Yunqing Sun,Jin Cao,Maode Ma,Hui Li,Ben Niu,Fenghua Li

DOI: https://doi.org/10.1109/iccnc.2019.8685499

2019-01-01

Abstract:Device-to-device (D2D) communication as a direct communication technology has many application scenarios and plays a very important role in the 5G era. Using D2D communication in 3GPP 5G Heterogeneous Network (HetNet) can effectively relieve the network traffic pressure and reduce the energy consumption of the base station. However, there are numerous security threats in D2D application since the introduction of D2D communication into the 3GPP 5G Het-Net still remains in the early stage. It is urgent to design a mutual authentication and key agreement protocol between two heterogeneous User Equipments (UEs) with privacy preserving and device discovery. The existing standards and solutions rarely take the heterogeneous access scenarios, privacy protection, and device discovery into consideration. In this paper, we propose a unified privacy protection device discovery and authentication mechanism for heterogeneous D2D UEs using the identity-based prefix encryption and ECDH techniques. Our proposed scheme can be applied to all of the 5G heterogeneous access scenarios of D2D communication. The security analysis and performance results show that our scheme can achieve the mutual authentication, key agreement, identity privacy protection and resist several protocols attacks with ideal efficiency.

Yunqing Sun,Jin Cao,Xiongpeng Ren,Canhui Tang,Ben Niu,Yinghui Zhang,Hui Li

DOI: https://doi.org/10.1109/tits.2024.3368335

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Device-to-device (D2D) communication, as a traffic offloading technology in the fifth-generation (5G) network, can be widely used in several scenarios to provide 5G characteristics of higher speed, lower latency, and larger capacity. D2D data transmission over wireless channels among mobile devices is vulnerable to security threats and privacy violations from third parties and relay nodes. However, academia and industry have yet to propose relevant schemes or standards for D2D relay data transmission scenarios. We first propose a generic construction for D2D relay communication in this paper. Then, a concrete anonymous and secure D2D data transmission scheme with trajectory tracking is presented based on Chebyshev polynomials, hash-based message authentication code, and symmetric encryption. We employ a formal verification tool -Tamarin, modal logic analysis -BAN logic, and informal security analysis to demonstrate the security features of the proposed scheme. The performance evaluation shows that the proposed scheme can achieve desirable efficiency compared with other related schemes. Finally, we developed an APP‘, D2DWatchmen’, to simulate the whole protocol and test its robustness and real execution time, where the result shows good availability and effectiveness.

engineering, electrical & electronic,transportation science & technology, civil

Manzoor Ahmed,Yong Li,Zhuo Yinxiao,Muhammad Sheraz,Dianlei Xu,Depeng Jin

DOI: https://doi.org/10.1109/tvt.2019.2890879

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:Device-to-device (D2D) communication standardization is underway and considered as one of the key technologies in the 5G ecosystem. Eavesdropping is a well-known security risk for D2D communications. Thus, ensuring information security for both cellular users (CUs) and D2D pairs in an underlay network is quite challenging. In this paper, we look into the problem of physical-layer secure transmission jointly with resource allocation in D2D communications. Existing research works for D2D underlay networks considered perfect channel state information (CSI), which is usually unrealistic in practical networks due to the wireless channels' dynamic nature. Hence, unlike the previous works, we are considering imperfect CSI that include estimation errors. We leverage social-domain and frame a coalitional game approach, enabling multiple D2D pairs to share CU spectral resource. We assume heterogeneous cellular network based practical scenario considering multiple eavesdroppers, intra-cell interference, and inter-cell interference to evaluate achievable performances in terms of sum-rate and secrecy capacity for both CUs and D2D pairs. Moreover, we prove our proposed algorithm stability, convergence, and computational complexity. The simulation results establish the effectiveness of our proposed approach that not only maximizes the sum rate (i.e., 10%-60%) but also improves the secrecy capacity (i.e., 20%-67%) in comparison to the baseline schemes.

