Secret sharing-based authentication and key agreement protocol for machine-type communications

[EN] One of the main challenges for the development of the Internet of Things is the authentication of large numbers of devices/sensors, commonly served by massive machine-type communications, which jointly with long-term evolution has been considered one of the main foundations for the continued growth of Internet of Things connectivity and an important issue to be treated in the development of 5G networks. This article describes some protocols for the group-based authentication of devices/sensors in Internet of Things and presents a new group authentication protocol based on Shamir's secret and Lagrange interpolation formula. The new protocol protects privacy, avoids unauthorized access to information, and assists in the prevention of attacks, as replay, distributed denial of service, and man-in-the-middle. A security analysis and comparisons among the 3GPP evolved packet system authentication and key agreement standard protocol and other recent group authentication protocols were performed toward proving the efficiency of the proposed protocol. The comparisons regard security properties and computational and communication costs. The safety of the protocol was formally verified through simulations conducted by automated validation of internet security protocols and applications.Lopes, APG.; Hilgert, LO.; Gondim, PRL.; Lloret, J. (2019). Secret sharing-based authentication and key agreement protocol for machine-type communications. International Journal of Distributed Sensor Networks (Online). 15(4):1-21. https://doi.org/10.1177/1550147719841003S12115

Group authentication protocols for Internet of Things (IoT) – QoS and Security Properties Evaluation

Trabalho de conclusão de curso (graduação)—Universidade de Brasília, Faculdade de Tecnologia, 2016.The objective of this work is to provide an overview on group authentication protocols for Internet of Things (IoT) and to propose two new group protocols. Both protocols perform authentication and key agreement among a group of devices and a Mobility Management Entity (MME) and aim performance improvements, ensuring a robust security and anonymity protection. One scheme is based on both Elliptical Curves Diffie-Hellman protocol and bilinear pairing and the other is a lightweight symmetric protocol based on Shamir’s secret. Additionally, both protocols have their performance and security objectives accomplishment analyzed and compared with other works already proposed in the literature. The performance analysis and comparison comprises communication, computational, verification and storage costs. Some of the security features analyzed are forward/backward secrecy (FS/BS), anonymity and resistance to several attacks. Finally, the protocols were formally validated by AVISPA tool

A Novel Cross-Layer Authentication Protocol for the Internet of Things

An innovative cross-layer authentication protocol that integrates cryptography-based authentication and physical layer authentication (PLA) is proposed for massive cellular Internet of things (IoT) systems. Due to dramatic increases in the number of cellular IoT devices, a centralized authentication architecture in which a mobility management entity in core networks administers authentication of massive numbers of IoT devices may cause network congestion with large signaling overhead. Thus, a distributed authentication architecture in which a base station in radio access networks authenticates IoT devices locally is presented. In addition, a cross-layer authentication protocol is designed with a novel integration strategy under the distributed authentication architecture, where PLA, which employs physical features for authentication, is used as preemptive authentication in the proposed protocol. Theoretical analysis and numerical simulations were performed to analyze the trade-off between authentication performance and overhead in the proposed authentication method compared with existing authentication protocols. The results demonstrate that the proposed protocol outperforms conventional authentication and key agreement protocols in terms of overhead and computational complexity while guaranteeing low authentication error probability

QoS-Aware Frequency-Based 4G+Relative Authentication Model for Next Generation LTE and Its Dependent Public Safety Networks

Increasing demands for high-speed broadband wireless communications with voice over long term evolution (LTE), video on demand, multimedia, and mission-critical applications for public safety motivate 4th-generation (4G) and 5G communication development. The flat IP-based LTE and LTE-Advanced technologies are the expected key drivers for 5G. However, LTE, with its elapsed security mechanism and open nature, leaves a huge loophole for intruders to jeopardize the entire communication network. The timeand bandwidth-consuming authentication procedure in LTE leads to service disruptions and makes it unfit for public safety applications. To cater the prevailing LTE security and service requirements, we propose the 4G plus relative authentication model (4G+RAM), which is composed of two dependent protocols: 1) Privacy-protected evolved packet system authentication and key agreement protocol for the initial authentication (PEPS-AKA) and 2) 4G plus frequency-based re-authentication protocol for the re-authentication of known and frequent users (4G+FRP). The 4G+RAM supports seamless communication with a minimum signaling load on core elements and conceals users' permanent identifiers to ensure user privacy. We simulate the proposed protocols for formal security verification with the widely accepted automated validation of Internet security protocols and applications tool. A comparative analysis of bandwidth consumption is also performed and proved that the proposed 4G+RAM outperforms the existing solutions

SECURITY MEASUREMENT FOR LTE/SAE NETWORK DURING SINGLE RADIO VOICE CALL CONTINUITY (SRVCC).

