<Emphasis Type="Italic">Nframe</Emphasis>: A privacy-preserving with non-frameability handover authentication protocol based on (<Emphasis Type="Italic">t</Emphasis>, <Emphasis Type="Italic">n</Emphasis>) secret sharing for LTE/LTE-A networks

Seamless handover between the evolved universal terrestrial radio access network and other access networks is highly desirable to mobile equipments in the long term evolution (LTE) or LTE-Advanced (LTE-A) networks, but ensuring security and efficiency of this process is challenging. In this paper, we propose a novel privacy-preserving with non-frameability handover authentication protocol based on (t, n) secret sharing to fit in with all of the mobility scenarios in the LTE/LTE-A networks, which is called Nframe. To the best of our knowledge, Nframe is the first to support protecting users’ privacy with non-frameability in the handover process. Moreover, Nframe uses pairing-free identity based cryptographic method to secure handover process and to achieve high efficiency. The formal verification by the AVISPA tool shows that Nframe is secure against various malicious attacks and the simulation result indicates that it outperforms the existing schemes in terms of computation and communication cost.     

A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks

Nowadays, seamless roaming service in heterogeneous wireless networks attracts more and more attention. When a mobile user roams into a foreign domain, the process of secure handover authentication and key exchange (AKE) plays an important role to verify the authenticity and establish a secure communication between the user and the access point. Meanwhile, to prevent the user's current location and moving history information from being tracked, privacy preservation should be also considered. However, existing handover AKE schemes have more or less defects in security aspects or efficiency. In this paper, a secure pairing‐free identity‐based handover AKE protocol with privacy preservation is proposed. In our scheme, users' temporary identities will be used to conceal their real identities during the handover process, and the foreign server can verify the legitimacy of the user with the home server's assistance. Besides, to resist ephemeral private key leakage attack, the session key is generated from the static private keys and the ephemeral private keys together. Security analysis shows that our protocol is provably secure in extended Canetti‐Krawczyk (eCK) model under the computational Diffie‐Hellman (CDH) assumption and can capture desirable security properties including key‐compromise impersonation resistance, ephemeral secrets reveal resistance, strong anonymity, etc. Furthermore, the efficiency of our identity‐based protocol is improved by removing pairings, which not only simplifies the complex management of public key infrastructure (PKI) but also reduces the computation overhead of ID‐based cryptosystem with pairings. It is shown that our proposed handover AKE protocol provides better security assurance and higher computational efficiency for roaming authentication in heterogeneous wireless networks.     

一种LTE系统中的基站内切换实现方案

为了实现LTE(长期演进)系统中的基站内切换,文章从控制面和用户面信令流程的角度出发,提出了一种LTE系统中的基站内切换设计方案。通过基站内各模块的协同工作,可有效实现包含数据转发的基站内切换流程,确保切换过程中不丢包,实现平滑切换。将该方案应用于实际的测试中,进行了基站内切换的组网测试,并给出了实际的切换测试结果。     

Efficient handover measurement technique for small‐cell networks using a virtual cell synchronization signal

A small‐cell network (SCN) constructed by splitting a macro‐cell into numerous small cells using an active antenna array system is studied. A synchronization signal appropriate for the SCN, virtually generated by an eNodeB with 3D beamforming, is proposed for efficient handover in SCNs. The virtual cell synchronization signal (VCSS) carries a macro‐cell ID (MCID) and virtual‐cell ID (VCID) in a hierarchical manner, allowing us to distinguish between an intra‐cell handover (virtual cell handover within a cell without changing the serving eNodeB) and inter‐cell handover (virtual cell handovers across cells while changing the serving eNodeB) in SCNs. Using the signal metrics obtained by the VCSS, an efficient handover measurement technique is proposed which can significantly reduce the processing time and overhead by distinguishing between the intra‐cell/inter‐cell handovers. The performance of the proposed technique is evaluated by simulating two different deployment scenarios of LTE‐based SCN with 3D beamforming. Copyright © 2017 John Wiley & Sons, Ltd.     