Jin Cao,Maode Ma,Yulong Fu,Hui Li,Yinghui Zhang

DOI: https://doi.org/10.1109/tdsc.2019.2916593

2019-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Ultra-dense Heterogeneous network (HetNet) technique can significantly improve wireless link quality, spectrum efficiency and system capacity, and satisfy different requirements for coverage in hotspots, which has been viewed as one of the key technologies in fifth Generation (5G) network. Due to the existence of many different types of base stations (BSs) and the complexity of the network topology in the 5G HetNets, there are a lot of new challenges in security and mobility management aspects for this multi-tier 5G architecture including insecure access points and potential frequent handovers among several different types of base stations. In this paper, we integrate user capability and Software Defined Network (SDN) technique, and propose a capability-based privacy protection handover authentication mechanism in SDN-based 5G HetNets. Our proposed scheme can achieve the mutual authentication and key agreement between User Equipments (UEs) and BSs in 5G HetNets at the same time largely reduce the authentication handover cost. We demonstrate that our proposed scheme indeed can provide robust security protection by employing several security analysis methods including the BAN logic and the formal verification tool Scyther. In addition, the performance evaluation results show that our scheme outperforms other existing schemes.

Ting Ma,Feng Hu,Maode Ma

DOI: https://doi.org/10.1145/3377170.3377183

2019-01-01

Abstract:The upcoming 5G ultra wideband mobile network is expected to provide a fundamental framework for a huge number of devices, which indicates the presence of dynamical users join and leave events. Due to highly heterogeneous architecture, it is crucial to address security in 5G HetNets. In this paper, we focus on presenting a mutual physical layer handover authentication approach for software-defined networking (SDN) assisted 5G HetNets. The legitimacy of user equipment (UE) and access points (AP) are both verified based on extracted physical layer characteristics of wireless channel links with the help of base station (BS). Furthermore, a verification is employed to enhance authentication performance. The parameters of are discussed in our simulations and Figure of Merit (FoM) is applied in the simulation to evaluate the performance of proposed authentication scheme.

Qijun Han,Gang Feng,Shuang Qin,Qianyi Zhang

DOI: https://doi.org/10.1109/wcncw48565.2020.9124798

2020-01-01

Abstract:The forthcoming mobile cellular networks (5G) and beyond need to address the challenges of performance requirements in diverse technical scenarios, such as seamless wide-area coverage, hot-spot high-capacity, and low power massive connections, etc. It is widely recognized that Heterogeneous Network (HetNet) is an effective network architecture for addressing these challenges, especially dealing with the access control issue of massive machine-type communication (mMTC). In this paper, we propose a device-to-device (D2D) communication-assisted MTC access mechanism with aim of maximizing the number of admitted MTCDs (MTCDs) in the system while ensuring the quality of service (QoS) requirements of MTCDs. In our proposed scheme, we first determine the access mode for the devices that fail in directly accessing the base station. Specifically, another MTCD which has been successfully connected to the base station (BS) is selected as the relay for a specific MTCD via device-to-device (D2D) communications. We first formulate the access control problem of maximizing the number of admitted MTCDs and prove its NP-hardness. We then resort to genetic algorithm (GA) to solve the optimal relay MTCD selection problem. We conduct simulation experiments to evaluate the performance of our proposed algorithm and numerical results show that the proposed algorithm outperforms the traditional algorithms in terms of the number of successful access MTCDs, transmission rate, and system throughput.

zhijian lin,liang du,zhibin gao,lianfen huang,xiaojiang du

DOI: https://doi.org/10.1002/wcm.2602

2016-01-01

Abstract:AbstractA large number of new data-consuming applications are emerging, and many of them involve mobile users. In the next generation of wireless communication systems, device-to-device D2D communication is introduced as a new paradigm to offload the increasing traffic to the user equipment. Before the traffic transmission, D2D discovery and access procedure is the first important step which needs to be completed. In this paper, our goal is to design a device discovery and access scheme for the fifth generation cellular networks. We first present two types of device discovery and access procedures. Then we provide performance analysis based on the Markov process model. In addition, we present numerical simulation on the Vienna Matlab platform. The simulation results demonstrate the viability of the proposed scheme. Copyright © 2015 John Wiley & Sons, Ltd.

