Reducing the User Authentication Cost in Next Generation Networks

Computers & Security, 2010

A user in Beyond 3 rd Generation (B3G) networks in order to get access to the network services must perform a multi-pass authentication procedure, which includes two or three sequential authentications steps. These multiple authentication steps include a redundant repetition of the same or similar authentication functions, which impose an unnecessary authentication overhead. This paper proposes a security binding mechanism, which reduces the execution of the redundant authentication functions of multi-pass authentications in a simple yet effective and secure manner. To achieve this, the proposed mechanism authenticates a user in the second and third step of a multi-pass authentication, by using the user's authentication credentials of the initial step. The focal point of the security binding mechanism is its generic application in multi-pass authentications, regardless of the underlying network architecture or protocols. To prove this, we have selected to present and analyze the application of the proposed mechanism in two different B3G scenarios (i.e., , resulting in the improved authentication procedures. A security analysis of the improved procedures has been carried out to identify possible attacks and propose security measures to eliminate them. Moreover, a simulation model has been developed to estimate and compare the performance of the improved 3G-WLAN authentication procedure to that of the legacy 3G-WLAN authentication. Simulation results show that the improved procedure presents better performance than its legacy counterpart.

2008

With the widespread use of wireless network services and applications, security is a major concern. From wireless network security aspects, authentication for services is very important especially in Internet banking. In this paper, an authentication method for wireless networks using dynamic key theory is presented. The dynamic key theory is used to produce "one time keys" for authentication. These one time keys will improve the efficiency and security of wireless authentication. It can be applied for Internet banking and services in wireless networks.

Wireless Personal Communications, 2004

Wireless communications have developed rapidly and have been applied for many services. Cellular (the third-generation) mobile networks and wireless local area network (WLAN) are two important technologies for providing wireless communications. The third-generation (3G) networks provide wider service areas, and "always-on" and ubiquitous connectivity with low-speed data rate. WLAN networks offer higher data rate and the easy compatibility of wired Internet, but cover smaller areas. In fact, 3G and WLAN possess complementary properties. Integrating 3G and WLAN networks may offer subscribers high-speed wireless data services and ubiquitous connectivity. For integrating two heterogeneous networks, several issues should be involved, authentication, billing, quality of service, and seamless roaming between 3G and WLAN networks. In this paper, we address the authentication and billing problems and propose two protocols that provide both authentication and billing services. One protocol utilizes a one-time password approach to authenticate subscribers. This protocol is efficient in both computation time and authentication procedures. Because of the restrictions of the password-based approach, this protocol could not offer the non-repudiation property for the billing problem. Another protocol is constructed on a public-key-based system (i.e., certificates). Although it requires more computation time than the password-based approach, non-repudiation is guaranteed. Performance analysis simulation results are given to validate our two protocols.

This document 1 gives a brief introduction into algorithms and protocols for entity authentication (verifying the identity of communication partners) and analyzes the approaches for realizing authentication in current mobile communication standards. The main results of this comparative analysis concerning an authentication infrastructure for wireless Internet access are, that (1) the protocols as proposed in current IETF working groups still need further evaluation of their security characteristics, and, in particular, (2) do exhibit serious deficiencies regarding the location privacy of mobile nodes. Furthermore, it is concluded that in order to assess the performance implications of (re-)authentication during frequent handovers further study is needed which will be addressed in a future report.

Computer Communications, 2007

This paper analyses the authentication and key agreement (AKA) protocol for UMTS mobile networks. In this research the current authentication protocol has been enhanced by reducing the network traffic, signalling message between entities. Consequently the bottleneck at authentication centre is avoided. This is achieved by reducing the number of messages between mobile and authentication centre, then reducing the authentication times, and setup time as well as improving authentication efficiency as shown in analytical analysis and simulation results. In this paper dynamic length (L) for an array for authentication vector (AV) has been proposed. This requires designing a new technique to predict the numbers of records in AV in each authentication data request depending on the arrival rate of authentication events and residence time of the mobile station (MS) in VLR/SGSN. The analytical and simulation study have been carried out to explore the impact of dynamic length for authentication vector on the signalling traffic in mobile network. To validate the simulation results in this research work, the results have been compared with the analytical results and fill match has been achieved.

