Cong Wang,Maode Ma,Lei Zhang

DOI: https://doi.org/10.1109/access.2017.2706738

IF: 3.9

2017-01-01

IEEE Access

Abstract:The IEEE 802.22 standard regulates wireless regional area network (WRAN) operating at the very high frequency and ultrahigh frequency television white space (TVWS) bands. WRAN supports extensible authentication protocol (EAP)-based authentication schemes. However, due to its public key cryptography operations, a full EAP-based authentication scheme is time-consuming, which is unacceptable for the WRAN handover process. In this paper, an efficient EAP-based pre-authentication scheme for inter-WRAN handovers (EPW) in TVWS is proposed. By applying the proposed pre-authentication scheme, the customer premises equipment and the target secondary user base station can accomplish a seamless handover using symmetric key. Through logic derivation by Burrows, Abadi, and Needham logic and formal verification by automated validation of Internet security protocols and applications, we conclude that the proposed EPW scheme can obtain mutual authentication and maintain key secrecy with a high resistance to attack. Additionally, the performance of the EPW scheme has been investigated by simulation experiments. The results show that the EPW scheme provides a lower computation delay than that mandated by the security scheme regulation of the IEEE 802.22 standard.

Xue Jun Li,Maode Ma,Jiecheng Xie

DOI: https://doi.org/10.1007/978-3-319-94965-9_1

2018-01-01

Abstract:Evolved Packet System-Authentication and Key Agreement (EPS-AKA) is the security protocol in Long-Term Evolution (LTE). However, it is still vulnerable to user identity attacks and fake eNBs. Efficient EPS-AKA (EEPS-AKA) was proposed with some improvements. Nevertheless, the EEPS-AKA is vulnerable to denial-of-service (DoS) attacks and fake eNBs, despite of some minor flaws in its procedures. In this paper, we propose Temporary Internet Access (TIA)-AKA to: (1) prevent user identity disclosure by implementing some additional steps, which allows a user equipment (UE) to request a temporary UE identity to access Internet; and (2) authenticate the Mobility Management Entity (MME) through the validity of the assigned IP address. Physical address and simple password exponential key exchange (SPEKE) method are combined into the proposed TIA-AKA. Efficiency analysis suggests the TIA-AKA provides a fully protection on the user identity and prevent the DoS attack, at the expense of increased bandwidth consumption and processing delay.

Rajakumar Arul,Gunasekaran Raja,Ali Kashif Bashir,Junaid Chaudry,Amjad Ali

DOI: https://doi.org/10.48550/arXiv.1905.07607

2019-05-18

Networking and Internet Architecture

Abstract:The growing popularity of multimedia applications, pervasive connectivity, higher bandwidth, and euphoric technology penetration among the bulk of the human race that happens to be cellular technology users, has fueled the adaptation to Long Term Evolution (LTE)/ System Architecture Evolution (SAE). The LTE fulfills the resource demands of the next generation applications for now. We identify security issues in the authentication mechanism used in LTE that without countermeasures might give superuser rights to unauthorized users. The LTE uses static LTE Key (LTE-K) to derive the entire key hierarchy such as LTE follows Evolved Packet System-Authentication and Key Agreement (EPS-AKA) based authentication which discloses user identity, location, and other Personally Identifiable Information (PII). To counter this, we propose a public key cryptosystem named International mobile subscriber identity Protected Console Grid-based Authentication and Key Agreement (IPG-AKA) protocol to address the vulnerabilities related to weak key management. From the data obtained from threat modeling and simulation results, we claim that the IPG-AKA scheme not only improves the security of authentication procedures, it also shows improvements in authentication loads and reduction in key generation time. The empirical results and qualitative analysis presented in this paper proves that IPG-AKA improves security in authentication procedure and performance in the LTE.

