This article proposes a solution for two issues in current communications. Firstly, that IMS suffers from lack of clients. Secondly, that mobile operators want to give the subscriber a possibility to ...access their VoIP network and efficiently cover special, densely populated areas like airports. To address these problems, we have developed a novel service architecture, which allows 2G subscribers access to a SIP based VoIP network via WiFi complying security standards. User authentication and authorization is based on the EAP-SIM algorithm. Integrity and confidentiality is provided by IPSec connection established using parameters derived from authentication triplets. Consequently, all security-related issues can be performed exclusively using the Subscriber Identity Module (SIM). We have tested and verified the proposed architecture with a mobile phone and have proven the correctness of our approach. The main drawback that remains is the difficulty of IPSec implementation that can be bypassed by a special application.
Machine to Machine (M2M) communication has been used in applications such as telemetry, industry, automation and health. Support for a large number of devices has been considered an essential ...requirement in M2M communications. During this time, security is the most important challenge; M2M cannot access secure networks through effective authentication, all relevant M2M applications cannot be accepted. The challenge of M2M research is authentication by the group when a large number of M2M devices simultaneously accessing the network will cause severe authentication signaling congestion. The group based model under an M2M architecture, especially when the Machine Type Communication (MTC) devices belong to the non 3rd Generation Partnership Project (3GPP) network, will face a new challenge of access authentication. In this paper, we propose a group based authentication and key agreement protocol for machine type communications combining Elliptic Curve based Diffie-Hellman (ECDH) on the Extensible Authentication Protocol (EAP). Compared to EAP-AKA and other existing authentication protocols, our solution provides increased security against various malicious activities and better performance in terms of signaling overhead, bandwidth consumption and transmission cost.
3G/UMTS-WLAN heterogeneous mobile network is a complementary platform for the trend of Beyond-3G (B3G) wireless communications. However, the design of a secured and fast re-authentication protocol in ...3G/UMTS-WLAN interworking networks is a challenging task. Although EAP authentication and key agreement (EAP-AKA) protocol is adopted by the third generation partnership protocol (3GPP) to achieve authentication and security services in 3G/UMTS-WLAN interworking networks, it still suffers two main drawbacks. One is high re-authentication delays due to centralized re-authentication sessions within the RADIUS server and unnecessary multiple rounds of challenge-response messages traveling between the RADIUS server and the mobile station. The other is high intra-domain handover authentication delay incurred by EAP-AKA protocol without supporting intra-domain handover authentication. Thus, this paper proposes a novel protocol named Fast Iterative Localized Re-authentication (FIL Re-authentication) to replace the fast re-authentication in EAP-AKA protocol. Furthermore, FIL Re-authentication makes use of iterative process and localized re-authentication process for speeding up re-authentication times and reducing intra-domain handover authentication delays in 3G/UMTS-WLAN interworking networks. Additional, the simulation model based on Network Simulator 2 (NS-2) is used to provide a valid implementation and finally the performance evaluation shows that proposed protocol surpasses standard EAP-AKA protocol in terms of authentication session time, authentication delay and handover authentication delay.
UMTS-WLAN heterogeneous mobile networks allow a single mobile user with different radio technologies to access different mobile networks, but how to secure such interworking networks and provide a ...seamless service is a new challenge. Even if EAP-AKA protocol provides authentication services in UMTS-WLAN interworking networks, a fast re-authentication of EAP-AKA protocol still cannot overcome high re-authentication delays and delay-sensitive applications. Because a mobile user is authenticated by a remote RADIUS or a HLR/HSS both resided in 3G-UMTS home networks whatever a full authentication or a fast re-authentication is occurred. It causes that huge re-authentication session loads and cryptographic operation loads concentrated on the RADIUS and the HLR/HSS. In addition, such an inefficient authentication/re-authentication protocol also causes long authentication/re-authentication latency. Therefore, this article proposes a novel protocol named fast iterative localized re-authentication (FIL re-authentication) to replace the fast re-authentication of EAP-AKA protocol. The proposed protocol not only has minor modifications to attain the same security level as EAP-AKA, but it uses both localized re-authentication process and iterative process within the AP to handle the fast re-authentication locally and iteratively for speeding up the re-authentication. Additionally, the IEEE 802.11 WLAN simulation mode based on Network Simulator 2 is used for proving a valid implementation and for analyzing the performance of the proposed protocol. It shows superior results in comparison to the existing EAP-AKA protocol.
