Providing security in 4G systems: unveiling the challenges

Several research groups are working on designing new security architectures for 4G networks such as Hokey and Y-Comm. Since designing an efficient security module requires a clear identification of potential threats, this paper attempts to outline the security challenges in 4G networks. A good way to achieve this is by investigating the possibility of extending current security mechanisms to 4G networks. Therefore, this paper uses the X.805 standard to investigate the possibility of implementing the 3G’s Authentication and Key Agreement (AKA) protocol in a 4G communication framework such as YComm. The results show that due to the fact that 4G is an open, heterogeneous and IP-based environment, it will suffer from new security threats as well as inherent ones. In order to address these threats without affecting 4G dynamics, Y-Comm proposes an integrated security module to protect data and security models to target security on different entities and hence protecting not only the data but, also resources, servers and users

Private Identification, Authentication and Key Agreement Protocol with Security Mode Setup

Identification, authentication and key agreement protocol of UMTS networks with security mode setup has some weaknesses in the case of mutual freshness of key agreement, DoS-attack resistance, and efficient bandwidth consumption. In this article we consider UMTS AKA and some other proposed schemes. Then we explain the known weaknesses of the previous frameworks suggested for the UMTS AKA protocol. After that we propose a new protocol called private identification, authentication, and key agreement protocol (PIAKAP), for UMTS mobile network. Our suggested protocol combines identification and AKA stages of UMTS AKA protocol while eliminates disadvantages of related works and brings some new features to improve the UMTS AKA mechanism. These features consist of reducing the interactive rounds of the UMTS AKA with security mode setup and user privacy establishment

A Console GRID Leveraged Authentication and Key Agreement Mechanism for LTE/SAE

Growing popularity of multimedia applications, pervasive connectivity, higher bandwidth, and euphoric technology penetration among bulk of the human race that happens to be cellular technology users, has fueled the adaptation to long-term evolution (LTE)/system architecture evolution. The LTE fulfills the resource demands of the next generation applications for now. We identify security issues in authentication mechanism used in LTE that without countermeasures might give super user rights to unauthorized users. The LTE uses static LTE key to derive the entire key hierarchy, i.e., LTE follows Evolved Packet System–Authentication and Key Agreement based authentication, which discloses user identity, location, and other personally identifiable information. To counter this, we propose a public key cryptosystem named “International mobile subscriber identity Protected Console Grid based Authentication and Key Agreement (IPG-AKA) protocol” to address the vulnerabilities related to weak key management. From the data obtained from threat modeling and simulation results, we claim that the IPG-AKA scheme not only improves security of authentication procedures, but also shows improvements in authentication loads and reduction in key generation time. The empirical results and qualitative analysis presented in this paper prove that IPG-AKA improves security in authentication procedure and performance in the LTE

Security mechanisms for next-generation mobile networks

Basic concepts and definitions -- Motivation and research challenges -- Research objectives -- Mobile value-added service access -- UMTS access security -- DoS attacks in mobile networks -- A lightweight mobile service access based on reusable tickets -- Background work and motivation -- Service access through tickets -- System security analysis -- Comparisons with related work -- Enhancing UMTS AKA with vector combination -- Overview of UMTS AKA -- UMTS AKA weaknesses- -- Vector combination based AKA -- Security analysis of VC-AKA -- Mobility-oriented AKA in UMTS -- Mobility-oriented authentication -- Security analysis of MO-AKA -- A fine-grained puzzle against DOS attacks -- Quasi partial collision -- Fine-grained control over difficulties -- Lightweight to mobile devices -- Against replay attacks -- Confidentiality, integrity and user privacy