Mohammed Ramadan,Fagen Li,Chunxiang Xu,Abdeldime Mohamed,Hisham Abdalla,Ahmed Abdalla Ali

DOI: https://doi.org/10.6633/ijns.201607.18(4).17

2016-01-01

Abstract:Long Term Evolution LTE is the first technology that provides exclusively packet-switched data and modifies the security architecture of the 2G and 3G systems. The LTE security architecture offers confidentiality, access control, a kind of obscurity and mutual authentication. However, numerous types of attacks can be encountered during the mutual authentication process which is a challenge-response based technique. Therefore, a high secure public key algorithm can be implemented to improve the network security services. As the network operator is often considered as not being a highly trusted party and can thus face threats, the communications ends are the only secure parties to provide such security features. This paper pro- poses a secure mutual authentication and key agreement scheme for LTE cellular system with user-to-user security. The network side in this scheme operates as a proxy and non-trusted party to provide the security architecture with more exibility and reliability. This is achieved by using designated verifier proxy signature and key agreement protocol based bilinear pairing with some changes in both security algorithms and LTE security architecture within the LTE standardization. Our security and performance analysis demonstrated that the proposed scheme is more secure compared to the basic authentication and key agreements schemes.

JIANG Rui,LI Jianhua,PAN Li,TIE Ling

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.056

2006-01-01

Abstract:The 3GPP authentication and key agreement has two security shortages.One is that it needs a strong secure channel assumption between the VLR and the HLR,and will easily suffer from the active attack after the adversary accesses the channel.The other is that it easily suffers from the re-direction attack for the users.In this paper,a new enhanced 3GPP authentication and key agreement is proposed to overcome the two security shortages.The new enhanced 3GPP AKA protocol can ensure the secure communication in the insecure channel and defeat the re-direction attack for the users.In addition,it can be implemented without modification of SGPP AKA security architecture.

Dake He,Jianbo Wang,Yu Zheng

DOI: https://doi.org/10.1109/isbast.2008.4547638

2008-01-01

Abstract:The developing next generation (4G) mobile communication system will offer us great convenience and huge opportunities of service creation with numerous security threats. As a critical security mechanism, user authentication and key agreement (AKA) schemes have received considerable attentions in recent years. In this paper, a AKA scheme (SPAKA) based on self-certified public-key is proposed for the coming 4G system to reduce the storage, computation and communicational load of existing public-key based user authentication schemes while improving the security of 3G AKA scheme. Three authentication protocols including first-time authentication, re-authentication and handoff authentication are designed respectively for different authentication scenarios. According to the performance analysis, our approach has outperformed related schemes by providing better flexibility and scalability while maintain the expected security and efficiency. Consequently, it is more appropriate for 4G wireless system.

Liu Tian,Wu Fan,Li Xiong,Chen Chaoyang

DOI: https://doi.org/10.1007/s11235-021-00815-9

2021-01-01

Telecommunication Systems

Abstract:Authentication and key agreement (AKA) protocol is an important security mechanism for access services in mobile communication systems. The 3GPP group has standardized the AKA protocol for 5G mobile communication systems. Even though 5G AKA protocol has improved security compared with 3G and 4G AKA protocols, several studies have shown that some critical goals are still not fulfilled, such as violation of untracebility and lack of session key confirmation. In this article, we propose a security enhanced AKA protocol for 5G to overcome the previous identified weaknesses. In our protocol, random number based challenge-response mechanism is used to resist replay attacks, which also saves the communication cost since our protocol has no sequence number de-synchronization problem. Besides, our protocol guarantees the feature of session key confirmation, which allows the subscriber and serving network confirm that they share a session key after successful authentication. Through the formal verification of Proverif, the security of our proposed protocol is proved. Moreover, elliptic-curve Diffie–Hellman mechanism is adopted by our protocol, and therefore the property of perfect forward secrecy can be achieved.

Ghizlane Orhanou,Said El Hajji,Youssef Bentaleb,Jalal Laassiri

DOI: https://doi.org/10.48550/arXiv.1102.5191

2011-02-25

Abstract:The Long Term Evolution of UMTS is one of the latest steps in an advancing series of mobile telecommunications systems. Many articles have already been published on the LTE subject but these publications have viewed the subject from particular perspectives. In the present paper, a different approach has been taken. We are interested in the security features and the cryptographic algorithms used to ensure confidentiality and integrity of the transmitted data. A closer look is taken to the two EPS confidentiality and integrity algorithms based on the block cipher algorithm AES: the confidentiality algorithm EEA2 and the integrity algorithm EIA2. Furthermore, we focused on the implementation of both algorithms in C language in respect to the specifications requirements. We have tested our implementations according to the testsets given by the 3rd Generation Partnership Project (3GPP) implementation document. Some examples of the implementation tests are presented bellow.

