Location of Repository

Protocol security for third generation telecommunication systems

By Theodore Stergiou

Abstract

In this thesis, a novel protocol stack architecture is presented. The Future Core Networks System (FCNS) forms a secure reference model for use in packet-switched structures, with its applicability ranging from computer to telecommunication networks. An insight on currently used network protocol systems is given, analysing standardised sets of communication rules with respect to the security they afford to the messages exchanged. The lack of protection schemes for the internal protocol stack messages and the implementation pitfalls of their security architectures are described, in relation to the effects they have on the communication process. The OSI security model is also considered, with disadvantages identified in the placement of security functionality and its management. The drawbacks depicted for currently used systems form the motivation behind this work. The analysis of the FCNS follows, which is composed of three parts. In the first part, the FCNS communication layers are examined, with respect to the mechanisms used to establish, maintain and tear down a connection between peer entities. In the second part, the security mechanisms of the proposed reference architecture are given, including details on the FCNS keystream generator used for the security of the internal FCNS messages. Finally, the FCNS Error Protocol is depicted, illustrating the modes of operation and advantages it exhibits over currently used systems. The work then moves into presenting details of the software FCNS implementation, followed by the presentation of the results and measurements obtained by the case studies created. Comparisons are given in relation to the TCP/IP suite, to provide the means of identifying the FCNS applicability in various network environments. The work is concluded by presenting the FCNS functionality in delivering information for the UMTS, together with further work that may enhance the flexibility and use of the proposed architecture

