An authentication technique based on distributed securitymanagement for the global mobility network

This paper proposes an authentication technique for use in the global mobility network (GLOMONET), which provides a personal communication user with global roaming service. This technique is based on new distributed security management, where authentication management in roaming-service provision is conducted only by the roamed network (the visited network). The original security manager (OSM) administrates the original authentication key (OAK) acquired when a user makes contracts with the home network, while the temporary security manager (TSM) is generated for a roamer in the visited network in order to provide roaming services. The TSM generates and administrates the temporary authentication key (TAK) for a roamer, which key is confidential to the OSM, releases the TAK administration when a roamer moves to other networks, and then disappears. The proposed authentication technique consists of two phases. In the roaming-service-setup phase, triggered by the user's location registration request, authentication control to set up the roaming-service environment is negotiated by the TSM in the visited network, the OSM, and the roamer. In the roaming-service-provision phase, triggered by the user's service request, authentication control to provide the roaming service is negotiated (using the TAK acquired by the roamer in the first phase) only by the visited network and the roamer. This authentication control using the TAK provides a unified authentication procedure with a single logic to both subscribers and roamers. In addition, the security management of the whole GLOMONET is reinforced and the security responsibility is made clear by allocating the subscriber's/roamer's security administration to only the TSM     

A new signaling protocol for intersystem roaming in next-generationwireless systems

In next-generation wireless systems, one of the major features that is different from the current personal communication service systems is the seamless global roaming. The mobile subscribers will be allowed to move freely across different networks while maintaining their quality of service for a variety of applications. To meet this demand, the signaling protocol of mobility management must be designed, supporting location registration and call delivery for roaming users who move beyond their home network. A new signaling protocol is proposed, emphasizing the active location registration for ongoing services during the mobile subscribers' movement. Another important goal of this new protocol is to reduce the overhead caused by mobility management so that the signaling traffic load and consumption of network resources can be reduced. The new protocol efficiently reduces the latency of call delivery and call loss rate due to crossing wireless systems with different standards or signaling protocols. The numerical results reveal that the proposed protocol is effective in improving the overall system performance     

An Enhanced Authentication Scheme with Privacy Preservation for Roaming Service in Global Mobility Networks

Global mobility network (GLOMONET) provides global roaming service to ensure ubiquitous connectivity for users traveling from one network to another. It is very crucial not only to authenticate roaming users, but to protect the privacy of users. However, due to the broadcast nature of wireless channel and resource limitations of terminals, providing efficient user authentication with privacy preservation is challenging. Recently, He et al. proposed a secure and lightweight user authentication scheme with anonymity for roaming service in GLOMONETs. However, in this paper, we identify that the scheme fails to achieve strong two-factor security, and suffers from domino effect, privileged insider attack and no password change option, etc. Then we propose an enhanced authentication scheme with privacy preservation based on quadratic residue assumption. Our improved scheme enhances security strength of He et al.’s protocol while inheriting its merits of low communication and computation cost. Specifically, our enhanced scheme achieves two-factor security and user untraceability.     

A self-encryption mechanism for authentication of roaming and teleconference services

A simple authentication technique for use in the global mobility network (GLOMONET) is proposed. This technique is based on the concept of distributed security management, i.e., the original security manager administrates the original authentication key (long-term secret key) acquired when a user makes a contract with his home network, while a temporary security manager is generated for a roaming user in the visited network that provides roaming services. The temporary security manager will take the place of the original security manager when the roaming user stays in the service area of the visited network. In the proposed authentication protocol for the regular communication phase, the procedures of the original security manager and the temporary security manager are the same except for introducing different parameters. Furthermore, the proposed technique not only reduces the number of transmissions during the authentication phase, but it also can decrease the complexity of mobile equipment. The idea behind the proposed technique is to introduce a simple mechanism which is called "self-encryption". We also suggest that this mechanism can be easily adopted as the authentication function for the secure teleconference service.     