An efficient handover decision in heterogeneous LTE-A networks under the assistance of users’ profile

The increasing demand for wireless networks calls for the use of heterogeneous networks in order to fulfil user requirements. Mobility management is considered one of the important entities for such networks. The handover is one of the main features of mobility management in regard to the long term evolution advanced (LTE-A) system, which depends purely on the hard handover. The vertical handover decision is a significant component of heterogeneous networks; it authorizes the user equipment (UE) to migrate between the two-tier LTE-A wireless networks. Femtocell, or also known as the home-evolved nodeB (HeNB), has turned out to be a promising arrangement, as it enhances the coverage and the quality of service for users on one hand, and offloads the eNB on the other hand. In this paper, an advanced handover technique is presented, in terms of adding new and critical parameters, as well as combining between the present UE trajectory and the HeNB cell location. A polynomial function is used to predict the future UE position while the cosine function along with distance are used for the selection of an appropriate target cell. The proposed algorithm is evaluated and then compared to the present work based on the handover number, number of signaling measurements, packet delay ratio, packet loss ratio, and system throughput. Simulation of the LTE-Sim demonstrates that the proposed algorithm significantly reduces the number of handovers, the transmission measurement number, the packet delay ratio, and the packet loss ratio and increases system throughput.     

Secure authentication enhancement scheme for seamless handover and roaming in space information network

Space information network composed of a variety of heterogeneous networks is widely concerned.However,the space information network is facing more security threats and more likely to roam due to its complex topology and large user scale.Considering the characteristics of space information network,a secure authentication enhancement scheme for seamless handover and roaming in space information network was presented.The fast mutual authentication and reasonable accounting between the user and the visiting domain based on the combination of Token and Hash chain was achieved.In addition,two seamless handover mechanisms were proposed to ensure the continuity of user communication.Finally,security analysis indicates that the scheme can not only provide essential security properties,but also achieve reasonable accounting.     

LTE HeNB的X2切换控制面的研究与应用

首先简要介绍LTE切换的分类;然后通过对LTE HeNB协议栈中的X2切换的研究,详细分析了X2切换的控制面,并基于HeNB协议栈的研发环境,对X2切换不同时期进行了模块化设计,提出了一种X2切换的控制面信令流程处理方案;最后验证了该方案的可行性,在HeNB协议栈上可以满足3GPP对X2切换控制面的有关规定。     

Anonymity handover authentication protocol based on group signature for wireless Mesh network

In order to ensure that the Mesh network mobile client video,voice and other real-time strong applications without interruption,a secure and efficient handover authentication was very important.To protect the privacy of mobile nodes,an anonymity handover authentication protocol was proposed based on group signature for wireless mesh network.Compared with other handover authentication protocols based on group signature,the proposed scheme did not involve the group signature correlation operation,and the group signature algorithm was only carried out on the router.The pro-posed protocol not only enhances the security but also performs well in authentication efficiency and privacy-preserving.     

Improved IPSec tunnel establishment for 3GPP–WLAN interworking

Interworking between wireless local area network (WLAN) and the 3rd Generation Partnership Project (3GPP) such as Long Term Evolution (LTE) is facing more and more problems linked to security threats. Securing this interworking is a major challenge because of the vastly different architectures used within each network. Therefore, security is one of the major technical concerns in wireless networks that include measures such as authentication and encryption. Among the major challenges in the interworking security is the securing of the network layer. The goal of this article is twofold. First, we propose a new scheme to secure 3GPP LTE–WLAN interworking by the establishment of an improved IP Security tunnel between them. The proposed solution combines the Internet Key Exchange (IKEv2) with the Host Identity Protocol (HIP) to set up a security association based on two parameters, which are location and identity. Our novel scheme, which is called HIP_IKEv2, guarantees better security properties than each protocol used alone. Second, we benefit from Mobile Internet Key Exchange protocol (MOBIKE) in case of mobility events (handover). And we extend HIP_IKEv2 to HIP_MOBIKEv2 protocol in order to reduce the authentication signaling traffic. The proposed solution reinforces authentication, eliminates man‐in‐the‐middle attack, reduces denial‐of‐service attack, assures the integrity of messages, and secures against reply attack. Finally, our proposed solution has been modeled and verified using the Automated Validation of Internet Security Protocols and Applications and the Security Protocol Animator, which has proved its security when an intruder is present. Copyright © 2014 John Wiley & Sons, Ltd.     

Design of a USIM and ECC based handover authentication scheme for 5G-WLAN heterogeneous networks

A variety of wireless communication technologies have been developed to provide services to a large number of users. The future integrated 5G-WLAN wireless networks will support seamless and secure roaming, and various types of real-time applications and services, which will be the trend of next-generation computing paradigm. In this paper, we discuss the privacy and security problems in 5G-WLAN heterogeneous networks and present a logical 5G-WLAN integrated architecture. We also propose a novel USIM and ECC based design of handover authentication for next-generation 5G-WLAN heterogeneous networks that can provide secure and seamless Internet connectivity. Our scheme has the features of strong security and better performance in terms of computation cost, energy cost, and storage cost as compared with the state-of-the-art schemes.     

