PA-AKA: Privacy-Aware and Lightweight Authentication Scheme for Long Term Evolution (LTE) (original) (raw)
Related papers
Anonymous authentication and location privacy preserving schemes for LTE-A networks
Egyptian Informatics Journal, 2017
Long Term Evaluation Advanced (LTE-A) is the third generation partnership project for cellular network that allows subscribers to roam into networks (i.e., the Internet and wireless connections) using spacial purpose base-stations, such as wireless access points and home node B. In such LTE-A based networks, neither base-stations, nor the Internet and wireless connections are trusted because base-stations are operated by un-trusted subscribers. Attackers may exploit these vulnerabilities to violate the privacy of the LTE-A subscribers. On the other hand, the tradeoff between privacy and authentication is another challenge in such networks. Therefore, in this paper, we propose two anonymous authentication schemes based on one-time pseudonymes and Schnorr Zero Knowledge Protocols. Instead of the international mobile subscriber identity, these schemes enable the user equipment, base-stations and mobility management entity to mutually authenticate each others and update the location of the user equipment without evolving the home subscriber server. The security analysis demonstrate that the proposed schemes thwart security and privacy attacks, such as malicious, international mobile subscriber identity catching, and tracking attacks. Additionally, our proposed schemes preserve the location privacy of user equipment since no entity except the mobility management entity and GateWay Mobile Location Center can link between the pseudonymes and the international mobile subscriber identity. Also attackers have no knowledge about international mobile subscriber identity. Hence, the proposed schemes achieve backward/forward secrecy. Furthermore, the performance evaluation shows that the proposed handover schemes impose a small overhead on the mobile nodes and it has smaller computation and communication overheads than those in other schemes.
Privacy preserving lightweight authentication scheme for roaming service in global mobile networks
International Journal of Advances in Applied Sciences (IJAAS), 2024
The swift advancement of mobile intelligent terminals and services enables users to seamlessly access ubiquitous services across global mobile networks. Ensuring the authentication and safeguarding of the privacy of network entities is crucial. Numerous authentication and privacy schemes have been put forth over time, yet many of them have faced security and privacy challenges. A recent contribution introduces a lightweight authentication scheme (LAS) designed for roaming services within global mobile networks. They assert that their scheme offers user anonymity, mutual authentication, fair key agreement, and user-friendliness, claiming resilience against various attacks in global mobile networks. This paper, however, identifies two design flaws in the LAS and highlights its vulnerability to two masquerading attacks and a mobile user (MU) trace attack. Consequently, we propose a privacy-preserving LAS tailored for global mobile networks. Our analysis demonstrates that the proposed authentication scheme is secure and delivers enhanced privacy with efficient performance.
Privacy Enhanced and Computationally Efficient HSK-AKA LTE Scheme
2013 27th International Conference on Advanced Information Networking and Applications Workshops, 2013
In this paper, we propose a new Authentication and Key Agreement (AKA) scheme for the Long Term Evolution (LTE) technology. The scheme addresses mainly the privacy concerns related to the identity of mobile users and aims at protecting such users from malicious Mobile Management Entities (MME). In addition, the constraint of limited energy on mobile network elements is taken into consideration when developing the associated computational procedures. Accordingly, we propose a hybrid scheme that employs both symmetric and asymmetric encryption techniques.
Enhanced Identity Privacy in UMTS
International Journal of Ad Hoc and Ubiquitous Computing, 2016
Subscriber's identity privacy in mobile networks has been an exciting research area. Earlier, researchers were focused on protecting it over the radio link between the mobile device and the serving network. Whereas now, they are considering the need for protecting the same from the serving network itself, due to the security and flexibility that it promises to bring into roaming situations. Towards this, numerous protocols have been proposed for mobile networks in general. However, in universal mobile telecommunications system (UMTS), one of the most widely deployed mobile networks, not much research has been conducted in this direction. In this paper, we make an effort to fill in this gap by proposing an extension that can be easily adapted in UMTS. We also establish the security, robustness and correctness of this extension through statistical, security and formal analysis.
Preserving Privacy of User Identity Based on Pseudonym Variable in 5G
Computers, Materials & Continua, 2022
The fifth generation (5G) system is the forthcoming generation of the mobile communication system. It has numerous additional features and offers an extensively high data rate, more capacity, and low latency. However, these features and applications have many problems and issues in terms of security, which has become a great challenge in the telecommunication industry. This paper aimed to propose a solution to preserve the user identity privacy in the 5G system that can identify permanent identity by using Variable Mobile Subscriber Identity, which randomly changes and does not use the permanent identity between the user equipment and home network. Through this mechanism, the user identity privacy would be secured and hidden. Moreover, it improves the synchronization between mobile users and home networks. Additionally, its compliance with the Authentication and Key Agreement (AKA) structure was adopted in the previous generations. It can be deployed efficiently in the preceding generations because the current architecture imposes minimal modifications on the network parties without changes in the authentication vector's message size. Moreover, the addition of any hardware to the AKA carries minor adjustments on the network parties. In this paper, the ProVerif is used to verify the proposed scheme.