Voice has significant place in mobile communication networks. Though data applications have extensively gained in importance over the years but voice is still a major source of revenue for mobile operators. It is obvious that voice will remain an important application even in the era of Long Term Evolution (LTE). Basically LTE is an all-IP data-only transport technology using packet switching. Therefore, it introduces challenges to satisfy quality of service expectations for circuit-switched mobile telephony and SMS for LTE capable smartphones, while being served on the LTE network. Since 2013, mobile operators have been busy deploying Voice Over LTE (VoLTE). They are relying on a VoLTE technology called Single Radio Voice Call Continuity (SRVCC) for seamless handover between packet-switch domain to circuit-switch domain or vice versa. The aim of thesis is to review and identify the security measurement during SRVCC and verify test data for ciphering and integrity algorithm.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

SECURITY MEASUREMENT FOR LTE/SAE NETWORK DURING SINGLE RADIO VOICE CALL CONTINUITY (SRVCC).

Voice has significant place in mobile communication networks. Though data applications have extensively gained in importance over the years but voice is still a major source of revenue for mobile operators. It is obvious that voice will remain an important application even in the era of Long Term Evolution (LTE). Basically LTE is an all-IP data-only transport technology using packet switching. Therefore, it introduces challenges to satisfy quality of service expectations for circuit-switched mobile telephony and SMS for LTE capable smartphones, while being served on the LTE network. Since 2013, mobile operators have been busy deploying Voice Over LTE (VoLTE). They are relying on a VoLTE technology called Single Radio Voice Call Continuity (SRVCC) for seamless handover between packet-switch domain to circuit-switch domain or vice versa. The aim of thesis is to review and identify the security measurement during SRVCC and verify test data for ciphering and integrity algorithm.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

A Console GRID Leveraged Authentication and Key Agreement Mechanism for LTE/SAE

Growing popularity of multimedia applications, pervasive connectivity, higher bandwidth, and euphoric technology penetration among bulk of the human race that happens to be cellular technology users, has fueled the adaptation to long-term evolution (LTE)/system architecture evolution. The LTE fulfills the resource demands of the next generation applications for now. We identify security issues in authentication mechanism used in LTE that without countermeasures might give super user rights to unauthorized users. The LTE uses static LTE key to derive the entire key hierarchy, i.e., LTE follows Evolved Packet System–Authentication and Key Agreement based authentication, which discloses user identity, location, and other personally identifiable information. To counter this, we propose a public key cryptosystem named “International mobile subscriber identity Protected Console Grid based Authentication and Key Agreement (IPG-AKA) protocol” to address the vulnerabilities related to weak key management. From the data obtained from threat modeling and simulation results, we claim that the IPG-AKA scheme not only improves security of authentication procedures, but also shows improvements in authentication loads and reduction in key generation time. The empirical results and qualitative analysis presented in this paper prove that IPG-AKA improves security in authentication procedure and performance in the LTE

A Quantum Safe Key Hierarchy and Dynamic Security Association for LTE/SAE in 5G Scenario

Millions of devices are going to participate in 5G producing a huge space for security threats. The 5G specification goals require rigid and robust security protocol against such threats. Quantum cryptography is a recently emerged term in which we test the robustness of security protocols against Quantum computers. Therefore, in this paper, we propose a security protocol called Quantum Key GRID for Authentication and Key Agreement (QKG-AKA) scheme for the dynamic security association. This scheme is efficiently deployed in Long Term Evolution (LTE) architecture without any significant modifications in the underlying base system. The proposed QKGAKA mechanism is analyzed for robustness and proven safe against quantum computers. The simulation results and performance analysis show drastic improvement regarding security and key management over existing schemes

A Novel Design of Membership Authentication and Group Key Establishment Protocol

A new type of authentication, called group authentication, has been proposed recently which can authenticate all users belonging to the same group at once in a group communication. However, the group authentication can only detect the existence of nonmembers but cannot identify who are the nonmembers. Furthermore, in a group communication, it needs not only to authenticate memberships but also to establish a group key among all members. In this paper, we propose a novel design to provide both membership authentication and group key establishment. Our proposed membership authentication can not only detect nonmembers but also identify who are the nonmembers. We first propose a basic membership authentication and key establishment protocol which can only support one-time group communication. Then, we extend the basic protocol to support multiple group communications. Our design is unique since tokens of users issued by a group manager (GM) during registration are used for both membership authentication and group key establishment