SRGH: A secure and robust group‐based handover AKA protocol for MTC in LTE‐A networks

Machine‐type communication (MTC) is defined as an automatic aggregation, processing, and exchange of information among intelligent devices without humans intervention. With the development of immense embedded devices, MTC is emerging as the leading communication technology for a wide range of applications and services in the Internet of Things (IoT). For achieving the reliability and to fulfill the security requirements of IoT‐based applications, researchers have proposed some group‐based handover authentication and key agreement (AKA) protocols for mass MTCDs in LTE‐A networks. However, the realization of secure handover authentication for the group of MTCDs in IoT enabled LTE‐A network is an imminent issue. Whenever mass MTCDs enter into the coverage area of target base‐station simultaneously, the protocols incur high signaling congestion. In addition, the existing group‐based handover protocols suffer from the huge network overhead and numerous identified problems such as lack of key forward/backward secrecy, privacy‐preservation. Moreover, the protocols fail to avoid the key escrow problem and vulnerable to malicious attacks. To overcome these issues, we propose a secure and robust group‐based handover (SRGH) AKA protocol for mass MTCDs in LTE‐A network. The protocol establishes the group key update mechanism with forward/backward secrecy. The formal security proof demonstrates that the protocol achieves all the security properties including session key secrecy and data integrity. Furthermore, the formal verification using the AVISPA tool shows the correctness and informal analysis discusses the resistance from various security problems. The performance evaluation illustrates that the proposed protocol obtains substantial efficiency compared with the existing group‐based handover AKA protocols.     

LTE Mobility Enhancements for Evolution into 5G

Network densification is regarded as the dominant driver for wireless evolution into the era of 5G. However, in this context, interference‐limited dense small cell deployments are facing technical challenges in mobility management. The recently announced results from an LTE field test conducted in a dense urban area show a handover failure (HOF) rate of over 21%. A major cause of HOFs is the transmission failure of handover command (HO CMD) messages. In this paper, we propose two enhancements to HO performance in LTE networks — radio link failure‐proactive HO, which helps with the reliable transmission of HO CMD messages while the user equipment is under a poor radio link condition, and Early Handover Preparation with Ping‐Pong Avoidance (EHOPPPA) HO, which assures reliable transmission of HO CMD under a good radio link condition. We analyze the HO performance of EHOPPPA HO theoretically, and perform simulations to compare the performance of the proposed schemes with that of standard LTE HO. We show that they can decrease the HOF rate to nearly zero through an analysis, and based on the simulation results, by over 70%, without increasing the ping‐pong probability.     

Congestion‐Aware Handover in LTE Systems for Load Balancing in Transport Network

Long‐Term Evolution employs a hard handover procedure. To reduce the interruption of data flow, downlink data is forwarded from the serving eNodeB (eNB) to the target eNB during handover. In cellular networks, unbalanced loads may lead to congestion in both the radio network and the backhaul network, resulting in bad end‐to‐end performance as well as causing unfairness among the users sharing the bottleneck link. This work focuses on congestion in the transport network. Handovers toward less loaded cells can help redistribute the load of the bottleneck link; such a mechanism is known as load balancing. The results show that the introduction of such a handover mechanism into the simulation environment positively influences the system performance. This is because terminals spend more time in the cell; hence, a better reception is offered. The utilization of load balancing can be used to further improve the performance of cellular systems that are experiencing congestion on a bottleneck link due to an uneven load.     

New efficient cross‐layer and multihoming mechanisms at layer 2 for inter‐radio access technology handover between UMTS and WiMAX

Next generation mobile networks will provide seamless mobility between existing cellular systems and other wireless access technologies. To realize a seamless vertical handover (inter‐radio access technology handover) among these different access technologies, a multi‐interfaced mobile station (i.e., multihomed) is a good approach to provide better handover performance in terms of packet loss rate and handover latency. In this article, we propose a novel layer 2 multihoming approach for inter‐radio access technology handover between Universal Mobile Telecommunications System (UMTS) and Worldwide Interoperability for Microwave Access (WiMAX) in both integrated and tight coupling architectures. This layer 2 multihoming approach has the ability of enabling either soft handover or make‐before‐break handover to adapt to mobility scenarios for the sake of a lossless and short latency handover procedure. Our simulation results show that, in case of handover from UMTS to WiMAX for transmission control protocol (TCP) traffics, the layer 2 multihoming approach can achieve a lossless and zero latency handover procedure by enabling soft handover. In case of handover from WiMAX to UMTS, because of the fact that the performance gain of soft handover is more affected by the differences of bandwidth and transmission delay between these wireless links, the make‐before‐break handover is preferred to achieve lossless and short latency handover procedure. Copyright © 2012 John Wiley & Sons, Ltd.     

