAST.2008.4547643

2008-01-01

Abstract:Mobile equipment (ME) playing an important role of bridge between wireless network and mobile user has been facing more and more security threats. Trusted mobile platform (TMP) was proposed by TCG (Trusted Computing Group) as a new mechanism to enhance the security of the resource-constrained ME. In this paper, we embark a new study on constructing a TMP according to ME's feature, and performing mutual authentication in mobile user domain. A smart-phone's processor is used as an example to demonstrate the constructing of TMP, along with which three methods for adding trusted platform module (TPM) in ME are presented respectively. In the framework of TMP, we also propose a user authentication scheme combining password and fingerprint with the USIM (Universal Subscriber Identity Module). The proposed scheme is validated through a performance analysis and experimental test. The validation result shows that our approach offers better efficiency and advanced security over the authentication scheme presented in TMP's draft standard. It also outperforms TCG's user authorization scheme by providing improved security, flexibility and universality.

张亮,刘建伟

DOI: https://doi.org/10.3969/j.issn.1002-0802.2009.01.091

2009-01-01

Abstract:With the improvement of wireless network, there are increasing users wirelessly accessing the Internet through mobile phones. So it is very important to solve the identity authentication problems of wireless access users. Dynamic password has become the new development trend for the Identity Authentication mechanism. It offers stronger security than the static password. In this article, a dynamic password authentication protocol based on callenge/rsponse mechanism is designed. According to this protocol, a dynamic password identity authentication system based on mobile phone token is designed. The composition and authentication processes of this system are described in detail, and its security is analyzed as wel1. The analysis indicates that this system features high security and wide application. It can be conveniently used and implemented in low cost.

Ai-qin Qi,Yong-jun Shen

DOI: https://doi.org/10.1051/matecconf/20166103010

2016-01-01

MATEC Web of Conferences

Abstract:As the first line of defense in the security application system, Authentication is an important security service. Its typical scheme is challenge/response mechanism and this scheme which is simple-structured and easy to realize has been used worldwide. But these protocols have many following problems In the GSM networks such as the leakage of user indentity privacy, no security protection between home registers and foreign registers and the vicious intruders' information stealing and so on. This paper presents an authentication protocol in GSM networks based on maths operation and modular square root technique. The analysis of the security and performance has also been done. The results show that it is more robust and secure compared to the previous agreements.

Jun-jun Wu,Ming-wei Fang,Xinfang Zhang,Tongyang Wang

DOI: https://doi.org/10.4304/jnw.7.9.1341-1348

2012-01-01

Journal of Networks

Abstract:Technologies make the mobile terminals such as smart phones, PDAs and handsets much more powerful to access mobile network in recent years. Especially with the widely use of mobile terminals, mobile network now becomes a primary tool for daily and business interactions. However, the proliferation of mobile terminals also draws mobile malware’s attention which will do damage to the mobile terminal and further affect the security of mobile network. But the traditional access control and authentication mechanism cannot resolve such security issues. On the basis of trusted computing technology, we proposed a mobile trusted network architecture by extending the trusted network connection in mobile environment. And an improvement EAP-EHash method is used in the proposed architecture to implement authentication. We defined two service scenarios in the authentication scheme, home network authentication and roaming network authentication. The process of each scenario is described in detail. By introducing the pseudonym mechanism, our scheme can protect user identity. And the connection status not only depends on the identification process, but also the trust status of the platform. The analysis shows that our scheme benefits the properties of user identity anonymity, mutual authentication, fake agent resistance, platform integrity verification, EAP and TNC Compatible. And the ciphersuite negotiation makes our scheme more suitable for resource limited mobile terminals.

