The new re-authentication protocol named SFR is proposed to make up for lack of authentication to access network in existing re-authentication protocol. One kind of key is generated using SKEY ...authentication algorithm in SFR. SFR is the parallel composition of sub-protocol SFR1 and SFR2. WLAN-UE and HAAA authenticate mutually in SFR1. WLAN-UE and WLAN-AN authenticate mutually in SFR2. The security of new protocol utilizes the PCL formalization proof. The proof indicates that the new protocol has session authentication, key secrecy and can be defense the attack of redirection. SFR achieves faster and secure accessing the 3G-WLAN architectures.
The next generation wireless access networks (NGWN) should be capable of interoperable with other communication technologies and should coordinate with them to offer best connectivity to the users. ...It is being a challenging task in heterogeneous wireless access networks for supporting seamless handover from one technology to another with minimal packet loss and low latency. The 3G/UMTS-WLAN interworking allows the mobile station to choose between 3G or WLAN radio access technologies for satisfying requirements of mobile users. Since mobile users moving between 3G/UMTS and WLAN, it has to be authenticated every time it moves to another access technology. The existing authentication protocol like full authentication protocol and fast re-authentication protocol has high computation load on HLR/HSS and RADIUS server and unacceptable packet loss due to high authentication delay. Fast iterative localized re-authentication with minor changes to EAP-AKA protocol reduces the authentication delay, but it fails to satisfy the security on authentication vectors in the access point. The proposed work enhances the security on fast iterative localized re-authentication protocol with minimal authentication delay and minimum signaling cost. The security significance of the proposed protocol is verified with AVISPA (Automated Validation of Internet Security Protocols and Applications) security analyzer.
The 3G network technology provides a completed connectivity solution with low data rates. While wireless network offers a high data rate in a small geographic area, interworking the 3G and WLAN can ...provide a complementary solution for network service and user equipment. This interworking introduces a new challenge to assure a secure and fast handover without impacting the service security in both networks. EAP-AKA is the authentication mechanism adopted by the 3rd Generation Partnership Project (3GPP) for vertical handover between the 3G and WLAN. The EAP-AKA method suffers from several weaknesses, such as user identity display, high authentication delay and additional bandwidth consumption. In this paper we propose a new fast local re-authentication method (EAP-FLAKA) based on the standard EAP-AKA. The proposed method improves the authentication performance, achieves fast re-authentication protocol and defines a new keying framework. The security properties of the new method are checked by using a formal verification (AVISPA) which has proved a high talent in automatically finding potential attacks in security protocols.
With the increasing demand for mobile data services and increased availability of multimode devices with multiple wireless interfaces, seamless mobility and service continuity across heterogeneous ...networks has become a differentiating service for Operators to offer users an enhanced mobile experience. In recent years, the Federated Identity Management (IdM) standards and technologies have rapidly evolved to address security, user experience, and privacy needs from an application layer perspective or as seen from the end user. As a result of these Federated IdM activities, a Single Sign-On (SSO) concept has been created in which a user may use a single set of authentication credentials to gain access to multiple independent Application Services. This paper provides an overview of the various layers of security in a communications protocol stack and then presents an approach to achieve seamless mobility across heterogeneous networks based on Federated Identity systems. By leveraging a pre-established application layer security association, access layer authentication and setup of a secure channel in an on-demand, automated and seamless manner may be carried out whilst roaming across disparate networks.
3G/UMTS-WLAN heterogeneous mobile network is a complementary platform for the trend of Beyond-3G (B3G) wireless data communications. However, the design of a securing authentication protocol in ...3G/UMTS-WLAN heterogeneous mobile networks is a challenging task. Even though EAP authentication and key agreement protocol (EAP-AKA) is adopted by 3rd generation partnership protocol (3GPP) to achieve authentication and security services in 3G/UMTS-WLAN interworking networks, it suffers a main drawback that is high re-authentication delay due to centralized re-authentication sessions within the RADIUS server and unnecessary multiple rounds of challenge-response messages traveling between the RADIUS server and UEs. In this paper, the iterative distributed re-authentication scheme is proposed to substitute for the fast re-authentication in EAP-AKA, and iterative process and distributed process within access points (APs) are introduced for reducing re-authentication latency. Also, the simulation model based on Network Simulator 2 (NS-2) is used to provide a proof-of-concept implementation in authentication session time, and the simulation results show that the reduction of authentication session time in the proposed scheme reaches up to 84.4% and 71.2% comparing to the full authentication scheme and the fast re-authentication scheme, respectively.
