SEAI: Secrecy and Efficiency Aware Inter-gNB Handover Authentication and Key Agreement Protocol in 5G Communication Network

Recently, the Third Generation Partnership Project (3GPP) has initiated the research in the Fifth Generation (5G) network to fulfill the security characteristics of IoT-based services. 3GPP has proposed the 5G handover key structure and framework in a recently published technical report. In this paper, we evaluate the handover authentication mechanisms reported in the literature and identify the security vulnerabilities such as violation of global base-station attack, failure of key forward/backward secrecy, de-synchronization attack, and huge network congestion. Also, these protocols suffer from high bandwidth consumption that doesn’t suitable for energy-efficient mobile devices in the 5G communication network. To overcome these issues, we introduce Secrecy and Efficiency Aware Inter-gNB (SEAI) handover Authentication and Key Agreement (AKA) protocol. The formal security proof of the protocol is carried out by Random Oracle Model (ROM) to achieve the session key secrecy, confidentiality, and integrity. For the protocol correctness and achieve the mutual authentication, simulation is performed using the AVISPA tool. Also, the informal security evaluation represents that the protocol defeats all the possible attacks and achieves the necessary security properties.Moreover, the performance evaluation of the earlier 5G handover schemes and proposed SEAI handover AKA protocol is carried out in terms of communication, transmission, computation overhead, handover delay, and energy consumption. From the evaluations, it is observed that the SEAI handover AKA protocol obtains significant results and strengthens the security of the 5G network during handover scenarios.

     

Cross-layer-based adaptive TCP algorithm for cloud computing services in 4G LTE-A relaying communication

Cloud computing provides various diverse services for users accessing big data through high data rate cellular networks, e.g., LTE-A, IEEE 802.11ac, etc. Although LTE-A supports very high data rate, multi-hop relaying, and cooperative transmission, LTE-A suffers from high interference, path loss, high mobility, etc. Additionally, the accesses of cloud computing services need the transport layer protocols (e.g., TCP, UDP, and streaming) for achieving end-to-end transmissions. Clearly, the transmission QoS is significantly degraded when the big data transmissions are done through the TCP protocol over a high interference LTE-A environment. The issue of providing high data rate and high reliability transmissions in cloud computing needs to be addressed completely. Thus, this paper proposes a cross-layer-based adaptive TCP algorithm to gather the LTE-A network states (e.g., AMC, CQI, relay link state, available bandwidth, etc.), and then feeds the state information back to the TCP sender for accurately executing the network congestion control of TCP. As a result, by using the accurate TCP congestion window (cwnd) under a high interference LTE-A, the number of timeouts and packet losses are significantly decreased. Numerical results demonstrate that the proposed approach outperforms the compared approaches in goodput and fairness, especially in high interference environment. Especially, the goodput of the proposed approach is 139.42 % higher than that of NewReno when the wireless loss increases up to 4 %. Furthermore, the throughput and the response functions are mathematically analyzed. The analysis results can justify the claims of the proposed approach.     

A network selection method for handover in vehicle-to-infrastructure communications in multi-tier networks

Network selection is very important for a successful handover in a multi-tier heterogeneous networks. However, the primary challenges currently faced by research community is the lack of availability of network information at the mobile node side for efficiently select the most appropriate target network. It is practically difficult for an UE to get network information from base stations/access point of the neighbouring networks before connecting to them. In response to this, this paper proposes a network selection method that applies the knowledge of mobility data and the network load information to carry out an efficient handover for vehicle-to-infrastructure communication over multi-tier heterogeneous networks. We first derive key parameters, such as relative direction index, proximity index, residence time index, and network load index to select the best candidate network. A moving vehicle would be able to select the most appropriate target network by selecting one or more of the above parameters. We then test our algorithms by developing a dual mode vehicle On-Board Unit equipped with both Long Term Evolution-Advanced (LTE-A) and Wi-Fi network interface cards in OPNET simulator. The performance of the proposed handover method is evaluated by extensive OPNET-based simulation experiments. In the simulation model, we consider a multi-tier heterogeneous network comprising of a macro and multiple small cells of LTE-A and IEEE 802.11n technologies. Results show that our proposed handover method offers about 50% higher throughput and up to 43% higher packet delivery ratio than the conventional received signal strengths based network selection method.