Consideration on common channel signaling evolution for globalintelligent networking

With the evolution of digital networks and intelligent network (IN) capabilities, the role of common channel signaling has become more and more important. In respect to IN, common channel signaling would play a significant role not only inside one network but also over multiple networks. International credit card validation and internetworking for digital mobile services represented by GSM (Global System for Mobile Communications) are examples which utilize internetwork signaling capabilities in the framework of the initial-phase IN. Enhanced service providers (ESPs) may access the public network through the common channel signaling interface to make use of the IN capabilities, as is being discussed in terms of ONA (open network architecture) or ONP (open network provision). This paper first identifies various scenarios where internetwork signaling interactions would take place in the framework of IN in the forthcoming era. It then identifies various requirements to cope with these scenarios. It finally discusses the directions for evolution of common channel signaling toward global intelligent networking     

Design and Validation of an Efficient Authentication Scheme with Anonymity for Roaming Service in Global Mobility Networks

Designing a user authentication protocol with anonymity for the global mobility network (GLOMONET) is a difficult task because wireless networks are susceptible to attacks and each mobile user has limited power, processing and storage resources. In this paper, a secure and lightweight user authentication protocol with anonymity for roaming service in the GLOMONET is proposed. Compared with other related approaches, our proposal has many advantages. Firstly, it uses low-cost functions such as one-way hash functions and exclusive-OR operations to achieve security goals. Having this feature, it is more suitable for battery-powered mobile devices. Secondly, it uses nonces instead of timestamps to avoid the clock synchronization problem. Therefore, an additional clock synchronization mechanism is not needed. Thirdly, it only requires four message exchanges between the user, foreign agent and home agent. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, no password table, and high efficiency in password authentication. Security and performance analyses show that compared with other related authentication schemes, the proposed scheme is more secure and efficient.     

The role of ISDN signaling in global networks

A historical context is provided for integrated services digital network (ISDN) to give some perspective on how the current signaling capabilities have evolved. A communications architecture is introduced and used to organize the discussion of the ISDN protocols (i.e. DSS1 and SS7) and to highlight the role of signaling in the overall architecture. The architecture defines a functional partitioning of the capabilities of ISDN, which is used to compare and contrast the DSS1 and SS7 protocols and to discuss the interfaces that support global intelligent networks. The purpose is to illustrate the similarity between the DSS1 and SS7 control protocols. The likely evolution of the ISDN protocols is discussed, showing their convergence toward a single control protocol based on the International Organization for Standardization (ISO) protocols     

Beyond IN and UPT-a personal communications support system based onTMN concepts

The vision for future telecommunications is often described by the slogan “information at any time, at any place, in any form”, driven by both society's increasing demand for “universal connectivity” and the technological progress in the area of mobile computing and personal communications. In order to realize this vision, the emerging concept of personal communications support (PCS), which includes support for personal mobility, service personalization, and advanced service interoperability, is becoming increasingly important since it allows users to configure their communications environment in accordance with their individual needs, thereby providing them with controlled access to telecommunication services, regardless of their current location, terminal and network capabilities. This paper provides an overview of a personal communications support system (PCSS). The PCSS represents a platform providing advanced PCS capabilities in a uniform way to numerous communication applications in distributed multimedia environments. From a functional perspective, the PCSS provides enhanced intelligent network (IN) and universal personal telecommunication (UPT) capabilities with respect to user addressing (based on logical names instead of numbers) and advanced user control capabilities. From a design perspective, the centralistic IN/UPT approach to the realization of service logic has been replaced by a highly distributable, object-oriented approach based on X.500/X.700/telecommunications management network (TMN) concepts. This paper addresses the basic aspects of the PCSS, including design criteria, system architecture, supported applications, and evolution issues     

IN/B-ISDN综合实现视频点播的方案

本文提出了在ＩＮ／Ｂ－ＩＳＤＮ综合的平台上实现视频点播业务的新方案,即用智能网的方法将Ｂ－ＩＳＤＮ宽带网络中的各种ＯＶＤ服务器统一控制和管理起来,既方便用户接入ＶＯＤ业务,又可使ＶＯＤ资源得到充分的利用。     

