Subscriber Privacy in Cellular Systems (original) (raw)

Privacy enhanced cellular access security

Proceedings of the 4th ACM workshop on Wireless security - WiSe '05, 2005

The 3G cellular access security architectures do not provide satisfactorily user privacy and fail to fully include all three principal entities involved in the security context. In this paper we propose a beyond-3G Privacy Enhanced 3-Way Authentication and Key Agreement (PE3WAKA) protocol that provides substantially improved user privacy and a 3-way security context. By integrating selected Mobility Management procedures and the PE3WAKA protocol this is achieved with fewer round-trips than the 3G equivalent.

An Enhancement of Authentication Protocol and Key Agreement (AKA) For 3G Mobile Networks

2011

This paper proposes a secure authentication mechanism by integrating the public key with the hash-chaining technique. The propose protocol satisfies the security requirements of third generation (3G) mobile networks. Also provide the protection of the international mobile subscriber identity (IMSI) to ensure subscriber un-traceability, key refreshment periodically, strong key management and a new non-repudiation service in a simple and elegant way. The proposed protocol is more secure protocol than the other available authentication protocols. To avoid the complicated synchronization as in universal mobile telecommunications system (UMTS) the proposed protocol does not use sequence number (SEQ), the management of a hash chain is simple and elegant compared to that of SEQ. This proposed protocol is secure against network attacks, such as replay attacks, guessing attacks, and other attacks.

Security protocols for 2G and 3G wireless communications

Wireless communications are being driven by the need for providing network access to mobile or nomadic computing devices. The need for wireless access to a network is evident in current work environments. A number of new protocols have been recently published with the goal of providing both privacy of data and authentication of users for mobile systems. Such protocols can employ private-key and/or public key cryptographic algorithms. Publickey algorithms hold the promise of simplifying the network infrastructure required to provide security services such as: privacy, authentication and non-repudiation, while symmetric algorithms require less processing power on the mobile device.In this paper a selection of protocols are reviewed and they are broadly divided into two categories: second generation and third generation protocols. A summary of the capabilities and services provided by each protocol is then provided.

Enhancing end-users privacy in 3G networks

2003

Mobile/wireless Internet is becoming available with the advent of third generation (3G) mobile communication systems. Along with the variety of new perspectives, mobile Internet also raises new concerns on security issues. The radio transmission is by nature more susceptible to eavesdropping and fraud in use than wireline transmission. The user mobility and the universal network access certainly provoke security treats. The introduction of IP-based transport technology to the core of 3G networks brings along new vulnerabilities and potential threats. Mobile network operators do not deploy their own private networks, but they rather rely on the existing Internet infrastructure for the establishment of intra-network, and inter-network communications. Furthermore, the complex network topologies and the heterogeneity of the involved technologies increase the dependability challenge.

SAKA: A Secure Authentication and Key Agreement Protocol for GSM Networks

2013

Although nowadays we are running in the 3rd generation of cellular networks but most of the service providers are also providing the services of 2nd generation cellular networks. The Global System for Mobile Communication (GSM) protocol is proposed to solve the security issues and vulnerabilities found in first generation of cellular communication which was based on analog communication system. GSM system is still vulnerable to redirection attack, man-in-the-middle attack and impersonation attack. An intruder can apply these attacks to impersonate the network or bill mischarge the users. In this paper, we propose a new secure GSM protocol called ''SAKA'' to prevent GSM networks from various security issues and attacks. This proposed protocol improves the drawbacks of the original GSM authentication protocol including: not supporting mutual authentication; large bandwidth consumption between VLR and HLR; storage space overhead in VLR; and overloaded HLR with authentication of mobile stations. This protocol also eliminates the need of synchronization between a mobile station MS and its home network HLR. The SAKA protocol generates minimum communication overhead as compare to all other existing and proposed GSM protocols. Authors claim that on an average the SAKA protocol has reduced 56 % of the bandwidth consumption during the authentication process which is the maximum reduction of bandwidth by any GSM protocol.