Cryptography and Security

JIANG Rui,LI Jian-hua,PAN Li

DOI: https://doi.org/10.3321/j.issn:1006-2467.2006.05.019

2006-01-01

Abstract:The 3GPP(Third Generation Partnership Project) authentication and key agreement(AKA) was formally analyzed with the strand space model and authentication tests.It was pointed out that the 3GPP AKA has two security shortages on secrecy and authentication when applied in the insecure chanoel,and two attacks were given.Then,an improved 3GPP authentication and key agreement was proposed to overcome the two security shortages.Finally,the improved protocol was formally analyzed with the strand space model and the authentication tests,and was proven to ensure the secrecy,the mutual authentication between the mobile subscriber and the visiting network, and the recency of the cipher key and integrity key in the insecure channel.

Yi-Li Huang,Fang-Yie Leu,Ilsun You,Yao-Kuo Sun,Cheng-Chung Chu

DOI: https://doi.org/10.1007/s11227-013-0958-z

IF: 3.3

2013-06-14

The Journal of Supercomputing

Abstract:In broadband wireless technology, due to having many salient advantages, such as high data rates, quality of service, scalability, security, mobility, etc., LTE-A currently has been one of the trends of wireless system development. This system provides several sophisticated authentication and encryption techniques to enhance its system security. However, LTE-A still suffers from various attacks, like eavesdropping and replay attacks. Therefore, in this paper, we propose a novel security scheme, called the security system for a 4Genvironment (Se4GE for short), which as an LTE-A-based system integrates the RSA and Diffie–Hellman algorithms to solve some of LTE-A’s security drawbacks where LTE-A stands for LTE-Advance which is a 4G system. The Se4GE is an end-to-end ciphertext transfer mechanism which dynamically changes encryption keys to enforce the security of data transmission in an LTE-A system. The Se4GE also produces several logically connected random keys, called the intelligent protection-key chain, which invokes two encryption/decryption techniques to provide users with broader demands for security services. The analytical results show that the Se4GE has higher security level than that of an LTE-A system.

Ilsun You,Gunwoo Kim,Seonghan Shin,Hoseok Kwon,Jongkil Kim,Joonsang Baek

DOI: https://doi.org/10.3390/s24010159

2023-12-27

Abstract:5G acts as a highway enabling innovative digital transformation and the Fourth Industrial Revolution in our lives. It is undeniable that the success of such a paradigm shift hinges on robust security measures. Foremost among these is primary authentication, the initial step in securing access to 5G network environments. For the 5G primary authentication, two protocols, namely 5G Authentication and Key Agreement (5G-AKA) and Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA'), were proposed and standardized, where the former is for 3GPP devices, and the latter is for non-3GPP devices. Recent scrutiny has unveiled vulnerabilities in the 5G-AKA protocol, exposing it to security breaches, including linkability attacks. Moreover, mobile communication technologies are dramatically evolving while 3GPP has standardized Authentication and Key Management for Applications (AKMA) to reuse the credentials, generated during primary authentication, for 5G network applications. That makes it so significant for 5G-AKA to be improved to support forward secrecy as well as address security attacks. In response, several protocols have been proposed to mitigate these security challenges. In particular, they tried to strengthen security by reusing secret keys negotiated through the Elliptic Curve Integrated Encryption Scheme (ECIES) and countering linkability attacks. However, they still have encountered limitations in completing forward secrecy. Motivated by this, we propose an augmentation to 5G-AKA to achieve forward security and thwart linkability attacks (called 5G-AKA-FS). In 5G-AKA-FS, the home network (HN), instead of using its static ECIES key pair, generates a new ephemeral key pair to facilitate robust session key negotiation, truly realizing forward security. In order to thoroughly and precisely prove that 5G-AKA-FS is secure, formal security verification is performed by applying both BAN Logic and ProVerif. As a result, it is demonstrated that 5G-AKA-FS is valid. Besides, our performance comparison highlights that the communication and computation overheads are intrinsic to 5G-AKA-FS. This comprehensive analysis showcases how the protocol effectively balances between security and efficiency.