Topics: TK
OAI identifier: oai:wrap.warwick.ac.uk:3023

Suggested articles

Preview

Citations

  1. (1993). 1"Principles of Protocol Engineering and Conformance Testing", Ellis Horwood Series in Computer Communications and Networking,
  2. (2000). 11: International Telecommunication Union (ITU), "Telecommunications Management Network (TMN) recommendations", ITU Telecommunication Standardisation Bureau (ITU-T) M-3000 series recommendations,
  3. 3G Security, Network Domain Security (NDS); IP network layer security", doi
  4. 3G Security, Network Domain Security (NDS); Mobile Application Part (MAP) application layer security",
  5. 3G Security; Security architecture",
  6. 3GPP ,A guide to 3rd Generation security",
  7. 3GPP/ "3G Security; Security principles and objectives",
  8. 3GPPr ""3G Security; Security threats and requirements",
  9. (1994). A calculus for secure channel establishment in open networks", doi
  10. (1995). A CDMA -based radio access design for UMTS", doi
  11. (1999). A cryptographic evaluation of IPsec",
  12. (1985). A current view of random number generatorsil, Computer Science and Statistics: The Interface,
  13. (1997). A novel ARQ technique using the turbo coding principle". doi
  14. (1993). A painless guide to CRC detection algorithms", Available Online at http: //www. geocities.
  15. A review of pseudorandom number generators", doi
  16. (1995). A simple active attack against TCP",
  17. (2000). A special attack against IPsec", Available Online at http: //rr. sans. org, SANS Information Security Reading Room,
  18. (2001). A statistical test suite for random and pseudorandom number generators for cryptographic applications", doi
  19. (2001). A Transport Protocol for SIP", Available Online at http: //standards. ericsson. net/gonzalo/papers, Ericsson,
  20. Abstract Syntax doi
  21. (2000). Advantages and drawbacks of an IP infrastructure in order to support 3G applications and services", Available Online at www.
  22. (1999). Air Interface Access Schemes for Broadband Mobile Systems", doi
  23. (1997). An engineering approach to computer networking: ATM networks, the Internet and the telephone network, ",
  24. (2002). An evolved UMTS NDS architecture", Available Online at http: //www.
  25. An overview of CDMA evolution towards Wideband CDMA", doi
  26. (1998). ATM networks: concepts, protocols, applications", Addison-Wesley, 3rd Edition,
  27. (1998). ATM security framework 1.0", ATM AF-SEC-0096.000,
  28. (2001). ATM security specification version 1.1", ATM AF-SEC-0100.002,
  29. (2002). Attacking predictable IPsec ESP Initialisation Vectors", doi
  30. Authentication vulnerabilities in IKE and Xauth with weak preshared secrets", Available Online at http: //www.
  31. (1969). AxThe art of computer programming,
  32. (1996). Baseline security standards: features and mechanisms",
  33. (1991). Broadband Aspects of ISDN",
  34. (2001). Centre for Embedded Computer Systems, "SpecC Reference Compiler", Available Online at http: //www.
  35. (2001). Commission of the European Communities, ""The Introduction of Third Generation Mobile Communications in the European Union: state of play and the way forward", COM (2001) 141 final,
  36. (1994). Common Channel Signalling Networks: Performance, Engineering, Protocols, and Capacity Management Issues", doi
  37. Comparison of SPIN and VIS forprotocol verification", doi
  38. (1996). Coordination Center, "7CP flooding and IP spoofing attacks", Available Online at http: //www.
  39. Coordination Centre, Software Engineering Institute, Online Access at http: //www. cert. org,
  40. (1996). Corporation, "Secure Socket Layer 3.0 Specification", Available Online at http: //wp.
  41. (1998). Cryptanalytic attacks on pseudorandom number generators", doi
  42. (2002). CRYPTLIB security toolkit", Available Online at http: //www.
  43. (1998). Cryptographic design vulnerabilities", doi
  44. (2003). Cryptographic libraries and applications do not adequately defend against timing attacks",
  45. (1997). Data and Computer Communications", Prentice Hall International Editions, 5 th Edition,
  46. Data communications high-level data link control procedure - frame structure", Third edition,
  47. (1991). Design and Validation of Computer Protocols", doi
  48. (2003). DIEHARD random number generators test battery", Available Online at http: //stat.
  49. (1998). Digital Communications",
  50. (2003). Effective security management", doi
  51. Elements of network protocol design", doi
  52. (2000). Encryption and Security tutorial", Available Online at http: //www. cs-auckland-ac. nz/-PgutOO1/tutoriaI, Zealand,
  53. Evolution of GSM platform towards UMTS",
  54. (2001). Factors influencing IPv6 deployment", Available Online at http: //www.
  55. (2002). Federal Information Processing Standards (FIPS), '"Secure Hash Standard", Publication 180-2, doi
  56. (1998). Firewalls complete",
  57. (1997). Functional description of the Transaction Capabilities", ITU-T Q. 771 Recommendation,
  58. General UMTS Architecture", doi
  59. (1999). Generation Partnership Program (3GPP), "YdGeneration Mobile System Release
  60. (1998). GSM networks: protocols, terminologY and implementation", Artech House,
  61. (1997). Handbook of applied cryptography", doi
  62. Handover Requirements between UMTS and GSM",
  63. (2001). ICMP attacks illustrated", Available Online at http: //rr. sans. org, SANS Information Security Reading Room,
  64. (1961). Information Flow in Large Communication Networks",
  65. (1998). Intemet Security Association and Key Management Protocol (ISAKMP)", doi
  66. (2002). Intemet X. 509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Proffie", doi
  67. (2000). Intemetworking with TCPIIP: principles, protocols and architecture",
  68. Internet Control Message Protocol (ICMPv6) for the Internet Protocol version 6 (IPv6) specification", doi
  69. (1996). Introduction to CCITT Signalling System 7", ITU-T Q. 700 Series Recommendations,
  70. (1985). Introduction to Digital Communication Systems",
  71. (1995). Introduction to Spread Spectrum Communications",
  72. IP Authentication Header, doi
  73. (1998). IP Encapsulating Security Payload (ESP)", doi
  74. (2001). IP Security, what makes it work? ", Available Online at http: //www.
  75. (1999). IPsec: the new security standard for the Internet, Intranets and Virtual Private Networks",
  76. (1993). Latest developments in random numbers",
  77. (1997). Manual on mobile communication development",