An efficient EAP‐based proxy signature handover authentication scheme for WRANs over TV white space

The wireless regional area networks (WRANs) operates in the very high frequency and ultra high frequency television white space bands regulated by the IEEE 802.22 standard. The IEEE 802.22 standard supports Extensible Authentication Protocol (EAP)‐based authentication scheme. Due to the participation of a server and the information exchanged between a customer primes equipment and the secondary user base station, it takes around 50 ms to complete a complete EAP authentication that cannot be accepted in a handover procedure in WRANs. In this paper, we propose an EAP‐based proxy signature (EPS) handover authentication scheme for WRANs. The customer primes equipment and secondary user base station accomplish a handover authentication without entailing the server by using the proxy signature. Approved by the logic derivation by Burrows, Abadi, and Needham logic and formal verification by Automated Validation of Internet Security Protocols and Applications, we can conclude that the proposed EPS scheme can obtain mutual authentication and hold the key secrecy with a strong antiattack ability. Additionally, the performance of the EPS scheme in terms of the authentication delay has been investigated by simulation experiments with the results showing that the EPS scheme is much more efficient in terms of low computation delay and less communication resources required than the security scheme regulated in IEEE 802.22 standard.     

移动漫游中强安全的两方匿名认证密钥协商方案

由于低功耗的移动设备计算和存储能力较低,设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高,而且不能抵抗临时秘密泄露攻击.针对这两点不足,提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中,基于Schnorr签名机制,设计了一种高效的基于身份签密算法,利用签密的特性实现实体的相互认证和不可追踪;利用认证双方的公私钥直接构造了一个计算Diffie-Hellman（Computational Diffie-Hellman,CDH）问题实例,能抵抗临时秘密泄露攻击.新方案实现了可证明安全,在eCK（extended Canetti-Krawczyk）模型基础上,探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形,进行归纳和拓展,并给出新方案的安全性证明,其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明：新方案安全性更强,需要实现的算法库更少,计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络,为资源约束型移动终端提供漫游接入服务.     

Protected session keys context for distributed session key management

Handoffs must be fast for wireless mobile nodes (MN) without sacrificing security between the MN and the wireless access points in the access networks. We describe and analyze our new secure Session Keys Context (SKC) scheme which has all the good features, like mobility and security optimization, of the currently existing key distribution proposals, namely key-request, pre-authentication, and pre-distribution. We analyze these solutions together, and provide some conclusions on possible co-operative scenarios and on which level of the network to implement them. Finally before conclusions we provide some handoff delay simulation results with SKC and key request schemes with corresponding example handoff scenarios with a next generation radio link layer.     

Unified security architecture and protocols using third party identity in V2V and V2I networks

VANETs have been developed to improve the safety and efficiency of transportation systems (V2V communications) and to enable various mobile services for the traveling public (V2I communications). For VANET technologies to be widely available, security issues concerning several essential requirements should be addressed. The existing security architectures and mechanisms have been studied separately in V2V and V2I networks, which results in duplicated efforts, security modules, and more complex security architectures. In this paper, we propose a unified security architecture and its corresponding security protocols that achieve essential security requirements such as authentication, conditional privacy, non‐repudiation, and confidentiality. To the best of our knowledge, this paper is the first study that deals with the security protocol in V2V as well as the handover authentication in V2I communications. Our proposal is characterized by a low‐complexity security framework, owing to the design and unification of the security architectures and modules. Furthermore, the evaluation of the proposed protocols proves them to be more secure and efficient than existing schemes. Copyright © 2010 John Wiley & Sons, Ltd.     

适用于车载边缘计算网络的高效匿名认证协议

为了解决车载边缘计算网络中无线网络传输特性导致的窃听、重放、拦截、篡改等安全威胁,考虑到车载终端资源有限的特点,提出了一种轻量级匿名高效身份认证协议。基于切比雪夫混沌映射算法,避免了多数方案所采用的指数、双线性映射等复杂算法,有效降低了身份认证与密钥协商过程中的计算复杂度。此外,在实现接入认证及切换认证的同时,能够实现终端匿名性及可追溯、可撤销等安全功能。通过Scyther工具验证结果表明该协议能够满足认证过程中的安全需求并且能够抵抗多种协议攻击。相比已有方案,所提接入认证方案总计算开销最低可节省67%,带宽开销最低可节省11%。此外,相比于接入认证方案,所提域内切换认证方案总计算开销可节省99.8%,带宽开销可节省52%;域间切换认证方案总计算开销可节省80%,带宽开销可节省37%。性能分析结果表明该协议具备更良好的计算和通信性能,因此可以解决车载边缘计算网络中的终端高效安全接入及切换问题。