Universal service creation and provision environment forintelligent network

The evolution of the intelligent network (IN) is summarized, and its service creation requirements and provision environment are clarified. A prototype system called the ISDN development experimental system for advanced services (IDEA), which has been developed to validate the foregoing, is described. The evaluation of the system design and its future evolution are discussed     

Lightweight and provably secure user authentication with anonymity for the global mobility network

Seamless roaming in the global mobility network (GLOMONET) is highly desirable for mobile users, although their proper authentication is challenging. This is because not only are wireless networks susceptible to attacks, but also mobile terminals have limited computational power. Recently, some authentication schemes with anonymity for the GLOMONET have been proposed. This paper shows some security weaknesses in those schemes. Furthermore, a lightweight and provably secure user authentication scheme with anonymity for the GLOMONET is proposed. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, user friendly, no password/verifier table, and use of one‐time session key between mobile user and foreign agent. The security properties of the proposed protocol are formally validated by a model checking tool called AVISPA. Furthermore, as one of the new features in our protocol, it can defend smart card security breaches. Copyright © 2010 John Wiley & Sons, Ltd.     

Globalizing IN for the new age

The future directions of intelligent network (IN) enhancements are discussed. The reasons why globalization of service provisions based on IN technology will be indispensable are also discussed. The functions required for global INs are analyzed. Possible schemes for IN function distributions are identified. The functions that should be centralized and distributed are clarified. Global IN architecture models are proposed. The areas which need extensive study for global INs are reviewed     

Mobile agents - enabling technology for active intelligent networkimplementation

The emerging notion of active networks describes the general vision of communication network evolution, where the network nodes become active because they take part in the computation of applications and provision of customized services. In this context mobile agent technology and programmable switches are considered as enabling technologies. This article looks at the impact of mobile agent technology on telecommunication service environments, influenced by the intelligent network (IN) architecture. The authors illustrate how the integration of mobile agent platforms into IN elements, notably into the IN switches, will realize an active IN environment. This enables telecom services implemented through mobile service agents on a per user basis to be instantly deployed at programmable switching nodes, which results in better performance and fault tolerance compared to traditional IN service implementations     

Private Authentication Techniques for the Global Mobility Network

Numerous authentication approaches have been proposed recently for the global mobility network (GLOMONET), which provides mobile users with global roaming services. In these authentication schemes, the home network operators can easily obtain the authentication key and wiretap the confidentiality between the roaming user and the visited network. This investigation provides a solution of authentication techniques for GLOMONET in order to prevent this weakness from happening and presents a secure authentication protocol for roaming services. In addition, a round-efficient version of the same authentication protocol is presented. Comparing with other related approaches, the proposed authentication protocol involves fewer messages and rounds in communication. Tian-Fu Lee was born in Tainan, Taiwan, ROC, in 1969. He received his B.S. degree in Applied Mathematics from National Chung Hsing University, Taiwan, in 1992, and his M.S. degree in Computer Science and Information Engineering from National Chung Cheng University, Taiwan, in 1998. He works as a lecturer in Leader University and pursues his Ph.D. degree at Department of Computer Science and Information Engineering, National Cheng Kung University, Taiwan. His research interests include cryptography and network security. Chi-Chao Chang received the BS degree in Microbiology from Soochow University in 1990 and the MS degree in Computer Science from State University of New York at Albany in 1992. He is currently working as an instructor in Chang Jung Christian University and a graduate student in National Cheng Kung University. His research interests are information security, mobile agent systems, anonymous digital signatures and quantum cryptography. Tzonelih Hwang was born in Tainan, Taiwan, in March 1958. He received his undergraduate degree from National Cheng Kung University, Tainan, Taiwan, in 1980, and the M.S. and Ph.D. degrees in Computer Science from the University of Southwestern Louisiana, USA, in 1988. He is presently a professor in Department of Computer Science and Information Engineering, National Cheng Kung University. His research interests include cryptology, network security, and coding theory.     