Yu Zheng,Dake He,Xiaohu Tang,Hongxia Wang

DOI: https://doi.org/10.1109/ICICS.2005.1689196

2005-01-01

Abstract:Future 4G mobile communication networks are expected to provide all IP-based services for heterogeneous wireless access technologies. Security service for mobile user as a major challenge in developing such 4G networks becomes more complicated to handle. Since the mobile equipment (ME) becomes ever more powerful but still remain open to possible attacks, the neglect of the security of ME in developing traditional security scheme for mobile networks will remain many risks in the coming 4G systems. In this paper we associate trusted computing (TC) with PKI to provide a considerable robust platform for user's access to sensitive service and data in the scenario of 4G systems. Then over the trusted mobile platform (TMP) we present an hybrid AKA (authentication and key agreement) and authorization scheme, in which password is in combination with fingerprint as well as public key to achieve mutual authentication among user/ME/USIM (universal subscriber identity module) and that among user/AN (accessed network)/HE (home environment). Compared with other AKA for future mobile networks and 3G AKA, our scheme with well scalability and acceptable efficiency is more robust and secure to resist potential attacks on/from ME and attacks in heterogeneous network infrastructure

Jun JIANG,Chen HE,Ling-ge JIANG

DOI: https://doi.org/10.3321/j.issn:1006-2467.2006.01.018

2006-01-01

Shanghai Jiaotong Daxue Xuebao/Journal of Shanghai Jiaotong University

Abstract:This paper mainly focuses on the authentication protocol EAP-AKA (Extensible Authentication Protocol Method for UMTS Authentication and Key Agreement) in the integration of 3GPP (The Third Generation Partnership Project) and WLAN (Wireless Local Network). An authentication mathematical model for 3GPP-WLAN was established. Through analyzing the authentication protocol, it is pointed out that the number K of AVs (authentication vectors) obtained from authentication center every time and the number of re-authentication can affect the authentication signaling cost. A novel adaptive K select mechanism was proposed by considering the re-authentication procedure. The novel scheme utilizes the terminal's total authentication times, the number of re-authentication and the value of K in previous WLAN to infer the proper value of K in current WLAN. The simulation result shows that the new scheme can efficiently reduce the authentication signaling cost compared with the fixed K authentication mechanism.

Rongxing Lu,Zhenfu Cao,Haojin Zhu

DOI: https://doi.org/10.1016/j.csi.2007.04.002

IF: 3.721

2007-01-01

Computer Standards & Interfaces

Abstract:With the rapid progress of wireless mobile communication, the authenticated key agreement protocol has attracted an increasing amount of attention. However, due to the limitations of bandwidth and storage of the mobile devices, most of the existing authenticated key agreement protocols are not suitable for wireless mobile communication. Quite recently, Sui et al. have presented an efficient authenticated key agreement protocol based on elliptic curves cryptography and included their protocol in 3GPP2 specifications to improve the security of A-Key distribution. However, in this paper, we show that Sui et al.'s protocol can't resist the off-line password guessing attack, and therefore present an enhanced authenticated key agreement protocol. At the same time, we also consider including our enhanced protocol in 3GPP2 specifications.

Yijun He,Nan Xu,Jie Li

DOI: https://doi.org/10.1109/ARES.2007.23

2007-01-01

Abstract:We propose an efficient and secure mutual authentication and key exchange protocol suitable for applications using low-power mobile communications. It maintains the required level of security and has the property of perfect forward secrecy which is not possessed by other protocols such as ES-MAKEP, L-MAKEP, and I-MAKEP. Moreover, the paper also provides a formal proof to guarantee the security of the proposed protocol. Further, we apply the proposed authentication and key exchange solution to WTLS to obtain a more secure protocol

Fan Yang,Ping Zhu

DOI: https://doi.org/10.1109/cise.2010.5677268

2010-01-01

Abstract:IEEE 802.16e Standard as the new released version, renew the security scheme PKMv1 of IEEE802.16d into PKMv2. This paper analyzes the EAP_based authentication mode of PKMv2, and proposes an improved EAP_TTLS _SPEKEY method for EAP_based authentication patter. The improvement has enabled the EAP_TTLS_SPEKEY to overcome the engrained vulnerability of the Man in the Middle attacks in the original EAP_TTLS design.

