Formalization and evaluation of EAP-AKA’ protocol for 5G network access security

The end user’s Quality of Experience (QoE) will be improved while accessing services in Fifth Generation Mobile Network (5G), supported by enhanced security and privacy. The security guarantees offered by the Authentication and Key Agreement (AKA) protocols will be depended upon by end users and network operators. The AKA protocols have been standardized for 5G networks, and the Extensible Authentication Protocol (EAP)-AKA’ protocol is one of the main authentication mechanisms that has been specified for User Equipment (UE) and network mutual authentication. This article models the EAP-AKA’ protocol and conducts an extensive formal verification of the EAP-AKA’ protocol as defined in the 5G security standard to determine whether the protocol is verifiably secure for 5G. It provides a security evaluation of the EAP–AKA’ protocol based on the current 5G specifications using ProVerif, a security protocol proof verifier. It also presents security properties that support the security verification, as well as quantitative properties that are used to assess the protocol’s performance. Finally, it compares the EAP-AKA’ and 5G-AKA protocols’ security and performance results

Securing Handover in Wireless IP Networks

In wireless and mobile networks, handover is a complex process that involves multiple layers of protocol and security executions. With the growing popularity of real time communication services such as Voice of IP, a great challenge faced by handover nowadays comes from the impact of security implementations that can cause performance degradation especially for mobile devices with limited resources. Given the existing networks with heterogeneous wireless access technologies, one essential research question that needs be addressed is how to achieve a balance between security and performance during the handover. The variations of security policy and agreement among different services and network vendors make the topic challenging even more, due to the involvement of commercial and social factors. In order to understand the problems and challenges in this field, we study the properties of handover as well as state of the art security schemes to assist handover in wireless IP networks. Based on our analysis, we define a two-phase model to identify the key procedures of handover security in wireless and mobile networks. Through the model we analyze the performance impact from existing security schemes in terms of handover completion time, throughput, and Quality of Services (QoS). As our endeavor of seeking a balance between handover security and performance, we propose the local administrative domain as a security enhanced localized domain to promote the handover performance. To evaluate the performance improvement in local administrative domain, we implement the security protocols adopted by our proposal in the ns-2 simulation environment and analyze the measurement results based on our simulation test

Formal verification of secondary authentication protocol for 5G secondary authentication

The Fifth-Generation mobile network (5G) will enable interconnectivity between the Home Network (HN) and Data Network (DN) whereby mobile users with their User Equipment (UE) will be able to access services provided by external Service Providers (SP) seamlessly. The mobile user and SP will rely on security assurances provided by authentication protocols used. For 5G, primary authentication between the UE and the HN has been defined and specified by the Third Generation Partnership Project (3GPP) while the secondary authentication has also been defined but not specified. 3GPP recommends the Extensible Authentication Protocol (EAP) framework for secondary authentication between the UE and the SP. However, the secondary authentication methods have not been formally verified, so this paper proposes a Secondary Authentication Protocol (SAP) for service authentication and provides a comprehensive formal analysis using ProVerif a security protocol verifier. Finally, it conducts a security analysis on the protocol's security properties

Simple authentication and security layer incorporating extensible authentication protocol

There are many methods that support user authentication and access control, important roles in the establishment of secure communication. Particularly, we examine Simple Authentication and Security Layer (SASL) and Extensible Authentication Protocol (EAP) and propose EAP-Advanced Encryption Standard-Pre-Shared-Key (EAP-AES-PSK). SASL is an authentication framework in connection-oriented protocols. EAP is an authentication framework providing multiple authentication methods. SASL is vulnerable to the dictionary attack, replay attack, and Man-In-The-Middle attack as well as the re-keying issue. We propose to incorporate EAP into SASL to enhance the security of SASL and to provide a pathway for easy incorporation of future EAP enhancements into SASL. Standalone EAP still faces some common attacks. We propose EAP-AES-PSK, a new EAP method, to provide strong authentication and we implement this method on the Cyrus SASL implementation: one of the publicly available SASL implementations. This project is evaluated through the verification of functionality of a SASL application incorporating EAR Further, we argue how the common security risks associated with SASL are addressed, and we complete a performance evaluation of the new method incorporated into SASL

Extensible Authentication Protocol Method for 3 rd Generation Authentication

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documents in effect on the date of publication of this documen

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Access control and availability aspects using wireless solutions based on IEEE 802.11 technologies, providing access to classified networks

Wireless networking is among the fastest growing trends in technology. For military objectives wireless networks are effective and flexible ways of communicating, and important elements in operating quick, accurate and independent. Over the last year’s commercial technology, based on the wireless IEEE 802.11 standard has grown to be low-cost products offering cheap and easy ways to establish rapid communication services. For all that, lacking elements of security, increased availability, weak mechanisms and capabilities in order to protect and safeguard private wireless networking, concerns costumers which require high assurance communication facilities. To comply with physical security, high-end wireless security requirements and protection mechanisms are required to fully ensure the wireless environment and control the enterprise. Wireless networks has not been considered secure enough to be implemented as part of high assurance communication systems which have access to classified information networks. This thesis considers security aspects of wireless networking related to access control and availability, which means that a wide range of security issues will be discussed. Based on availability, the thesis will focus on requirements and mechanisms related to authentication, confidentiality, integrity and authenticity. The thesis has indicated through two problem scenarios that high-end requirements signifies complexity and that security mechanisms must be implemented through adoption and adjustment of the available security protocols IEEE 802.1X and IEEE 802.11i. Still, the thesis has shown that security protocols such as IEEE 802.1X and 802.11i does not solve all security problems. Additional wireless protection systems are required to supervise and control state security in order to protect the wireless network environment. In addition, network-layer security is required to oblige end-to-end security control. The conclusion brings security in wireless network into comprehensive challenges that require fully control to analyze data and operations to consolidate the wireless environment. Considering wireless protection systems which operate as integrated parts of high assurance wireless system, the thesis has investigated mechanisms and ways to actively protect the wireless network environment. The thesis has shown that wireless monitor and honeypot networks introduce potential solutions to meet availability aspects in turns of automatic detection, protection and preventio