IJSRD - International Journal for Scientific Research & Development| Vol. 5, Issue 04, 2017 | ISSN (online): 2321-0613 A New Authentication and Key Agreement Protocol for next Generation 3GPP Mobile Networks Pooja Thakur1 Ashish Sharma2 1,2Department of Computer Science & Engineering 1,2Bells Institute of Management and Technology, Shimla (HP), India Abstract—Authentication is the act of proving the truthfulness of data or entity. But with respect to the protocol, authenticating a connection is the process of authenticating the mobile station with respect to its Network (SN) in mobile telecommunication system. The prime objective of this research paper is to propose an enhancement to UMTS AKA in order to remove the above defined redirection attack and make authentication in 3G networks more secure. The main contribution of this research paper is to define a secure authentication method for communication between Mobile Station (MS) and Home Network (HN) and preventing eavesdropping between MS and the Serving Network (SN). The proposed protocol can minimize number of flows and also it can reduce computational overheads to as much as possible. The simulation results indicate that proposed ELI-AKA protocol can more efficiently provide data security and reliability. Key words: Authentication, cellular technology, 3G, Mobile networks I. INTRODUCTION Fig. 1: Working of UMTS AKA Protocol [3] The wireless communication system was originated a long time ago. Wireless mobile communication system is a part II. RELATED WORK of wireless communication system. Wireless systems Authentication for network security has a long way back transmit data over vulnerable environment and this data history. In literature we have studied research papers which need to secure and must be used by authentic user. are directly related to our research. Jun Wang, Yongxin Li Authentication provides the reliability and faithfulness of and Jingtao Hu [18] proposed an improved Authentication data or entity. But with respect to the protocol, and Key Agreement protocol which was based on the authenticating a connection is the process of authenticating Ethernet bus. They focused on providing a secure method the mobile station with respect to its Network (SN) in for not connecting to the unauthorized device by improving mobile telecommunication system. For this purpose we have the Ethernet bus network. Jyoti Kataria and Abhay Bansal different authenticating protocols. Some of the protocols [8] explored the architecture of GSM and UMTS. They which are widely used for the authentication purpose are focused on the working of both GSM and UMTS Authentication and key agreement (AKA) [1], CAVE-based telecommunication system and also explained about the authentication [1], Challenge-handshake authentication working of Authentication and Key Agreement (AKA) protocol (CHAP) [1], Extensible Authentication Protocol Protocol in the UMTS environment. Chengzhe Lai, Hui Li , (EAP) [15], Host Identity Protocol (HIP) [1] and Kerberos. Rongxing Lu , Xuemin Shen [17] proposed a new improved For completing this research work firstly a review and secure protocol for LTE (Long Term Evolution) has been conducted for the authentication and key networks. They generally focused their research over EPS- agreement (AKA) protocols for 3G networks. From the AKA protocol for the LTE networks. They had proposed a review it can be found that even after the introduction of secure protocol for LTE networks and named it as SE-AKA mutual authentication concept, the mobile which was intended to overcome the weaknesses of the telecommunication connection is not fully secure. Figure 1 EPS-AKA such as perfect forward secrecy for key and lack below shows the working architecture of UMTS-AKA [3] of privacy preservation. Chunyu Tang, David A. Naumann, authentication protocol. and Susanne Wetzel [10] analyzed the Authentication and The prime objective of our research is to propose Key Establishment procedure for the inter-operation of an enhancement to UMTS AKA [3] (Figure 1) in order to different mobile telephony. This paper mainly focused on remove the above defined redirection attack and make the inter-operation of GSM, UMTS and LTE networks. authentication in 3G networks more secure. In this paper a In 3G telecommunication [10] systems only user secure authentication method for communication between device was authenticated by the network. There was no Mobile Station (MS) and Home Network (HN) has been Provision or method of authentication of the network by the proposed for 3GPP networks. it can minimize the number of MS (Mobile Station) which was a serious drawback in the flows and computational overhead in the network. Second Generation mobile telecommunication system. An adversary could easily exploit this limitation of those All rights reserved by www.ijsrd.com 1853 A New Authentication and Key Agreement Protocol for next Generation 3GPP Mobile Networks (IJSRD/Vol. 5/Issue 04/2017/453) protocols operating for 3G mobile telecommunication by a) Step 1:- Authentication Request message by MS to launching an attack named as False Base Station attack [12]. SN We have proposed a secure authentication protocol which In first step, the MS forms an encrypted message by using can remove false base station and redirection attacks. the session key k′ and sends it to the SN. The message includes III. PROPOSED PROTOCOL 1) IMSI In proposed approach i.e. ELI-AKA (Figure 2), we have 2) Serving Network Identity (SNID). used the PSK (Pre-Shared Key) k. This key k is known only b) Step 2:- Authentication Data Request Message by to the MS (Mobile Station) and the HN (Home Network). SN to HN SN (Serving Network) has no knowledge about this secret The session key k′ is unknown to the Serving Network (SN). key k. So we have used a symmetric encryption to encrypt After receiving the authentication message from the MS, SN our message at the MS side. The only problem in the sends the encrypted message and its Identity to the HN. So symmetric encryption is in the distribution of it over the the message from this flow includes: network. While distributing it over the network it could be 1) {IMSI, SNID }k′ caught by an adversary who can result in security breaches. 2) SNID But in our case the secret key k is not distributed over the c) Step 3:- Authentication Data response by HN to SN network. At MS side it is presented in the SIM of the When HN receives an authentication request message by client’s device and also HN possess the secret key k. So this SN, it compares the SNID of the Serving Network with the type of encryption is suitable for the proposed protocol. Identity from the encrypted packet by decrypting the packet ∗ −1 * using session key k′ in the inverse function f . We use function f to produce a session key k′ for k′ the current session between the MS and the HN such as k′ = Case1: If the matching of identities is successful, f*(k, RAND). The messages from MS will be encrypted by then the Authentication Vectors are generated and sent back ∗ as an Authentication Data Response to SN. The AV packet this session key k′ using fk′. At the HN side an inverse ∗ −1 in ELI-AKA contains the following: function fk′ will be used to decrypt the encrypted message from the MS using PSK (Pre Shared key) k and the Random RAND (Random Number) Number RAND. XRES (Expected Response) CK (Cipher Key)IK (Integrity Key) AUTH (Authentication Token) The RAND, XRES, CK, IK and AUTH are calculated in similar way as in UMTS AKA [3]. Case 2: If the matching of identities is not successful then the connection is terminated. d) Step 4:- Authentication Response Message by SN to MS SN receives the Authentication Vector (AV) array from HN, selects AUTH and RAND from one of the AV array and sends it to the MS. MS verifies the AUTH to authenticate SN and also calculates its RES as done in UMTS-AKA detailed under section 1.2. It then sends RES back to SN. At SN it compares RES with XRES. IF RES = XRES, then verification of MS to SN is also successful. Finally, SN sends CK and the IK selected from AV to MS. The proposed protocol not only removes the redirection attack but also removes the replay attack as the IMSI is included in the encrypted message using the session key. Any delay in the message from MS to HN will result in the expiry of current session which would result in the prevention of the replay attack. IV. RESULTS AND ANALYSIS This section will discuss the results obtained after the Fig. 2: Architecture of ELI-AKA proposed protocol has been tested. A. ELI-AKA Operation A. ELI-AKA Analysis using SVO The detailed operation of the ELI-AKA is explained through The analysis of ELI-AKA is done in following five steps: following steps:- 1) ELI-AKA Initial State Assumptions. 1) Preliminary Step: 2) ELI-AKA Received Message Assumptions. In this step we include the handshaking of MS with the SN. 3) ELI-AKA Comprehension Assumptions. The MS sends the Connection request to the SN and SN 4) ELI-AKA Interpretation Assumptions. replies with the SNID which MS will include in the next 5) ELI-AKA derivation. flow. All rights reserved by www.ijsrd.com 1854 A New Authentication and Key Agreement Protocol for next Generation 3GPP Mobile Networks (IJSRD/Vol. 5/Issue 04/2017/453) During the analysis of ELI-AKA we represent MS, SN 17) Eq.17: B believes B received ‹{ 퐼푀푆퐼, 푆푁퐼퐷}푘′›∗퐵 and HN by A, B and S respectively for our convenience ------------------->B believes B received during formation of equations. ‹{ 퐼푀푆퐼, 푆푁퐼퐷 }푘′›∗퐵 ELI-AKA Initial State Assumptions: We have 18) Eq.18: S believes S received { 퐼푀푆퐼, 푆푁퐼퐷 }푘′ following initial Assumptions as our first step towards the -------------------> S believes S received formal proof of ELI-AKA: { 퐼푀푆퐼, 푆푁퐼퐷}푘′ k′ 1) Eq.1: S believes A↔S 19) Eq.19: B believes B received k′ { 푅퐴푁퐷, 푋푅퐸푆, 퐶퐾, 퐼퐾, 퐴푢푡ℎ } ------------------- 2) Eq.2: S believes A controls A↔S > B believes B received 3) Eq.3: S believes A controls fresh (k′) { 푓푟푒푠ℎ(푅퐴푁퐷), 푋푅퐸푆, 퐶퐾, 퐼퐾, 퐴푢푡ℎ } 풌′ 4) Eq.4: S believes fresh (A↔S) 20) Eq.20: A believes A received { 푅퐴푁퐷, 퐴푢푡ℎ } Here, Eq.1 is concerned with the quality of the keys for -------------------> A believes A received the long term.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages6 Page
-
File Size-