Security Architecture for Mobile Communication Systems

There is much discussion and debate about how to improve the security and privacy of mobile communication systems, both voice and data. Most proposals attempt to provide incremental improvements to systems that are deployed today. Indeed, only incremental improvements are possible, given the regulatory, technological, economic, and historical structure of the telecommunications system. In this paper, we conduct a ``thought experiment'' to redesign the mobile communications system to provide a high level of security and privacy for the users of the system. We discuss the important requirements and how a different architecture might successfully satisfy them. In doing so, we hope to illuminate the possibilities for secure and private systems, as well as explore their real limits.

Communications and Multimedia Security Issues of the New Century, 2001

Mobile communication on the Internet sets more security concerns than traditional mobile networks such as GSM. The network infrastructure registration process should give credentials to the user to let him or her being identified by any service provider in order to prevent fraudulent use. In addition, a user should be able to communicate with privacy and to sign a message (e.g. a payment order) so that billing is possible. Users should be able to connect from everywhere, with various types of terminals, possibly mobile. In this paper, we propose to secure an infrastructure providing telecommunication services on the Internet for a mobile user. We establish a trust relationship between any pair of the parties with a password-based user access. As for user-to-user communication, both signaling and media data can be secured. We illustrate the use of this infrastructure to provide secure IF-Telephony.

Explosive growth in the number of mobile communication devices necessitates the need for more secure and energy-efficient schemes. They also pose additional constraints like limited battery-life and computational power, which add new dimensions to the conventional secure communication problem. In such a scenario, the need for newer paradigms and schemes cannot be overestimated. This paper discusses one such approach, in the form of a secure & mobile-platform-conducive architecture design, which is a thoughtful application of existing algorithms like RSA and the Elliptic Curve Cryptography (ECC). The core of this architecture lies in the fact that RSA public key operations are computationally much less intensive than the corresponding private key operations, while it is the other way around in ECC. Tests have been conducted to verify the claims. Results have shown that this architecture works better than the other architectures which can be employed in mobile communications.

2001

All Rights Reserved iii Certificate Recommending Acceptance iv v Key Words Authentication, key establishment, authentication model, formal analysis, forward secrecy, key recovery, key escrow, WAKE protocol, denial-of-service attack, electronic commerce, mobile security, mobile communication security, UMTS, IMT-2000, IS -41C, GSM. vi vii

1997

2005

Mobile handheld device is a popular device that provides secure, private, authentic, and accurate communication and exchange of confidential information. In this paper we propose a technique to solve the authenticity problem in mobile communication. This technique is mainly based on the usage of the Fingerprint to identify both the speaker and the sender. This technique is simple, requires less calculation than other public/private key techniques, assures more authenticity than digital signature, and eliminates the need for a third party. Moreover, when applied to mobile phones, this technique resists any forge imposed by another party.

In frequent applications trust on the persistence of compact inventions that can interchange data and produce the communication networks. In a relevant part of such applications, the confidentiality and integrity of the exchanged messages are of particular attention. In this effort, we use two novel procedures for protecting message authentication codes and validating encrypted messages that are required to face the demands of mobile and pervasive computing. By taking the benefits of the reality that the report to be verified must also be encrypted, we use provably securing codes that will be productive than other codes. The secret intention behind our advance techniques is to make use of the security that can be issued by an encryption algorithm to plan additional protecting actions, as against to using other standalone securing primitives.

Telecommunication Systems, 2010

In this paper, a new Global System of Mobile Communications (GSM) authentication protocol is proposed to improve some drawbacks of the current GSM authentication protocol for roaming users including: (a) communication overhead between VLR; (b) huge bandwidth consumption between VLR and HLR; (c) storage space overhead in VLR; (d) overloaded in HLR with authentication of mobile stations; and (e) not supporting bilateral authentication. The main contribution of this paper is that it does not only improve the drawbacks listed above but also fits the needs of roaming users. In addition, the proposed protocol does not change the existing architecture of GSM, and the robustness of the proposed protocol is the same as that of the original GSM, which is based on security algorithms A3, A5, and A8.