3G-WLAN interworking: security analysis and new authentication and key agreement based on EAP-AKA

2009 Wireless Telecommunications Symposium, 2009

The 3rd Generation Partnership Project(3GPP) standard is developing System Architecture Evolution(SAE)/Long Term Evolution(LTE) architecture for the next generation mobile communication system. The SAE/LTE architecture provides secure service and 3G-WLAN interworking [9]. To provide secure 3G-WLAN interworking in the SAE/LTE architecture, Extensible Authentication Protocol-Authentication and Key Agreement(EAP-AKA) is used. However, EAP-AKA has several vulnerabilities such as disclosure of user identity, man-in-themiddle attack, Sequence Number(SQN) synchronization, and additional bandwidth consumption. Therefore, this paper analyzes threats and attacks in 3G-WLAN interworking and proposes a new authentication and key agreement protocol based on EAP-AKA. The proposed protocol combines Elliptic Curve Diffie-Hellman(ECDH) with symmetric key cryptosystem to overcome these vulnerabilities. Moreover, our protocol provides Perfect Forward Secrecy(PFS) to guarantee stronger security, mutual authentication, and resistance to replay attack. Compared with previous protocols which use public key cryptosystem with certificates, our protocol can reduce computational overhead.

Authentication and key agreement scheme for CDMA cellular system

2015 IEEE International Conference on Communication Software and Networks (ICCSN), 2015

Long Term Evolution LTE is the first technology that provides exclusively packet-switched data and modifies the security architecture of the 2G and 3G systems. The LTE security architecture offers confidentiality, access control, a kind of obscurity and mutual authentication. However, numerous types of attacks can be encountered during the mutual authentication process which is a challengeresponse based technique. Therefore, a high secure public key algorithm can be implemented to improve the network security services. As the network operator is often considered as not being a highly trusted party and can thus face threats, the communications ends are the only secure parties to provide such security features. This paper proposes a secure mutual authentication and key agreement scheme for LTE cellular system with user-to-user security. The network side in this scheme operates as a proxy and non-trusted party to provide the security architecture with more flexibility and reliability. This is achieved by using designated verifier proxy signature and key agreement protocol based bilinear pairing with some changes in both security algorithms and LTE security architecture within the LTE standardization. Our security and performance analysis demonstrated that the proposed scheme is more secure compared to the basic authentication and key agreements schemes.

Authentication and Billing Protocols for the Integration of WLAN and 3G Networks

Wireless Personal Communications, 2004

Wireless communications have developed rapidly and have been applied for many services. Cellular (the third-generation) mobile networks and wireless local area network (WLAN) are two important technologies for providing wireless communications. The third-generation (3G) networks provide wider service areas, and "always-on" and ubiquitous connectivity with low-speed data rate. WLAN networks offer higher data rate and the easy compatibility of wired Internet, but cover smaller areas. In fact, 3G and WLAN possess complementary properties. Integrating 3G and WLAN networks may offer subscribers high-speed wireless data services and ubiquitous connectivity. For integrating two heterogeneous networks, several issues should be involved, authentication, billing, quality of service, and seamless roaming between 3G and WLAN networks. In this paper, we address the authentication and billing problems and propose two protocols that provide both authentication and billing services. One protocol utilizes a one-time password approach to authenticate subscribers. This protocol is efficient in both computation time and authentication procedures. Because of the restrictions of the password-based approach, this protocol could not offer the non-repudiation property for the billing problem. Another protocol is constructed on a public-key-based system (i.e., certificates). Although it requires more computation time than the password-based approach, non-repudiation is guaranteed. Performance analysis simulation results are given to validate our two protocols.

Privacy Enhanced Mobile Authentication

Wireless Personal Communications, 2007

ABSTRACT In this paper, we investigate location- and identity privacy issues related to the access procedures. The investigation includes subscriber identity management, mobility management at the link layer and the security setup (authentication and key agreement) procedures. The paper also presents a Privacy Enhanced Mobile Authentication and Key Agreement (PEMAKA) protocol that illustrates the concepts and demonstrates that future mobile systems can provide both improved access security and enhanced subscriber privacy.