In the next-generation heterogeneous wireless networks, designing authentication protocols that meet the demand of mobile users/applications is a challenge. This paper proposes authentication and ...re-authentication protocols for 4G wireless networks, in particular, LTE-Advanced (LTE-A), WLAN, and WiMAX-Advanced (WiMAX-A) interworking architecture. The proposed protocols are applicable to 5G networks. With the consideration of the existing standard authentication protocols, a new set of authentication and re-authentication protocols has been reinvented to provide fast and secure handovers (HO) in the current 4G and the next 5G networks. The proposed authentication protocols can be invoked when the users perform a vertical HO (between different networks) for the first time, whereas the re-authentication protocols can be invoked when the users perform a horizontal HO (within the same network domain). These protocols provide an efficient method to protect user identity and reduce the burden on the authentication server (AS) during the sequential handovers. The results of the analytical model show that the proposed protocols achieve better performance than standard and other protocols. The reduction of handover cost, handover delay, and energy consumption in the proposed protocols reaches up to 22%, 44%, and 17%, respectively. In addition, the verification tools show that the proposed protocols are secure, dependable, and prevent all types of authentication and secrecy attacks.
The end user’s Quality of Experience (QoE) will be improved while accessing services in Fifth Generation Mobile Network (5G), supported by enhanced security and privacy. The security guarantees ...offered by the Authentication and Key Agreement (AKA) protocols will be depended upon by end users and network operators. The AKA protocols have been standardized for 5G networks, and the Extensible Authentication Protocol (EAP)-AKA’ protocol is one of the main authentication mechanisms that has been specified for User Equipment (UE) and network mutual authentication. This article models the EAP-AKA’ protocol and conducts an extensive formal verification of the EAP-AKA’ protocol as defined in the 5G security standard to determine whether the protocol is verifiably secure for 5G. It provides a security evaluation of the EAP-AKA’ protocol based on the current 5G specifications using ProVerif, a security protocol proof verifier. It also presents security properties that support the security verification, as well as quantitative properties that are used to assess the protocol’s performance. Finally, it compares the EAP-AKA’ and 5G-AKA protocols’ security and performance results.
NFC (Near Field Communication) is widely used in day-to-day applications such as in credit cards and smartphones. thus, RFID (Radio Frequency Identification) is being replaced by NFC in many ...applications. However, the access control system operates on RFID. The existing RFID-based access control systems provide only passive communication, and the authentication process is fragile and vulnerable to malicious hacking because the user information is stored by the reader. Therefore, in this study, we designed and implemented an access control system that uses the NFC-based active authentication technique. To evaluate the system implemented in this study, we performed comparison analysis with the existing NFC security authentication protocols based on whether they provided mutual authentication and whether they could respond to major security threats. The evaluation results showed that the proposed protocol normally supported mutual authentication functions between NFC devices, and ensured secure wireless communications by tackling major security threats that might occur in NFC security authentication protocols.
Extensible Authentication Protocol (EAP) is a universal authentication framework defined by RFC3748 and updated by RFC5247. It is not a specific authentication mechanism for exclusive system and then ...the widespread acceptance and implementation in wireless networks or other Point-to-Point (P2P) connections. A number of vendor specific EAP methods were proposed for special purpose such as EAP-MD5, EAP-TLS, EAP-TTLS, EAP-PEAP, LEAP, SPEKE, EAP-SIM, EAP-AKA, EAP-FAST, and so on. All of them have a common characteristic that the client submitted his Security Association (SA) to the neighbor Access Point (AP), then AP forward it to identify his validity by Authentication Authorization Accounting (AAA) server of both sides.
Although these EAPs are design to meet the widespread authentication demands. But in fact they have the independent authentication procedure respectively. That is they are incompatible with each other. For mobile devices, in order to meet the needs of different connection it had to support many of the EAPs. This situation for the most mobile devices is a heavy load and result the inconvenient which move in the different service network. This paper devotes in solves this situation. For this goal, an extensible authentication protocol for mobile equipment to heterogeneous network (EAP-M2H) is provided in the paper. EAP-M2H development from the EAP-AKA and improve their applicability and compatibility in heterogeneous network.