2006 Proceedings of the First Mobile Computing and Wireless Communication International Conference, 2006

This paper analyses the authentication and key agreement (AKA) protocol for UMTS mobile networks, where a new authentication protocol which is able to reduce the network traffic and signaling message between entities, and consequently the bottleneck at authentication centre is avoided, this is achieved by reducing the number of messages between mobile and authentication centre, and then reducing the authentication times and setup time as well as improving authentication efficiency as shown in numerical analysis and simulation results. In this paper we propose dynamic length (L) for an array for authentication vector (AV). This required designing new technique to predict the numbers of records in AV in each authentication data request depending on the to arrival rate of authentication events and residence time of MS in VLR/SGSN. The proposed AKA with dynamic L for A V is compared with the current AKA with fixed length for A V.

EURASIP Journal on wireless …, 2006

This paper analyzes the authentication and key agreement (AKA) protocol for universal mobile telecommunications system (UMTS) mobile networks, where a new protocol is proposed. In our proposed protocol, the mobile station is responsible for generating of authentication token (AUTN) and random number (RAND). The home location register is responsible for comparison of response and expected response to take a decision. Therefore, the bottleneck at authentication center is avoided by reducing the number of messages between mobile and authentication center. The authentication time delay, call setup time, and signalling traffic are minimized in the proposed protocol. A fluid mobility model is used to investigate the performance of signalling traffic and load transaction messages between mobile database, such as home location register (HLR) and visitor location register (VLR) for both the current protocol and the proposed protocol. The simulation results show that the authentication delay and current load transaction messages between entities and bandwidth are minimized as compared to current protocol. Therefore, the performance and the authentication delay time have been improved significantly.

TURKISH JOURNAL OF ELECTRICAL ENGINEERING & COMPUTER SCIENCES, 2016

This paper scrutinizes the authentication and key agreement protocol adopted by the Universal Mobile Telecommunication System to meet the standards of a fourth-generation network. Lately, communication of multimedia (CoM) has drawn the attention of researchers for the future of secure wireless mobile communication. However, the CoM has not had any defensive mechanism to fulfil the specifications of 3GPP and reduce the computation and communication overheads and susceptible attacks like redirection, man-in-the-middle, and denial of service attacks. In addition, this paper has thoroughly investigated some existing protocols from the literature for the identification of new challenges in server-client authentication. To probe the challenges of the existing schemes realistically, the multimedia client and multimedia server components (proxy, interrogating, serving, and home subscriber server) were physically deployed on the Linux platform to examine the specifications of 3GPP, vulnerable attacks, computation, and communication overheads. We observed that the examined existing schemes are not able to fulfill the above criteria. We thus propose addition of the mutual authenticated session key (MASK) to the physical environment of the multimedia server-client. To satisfy the 3GPP specifications, the protocol of MASK offers mutual authenticity to the multimedia server-client. Moreover, the feature of mutual authenticity reduces the computation and communication overheads of the multimedia server-client. Since the session keys are jointly shared between the multimedia server and client, the protocol of MASK can additionally provide privacy preservation and forward secrecy.

IEEE Wireless Communications, 2003

Emerging broadband access technologies such as 802.11 are enabling the introduction of wireless IP services to an increasing number of users. The market forecasts suggest that a new class of network providers, commonly referred to as Wireless Internet Service Providers (WISP), will deploy public wireless networks based on these new technologies. In order to offer uninterrupted IP service combined with ubiquitous seamless mobility, these multi-provider networks need to be integrated with each other, as well as with wide-area wireless technologies, such as thirdgeneration CDMA-2000 and UMTS. Therefore, efficient authentication and dynamic key exchange protocols that support heterogeneous domains as well as networks with roaming agreements across trust boundaries are key to the success of wide-area wireless IP infrastructures. In this paper, we first describe a simple network model that accounts for heterogeneity in network service providers, and put forward the requirements that any authentication and key exchange protocol that operates in such model should satisfy, in terms of network efficiency, security and fraud prevention. We then introduce a new authentication and key exchange protocol, called Wireless Shared Key Exchange (W-SKE). We characterize properties and limitations of W-SKE against the requirements discussed earlier. Finally, we contrast W-SKE against other wellknown and emerging approaches.

2006

Authorization, authentication, and accounting schemes for WiMAX (Worldwide Interoperability for Microwave Access) are the focus of this paper. WiMAX works as a wireless metropolitan area network (MAN) technology, based on IEEE 802.16 specifications, which was designed to provide high-throughput wireless broadband connections (up to 70 Mbps for fixed scheme and up to 15 Mbps for mobile scheme) over long distances (up to 30 miles) , which is described as a "framework for the evolution of wireless broadband". The main focus of the authentication and authorization is based on the privacy key management $extensible authentication protocol for pairwise key manegement "EAP-PKM" and the accounting issue