Analysis of UMTS (3G) Authentication and Key Agreement Protocol (AKA) for LTE (4G) Network

Technological and security enhancements in third generation (3G) architecture led to the development of the fourth generation (4G) technology. 4G is developed and standardized by the 3GPP which is a fully IP based topology and also referred to as the future communication technology. 3GPP provided LTE (Long Term Evolution) usually referred to as the standard for fourth generation telecommunications. This paper reviews the core architecture of the 4G network and also reviews the Authentication and key agreement (AKA) protocol as the access mechanism to a 4G network which shows the strong security aspects of the fourth generation technology. DOI: 10.17762/ijritcc2321-8169.16048

Formal verification and analysis of primary authentication based on 5G-AKA protocol

Fifth generation mobile network (5G) is intended to solve future constraints for accessing network services. The user and network operator depend on security assurances provided by the Authentication and Key Agreement protocols (AKA) used. For 5G network, the AKA has been standardized and 5GAKA protocol is one of the primary authentication methods that have been defined. This paper models the protocol and provides comprehensive formal analysis on 5G-AKA protocol as specified by The Third Generation Partnership Project (3GPP) standard. Using ProVerif a security protocol verification tool, we perform a full systematic evaluation of the 5G-AKA protocol based on the latest 5G specifications. We present security assumptions and properties that assists on the analysis based on two taxonomies, we find out that some important security properties are not achieved and related work ignored some crucial protocol flaws. Finally, we make some recommendations to address the issues found by our security analysis

SECURITY AND PRIVACY ISSUES IN MOBILE NETWORKS, DIFFICULTIES AND SOLUTIONS

Mobile communication is playing a vital role in the daily life for the last two decades; in turn its fields gained the research attention, which led to the introduction of new technologies, services and applications. These new added facilities aimed to ease the connectivity and reachability; on the other hand, many security and privacy concerns were not taken into consideration. This opened the door for the malicious activities to threaten the deployed systems and caused vulnerabilities for users, translated in the loss of valuable data and major privacy invasions. Recently, many attempts have been carried out to handle these concerns, such as improving systems’ security and implementing different privacy enhancing mechanisms. This research addresses these problems and provides a mean to preserve privacy in particular. In this research, a detailed description and analysis of the current security and privacy situation in the deployed systems is given. As a result, the existing shortages within these systems are pointed out, to be mitigated in development. Finally a privacy preserving prototype model is proposed. This research has been conducted as an extensive literature review about the most relevant references and researches in the field, using the descriptive and evaluative research methodologies. The main security models, parameters, modules and protocols are presented, also a detailed description of privacy and its related arguments, dimensions and factors is given. The findings include that mobile networks’ security along with users are vulnerable due to the weaknesses of the key exchange procedures, the difficulties that face possession, repudiation, standardization, compatibility drawbacks and lack of configurability. It also includes the need to implement new mechanisms to protect security and preserve privacy, which include public key cryptography, HIP servers, IPSec, TLS, NAT and DTLS-SRTP. Last but not least, it shows that privacy is not absolute and it has many conflicts, also privacy requires sophisticated systems, which increase the load and cost of the system.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Good Laboratory Practices: Myers et al. Respond

Reproduced with permission from Environmental Health Perspectives. DOI:10.1289/ehp.0900884RMyers et al. respond to a letter written by Becker et al. regarding Myers' article "Why public health agencies cannot depend on Good Laboratory Practices as a criterion for selecting data: the case of bisphenol A.