     

A provable and secure mobile user authentication scheme for mobile cloud computing services

The mobile cloud computing (MCC) has enriched the quality of services that the clients access from remote cloud‐based servers. The growth in the number of wireless users for MCC has further augmented the requirement for a robust and efficient authenticated key agreement mechanism. Formerly, the users would access cloud services from various cloud‐based service providers and authenticate one another only after communicating with the trusted third party (TTP). This requirement for the clients to access the TTP during each mutual authentication session, in earlier schemes, contributes to the redundant latency overheads for the protocol. Recently, Tsai et al have presented a bilinear pairing based multi‐server authentication (MSA) protocol, to bypass the TTP, at least during mutual authentication. The scheme construction works fine, as far as the elimination of TTP involvement for authentication has been concerned. However, Tsai et al scheme has been found vulnerable to server spoofing attack and desynchronization attack, and lacks smart card‐based user verification, which renders the protocol inapt for practical implementation in different access networks. Hence, we have proposed an improved model designed with bilinear pairing operations, countering the identified threats as posed to Tsai scheme. Additionally, the proposed scheme is backed up by performance evaluation and formal security analysis.     

一种新型的LTE-A网络切换认证协议

针对典型蜂窝网络LTE-A网络的切换认证问题,本文通过引入SDN（Software Defined Network,软件定义网络）,提出了软件定义LTE-A异构网络架构,在中心控制器中共享UE（User Equipment,用户设备）的安全上下文信息,以实现简化切换认证过程,提高认证效率的目标.中心控制器的加入,使蜂窝与核心网通信时需要增加一次信令开销,而LTE-A网络的标准切换认证方法过于复杂,应用在软件定义LTE-A异构网络中,会产生较多的信令开销.基于代理签名的切换认证方法,使UE在验证身份时不用经过核心网,减少了信令开销.在安全性相同的情况下,基于椭圆曲线的加密体系比基于RSA的加密体系计算量更小,有利于减少中心控制器的计算压力.本文采用椭圆曲线代理签名方法,提出了一种新型的切换认证协议,并运用着色Petri网进行建模和仿真分析.仿真结果表明,该协议是有效的,且安全性更高.     

Secure and efficient scheme for fast initial link setup against key reinstallation attacks in IEEE 802.11ah networks

IEEE 802.11ah is a recently released IEEE standard to specify a wireless communication system with a long‐range, low‐power, and low data transmission rate over smart devices used in Internet of Things (IoT) systems. This new standard belongs to IEEE 802.11 wireless local area networks (WLANs) protocol family. It requires lightweight protocols to support the low‐power and low‐latency features of the IoT devices. On the other hand, an upcoming solution of fast initial link setup (FILS) specified by IEEE 802.11ai standard is a brand‐new approach aiming to establish fast and secure links among devices in WLANs to meet this new demand. It is natural and feasible to apply it to the 802.11ah networks to support massively deployed wireless nodes. However, security concerns on the link connection by the FILS scheme have not been fully eliminated, especially in the authentication process. It has been explored that a type of recently revealed malicious attack, key reinstallation attack (KRA) might be a threat to the FILS authentication. To prevent the success of the KRAs, in this paper, we proposed a secure and efficient FILS (SEF) protocol as the optional substitute of the FILS scheme. The SEF scheme is designed to eradicate potential threats from the KRAs without degrading the network performance.     

Moving toward seamless mobility: state of the art and emerging aspects in standardization bodies

The challenge to provide seamless mobility in the near future emerges as a key topic in various standardization bodies. This includes first of all the support of seamless handover between homogeneous networks. Distinct technologies—such as IEEE 802.11WLANs (Wi-Fi) and IEEE 802.16 MANs WiMAX—have recently augmented such support to existing standards to enable seamless homogeneous handover. Cellular networks, in contrast, already included this inherently from the start. Currently considerable effort goes into coupling of different radio access technologies. Therefore, the second key topic in standardization is seamless heterogeneous handovers. IEEE, IETF, as well as 3GPP consider different approaches toward architectures and protocols enabling seamless mobility management. In this work, we discuss recent and on-going standardization activities within IEEE, IETF, and 3GPP toward seamless homogeneous as well as heterogeneous mobility support.     

