5G mobile terminals with advanced QoS-based user-centric aggregation (AQUA) for heterogeneous wireless and mobile networks

In this paper we present an advanced QoS provisioning module with vertical multi-homing framework for future fifth generation (5G) mobile terminals with radio network aggregation capability and traffic load sharing in heterogeneous mobile and wireless environments. The proposed 5G mobile terminal framework is leading to high performance utility networks with high QoS provisioning for any given multimedia service, higher bandwidth utilization and multi-RAT capabilities. It is using vertical multi-homing and virtual QoS routing algorithms within the mobile terminal, that is able to handle simultaneously multiple radio network connections via multiple wireless and mobile network interfaces. Our 5G proposal is user-centric, targeted to always-on connectivity, maximal network utilization, maximal throughput, seamless handovers and performances improvement by using vertical multi-homing, as well as session continuity. The performance of our proposed mobile terminal framework for 5G is evaluated using simulations and analysis with multimedia traffic in heterogeneous mobile and wireless scenarios with coexistence of multiple radio access technologies, such as 3G, 4G as well as future 5G radio access networks.     

Signalling analysis in integrated 4G networks

Scarce radio resources and the ambition to increase the number of mobile customers with a guarantee of service are pushing mobile communication systems from homogeneous non‐service convergent 2G and convergent‐service 2.5G and 3G wireless systems to heterogeneous integrated and convergent service 4G networks. This evolution has had several consequences from network design, control and service management points of view. In the emerging integrated 4G networks one of the issues is the signalling of information related to different control purposes such as QoS, mobility and security signalling. In fact, some questions such as which are the candidate signalling protocols, and which approach of integrated signalling to be adopted (unified versus non‐unified) need to be considered in the context of the emerging 4G integrated network. This is precisely the scope of this paper. We first identify the requirements related to mobility, security/AAA and QoS signalling, then we consider candidate signalling protocols and we propose possible approaches in the integration of signalling in the context of 4G networks. Copyright © 2006 John Wiley & Sons, Ltd.     

Experimental Analysis of an SSL-Based AKA Mechanism in 3G-and-Beyond Wireless Networks

The SSL/TLS protocol is a de-facto standard that has proved its effectiveness in the wired Internet and it will probably be the most promising candidate for future heterogeneous wireless environments. In this paper, we propose potential solutions that this protocol can offer to future “all-IP” heterogeneous mobile networks with particular emphasis on the user's side. Our approach takes into consideration the necessary underlying public key infrastructure (PKI) to be incorporated in future 3G core network versions and is under investigation by 3GPP. We focus on the standard 3G+ authentication and key agreement (AKA), as well as the recently standardized extensible authentication protocol (EAP)-AKA procedures and claim that SSL-based AKA mechanisms can provide for an alternative, more robust, flexible and scalable security framework. In this 3G+ environment, we perceive authentication as a service, which has to be performed at the higher protocol layers irrespectively of the underlying network technology. We conducted a plethora of experiments concentrating on the SSL's handshake protocol performance, as this protocol contains demanding public key operations, which are considered heavy for mobile devices. We gathered measurements over the GPRS and IEEE802.11b networks, using prototype implementations, different test beds and considering battery consumption. The results showed that the expected high data rates on one hand, and protocol optimisations on the other hand, can make SSL-based authentication a realistic solution in terms of service time for future mobile systems.     

一种泛在网络的安全认证协议

泛在网络是标准的异质异构网络,保证用户在网络间的切换安全是当前泛在网的一个研究热点。该文对适用于异构网络间切换的认证协议EAP-AKA进行分析,指出该协议有着高认证时延,且面临着用户身份泄露、中间人攻击、DoS攻击等安全威胁,此外接入网络接入点的有效性在EAP-AKA协议中也没有得到验证,使得用户终端即使经过了复杂的认证过程也不能避免多种攻击。针对以上安全漏洞,该文提出一种改进的安全认证协议,将传统EAP-AKA的适用性从3G系统扩展到泛在网络中。新协议对传播时延和效率进行完善,为用户和接入点的身份信息提供有效性保护,避免主会话密钥泄露,采用椭圆曲线Diffie Hellman算法生成对称密钥,在每次认证会话时生成随机的共享密钥,并实现用户终端与家乡域网络的相互认证。通过开展实验,对协议进行比较分析,验证了新协议的有效性及高效率。     