Jin Cao,Maode Ma,Hui Li

DOI: https://doi.org/10.1002/dac.3860

2018-01-01

International Journal of Communication Systems

Abstract:SummaryBecause of the requirements of stringent latency, high‐connection density, and massive devices concurrent connection, the design of the security and efficient access authentication for massive devices is the key point to guarantee the application security under the future fifth Generation (5G) systems. The current access authentication mechanism proposed by 3rd Generation Partnership Project (3GPP) requires each device to execute the full access authentication process, which can not only incur a lot of protocol attacks but also result in signaling congestion on key nodes in 5G core networks when sea of devices concurrently request to access into the networks. In this paper, we design an efficient and secure privacy‐preservation access authentication scheme for massive devices in 5G wireless networks based on aggregation message authentication code (AMAC) technique. Our proposed scheme can accomplish the access authentication between massive devices and the network at the same time negotiate a distinct secret key between each device and the network. In addition, our proposed scheme can withstand a lot of protocol attacks including interior forgery attacks and DoS attacks and achieve identity privacy protection and group member update without sacrificing the efficiency. The Burrows Abadi Needham (BAN) logic and the formal verification tool: Automated Validation of Internet Security Protocols and Applications (AVISPA) and Security Protocol ANimator for AVISPA (SPAN) are employed to demonstrate the security of our proposed scheme.

Yurong Luo,Jin Cao,Maode Ma,Hui Li,Ben Niu,Fenghua Li

DOI: https://doi.org/10.1109/iccnc.2019.8685543

2019-01-01

Abstract:The future fifth-generation (5G) mobile communications system has already become a focus around the world. A large number of late-model services and applications including high definition visual communication, internet of vehicles, multimedia interaction, mobile industry automation, and etc, will be added to 5G network platform in the future. Different application services have different security requirements. However, the current user authentication for services and applications: Extensible Authentication Protocol (EAP) suggested by the 3GPP committee, is only a unitary authentication model, which is unable to meet the diversified security requirements of differentiated services. In this paper, we present a new diversified identity management as well as a flexible and composable three-factor authentication mechanism for different applications in 5G multi-service systems. The proposed scheme can provide four identity authentication methods for different security levels by easily splitting or assembling the proposed three-factor authentication mechanism. Without a design of several different authentication protocols, our proposed scheme can improve the efficiency, service of quality and reduce the complexity of the entire 5G multi-service system. Performance analysis results show that our proposed scheme can ensure the security with ideal efficiency.

Zhijian Lin,Liang Du,Zhibin Gao,Lianfen Huang,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/WCNC.2016.7564761

2016-01-01

Abstract:Device-to-device (D2D) communication, which is defined as a direct communication between two mobile users without traversing the Base Station (BS) or the core network to offload the increasing traffic to the user equipments, is one of the key technologies in the fifth generation (5G) of wireless communication systems. Discovery and communication are the basic two features to fulfill the need for the D2D communication. However, Most of existing D2D studies focused on the communication issues always assume that the discovery is completed. In this paper, we propose two strategies of device discovery and access scheme for the 5G cellular networks. Then the performance analysis based on two dimensional discrete time Markov process model is provided. In addition, we present numerical simulation on the Matlab platform. The simulation results demonstrate the viability of the proposed scheme.

Xiguang Zhang,Yong Shang,Shiwei Yan,Dehuai Li,Junqi Guo

DOI: https://doi.org/10.1109/MILCOM.2016.7795494

2016-01-01

Abstract:With development of mobile communication, transmission load of cellular network has greatly increased. In order to relieve spectrum resource scarcity, heterogeneous cellular network has been proposed. In heterogeneous cellular networks, D2D users share frequency resource with cellular users, which improves frequency efficiency effectively. However, serious security problem may be incurred since cellular users are able to overhear information from D2D users underlying in cellular communication links. This paper focuses on improving the secrecy capacity of D2D users in a heterogeneous cellular network by designing adaptive power control and access control schemes. Specifically, we firstly determined a basic security area in which cellular users can be regarded as eligible access objects for D2D users. Then the optimal expression of D2D transmitting power is determined when D2D users share resource with a cellular user located in the basic security area. Finally, we selected a cellular user for D2D pair to access according to the level of information confidentiality. When there's high level of information confidentiality, the Simulated Annealing Algorithm was performed to find a cellular user in order to improve security capacity as much as possible. When D2D pairs communicated normal information, the access object was randomly selected from all cellular users located in basic safety area.