Experimental Analysis of an SSL-Based AKA Mechanism in 3G-and-Beyond Wireless Networks

The SSL/TLS protocol is a de-facto standard that has proved its effectiveness in the wired Internet and it will probably be the most promising candidate for future heterogeneous wireless environments. In this paper, we propose potential solutions that this protocol can offer to future “all-IP” heterogeneous mobile networks with particular emphasis on the user's side. Our approach takes into consideration the necessary underlying public key infrastructure (PKI) to be incorporated in future 3G core network versions and is under investigation by 3GPP. We focus on the standard 3G+ authentication and key agreement (AKA), as well as the recently standardized extensible authentication protocol (EAP)-AKA procedures and claim that SSL-based AKA mechanisms can provide for an alternative, more robust, flexible and scalable security framework. In this 3G+ environment, we perceive authentication as a service, which has to be performed at the higher protocol layers irrespectively of the underlying network technology. We conducted a plethora of experiments concentrating on the SSL's handshake protocol performance, as this protocol contains demanding public key operations, which are considered heavy for mobile devices. We gathered measurements over the GPRS and IEEE802.11b networks, using prototype implementations, different test beds and considering battery consumption. The results showed that the expected high data rates on one hand, and protocol optimisations on the other hand, can make SSL-based authentication a realistic solution in terms of service time for future mobile systems.     

Analysis of secure handover for IEEE 802.1x-based wireless ad hoc networks

The handover procedure in secure communication wireless networks is an extremely time-consuming phase, and it represents a critical issue in relation to the time constraints required by certain real-time traffic applications. In particular, in the case of the IEEE 802.1X model, most of the time required for a handover is used for packet exchanges that are required for authentication protocols, such as Extensible Authentication Protocol Transport Layer Security (EAP-TLS), that require an eight-way handshake. Designing secure re-authentication protocols to reduce the number of packets required during a handover is an open issue that is gaining interest with the advent of a pervasive model of networking that requires realtime traffic and mobility. This article presents the 802.1X model and evaluates its application to ad hoc networks based on IEEE 802.11 i or IEEE 802.1 be standards, focusing on the problems that must be evaluated when designing handover procedures, and suggesting guidelines for securing handover procedures. It also presents a novel protocol to perform secure handovers that is respectful of the previous analysis and that has been implemented in a mesh environment.     

IEEE802.11i中2-步握手过程的安全性分析及应用

基于4-步握手协议在DOS攻击和握手消息丢失问题等方面的缺陷,本文提出2-步握手协议。这两类协议都是通过一个会话密匙来保护握手消息,同时,在移动站点(MS)和接入点(AP)进行密匙确认,并最后使得MS和AP相互认证,但在2-步握手协议中使用序列数来代替4-步握手协议中的随机数,提高了握手的安全性和效率。本文主要对2-步握手在安全性方面的优势进行了分析,并将其应用于WLAN快速切换机制中。与4-步握手协议相比,2-步握手协议明显缩短了切换延时,因此,其在微信语音聊天、视频业务等领域有广阔的应用前景。     

Handover management for mobile nodes in IPv6 networks

We analyze IPv6 handover over wireless LAN. Mobile IPv6 is designed to manage mobile nodes' movements between wireless IPv6 networks. Nevertheless, the active communications of a mobile node are interrupted until the handover completes. Therefore, several extensions to Mobile IPv6 have been proposed to reduce the handover latency and the number of lost packets. We describe two of them, hierarchical Mobile IPv6, which manages local movements into a domain, and fast handover protocol, which allows the use of layer 2 triggers to anticipate the handover. We expose the specific handover algorithms proposed by all these methods. We also evaluate the handover latency over IEEE 802.11b wireless LAN. We compare the layer 2 and layer 3 handover latency in the Mobile IPv6 case in order to show the saving of time expected by using anticipation. We conclude by showing how to adapt the IEEE 802.11b control frames to set up such anticipation.     

Anonymity handover authentication protocol based on group signature for wireless Mesh network

In order to ensure that the Mesh network mobile client video,voice and other real-time strong applications without interruption,a secure and efficient handover authentication was very important.To protect the privacy of mobile nodes,an anonymity handover authentication protocol was proposed based on group signature for wireless mesh network.Compared with other handover authentication protocols based on group signature,the proposed scheme did not involve the group signature correlation operation,and the group signature algorithm was only carried out on the router.The pro-posed protocol not only enhances the security but also performs well in authentication efficiency and privacy-preserving.     