Confirming Connectivity in Interworked Broadcast and Mobile Networks

Industry reactions to major shifts such as mobile broadcast convergence are typically a mixture of opportunities and threats. Both the mobile and the broadcast industries acknowledge the role that convergence will play in their commercial futures, but both would prefer to achieve convergence "on their own patch." For this reason, the most appealing solution to fulfil the contrasting requirements from the different players is represented by interworking between these networks rather than integration. This approach avoids integration, thereby minimizing the changes required in each network and ensuring each network remains an autonomous, independently managed entity. The Internet protocol (IP) is chosen as the "glue" between these heterogeneous networks, providing the generic interworking platform. The main reason behind this choice is that IP was designed as an "interworking protocol" to connect multiple, physically-different networks in such a way as to remain independent of the underlying transport mechanisms used. This article concentrates on the confirm connectivity architecture definition of the interworking model between WLAN, 3G, and DVB. Broadcast networks are uni-directional in nature. When a user wants to receive a service over a broadcast network, there is no way to know whether the broadcast interface of the terminal is configured correctly. In this article we describe a method to automatically configure and test, without user intervention, that the DVB interface of the terminal can receive datagrams from the broadcast network. Furthermore, an optimization method to reduce the total number of confirm connectivity messages (CCMs) sent by the multimode terminals is introduced with simulation results to validate and prove its effectiveness     

A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks

Nowadays, seamless roaming service in heterogeneous wireless networks attracts more and more attention. When a mobile user roams into a foreign domain, the process of secure handover authentication and key exchange (AKE) plays an important role to verify the authenticity and establish a secure communication between the user and the access point. Meanwhile, to prevent the user's current location and moving history information from being tracked, privacy preservation should be also considered. However, existing handover AKE schemes have more or less defects in security aspects or efficiency. In this paper, a secure pairing‐free identity‐based handover AKE protocol with privacy preservation is proposed. In our scheme, users' temporary identities will be used to conceal their real identities during the handover process, and the foreign server can verify the legitimacy of the user with the home server's assistance. Besides, to resist ephemeral private key leakage attack, the session key is generated from the static private keys and the ephemeral private keys together. Security analysis shows that our protocol is provably secure in extended Canetti‐Krawczyk (eCK) model under the computational Diffie‐Hellman (CDH) assumption and can capture desirable security properties including key‐compromise impersonation resistance, ephemeral secrets reveal resistance, strong anonymity, etc. Furthermore, the efficiency of our identity‐based protocol is improved by removing pairings, which not only simplifies the complex management of public key infrastructure (PKI) but also reduces the computation overhead of ID‐based cryptosystem with pairings. It is shown that our proposed handover AKE protocol provides better security assurance and higher computational efficiency for roaming authentication in heterogeneous wireless networks.     

异构无线网络可控匿名漫游认证协议

分析传统的匿名漫游认证协议,指出其存在匿名不可控和通信时延较大的不足,针对上述问题,本文提出异构无线网络可控匿名漫游认证协议,远程网络认证服务器基于1轮消息交互即可完成对移动终端的身份合法性验证;并且当移动终端发生恶意操作时,家乡网络认证服务器可协助远程网络认证服务器撤销移动终端的身份匿名性.本文协议在实现匿名认证的同时,有效防止恶意行为的发生,且其通信时延较小.安全性证明表明本文协议在CK安全模型中是可证安全的.     

A new model for service and application convergence in B3G/4G networks

4G mobile communication networks encompass heterogeneous technologies that can be categorized at different levels according to their access coverage. Personal area, body area, and ad hoc networks are defined at a personal level, WLAN and UWB are examples at a local/ home level, and 3G technologies such as UMTS are technologies at a cellular level. In spite of their heterogeneity, these technologies shall be seamlessly integrated in 4G networks, naturally creating an open architecture. By openness we mean that the network architecture is divided into different layers, and the communication between these layers is performed through open interfaces or APIs. Although this open integration between 4G technologies is normally presented at the lower layers (connectivity and control), integration at the upper layers (service and application) is equally important. In this article we present a new model for service and application integration in 4G networks. This model generalizes the different service and application creation environments defined for each of the previously mentioned technologies, providing a uniform and interoperable framework for 4G services and applications. The model is based on a hierarchical architecture that provides compatibility for services in different technologies and at the same time is able to capture the specific details for each particular technology. The model also defines how 4G applications should be specified. In the last part of this article we present a testbed we have implemented in order to validate this model.     

