PANA/IKEv2: an Internet authentication protocol for heterogeneous access (original) (raw)
Related papers
PANA/GSM authentication for Internet access
SympoTIC'03. Joint 1st Workshop on Mobile Future and Symposium on Trends in Communications, 2003
Currently there are no Internet access authentication protocols available that are lightweight, can be carried over arbitrary access networks, and are flexible enough to be used in all the likely future ubiquitous mobility access contexts. This article proposes the PANA/GSM authentication protocol for heterogeneous network access as a step towards filling this gap. A security analysis of the PANA/GSM protocol is also provided. This article aims primarily at contributing to the design of authentication protocols suitable for use in future heterogeneous Internet access environments supporting ubiquitous mobility.
Network access security for the internet: protocol for carrying authentication for network access
IEEE Communications Magazine, 2012
PANA [2] is an application protocol using the User Datagram Protocol (UDP) as transport, which has been specially conceived by the IETF to carry the Extensible Authentication Protocol (EAP) in order to support different authentication mechanisms for network access, regardless of the underlying network access technology. Due to the close relationship between EAP and PANA, we first provide a brief overview of EAP to give the reader a better understanding of the subsequent description of the PANA architecture and protocol operation.
Authentication protocols for mobile network environment value-added services
IEEE Transactions on Vehicular Technology, 2002
Abstract| The secure provision of mobile computing and telecommunication services is rapidly increasing in importance as both demand and applications for such services continue to grow. This paper is concerned with the design of public key based protocols suitable for application in upcoming third generation mobile systems such as UMTS. Candidate protocols are considered for the authentication of a mobile user to a value-added service provider with initialisation of a mechanism enabling payment for the value-added service. A set of goals for such a protocol are identi ed, as are a number of generic attacks; these goals and attacks are then used to evaluate the suitability of seven candidate third generation user-to-network authentication protocols. Many of these candidate protocols are shown to have highly undesirable features.
Current Approaches to Authentication in Wireless and Mobile Communications Networks
This document 1 gives a brief introduction into algorithms and protocols for entity authentication (verifying the identity of communication partners) and analyzes the approaches for realizing authentication in current mobile communication standards. The main results of this comparative analysis concerning an authentication infrastructure for wireless Internet access are, that (1) the protocols as proposed in current IETF working groups still need further evaluation of their security characteristics, and, in particular, (2) do exhibit serious deficiencies regarding the location privacy of mobile nodes. Furthermore, it is concluded that in order to assess the performance implications of (re-)authentication during frequent handovers further study is needed which will be addressed in a future report.
Authentication in Ubiquitous Networking
International Journal of Information Security and Privacy, 2015
Mobile authentication is an essential service to ensure the security of engaging parties in a ubiquitous wireless network environment. Several solutions have been proposed mainly based on both centralised and distributed authentication models to allow ubiquitous mobile access authentication; however, limitations still exist in these approaches, namely flexibility, security and performance issues and vulnerabilities. These shortcomings are influenced by the resource limitations of both wireless networks and the mobile devices together with inter-technology and inter-provider challenges. In this paper, the authors reviewed the major techniques in the field of ubiquitous mobile access authentication, which has attracted many researchers in the past decade. After investigating existing mobile authentication models and approaches, the common challenges are summarised to serve as the solution key requirements. The identified key solution requirements allow analysing and evaluating mobile ...
An efficient authentication protocol for mobile communications
Telecommunication Systems, 2010
In this paper, a new Global System of Mobile Communications (GSM) authentication protocol is proposed to improve some drawbacks of the current GSM authentication protocol for roaming users including: (a) communication overhead between VLR; (b) huge bandwidth consumption between VLR and HLR; (c) storage space overhead in VLR; (d) overloaded in HLR with authentication of mobile stations; and (e) not supporting bilateral authentication. The main contribution of this paper is that it does not only improve the drawbacks listed above but also fits the needs of roaming users. In addition, the proposed protocol does not change the existing architecture of GSM, and the robustness of the proposed protocol is the same as that of the original GSM, which is based on security algorithms A3, A5, and A8.