The Universal Mobile Telecommunication Standard (UMTS) is continuously evolving to meet the growing demand of modern mobile and Internet applications for high capacity and advanced features in ...security and quality of service. Although admittedly enhanced in terms of security when compared to 2G systems, UMTS still has weaknesses that can lead to security incidents. In this paper, we investigate the vulnerabilities of the UMTS security architecture that can be exploited by a malicious individual to mount Denial of Service (DoS) attacks. Our focus is on signaling-oriented attacks above the physical layer. We describe and analyze several novel attacks that can be triggered against both core UMTS architecture as well as hybrid UMTS/WLAN realms. An additional contribution of this paper is the presentation of an extensive survey of similar attacks in UMTS and related protocol infrastructures such as IP Multimedia Subsystem (IMS). Finally, we offer some suggestions that would provide greater tolerance to the system against DoS attacks.
Wireless technologies such as the Wireless Local Area Network (WLAN), the Worldwide Interoperability for Microwave Access (WiMAX), and the Third-Generation (3G) mobile communications system ...complement each other to support a variety of services suited for the home, urban, and global environments. As roaming users expect a seamless handover (HO) experience when switching from one wireless network to another, fast and secure HO operations must be supported by the networks. In this paper, we present and analyze five reauthentication protocols for HOs between WiMAX and WLANs by subscribers of networks conforming to the 3G Partnership Project (3GPP) standards. Our proposed protocols achieve outstanding performance results compared to standard protocols in terms of reauthentication signaling traffic and reauthentication delay, while fulfilling essential HO security requirements such as the provision of mutual authentication and forward and backward secrecy.
The Initial Network Entry Authentication (INEA) process is the first security entry between client and WiMAX network. WiMAX architecture provides a significant flexibility to respect wireless ...security requirements. The INEA framework is based on the Extensible Authentication Protocol (EAP) for user authentication and key management. However, EAP authentication method introduces high authentication delay and signaling cost when the user moves between stations. These impact negatively the handover process and decrease the Quality of Service of WiMAX networks. In this paper, we analyze the existing INEA authentication process and we propose a new authentication method and key agreement for handovers process. To prove the new method validity, the verification is performed by using the formal security analyzer Automated Validation of Internet Security Protocols and Applications which is a performed tool to find automatically potential attacks in security protocols. Furthermore, the proposed protocol is compared with other handover protocols. The comparison shows that proposed protocol outperforms the other protocols.
Since the 802.16e standard has been released, there are few authentication pattern schemes and Extensible Authentication Protocol (EAP) selection proposals for manufacturers to choose from in ...large-scale network systems. This paper focuses on the re-authentication method’s design, improvement, and optimization for the PMP mode of the IEEE 802.16e standard in large-scale network systems to ensure the security of the keys. We first present an optimized scheme, called EAP_AKAY, based on the EAP-AKA authentication method (Arkko and Haverinen in Extensible Authentication Protocol Method for UMTS Authentication and Key Agreement (EAP-AKA),
2004
), and then a self-adaptive
K
selection mechanism is proposed for re-authentication load balancing based on EAP_AKAY in large-scale network systems. This presented mechanism considers the cost of authentication, not only at the server end, but also at the client end. Thus, this scheme would minimize the total cost and resolve the limitation in current schemes. Furthermore, the
K
value would be re-selected, not only when MS is roaming to another BS region, but also in residing time to adapt to network environment changes. The simulation results and relevant analysis demonstrate that our scheme is effective in terms of the total cost of authentication, master key renewal, and good security.
The incorporation of Wireless Local Area Networks (WLANs) within the third generation (3G) networks materializes the next generation of mobile/wireless systems, named 3G-WLANs integrated networks. ...This paper proposes an improved authentication procedure for the 3G-WLANs integrated networks that enables a WLAN user to get access to the 3G packet switched services or to the public Internet through the 3G public land mobile network. The proposed procedure reduces significantly the authentication overhead compared to the legacy one, without compromising the provided security services. A security analysis of the proposed authentication procedure is elaborated that ensures the correctness of the authentication procedure, the provision of advanced security services and the elimination of possible attacks that may threaten the proposed authentication procedure. In addition, an energy cost analysis is carried out that compares the energy consumption induced by the legacy and the proposed authentication procedures. Finally, a communication cost analysis is provided that estimates the cost improvement of the proposed over the legacy authentication procedure.