浅析下一代移动通信网络的安全问题

随着移动通信网络的不断发展,无线接人技术、终端技术、网络技术和业务平台技术正向异构化、多样化和泛在化的趋势发展。下一代移动通信网络具有开放、灵活、可管理、移动的网络架构特点,因此其安全问题将比以往移动通信系统更加复杂。文章从下一代移动通信网络的组网结构人手,结合第二代及第三代移动通信系统存在的安全问题,分析下一代移动通信网络所面临的安全威胁,论述了其应具有的安全体系结构。     

互域移动性的一种新的安全路由最优化协议

下一代移动网络提供一种方法支持移动用户在异构的接入网络之间漫游。我们需要在不同的移动管理域之间建立信任关系。在这篇文章中,提出了基于公钥密钥交换协议的互域网移动性的新的安全最优化路由协议。移动节点之间的信息交换将比通常的方法少。     

A heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks

A mobile ad hoc network does not require fixed infrastructure to construct connections among nodes. Due to the particular characteristics of mobile ad hoc networks, most existing secure protocols in wired networks do not meet the security requirements for mobile ad hoc networks. Most secure protocols in mobile ad hoc networks, such as secure routing, key agreement and secure group communication protocols, assume that all nodes must have pre‐shared a secret, or pre‐obtained public‐key certificates before joining the network. However, this assumption has a practical weakness for some emergency applications, because some nodes without pre‐obtained certificates will be unable to join the network. In this paper, a heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks is proposed to remedy this weakness. Several heterogeneous networks (such as satellite, unmanned aerial vehicle, or cellular networks) provide wider service areas and ubiquitous connectivity. We adopt these wide‐covered heterogeneous networks to design a secure certificate distribution scheme that allows a mobile node without a pre‐obtained certificate to instantly get a certificate using the communication channel constructed by these wide‐covered heterogeneous networks. Therefore, this scheme enhances the security infrastructure of public key management for mobile ad hoc networks. Copyright © 2006 John Wiley & Sons, Ltd.     

无线异构网络的关键安全技术

异构网络的融合及协同工作在下一代公众移动网络中将是一个很普遍的问题,无线异构网络融合技术作为改善公众移动网络的覆盖和容量以及提供无处不在的通信能力、接入Internet的能力和无处不在的移动计算能力的有效手段,已引起广泛的关注,有着良好的应用前景。构建无线异构网络的安全防护体系,研究新型的安全模型、关键安全技术和方法,是无线异构网络发展过程中所必须关注的重要问题。无线异构网络中的关键安全技术包括安全路由协议、接入认证技术、入侵检测技术、节点间协作通信等。     

异构无线网络的自适应垂直切换判决算法

在未来的异构环境中,网络间的垂直切换将对QoS保证产生重要影响。针对移动终端在异构网络间切换不理想的问题,提出了一种自适应的垂直切换判决算法。采用基于用户多应用的代价函数对接入网络进行评估与选择,综合考虑移动终端当前的电池电量,判断当前业务是否需要进行网络切换,使移动终端能自适应地进行切换判决。仿真结果表明,该算法可以有效地延长移动终端的工作时间,减少乒乓效应,提高系统的切换性能,改善业务的QoS。     

Light-Weight AAA Infrastructure for Mobility Support Across Heterogeneous Networks

Security and privacy architecture for various access networks have often been considered on the upper service layers in the form of application and transport security and from lower layers in the form of security over wireless networks. Today there is no trust relationship between the stakeholders of different access network types for e.g. wireless mesh network, wireless PAN, wireless LAN, cellular network, satellite etc. and each have their own security mechanism. What is common for these access networks is the networking layer which is IP based. In order to provide seamless service across these heterogeneous access networks there must be a trust relationship among the stakeholders for authentication, authorization, accounting and billing of end user. However, what is still missing is a general solution which is both adaptable to the network types and conditions and also takes into account end system capabilities as well as enabling inter-domain AAA negotiation. This paper proposes a light-weight AAA infrastructure providing continuous, on-demand, end-to-end security in heterogeneous networks.     

IP multimedia services: analysis of mobile IP and SIP interactions in 3G networks

Third-generation cellular networks have been designed to provide a variety of IP data services. Both IPv4 and IPv6 are supported in order to provide future-proof solutions. Mobility is supported through both cellular-specific and IP mechanisms. Mobile IP is becoming a key technology for managing mobility wireless networks. At the same time, the session initiation protocol is the key to realizing and provisioning services in IP-based cellular networks. The need for mobility of future real-time service independent of terminal mobility requires SIP to seamlessly interwork with mobile IP operations. In this article, we investigate the issues related to interworking between SIP and mobile IP, with a focus on IPv6 and the applicability to 3G networks being standardized in 3GPP and 3GPP2.     