Extended sliding frame R-Aloha: Medium access control (MAC) protocol for mobile networks

Proliferation of mobile communication devices necessitates a reliable and efficient medium access control (MAC) protocol. In this paper, A MAC protocol, called extended sliding frame reservation Aloha (ESFRA), based on sliding frame R-Aloha (SFRA) is proposed for network access technique. ESFRA is particularly designed to solve the mobile hidden station (MHS) problem in a mobile ad hoc network (MANET) by including relative locations of transmitting stations in the packet frame information header. The MHS problem is unique in mobile networks and occurs if a mobile station enters in a collision free zone of any ongoing communication and disturbs this communication with its transmission. In addition to the MHS problem, ESFRA simultaneously solves hidden station, exposed station, and neighborhood capture problems typically observed in wireless networks. A Markov model of ESFRA is developed and provided here to estimate throughput, delay and collision probabilities of the proposed protocol. The Markov modeling is extended to the analysis of SFRA and IEEE 802.11 to compare these competing MAC protocols with ESFRA. The analysis shows that ESFRA decreases frame transmission delay, increases throughput, and reduces collision probabilities compared to IEEE 802.11 and SFRA. ESFRA improves the network throughput 28 percent compared to that of IEEE 802.11, and 33 percent compared to that of SFRA. The improved performance is obtained at the expense of the synchronization compared to IEEE 802.11, but there is virtually no extra cost compared to SFRA.     

A Survey on Media Independent Handover (MIH) and IP Multimedia Subsystem (IMS) in Heterogeneous Wireless Networks

One challenge of wireless networks integration is to provide ubiquitous wireless access abilities and seamless handover for mobile communication devices between different types of technologies (3GPP and non-3GPP), such as Global System for Mobile Communication, Wireless Fidelity, Worldwide Interoperability for Microwave Access, Universal Mobile Telecommunications System and Long Term Evolution. This challenge is critical as mobile users are becoming increasingly demanding for services regardless of the technological complexities associated with them. To fulfil these requirements for seamless vertical handover (VHO) two main interworking frameworks have been proposed by IEEE Group and 3GPP for integration between the aforementioned technologies; namely, Media Independent Handover IEEE 802.21 and IP Multimedia Subsystem, where each of them requires mobility management protocol to complement its work, such as Mobile IP and Session Initiation Protocol, respectively. Various VHO approaches have been proposed in the literature based on these frameworks. In this paper, we survey the VHO approaches proposed in the literature and classify them into four categories based on these frameworks for which we present their objectives and performances issues.     

A Quorum-based Mechanism as an Enhancement to Clock Synchronization Protocols for IEEE 802.11 MANETs

In wireless mobile ad hoc networks (MANETs), it is essential that all mobile hosts (MHs) are synchronized to a common clock to support the power-saving (PS) mechanism. Many protocols have been proposed for clock synchronization in IEEE 802.11 MANETs. However, it is practically impossible for any protocol to completely solve the asynchronism problem especially when connectivity is achieved by multi-hop communication or when a network could be temporarily disconnected. In this work, we propose a quorum-based mechanism, which includes a new structure of beacon intervals for MHs to detect potential asynchronous neighbors and an enhanced beacon transmission rule to assist clock synchronization protocols to discover asynchronous neighbors within bounded time. The proposed mechanism should be regarded as an enhancement to existing clock synchronization protocols. Our simulation results show that the mechanism can effectively relieve the clock asynchronism problem for IEEE 802.11 MANETs     

A Novel Medium Access Control for Ad hoc Networks Based on OFDM System

1IntroductionIn Ad hoc networks , the nodes share the wirelesschannel under the control of media access control proto-col . Currently,there are two types of MAC protocolsproposedfor Ad hoc networks . The first is hand-shak-ing protocol such as IEEE 802 .11 MAC protocol[1 ~4]and MACAW[5], which controls the access procedureby exchanging the control packets among the activenodes . The secondis busy-tone protocol that introducesadditional busy tone signal to control the medium ac-cess . S…     

<Emphasis Type="Italic">Nframe</Emphasis>: A privacy-preserving with non-frameability handover authentication protocol based on (<Emphasis Type="Italic">t</Emphasis>, <Emphasis Type="Italic">n</Emphasis>) secret sharing for LTE/LTE-A networks

Seamless handover between the evolved universal terrestrial radio access network and other access networks is highly desirable to mobile equipments in the long term evolution (LTE) or LTE-Advanced (LTE-A) networks, but ensuring security and efficiency of this process is challenging. In this paper, we propose a novel privacy-preserving with non-frameability handover authentication protocol based on (t, n) secret sharing to fit in with all of the mobility scenarios in the LTE/LTE-A networks, which is called Nframe. To the best of our knowledge, Nframe is the first to support protecting users’ privacy with non-frameability in the handover process. Moreover, Nframe uses pairing-free identity based cryptographic method to secure handover process and to achieve high efficiency. The formal verification by the AVISPA tool shows that Nframe is secure against various malicious attacks and the simulation result indicates that it outperforms the existing schemes in terms of computation and communication cost.     