Jin Cao,Maode Ma,Hui Li

DOI: https://doi.org/10.1109/twc.2012.081612.112070

IF: 10.4

2012-01-01

IEEE Transactions on Wireless Communications

Abstract:To achieve seamless handovers between the Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and other access networks is a challenging task as it requires comprehensive real-time interconnectivity in the LTE networks. The third Generation Partnership Project (3GPP) has suggested support the mobility between the E-UTRAN and non-3GPP access networks, which requires full access authentication procedures and distinct procedures for different mobility scenarios, which will bring a lot of message exchanges and increase the system complexity. Besides, the existing handover schemes for other wireless networks are not suitable for the mobility scenarios in the LTE networks due to their inherent vulnerabilities. In this paper, we propose a fast and secure handover authentication scheme to fit in with all of the mobility scenarios in the LTE networks. Compared with other handover schemes, our scheme cannot only provide strong security guarantees including Perfect Forward Secrecy (PFS) and Master Key Forward Secrecy (MKFS) and user anonymity, but also achieve a simple authentication process with robust efficiency in terms of communication cost, storage cost and computational cost. The experimental results and formal verification by using the TLA+ and TLC show that the proposed scheme is secure against various malicious attacks.

Man Chun Chow,Maode Ma

DOI: https://doi.org/10.3390/s22124525

2022-06-15

Abstract:The futuristic fifth-generation cellular network (5G) not only supports high-speed internet, but must also connect a multitude of devices simultaneously without compromising network security. To ensure the security of the network, the Third Generation Partnership Project (3GPP) has standardized the 5G Authentication and Key Agreement (AKA) protocol for mutually authenticating user equipment (UE), base stations, and the core network. However, it has been found that 5G-AKA is vulnerable to many attacks, including linkability attacks, denial-of-service (DoS) attacks, and distributed denial-of-service (DDoS) attacks. To address these security issues and improve the robustness of the 5G network, in this paper, we introduce the Secure Blockchain-based Authentication and Key Agreement for 5G Networks (5GSBA). Using blockchain as a distributed database, our 5GSBA decentralizes authentication functions from a centralized server to all base stations. It can prevent single-point-of-failure and increase the difficulty of DDoS attacks. Moreover, to ensure the data in the blockchain cannot be used for device impersonation, our scheme employs the one-time secret hash function as the device secret key. Furthermore, our 5GSBA can protect device anonymity by mandating the encryption of device identities with Subscription Concealed Identifiers (SUCI). Linkability attacks are also prevented by deprecating the sequence number with Elliptic Curve Diffie-Hellman (ECDH). We use Burrows-Abadi-Needham (BAN) logic and the Scyther tool to formally verify our protocol. The security analysis shows that 5GSBA is superior to 5G-AKA in terms of perfect forward secrecy, device anonymity, and mutual Authentication and Key Agreement (AKA). Additionally, it effectively deters linkability attacks, replay attacks, and most importantly, DoS and DDoS attacks. Finally, the performance evaluation shows that 5GSBA is efficient for both UEs and base stations with reasonably low computational costs and energy consumption.