Seamless session mobility scheme in heterogeneous wireless networks

The next generation wireless communication system will likely be heterogeneous networks, as various technologies can be integrated on heterogeneous networks. A mobile multiple‐mode device can easily access the Internet through different wireless interfaces. The mobile multiple‐mode device thus could switch to different access points to maintain the robustness of the connection when it can acquire more resources from other heterogeneous wireless networks. The mobile multiple‐mode device therefore needs to face the handover problem in such environment. This work introduces Session Initiation Protocol (SIP)‐based cross‐layer scheme to support seamless handover scheme over heterogeneous networks. The proposed scheme consists of a battery lifetime‐based handover policy and cross‐layer fast handover scheme, called the SIP‐based mobile stream control transmission protocol (SmSCTP). This work describes the major idea of the proposed scheme and infrastructure. The proposed scheme has been implemented in Linux system. The simulation and numerical results demonstrate that the proposed SmSCTP scheme yields better signaling cost, hand‐off delay time, packet loss and delay jitter than SIP and mSCTP protocols. Copyright © 2010 John Wiley & Sons, Ltd.     

Service‐oriented 5G network architecture: an end‐to‐end software defining approach

With the ever‐increasing mobile demands and proliferation of mobile services, mobile Internet has penetrated into every aspect of human life. Although the 4G mobile communication system is now being deployed worldwide, simply evolving or incrementally improving the current mobile networks can no longer keep the pace with the proliferation of mobile services. Against this background, aiming to achieve service‐oriented 5G mobile networks, this article proposes an end‐to‐end software defining architecture, which introduces a logically centralized control plane and dramatically simplifies the data‐plane. The control plane decomposes the diversified mobile service requirements and, correspondingly, controls the functions and behaviors of data‐plane devices. Consequently, the network directly orients towards services, and the devices are dynamically operated according to the service requirements. Therefore, the proposed architecture efficiently guarantees the end‐to‐end QoS and quality of experience. The challenges and key technologies of our architecture are also discussed in this article. Real traces‐based simulations validate the performance advantages of proposed architecture, including energy efficiency and the whole performance. Copyright © 2015 John Wiley & Sons, Ltd.     

Mobility support across hybrid IP-based wireless environment: review of concepts, solutions, and related issues

The 4G or Beyond 3G wireless networks is consist of IP-based heterogeneous access networks from 3G cellular, WiFi, WiMAX to other emerging access technologies such as mesh networks. The key objective of designing the next generation wireless networks is to support of mobile subscribers. To support the mobile host in the hybrid wireless access technologies, many solutions based on network protocol stack have been proposed in the literature. In this article, after review of mobility concepts, a special attention is given to some of the mobility management methods as well as handover techniques across various wireless access networks. We have also compared the major mobility protocols in each layer for their features. Finally, some of the open issues that needed to be addressed in mobility management protocol in the next generation wireless networks are outlined.     

协议组合逻辑安全的4G无线网络接入认证方案

针对4G无线网络中移动终端的接入认证问题,基于自证实公钥系统设计了新的安全接入认证方案,并运用协议演绎系统演示了该方案形成的过程和步骤,用协议组合逻辑对该方案的安全属性进行了形式化证明.通过安全性证明和综合分析,表明该方案具有会话认证性和密钥机密性,能抵御伪基站攻击和重放攻击,并能提供不可否认服务和身份隐私性,同时提高了移动终端的接入效率     

An efficient chaos‐based 2‐party key agreement protocol with provable security

Key agreement protocol is an important cryptographic primitive, which allows 2 parties to establish a secure session in an open network environment. A various of key agreement protocols were proposed. Nowadays, there still exists some other security flaws waiting to be solved. Owing to reduce the computational and communication costs and improve the security, chaotic map has been studied in‐depth and treated as a good solution. Recently, Liu et al proposed a chaos‐based 2‐party key agreement protocol and demonstrated that it can defend denial‐of‐service attack and replay attack. We found, however, it cannot resist off‐line password‐guessing attack, and it also has some other security flaws. In this paper, we propose an improved chaos‐based 2‐party key agreement protocol. The results prove that the protocol can solve the threats of off‐line password‐guessing attack and other security flaws in the security proof section. What is more, performance analysis shows that the computational cost of the improved protocol is lower than Liu et al protocol.