个人通信系统中的一种移动用户登记认证协议

假冒和窃听攻击是无线通信面临的主要威胁。在个人通信系统中,为了对无线链路提供安全保护,必须对链路上所传送的数据/话音进行加密,而且在用户与服务网络之间必须进行相互认证。近年来,人们在不同的移动通信网络(如GSM,IS-41,CDPD,Wireless LAN等)中提出了许多安全协议。然而,这些协议在个人通信环境中应用时存在不同的弱点。本文基于个人通信系统的双钥保密与认证模型,设计了用户位置登记认证协议;并采用BAN认证逻辑对协议的安全性进行了形式化证明,也对协议的计算复杂性进行了定性分析。分析表明,所提出的协议与现有的协议相比具有许多新的安全特性。     

Link Synchronous Mobile IPv4 Handover Algorithms

The performance of the base Mobile IP handover algorithm for moving the Mobile Node’s network layer point of attachment from one subnet to another has been recognized as a potential performance bottleneck for some time. In this paper, we discuss a collection of algorithms that use a link synchronous approach to Mobile IP handover. In the link synchronous approach, information on the progress of switching the link is used to drive handover at the IP level. We present a comprehensive analysis of handover packet drop, and develop analytical models of how the link synchronous algorithms help to mitigate it. We use data from a handover emulator to test the analytical models, and to compare the performance of the different algorithms under a variety of link conditions. Data from implementations on IS-2000 and 802.11b show how the link synchronous algorithms behave on real radio protocols. The results indicate that the link synchronous algorithms can reduce packet loss substantially, with best results possible if the link layer provides information on the move prior to the link switch. James Kempf is a Research Fellow at DoCoMo USA Laboratories. He holds a Ph.D. from the University of Arizona, Tucson, AZ. Previously, James worked at Sun Microsystems for 13 years, and contributed to numerous research projects involving wireless networking, mobile computing, and service discovery. James is a former member of the Internet Architecture Board, and co-chaired the SEND and Seamoby IETF Working Groups. James continues to be an active contributor to Internet standards in the areas of security and mobility for next generation, Internet protocol-based mobile systems. Ajoy Singh is a Principal Staff Engineer at Motorola GTSS Division where he has led the development of radio network controllers and the various components of core networks for 3GPP-based HSDPA and 3GPP2-based CDMA prototype systems. He holds a Master’s degree from DePaul University, Chicago, IL. Ajoy is the co-developer of several pending patents on cellular radio technology, and has contributed to the standardization of seamless mobility protocols through the Seamoby and Mobile IP IETF Working Groups and through IEEE 802.21. Jonathan Wood is an independent contractor and has been working with DoCoMo Labs since 2001. He is currently contributing to research on next generation mobility and networking infrastructures. Previously at Sun Microsystems, Jonathan focused on Solaris networking and 4G wireless network research. Atsushi Takeshita is a Director at the NTT DoCoMo Multimedia Laboratories in Yokoska Research Park, Japan. Prior to that, he was Director of the Autonomous Communication Laboratory in DoCoMo USA Laboratories, and one of the founding members of DoCoMo USA Laboratories. Atsushi joined NTT DoCoMo in 1988 and has since been engaged in the research and development of multimedia information retreival and delivery, the mobile Internet, and mobile terminal architectures. He is a member of the Association for Computing Machinery (ACM) and Information Processing Society of Japan. Nat Natarajan joined Motorola in 1993, and is a Fellow of the Technical Staff at Motorola. He received his Ph.D. from Ohio State University in Columbus, OH. Prior to working at Motorola, Nat served as a research staff member for over 12 years with IBM Thomas J. Watson Research Center, Yorktown Heights, NY, working primarily on packet switched data, voice and integrated networks as well as wireless data and satellite networks, and he has been a major contributor to the IEEE 802.11 standard approved in 1997. Nat is a Motorola Distinguished Innovator, holding 30 patents, and is a Senior Member of IEEE. Nat’s current technical interests are Beyond 3G/4G mobile networking systems based on IP technologies.