Ronghao Ma,Jianhong Zhou,Maode Ma

DOI: https://doi.org/10.3390/s24072331

IF: 3.9

2024-04-06

Sensors

Abstract:In the realm of the fifth-generation (5G) wireless cellular networks, renowned for their dense connectivity, there lies a substantial facilitation of a myriad of Internet of Things (IoT) applications, which can be supported by the massive machine-type communication (MTC) technique, a fundamental communication framework. In some scenarios, a large number of machine-type communication devices (MTCD) may simultaneously enter the communication coverage of a target base station. However, the current handover mechanism specified by the 3rd Generation Partnership Project (3GPP) Release 16 incurs high signaling overhead within the access and core networks, which may have negative impacts on network efficiency. Additionally, other existing solutions are vulnerable to malicious attacks such as Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, and the failure of Key Forward Secrecy (KFS). To address this challenge, this paper proposes an efficient and secure handover authentication protocol for a group of MTCDs supported by blockchain technology. This protocol leverages the decentralized nature of blockchain technology and combines it with certificateless aggregate signatures to mutually authenticate the identity of a base station and a group of MTCDs. This approach can reduce signaling overhead and avoid key escrow while significantly lowering the risk associated with single points of failure. Additionally, the protocol protects device anonymity by encrypting device identities with temporary anonymous identity markers with the Elliptic Curve Diffie–Hellman (ECDH) to abandon serial numbers to prevent linkage attacks. The resilience of the proposed protocol against predominant malicious attacks has been rigorously validated through the application of the BAN logic and Scyther tool, underscoring its robust security attributes. Furthermore, compared to the existing solutions, the proposed protocol significantly reduces the authentication cost for a group of MTCDs during handover, while ensuring security, demonstrating commendable efficiency.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Chengzhe Lai,Hui Li,Rongxing Lu,Xuemin (Sherman) Shen,Jin Cao

DOI: https://doi.org/10.1109/ICCChina.2013.6671201

2013-01-01

Abstract:With a wide range of potential applications, machine-type communication (MTC) or machine to machine (M2M) communications is gaining a tremendous interest among mobile network operators and research groups. MTC is standardized by the 3rd Generation Partnership Project (3GPP), which has been regarded as the promising solution facilitating M2M communications. One of research challenges in MTC is security, if the security is not well addressed, all applications involving MTC cannot be put into market. In the latest standard, the 3GPP proposes a novel scenario for MTC, where MTC server is located outside of the operator domain. However, the connection between 3GPP core network and MTC server in this scenario is insecure, as a result, there are distrustful relationships among MTC device, core network and MTC server. To resolve this problem, we propose an end-to-end security scheme for MTC based on the proxy-signature technique in this paper. Specifically, both the MTC device and the MTC server can establish a strong trustful relationship with each other through using the proxy signatures issued by the core network. Through security analysis, we conclude that the proposed scheme can achieve the security goals, and prevent the various security threats. In addition, performance evaluation also demonstrates its efficiency in terms of operational cost during authentication.

Xinlei Chen,Yulei Zhao,Yong Li,Xu Chen,Ning Ge,Sheng Chen

DOI: https://doi.org/10.1109/jsac.2018.2825658

IF: 16.4

2018-01-01

IEEE Journal on Selected Areas in Communications

Abstract:In a device-to-device (D2D) communications underlaying cellular network, any user is a potential eavesdropper for the transmissions of others that occupy the same spectrum. The physical-layer security mechanism of theoretical secure capacity, which maximizes the rate of reliable communication from the source user to the legitimate receiver and ensure unauthorized users learn as little as information as possible, is typically employed to guarantee secure communications. As hand-held devices are carried by human beings, we may leverage their social trust to decrease the number of potential eavesdroppers. Aiming to establish a new paradigm for solving the challenging problem of security and efficiency tradeoff, we propose a social trust-aware D2D communication architecture that exploits the social-domain trust for securing the physical-domain communication. In order to understand the impact of social trust on the security of transmissions, we analyze the system ergodic rate of social trust aided communications via stochastic geometry, and our result based on a real data set shows that the proposed social trust aided D2D communication increases the system secrecy rate by about 63% compared with the scheme without considering social trust relation. Furthermore, in order to provide implementation mechanism, we utilize matching theory to implement efficient resource allocation among multiple users. Numerical results show that our proposed mechanism increases the system secrecy rate by 28% with fast convergence over the social oblivious approach.