Yu ZHENG,Da-ke HE,Qi-xiang MEI

DOI: https://doi.org/10.3321/j.issn:0254-4164.2005.08.011

2005-01-01

Abstract:BackgroundIn 3G mobile communication systems it is likely that public-key based authentication protocols will be employed for their intrinsic advantages over symmetric key protocols. In this paper, an efficient self-certified public-key based authentication scheme including PKBP (Public-Key Broadcast Protocol) and SPAKA (Self-certified Public-key based Authentication and Key Agreement Protocol) is presented for 3G systems. With the help of PKBP, Mobile Equipment (ME) can identify the genuine Base Station (BS) from the malicious ones without verifying the VLR’s (Visit Location Register) public-key certificate before authentication. While in SPAKA, without delivering its public-key certificate to VLR, ME can enforce mutual authentication with VLR. What’s more, in the scheme the conversation launched by ME can be monitored in a controllable and legitimate way by government at required occasions. Thus …

Yao Zhao,Chuang Lin,Hao Yin

DOI: https://doi.org/10.1109/aina.2006.300

2006-01-01

Abstract:With the development of wireless Internet, the interworking of the Third Generation (3G) wide area wireless networks and Wireless Local Area Networks (WLAN) has become a focus of research. 3G systems have their advantages in charging management, roaming, and security facilities, and WLAN systems have the advantages of high bandwidth and low investment cost. Interworking of 3G-WLAN offers characteristics that complement each other perfectly. Several authentication protocols have been proposed to improve security. In this paper, we firstly introduce the architectures of 3G-WLAN interworking and discuss existing problems related to authentication and key agreement procedures. Then, we present two schemes by applying authentication based on EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) and EAP-TTLS (Tunneled TLS) into integrated 3G and WLAN to achieve high end-to-end security and authentication for the users. Finally, we conduct a series of performance evaluation on the energy consumption and latency of standard authentication protocols.

Jianjie Zhao,Dawu Gu,Lei Zhang

DOI: https://doi.org/10.1002/sec.316

IF: 1.968

2011-01-01

Security and Communication Networks

Abstract:ABSTRACTRecently, Tzung‐Her Chen, Wei‐Bin Lee, and Hsing‐Bai Chen (CLC) proposed a new three‐party password‐based authenticated key exchange (3PAKE) protocol. This CLC protocol needs not store the security‐sensitive table on the server side, which reduces the danger of the server being compromised; also, it has the advantage in terms of the round efficiency and computational cost. However, we find that the leakage of values VA and VB in the CLC protocol will make a man‐in‐the‐middle attack feasible in practice. On the basis of this finding, we present a modified 3PAKE protocol called I‐CLC protocol, which is essentially an improved CLC protocol. I‐CLC can resist attacks available, including the man‐in‐the‐middle attack that we mentioned on the initial CLC protocol. Meanwhile, the new protocol allows that the participants choose their own passwords by themselves; additionally, the computation cost of I‐CLC is lower than that of CLC protocol. Copyright © 2011 John Wiley & Sons, Ltd.

Man Chun Chow,Maode Ma

DOI: https://doi.org/10.3390/s22124525

2022-06-15

Abstract:The futuristic fifth-generation cellular network (5G) not only supports high-speed internet, but must also connect a multitude of devices simultaneously without compromising network security. To ensure the security of the network, the Third Generation Partnership Project (3GPP) has standardized the 5G Authentication and Key Agreement (AKA) protocol for mutually authenticating user equipment (UE), base stations, and the core network. However, it has been found that 5G-AKA is vulnerable to many attacks, including linkability attacks, denial-of-service (DoS) attacks, and distributed denial-of-service (DDoS) attacks. To address these security issues and improve the robustness of the 5G network, in this paper, we introduce the Secure Blockchain-based Authentication and Key Agreement for 5G Networks (5GSBA). Using blockchain as a distributed database, our 5GSBA decentralizes authentication functions from a centralized server to all base stations. It can prevent single-point-of-failure and increase the difficulty of DDoS attacks. Moreover, to ensure the data in the blockchain cannot be used for device impersonation, our scheme employs the one-time secret hash function as the device secret key. Furthermore, our 5GSBA can protect device anonymity by mandating the encryption of device identities with Subscription Concealed Identifiers (SUCI). Linkability attacks are also prevented by deprecating the sequence number with Elliptic Curve Diffie-Hellman (ECDH). We use Burrows-Abadi-Needham (BAN) logic and the Scyther tool to formally verify our protocol. The security analysis shows that 5GSBA is superior to 5G-AKA in terms of perfect forward secrecy, device anonymity, and mutual Authentication and Key Agreement (AKA). Additionally, it effectively deters linkability attacks, replay attacks, and most importantly, DoS and DDoS attacks. Finally, the performance evaluation shows that 5GSBA is efficient for both UEs and base stations with reasonably low computational costs and energy consumption.