Light-Weight Authentication Scheme for Handoff in Long Term Evolution (LTE)
International Journal of Advanced Research in Computer Science and Electronics Engineering, 2015
Long Term Evolution (LTE) is a 4G communication standard in mobile communication developed by 3GPP. LTE assure reliability, broad coverage, low latency and faster speed as compared to 3G. Seamless handover is the key for the mobile users. LTE provides good handoff solutions to assure the get connected status to the user. The fundamental LTE model has not enriched with security measures during handoff. Various researchers have proposed a numerous solution related to authentication in LTE handover. Most of them have used the concept of the PKI cryptography to achieve the same. In this paper, we have proposed a Light-Weight Authentication (LWA) system for LTE during handoff. The idea behind the proposed approach is to Authentication Digest (AD) with Hash function which has been exchange between UE’s to eNB (Home AP) and same AD has been exchanged between eNB to eNB (Visitor AP). Proposed system has generated a hash random number called AD which has been further used to authenticate the...
Temporary Internet Access for Authentication and Key Agreement for LTE Networks
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2018
Evolved Packet System-Authentication and Key Agreement (EPS-AKA) is the security protocol in Long-Term Evolution (LTE). However, it is still vulnerable to user identity attacks and fake eNBs. Efficient EPS-AKA (EEPS-AKA) was proposed with some improvements. Nevertheless, the EEPS-AKA is vulnerable to denial-of-service (DoS) attacks and fake eNBs, despite of some minor flaws in its procedures. In this paper, we propose Temporary Internet Access (TIA)-AKA to: (1) prevent user identity disclosure by implementing some additional steps, which allows a user equipment (UE) to request a temporary UE identity to access Internet; and (2) authenticate the Mobility Management Entity (MME) through the validity of the assigned IP address. Physical address and simple password exponential key exchange (SPEKE) method are combined into the proposed TIA-AKA. Efficiency analysis suggests the TIA-AKA provides a fully protection on the user identity and prevent the DoS attack, at the expense of increased bandwidth consumption and processing delay.
A Hybrid Authentication Protocol for LTE/LTE-A Network
IEEE Access, 2019
The wireless technology has revolutionized and had a significant impact on every aspect of people's life. Confidential information, financial transactions, and sensitive conversations are frequent via the wireless network and securing all these data are of the utmost importance. In this paper, we discuss the major weaknesses of the long-term evolution (LTE) authentication process and propose a new approach-the hybrid evolved packet system (HEPS) protocol to address the vulnerabilities. The proposed protocol has been verified logically, using Burrows-Abadi-Needham logic, and systematically, using the automated validation of internet security protocol and application tool. The HEPS protocol will optimize the performance of the LTE authentication process and fundamentally solve the security issue of the process. INDEX TERMS Long term evolution, hybrid evolved packet system, Burrows-Abadi-Needham logic, automated validation of Internet security protocol, application tool.
Current Approaches to Authentication in Wireless and Mobile Communications Networks
This document 1 gives a brief introduction into algorithms and protocols for entity authentication (verifying the identity of communication partners) and analyzes the approaches for realizing authentication in current mobile communication standards. The main results of this comparative analysis concerning an authentication infrastructure for wireless Internet access are, that (1) the protocols as proposed in current IETF working groups still need further evaluation of their security characteristics, and, in particular, (2) do exhibit serious deficiencies regarding the location privacy of mobile nodes. Furthermore, it is concluded that in order to assess the performance implications of (re-)authentication during frequent handovers further study is needed which will be addressed in a future report.
Advanced Identity Management System in 4G Wireless Networks
JRE group of institutions, 2014
Wireless Services provided across 4G wireless networks are mainly characterized by ubiquity and convergence. Therefore a user needs to be identified and authenticated to different serving networks and different service providers. Different identities for the same user would be hardly manageable since it would lead identity confusion and heavy management procedures (overlapping zones). Therefore, we need a unique identifier assignment and management techniques in heterogeneous environments. In this paper, we introduce pattern for the Temporal Mobile Subscriber identity (TMSI) and develop the associated secure identity management process. We show that our system, called Advanced Identity Management (AIM) guarantees mutual authentication, privacy, and tracking avoidance, which would be primary importance in 4G wireless network