Peng Wang,Chien-Ming Chen,Saru Kumari,Mohammad Shojafar,Rahim Tafazolli,Yi-Ning Liu

DOI: https://doi.org/10.1109/tits.2020.3013928

IF: 8.5

2021-08-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:The fifth-generation (5G) mobile communication technology with higher capacity and data rate, ultra-low device to device (D2D) latency, and massive device connectivity will greatly promote the development of vehicular ad hoc networks (VANETs). Meantime, new challenges such as security, privacy and efficiency are raised. In this article, a hybrid D2D message authentication (HDMA) scheme is proposed for 5G-enabled VANETs, in which a novel group signature-based algorithm is used for mutual authentication between vehicle to vehicle (V2V) communication. In addition, a pre-computed lookup table is adopted to reduce the computation overhead of modular exponentiation operation. Security analysis shows that HDMA is robust to resist various security attacks, and performance analysis also points out that, the authentication overhead of HDMA is more efficient than some traditional schemes with the help of the pre-computed lookup table in V2V and vehicle to infrastructure (V2I) communication.

engineering, electrical & electronic,transportation science & technology, civil

Ruhui Ma,Jin Cao,Dengguo Feng,Hui Li,Yinghui Zhang,Xixiang Lv

DOI: https://doi.org/10.1016/j.adhoc.2018.11.012

IF: 4.816

2018-01-01

Ad Hoc Networks

Abstract:To ensure secure and seamless handovers inter-Evolved Universal Terrestrial Radio Access Network (E-UTRAN) is a key issue in LTE-A networks. Due to the introduction of Home Evolved NodeB (HeNB), there are three different access modes for the HeNB and the mobility scenarios between the eNB and the HeNB in LTE-A networks are rather complicated. Different handover procedures are executed for different mobility scenarios according to the 3GPP committee, which makes the overall system complex. Thus, it is a key point to propose a unified and secure handover scheme to fit in with all the mobility scenarios in LTE-A networks. In this paper, we propose a secure handover authentication scheme based on the certificateless signcryption technique. Our proposed scheme can achieve the unified and secure handover procedure without sacrificing efficiency. The security and performance evaluations demonstrate that our proposed scheme can meet various security requirements including the perfect forward/backward secrecy and privacy preserving. At the same time, our scheme achieves ideal efficiency.

Jin Cao,Hui Li,Maode Ma

DOI: https://doi.org/10.1109/ICC.2015.7248787

2015-01-01

Communications

Abstract:Machine Type Communication (MTC) has quickly become the driving force of the mobile operators for a large number of real-time network applications. The design of the MTC security mechanisms in the mobile environments of the Long Term Evaluation-Advanced (LTE-A) networks is the major point of the future research for the LTE-A security. When a good deal of MTC devices simultaneously move to a new eNodeB (eNB), the current third Generation Partnership Project (3GPP) handover mechanisms require several handover signaling interactions, which could not only cause the signaling load over the access network and the core network, but also increase the energy consumption of MTC devices. In this paper, we enhance the current handover mechanisms and propose an efficient group-based anonymity handover authentication protocol for a lot of MTC devices with mobility, which is to fit in with all of the mobility scenarios in the LTE-A networks. Compared with the current 3GPP standards, our scheme can not only largely reduce the signaling costs in both the access network and the core network, but also achieve the privacy preservation.

Jin Cao,Maode Ma,Hui Li

DOI: https://doi.org/10.1109/GLOCOM.2012.6503964

2012-01-01

Abstract:To achieve seamless handovers between the Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and other access networks is a challenging task as it requires comprehensive real-time interconnectivity in the LTE networks. The third Generation Partnership Project (3GPP) has suggested support the mobility between the E-UTRAN and non-3GPP access networks, which requires full access authentication procedures and distinct procedures for different mobility scenarios, which will bring a lot of message exchanges and increase the system complexity. Besides, the existing handover schemes for other wireless networks are not suitable for the mobility scenarios in the LTE networks due to their inherent vulnerabilities. In this paper, we propose a fast and secure handover authentication scheme to fit in with all of the mobility scenarios in the LTE networks. Compared with other handover schemes, our scheme cannot only provide strong security guarantees including Perfect Forward Secrecy (PFS) and Master Key Forward Secrecy (MKFS) and user anonymity, but also achieve a simple authentication process with robust efficiency in terms of communication cost, storage cost and computational cost. The analysis results show that the proposed scheme is efficient and secure against various malicious attacks.