A New Hybrid Authentication Protocol to Secure Data Communications in Mobile Networks
The growing area of lightweight devices, such as mobile cell phones, PDA … conduct to the rapid growth of mobile networks, they are playing important role in everyone's day. Mobile Networks offer unrestricted mobility and tender important services like M-business, M-Learning, where, such services need to keep security of data as a top concern. The root cause behind the eavesdroppers in these networks is the un-authentication. Designing authentication protocol for mobile networks is a challenging task, because, mobile device's memory, processing power, bandwidths are limited and constrained. Cryptography is the important technique to identify the authenticity in mobile networks. The authentication schemes for this networks use symmetric or asymmetric mechanisms. In this paper, we propose a hybrid authentication protocol that is based on Elliptic Curve Cryptography which is, actually, the suitable technique for mobile devices because of its small key size and high security.
A SURVEY ON AUTHENTICATION AND KEY AGREEMENT PROTOCOLS IN HETEROGENEOUS NETWORKS
Unlike current closed systems such as 2nd and 3rd generations where the core network is controlled by a sole network operator, multiple network operators will coexist and manage the core network in Next Generation Networks (NGNs). This open architecture and the collaboration between different network operators will support ubiquitous connectivity and thus enhances users’ experience. However, this brings to the fore certain security issues which must be addressed, the most important of which is the initial Authentication and Key Agreement (AKA) to identify and authorize mobile nodes on these various networks. This paper looks at how existing research efforts the HOKEY WG, Mobile Ethernet and 3GPP frameworks respond to this new environment and provide security mechanisms. The analysis shows that most of the research had realized the openness of the core network and tried to deal with it using different methods. These methods will be extensively analysed in order to highlight their strengths and weaknesses.
An Authentication Framework for Roaming Service in Global Mobility Networks
Information Technology And Control
In global mobility networks (GLOMONET), to provide secure and privacy-preserving communication among authorized mobile users in roaming services is not an easy task. To achieve authorized communication, mutual authentication is performed among legal users in GLOMONET. Therefore, security as well as privacy should be addressed in designing the security protocols for GLOMONET. In recent years, most of the research work is focused on one-way authentication and does not have desirable security attributes. In this paper, we discuss the development of authentication protocol for GLOMONET. To address security and privacy issues in authorized communication, we proposed a provably secure authentication protocol for GLOMONET. To identify the resistance against known attacks, we have analyzed the scheme against all known attacks. The comparative study on the security and performance with the related results manifests that the proposed scheme addresses the security and privacy challenges and avails comparable performance.
ESAP: Efficient and secure authentication protocol for roaming user in mobile communication networks
Sādhanā
The Global System for Mobile communication (GSM) network is proposed to mitigate the security problems and vulnerabilities observed in the mobile telecommunication system. However, the GSM network is vulnerable to different kinds of attacks such as redirection attack, impersonation attack and Man in-the Middle (MiTM) attack. The possibility of these attacks makes the wireless mobile system vulnerable to fraudulent access and eavesdropping. Different authentication protocols of GSM were proposed to overcome the drawbacks but many of them lead to network signalling overload and increases the call setup time. In this paper, an efficient and secure authentication and key agreement protocol (ESAP-AKA) is proposed to overcome the flaws of existing authentication protocol for roaming users in the GSM network. The formal verification of the proposed protocol is presented by BAN logic and the security analysis is shown using the AVISPA tool. The security analysis shows that the proposed protocol avoids the different possible attacks on the communication network. The performance analysis based on the fluid flow mobility model shows that the proposed protocol reduces the communication overhead of the network by reducing a number of messages. On an average, the protocol reduces 60% of network signalling congestion overhead as compared with other existing GSM-AKA protocols. Moreover, the protocol not only removes the drawbacks of existing protocols but also accomplishes the needs of roaming users.