Next generation networks (NGNs) provide multimedia services to mobile users through different access networks that facilitate users autonomy. The security architecture of NGNs specifies that a WLAN ...user must follow a multi-pass authentication and key agreement (AKA) procedure in order to get access to the IP multimedia subsystem (IMS) services. This paper proposes an improved one-pass AKA procedure for NGNs that reduces significantly the authentication overhead compared to the multi-pass, without compromising the provided security services. A communication cost analysis is provided that estimates the cost improvement of the proposed one-pass over the multi-pass AKA authentication procedure. The proposed procedure has minimal impact on the network infrastructure and functionality and does not require any changes to the existing authentication protocols.
With the increasing demand for mobile data services and increased availability of multimode devices with multiple wireless interfaces, seamless mobility and service continuity across heterogeneous ...networks has become a differentiating service for Operators to offer users an enhanced mobile experience. In recent years, the Federated Identity Management (IdM) standards and technologies have rapidly evolved to address security, user experience, and privacy needs from an application layer perspective or as seen from the end user. As a result of these Federated IdM activities, a Single Sign-On (SSO) concept has been created in which a user may use a single set of authentication credentials to gain access to multiple independent Application Services. This paper provides an overview of the various layers of security in a communications protocol stack and then presents an approach to achieve seamless mobility across heterogeneous networks based on Federated Identity systems. By leveraging a pre-established application layer security association, access layer authentication credentials may be generated using a bootstrapping mechanism to enable authentication and setup of a secure channel in an on-demand, automated and seamless manner may be carried out whilst roaming across disparate networks. A comparison of the proposed scheme and state-of-the-art techniques is included.
To address future demand for improved services the next generation mobile systems will be compatible and interoperable with IPv6 and with various access technologies such as 802. llx. Discussion in ...the literature is currently as to whether the recently developed High Speed Packet Access (HSPA) or the developing Long Term Evaluation (LTE) technology is appropriate for the next generation mobile system. However, the HSPA and the LTE technologies require enhancements to provide ubiquitous data services. Hybrid network interworking of 3G/WLAN is capable of supporting ubiquitous data services and improved data rates in WLAN hotspots. This paper provides the results of a performance analysis of two potential 3G/WLAN integration schemes: tight and loose coupling. Mobile IP is used as a mobility management scheme and EAP-AKA for common authentication.
The convergence of third generation (3G) wide area wireless network and wireless local area network (WLAN) offers characteristics that complement each other perfectly. To provide secure 3G-WLAN ...convergence, extensible authentication protocol-authentication and key agreement (EAP-AKA) protocol, that has got many risk, is used. This paper elaborate risks in using EAP-AKA for 3G-WLAN convergence, proposes an authentication and key agreement protocol that combines elliptic curve Diffie-Hellman (ECDH) with symmetric key cryptosystem. The proposed protocol when analysed using simulation tool shows that it not only overcomes the risk, it ensures optimal quality of service (QoS) because of its less delay for authentication compared to EAP-AKA.
A formal analysis based on PCL (Protocol Composition Logic) points out the vulnerability during the composition of EAP-AKA, and proposes an improved protocol EAP-AKA'. Based on DH protocol, the new ...protocol has session key secrecy, meanwhile, avoids the vulnerability to redirection attack and replay attack. Then a security analysis of the EAP-AKA' is made based on PCL, the analysis indicates that sub-protocols have SSA and key secrecy. According to the sequential rule, the precondition of a sub-protocol is preserved by the other one later in the chain, and each sub-protocol respects the invariant of the other, So EAP-AKA' is secure in the PCL mode.