Ding Wang,Haibo Cheng,Debiao He,Ping Wang

DOI: https://doi.org/10.1109/jsyst.2016.2585681

IF: 4.802

2018-01-01

IEEE Systems Journal

Abstract:Providing secure, efficient, and privacy-preserving user authentication in mobile networks is a challenging problem due to the inherent mobility of users, variety of attack vectors, and resource-constrained nature of user devices. Recent studies show that identity-based cryptosystems can eliminate the certificate overhead and thus address the issues associated with public-key infrastructure technology-which is a rare bit of good news in today's computer security world. In this paper, we employ three representative identity-based remote user authentication schemes (i.e., Truong et al.'s scheme, Li et al.'s scheme, and Zhang et al.'s scheme) as case studies to reveal the challenges and subtleties in designing a practical authentication scheme for mobile devices. First, we demonstrate that Truong et al.'s scheme, which was presented at the IEEE AINA 2012, cannot achieve a few important security goals under our new attacking scenarios: 1) it fails to resist against known session-specific temporary information attack; 2) it cannot withstand key compromise impersonation attack; and 3) it is of poor usability. Second, we show that Li et al.'s privacy-preserving scheme, which was proposed at GLOBECOM 2012, is subject to some subtle (yet severe) efficiency problems that make it virtually impossible for any practical use. Third, we scrutinize a "provably secure" scheme for roaming services in mobile networks designed by Zhang et al. at SCN 2015 and find it prone to collusion attack and replay attack. Further, we investigate into the underlying causes for these identified failures, and figure out an improvement over Truong et al.'s scheme to overcome the revealed challenges while maintaining reasonable efficiency.

Donghong Sun,Wu Liu,Ping Ren,Dongbin Sun

DOI: https://doi.org/10.1109/ctc.2012.10

2012-01-01

Abstract:The proliferations of the mobile intelligent terminal have brought them to the spotlight of the attackers for the sensitive information they carried. However, the current security schemes on the mobile intelligent terminal are fragile. This paper proposed a new transparent authentication and encryption measure to protect the confidentiality and integrity of the data on the mobile intelligent terminal. Our method is user-friendly as no interaction is needed during the process. Also, the result can be applied as evidence to identify who have used the phone.

Jie Song,Xiangyu Pan,Fagen Li

DOI: https://doi.org/10.1007/978-981-99-9331-4_8

2024-01-01

Abstract:With the rapid development of network technology, the number of mobile devices is increasing at a phenomenal speed. However, many wireless communications are established on public wireless networks, which makes it a challenge to ensure the message confidentiality and user privacy. Besides, mobile devices usually have limited resources. It is necessary to design a secure and efficient cryptographic scheme for wireless communication. In this paper, we propose an identity-based mutual authentication scheme for resource-constrained mobile devices. With the help of random oracle model, we show that the scheme is provably secure under extended Canetti-Krawczyk (eCK) security model. Finally, through comparative experiments with six related works, we demonstrate that the proposed scheme is the most suitable for resource-constrained mobile devices in wireless communications.

Zhang Mingjie,Luo Yi,Niu Hanchun

DOI: https://doi.org/10.3969/j.issn.1000-0801.2007.12.004

2007-01-01

Abstract:The report presents an authentication system based on dynamic-password SIM,following the analysis of the ordinary authentication methods for Internet application. With this system, a business model is suggested for the Internet secured authentication,by which telecom company would run a new service with various business customers.

Xuebin Sun,Shuang Men,Chenglin Zhao,Zheng Zhou

DOI: https://doi.org/10.1002/sec.551

IF: 1.968

2012-05-10

Security and Communication Networks

Abstract:Machine‐to‐machine (M2M) techniques have significant application potential in the emerging internet of things, which may cover many fields from intelligence to ubiquitous environment. However, because of the data exposure when transmitted via cable, wireless mobile devices, and other technologies, its security vulnerability has become a great concern during its further extending development. This problem may even get worse if the user privacy and property are considered. Therefore, the authentication process of communicating entities has attracted wide investigation. Meanwhile, the data confidentiality also becomes an important issue in M2M, especially when the data are transmitted in a public and thereby insecure channel. In this paper, we propose a promising M2M application model that connects a mobile user with the home network using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. Subsequently, a password‐based authentication and key establishment protocol is designed to identify the communicating parties and hence establish a secure channel for data transmissions. The final analysis shows the reliability of our proposed protocol. Copyright © 2012 John Wiley & Sons, Ltd. In this article, we propose a promising M2M application model that connects a mobile user with the home network by using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. A reliability password‐based authentication and key establishment protocol is also designed to identify the communicating parties and hence, establish a secure channel for data transmissions.