Wireless local area networks provide high speed data transferring rate to a mobile device. And it is crucial to integrate together two critical issues, the authentication and roaming in heterogeneous ...networks. For this, Tsai and Chang proposed a SIM-based authentication mechanism for wireless local area networks in 2006. Tsai and Chang's scheme provides an integration method of mobile cellular networks and wireless local area networks. Unfortunately, we found that there are some weaknesses existing in their scheme. In this paper, we propose an improved version for a user roaming in heterogeneous networks. Besides, we also proposed a mobile IP model to provide a better efficiency for a mobile user in WLAN environment.
The incorporation of The Third Generation (3G) networks with Wireless Local Area Networks (WLAN) is an inevitable outcome of mobile communication and wireless network development, and provides high ...quality services and anywhere-anytime connectivity to mobile users. To provide secure and trusted 3G-WLAN network, Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) is now used. However, EAP-AKA have several vulnerabilities, which can induce security threaten and lower efficiency of 3G-WLAN. Therefore, this paper analyzes vulnerabilities of EAP-AKA firstly, and proposes a new authentication and key agreement protocol based on certificateless public key cryptography in Trusted Network Connect (TNC) architecture. The proposed protocol combines D-H key exchange algorithm to overcome several vulnerabilities and provides strong security mutual-authentication between requestor and responder. Compared with other protocols based on public key cryptosystem with certificates, our protocol can also provide lightweight bandwidth consumption and high-level security.
The sufficient coalescent of high speed rate and agility for WLAN with high dependability and roam function for 3G make network interaction possible to satisfy people’s need. The paper carried on a ...comparison of technique characteristics of WiFi and 3G and particularly discussed various network mutual communication methods of two kinds of techniques, analyzed EAP-AKA safety authentication mechanism.
This paper analyzes the advantages and disadvantages of the existing 3GPP WLAN-4G converged network access authentication protocol EAP-AKA. Aiming at the design of power private network, this paper ...introduces the WAPI certificate authentication mechanism and designs an access authentication protocol WEAP. The proposed WLAN4G interconnection structure model and access authentication mechanism in this paper solve the problem of unified access authentication for WLAN terminals in a converged networking environment. Analysis and simulation results show that compared with the original WAPI authentication protocol, WAPI-XG1, the proposed protocol has higher security and execution efficiency.
3GPP-LTE networks use the EAP-AKA protocol to authenticate and negotiate session keys with mobile users. However, with the popular trend of single user owning multiple devices and subscribing to ...multiple services, the EAP-AKA protocol appears inefficient because its authentication is device-oriented. In this paper, we propose a secure and efficient multi-device and multi-service authentication protocol, called SEMMAP, for 3GPP-LTE networks. SEMMAP makes use of a key hierarchy and an authority-issued license to enable an authenticating server to quickly verify the legitimacy of multiple devices belonging to the same mobile user and conduct a fast key negotiation between the server and the mobile user. Performance analysis shows that SEMMAP is more efficient than the current EAP-AKA protocol under the multi-device, multi-service scenario in terms of authentication delay and storage overhead for Authentication Vector (AV) at authenticating servers.
Formal Verification of 5G EAP-AKA protocol Ajit, Megha; Sankaran, Sriram; Jain, Kurunandan
2021 31st International Telecommunication Networks and Applications Conference (ITNAC),
2021-Nov.-24
Conference Proceeding
The advent of 5G, one of the most recent and promising technologies currently under deployment, fulfills the emerging needs of mobile subscribers by introducing several new technological ...advancements. However, this may lead to numerous attacks in the emerging 5G networks. Thus, to guarantee the secure transmission of user data, 5G Authentication protocols such as Extensible Authentication Protocol - Authenticated Key Agreement Protocol (EAP-AKA) were developed. These protocols play an important role in ensuring security to the users as well as their data. However, there exists no guarantees about the security of the protocols. Thus formal verification is necessary to ensure that the authentication protocols are devoid of vulnerabilities or security loopholes. Towards this goal, we formally verify the security of the 5G EAP-AKA protocol using an automated verification tool called ProVerif. ProVerif identifies traces of attacks and checks for security loopholes that can be accessed by the attackers. In addition, we model the complete architecture of the 5G EAP-AKA protocol using the language called typed pi-calculus and analyze the protocol architecture through symbolic model checking. Our analysis shows that some cryptographic parameters in the architecture can be accessed by the attackers which cause the corresponding security properties to be violated.
PDF