Functional models of UMTS and integration into future networks

The universal mobile telecommunication system (UMTS) will implement terminal mobility and a form of personal mobility limited to UMTS. The most essential procedures to provide this are related to user registration, location management, handover and security. These mobility procedures are specified using specific functional models. In these models, the required functions are identified and the distribution of the functions in the network is anticipated. In a next step, the specific models are mapped onto a generic functional model. This generic model can be considered as the integration and unification of the specific models. Its structure reflects two important implementation aspects. First, the integration of UMTS into future networks for fixed telecommunications is anticipated. Secondly, the application of the intelligent network architecture for the implementation of the UMTS mobility procedures and service provision is assumed     

ISDN user-network interface management protocol

The author discusses an ISDN user-network interface management protocol. The protocol enables users to manage network services, operation (such as network reconfiguration and routing change), and maintenance. That the user equipment should be looked at from both user-of-service and manager-of-service perspectives is emphasized in a discussion of the relation of the user equipment to the Telecommunication Management Network (TMN). The current status of the ISDN UNI management protocol architecture studies in CCITT is reviewed, and problems specific to the ISDN environment are identified. The need to strengthen the convergence function to solve ISDN-specific problems is stressed. Examples of ISDN UNI management protocol applications are given     

Evolutionary mobility and service support in DECT access networks

This paper presents an access-independent network architecture for supporting UMTS service capabilities. The approach is based on an enhanced B-ISDN core network with personal and terminal mobility provided by intelligent network techniques. A physical realization is presented, and the protocols corresponding to the physical interfaces are identified. Protocols are proposed for UMTS mobility and service support, and the impact on the B-UNI and IN interfaces is considered. Reflecting the vision of the ETSI global multimedia mobility (GMM) standardization framework, UMTS service support through non-UMTS access is considered. Consideration of DECT as a UMTS access technology leads to an interworking proposal that presents each DECT terminal to the core network in terms of UMTS functional entities. Access-independent usage of UMTS terminal applications motivates additional interworking in the terminal to encapsulate the access network. The desirability of an access-independent UMTS application programming interface in the terminal is indicated     

Managing IP services over a PACS Packet Network

We have developed a system and network architecture to provide IP services in the Personal Access Communications System (PACS). IP datagrams are delivered to PACS users through the PACS packet-mode data service, achieving more efficient usage of wireless resources and supporting multimedia applications such as MBone audio and video. The architecture presented in this article augments the PACS voice network with IP routers and backbone links, called the PACS Packet Network (PPN), and is connected to the global Internet via gateways. Compared to the cellular digital packet data (CDPD) network, which employs its own network-layer mobility protocol and thus supports roaming within the CDPD network only, we have incorporated Mobile IP into the PACS handoff mechanism to further achieve global IP mobility. We have also developed native PACS multicast and a group management scheme to efficiently handle dynamic IP multicast and MBone connectivity. These features seamlessly integrate PACS into the global Internet and provide standard-conforming IP services with global mobility     

TMN and new network architectures

The impact of telecommunication management network (TMN) concepts when applied to the management of newly emerging network architectures is illustrated using the example of intelligent networks (INs). An in-depth comparison of TMN and IN architectural aspects leads to a number of conclusions showing a significant degree of commonality between the two networks. The IN is analyzed as a telecommunication network architecture aimed at reducing service creation and modification development costs and delays. This approach unifies the processing techniques for a number of highly diversified network services. Similarly, the TMN, which covers a wide range of management resources organized into a unique architecture, tends to unify operation, administration, and maintenance (OAM) for complex and evolving communication networks, despite their highly diverse network components     

CTM和个人通信业务

本文介绍了ＥＴＳＩ最近提出的ＣＴＭ的概念;即基于ＤＥＣＴ技术在ＰＳＴＮ,ＩＳＤＮ的基础上结合ＩＮ技术实现个人通信业务,并给出了ＣＴＭ的网络结构,分析了ＣＴＭ个人通信业务的市场形势,最后介绍了ＣＴＭ在欧洲的发展及应用现状。