computer science, information systems,telecommunications

Xuqiu Chen,Wei Wang,Wei Gan,Yi Yang,Su Yuan,Meng Li

DOI: https://doi.org/10.1007/978-3-030-97774-0_10

2022-01-01

Abstract:With the rapid development of the power mobile Internet, traditional identity authentication and authentication modes still have identity information theft, are unable to prevent illegal behaviors of internal users, etc., which can no longer meet the security requirements of identity authentication in mobile Internet services. In response to this problem, this paper proposes a mobile terminal identity authentication method on the Identity-Based Cryptography (IBC). During registration, the user's voice is collected through the mobile terminal to establish an identity vector (i-vector) voiceprint model, and features are extracted and added to the identity mark to generate a user ID and a corresponding identity password system; during authentication, the legitimacy of the user is judged based on voice recognition to prevent illegal user intrusion, And then based on the identity password combined with the symmetric encryption algorithm AES to encrypt and decrypt data to achieve terminal identity authentication to resist common attacks in the mobile Internet. Finally, the experimental analysis shows that the method effectively improves the security of the power mobile Internet identity authentication process and has the advantages of low cost and high efficiency. In the power mobile Internet business scenario, this method greatly improves the identification ability of illegal users and the resistance to network malicious attacks.

Xiong Li,Junguo Liao,Saru Kumari,Wei Liang,Fan Wu,Muhammad Khurram Khan

DOI: https://doi.org/10.1007/s11277-015-2737-z

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:The remote user authentication scheme is an important security technology, which provides authentication service before a user accesses the service provided by the remote server. In this paper, we analyze the security and design flaws of a recently proposed dynamic ID authentication and key agreement scheme by Lin. We find Lin’s scheme is totally cannot be used in real applications because of the following weaknesses: it has some design drawbacks such as it does not have the wrong password detection mechanism and its password change phase is incorrect; the user can login to the server using any wrong identity or password because of the inherent defects in the design of the authentication message; at the same time, Lin’s scheme is vulnerable to the mobile device loss attack and denial of service attack. For security considerations, we propose some principles which should be followed in the design of the user authentication schemes. According to these design principles, we design a new dynamic ID-based user authentication scheme using mobile device. We formally analyze the security features of the proposed scheme using BAN logic, and give the provable security analysis in random oracle model. Besides, we also discuss our scheme can resist other well known attacks. The functionality and performance comparisons shown that the proposed scheme enhances the security features and keeps the efficiency at the same time.

Lianfen Huang,Ying Huang,Zhibin Gao,Jianan Lin,Xueyuan Jiang

DOI: https://doi.org/10.1109/CIS.2009.50

2009-01-01

Abstract:Long-Term Evolution (LTE) is the next-generation network beyond 3G. Authentication service is one of the most essential services in LTE networks, which has significant effects on internet security. In this paper, we survey and compare three authentication protocols: Password Authentication Protocol, Lightweight Extensible Authentication Protocol, and Extensive Authentication Protocol-Transport Layer Security. We present our implementation approach for the LTE testbed. From the experimental results, we conclude that PAP and LEAP are not sufficiently secure due to their vulnerability to dictionary attacks, while EAP-TLS can provide robust security if the network users are not very concerned with the overhead. Our proposed LTE testbed is meaningful and can be used to test the efficiency of other protocols.