  78. (1996). Minimal key lengths for symmetric ciphers to provide adequate commercial security", Available Online at http: //www. counterpane. com/keylength. htmi, Report by an ad hoc group of cryptographers and computer scientists,
  79. Mobile Networks (MONET) Project, ""UMTS system structure document",
  80. (2001). Mobile Radio Inter-face Layer 3 specifications: Core Network Protocols, Stage 3", 3GPP 3G TS 24.008, R99 Specifications,
  81. (2001). Mobile Radio Inter-face Layer 3 Specifications: Core Network Protocols",
  82. (2001). Mobile security flaw delivers yet anotherblow to 1Pv6", Available Online at http: //www. nwfusion. com/news/2001/0402mobileip. html, Network World,
  83. Multiple IPsec implementations do not adequately validate authentication data",
  84. (2003). Multiple vendors IKE implementations do not properly handle IKE packets",
  85. (2000). Multiplicative linear congruential generators", Available Online at http: //www.
  86. Multiply - with - carry (MWQ generators", Available Online at http: //stat.
  87. (1997). Network security via reverse engineering of TCP code: vulnerability analysis and proposed solutions", doi
  88. (2002). OMNET++ 2.2 Discrete Event Simulator", Available Online at http: //whale.
  89. (1964). On Distributed Communication Networks",
  90. Open Systems interconnection - Basic reference model: the basic model", doi
  91. (1991). Open systems security - an architectural framework", The Finnish Government printing centre,
  92. (2002). OPNET modeler, Information Online at http: //www. opnet. com, OPNET Technologies Inc., doi
  93. (1988). OSI explained: End-to-end Computer Communications Standards", John Wiley and Sons,
  94. (2002). Overview of the Universal Mobile Telecommunication System", Available Online at http: //www.
  95. (2001). Packet core network security white papee', Available Online at http: //www. nortelnetworks. com/products/Iibrary/collateral/, Version 1.03, Portfolio Integration and wireless security teams,
  96. (1977). Performance Criteria of Spread Spectrum Communications", doi
  97. (2003). pLab test suite", Available Online at http: //random.
  98. (1999). PNNI version 1.0; Security Signalling Addendum", ATM AF-CS116.000,
  99. (1998). Portable Radio Research Group, "Overview of Wideband CDMA standard", Available Online at http: //monkey.
  100. (1993). Principles of Digital and Analogue Communications",
  101. (1995). principles of protocol design", doi
  102. (1997). Probable plaintext cryptanalysis of the IP security protocols", doi
  103. (1996). Problem areas for the IP security protocols",
  104. Random number generators: good ones are hard to find", doi
  105. Randomness Recommendations for secunty IETF doi
  106. (1998). Research activities on UMTS radio interface, network architectures and planning", doi
  107. Rootshell security group, Security vulnerabilities and attacks response centre, Online Access at http: //www.
  108. (1997). Satellite Personal Communications Networks (S-PCN): need and objectives for standards in addition to the ETSs on essential requirements",
  109. (2002). SCTP applicability statement", doi
  110. (1991). SDL with application from protocol sPecification",
  111. (1998). Secure applications of lowentropy keys",, Information Security, doi
  112. (1998). Security architecture for the IP", doi
  113. Security focus group, Security vulnerabilities and attacks response centre, Online Access at http: //www. securityfocus. com
  114. (1998). Security in data networks", doi
  115. (1997). Security issues in All-Optical Networks", doi
  116. (1995). Security issues in mobile systems",
  117. (1999). Security management", London: the stationery office, IT Infrastructure Library,
  118. Security Principles for IMT-2000",
  119. (1989). Security problems in the TCPIIP protocol suite", doi
  120. (1998). Signalling System 7",
  121. (1997). Site security handbook", doi
  122. Standards Organisation (ISO), "Open Systems interconnection -Basic Reference Model part 2: Security Architecture", Information Processing Systems,
  123. (1998). Stream Control Transmission Protocol" Reference; doi
  124. (2001). Synchronous Digital Hierarchy (SDH) specifications",
  125. systems, "UPsec network security",
  126. (2003). Technologies Inc., ""SS7 Telephony Tutorial; SS7 Protocol Stack", Available Online at http: //www.
  127. (1995). Telecommunications Engineering", Chapman and Hill, 3rd Edition,
  128. Telecommunications Standards Institute (ETSI), ""Digital Cellular Telecommunications System (Phase 2) (GSM); Mobile Radio Interface Layer 3; Generai Aspects",
  129. (2003). Telelogic Tau - The SDL suite", Available Online at http: //www.
  130. (2000). Ten risks of PKI: what you've not being told about public key infrastructure", doi
  131. (1999). The effects on the transition to 1Pv6 on Internet Security". Available Online at http: //www.
  132. (1995). The need for decentralisation and privacy in mobile communications networks", doi
  133. (1997). The Path to UMTS - architectures and mobility", Available Online at http: //www.
  134. The RC5, RC5-CBC, RC5-CBC-pad and RC5-CTS algorithms", doi
  135. (1977). The Spread Spectrum Concept", doi
  136. (1982). Theory of Spread Spectrum communications -A tutorial", doi
  137. Tormal analysis of IP layer security",
  138. (1995). Transmission Systems",
  139. (2002). Trends in personal wireless data communications",
  140. (1997). UMTS -A 21" Century Vision, A Race Mobile Project Line Assembly Vision", Available Online at http: //www. vtt. fi/tte/UMTS/umts. htmi,
  141. UMTS core network based on ATM transport",
  142. (1994). UMTS integrated with B-ISDN", doi
  143. (2001). UMTS networks; architecture, mobility and services", Wiley and Sons, doi
  144. (2002). UMTS security: security in the core network and UTRAN",
  145. (1997). UMTS Terrestrial Radio Access System (UTRA)", doi
  146. (1999). UMTS, the next generation of mobile radio", doi
  147. (1995). UMTS: Fixed network issues and design options", doi
  148. (1998). UMTSIIMT-2000 based on Wideband CDMA", doi
  149. (2002). Understanding security using the OSI model"', SANS Information Security Reading Room, Available Online at http: //rr. sans. org,
  150. (2003). XSpin/Spin verification tool", Available Online at http: //spinroot. com/spin, Bell labs, Computing Sciences Research Centre,
  151. (1950). ZLIB compressed data format specification version 3.3". IETF RFC doi

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.