Rethinking connectivity as interactivity: a case study of Pakistan

Connectivity in developing countries has traditionally been viewed in terms of investment in transport and communications. This papers makes an effort to go beyond this traditional view and conceptualizes connectivity as networks between people and places. We split the overall national reforms agenda for connectivity into three prongs: a) transportation and related services, b) ICT, and c) social capital. We try to see the state of each of these three in case of Pakistan and then propose reforms keeping in view the current political economy milieu.Connectivity; Economic Growth; Transport; Communications; Social Capital

Next generation mobile wireless hybrid network interworking architecture

It is a universally stated design requirement that next generation mobile systems will be compatible and interoperable with IPv6 and with various access technologies such as IEEE 802.11x. Discussion in the literature is currently as to whether the recently developed High Speed Packet Access (HSPA) or the developing Long Term Evaluation (LTE) technology is appropriate for the next generation mobile wireless system. However, the HSPA and the LTE technologies are not sufficient in their current form to provide ubiquitous data services. The third–generation mobile wireless network (3G) provides a highly developed global service to customers through either circuit switched or packet switched networks; new mobile multimedia services (e.g. streaming/mobile TV, location base services, downloads, multiuser games and other applications) that provide greater flexibility for the operator to introduce new services to its portfolio and from the user point of view, more services to select and a variety of higher, on-demand data rates compared with 2.5-2.75G mobile wireless system. However cellular networks suffer from a limited data rate and expensive deployment. In contrast, wireless local area networks (WLAN) are deployed widely in small areas or hotspots, because of their cost-effectiveness, ease of deployment and high data rates in an unlicensed frequency band. On the other hand, WLAN (IEEE 802.11x) cannot provide wide coverage cost-efficiently and is therefore at a disadvantage to 3G in the provision of wide coverage. In order to provide more services at high data rates in the hotspots and campus-wide areas, 3G service providers regard WLAN as a technology that compliments the 3G mobile wireless system. The recent evolution and successful deployment of WLANs worldwide has yielded demand to integrate WLANs with 3G mobile wireless technologies seamlessly. The key goal of this integration is to develop heterogeneous mobile data networks, capable of supporting ubiquitous data services with high data rates in hotspots. The effort to develop heterogeneous networks – also referred to fourth-generation (4G) mobile wireless data networks – is linked with many technical challenges including seamless vertical handovers across WLAN and 3G radio technologies, security, common authentication, unified accounting & billing, WLAN sharing (by several mobile wireless networks – different operators), consistent QoS and service provisioning, etc. This research included modelling a hybrid UMTS/WLAN network with two competent couplings: Tight Coupling and Loose Coupling. The coupling techniques were used in conjunction with EAP-AKA for authentication and Mobile IP for mobility management. The research provides an analysis of the coupling techniques and highlights the advantages and disadvantages of the coupling techniques. A large matrix of performance figures were generated for each of the coupling techniques using Opnet Modeller, a network simulation tool

Detection and Mitigation methodology for Fake Base Stations Detection on 3G / 2G Cellular Networks.

Development in technology is rapid, and same can be said particularly in the telecommunication industry, which has experienced an explosive growth both in the massive adoption rate of smart mobile devices and in the huge volume of data traffic generated daily in the recent time. Mobile devices have become extremely smart and used for purposes other than making calls and text messages, making it become an integral part of everyday human life. But while we celebrate this technological achievement, attacks on them have also increasingly become alarming such that our sensitive data transported over the wireless network are not only unsafe, but can easily be illegally requested for by an unauthorized device, also participating invisibly in the network. We briefly studied the security features available in different generations of mobile communication technologies i.e 2G, 3G, and 4G, with the aim of understanding how fake base station attacks practically occur, and to understand the effect of exposing certain parameters such as IMEI/IMSI, LAC/CID to a third party, usually an intruder. This work focuses on proposing a detection methodology as a mitigating approach to lessen fake base station attack in a cellular network. A fake base station is an attacking equipment solely used to duplicate a legitimate base station. While we acknowledge that the strategy of attack depends on the type of network, our approach is based on finding dissimilarities in parameters such as the received signal strengths, and existence of base stations participating in a network, from two different database systems. With this set of information, it is possible to arrive at a conclusion to state if a transmitting device is suspicious or legitimate. We present our detecting and mitigating algorithm which is the objective of this work