QoS-Aware Frequency-Based 4G+Relative Authentication Model for Next Generation LTE and Its Dependent Public Safety Networks

Increasing demands for high-speed broadband wireless communications with voice over long term evolution (LTE), video on demand, multimedia, and mission-critical applications for public safety motivate 4th-generation (4G) and 5G communication development. The flat IP-based LTE and LTE-Advanced technologies are the expected key drivers for 5G. However, LTE, with its elapsed security mechanism and open nature, leaves a huge loophole for intruders to jeopardize the entire communication network. The timeand bandwidth-consuming authentication procedure in LTE leads to service disruptions and makes it unfit for public safety applications. To cater the prevailing LTE security and service requirements, we propose the 4G plus relative authentication model (4G+RAM), which is composed of two dependent protocols: 1) Privacy-protected evolved packet system authentication and key agreement protocol for the initial authentication (PEPS-AKA) and 2) 4G plus frequency-based re-authentication protocol for the re-authentication of known and frequent users (4G+FRP). The 4G+RAM supports seamless communication with a minimum signaling load on core elements and conceals users' permanent identifiers to ensure user privacy. We simulate the proposed protocols for formal security verification with the widely accepted automated validation of Internet security protocols and applications tool. A comparative analysis of bandwidth consumption is also performed and proved that the proposed 4G+RAM outperforms the existing solutions

Network intrusion prevention in the evolved packet core utilising software defined networks and network function virtualisation

Mobile Networks (MNs) are fundamental infrastructures in modern life. As traffic volumes rise and subscriber needs are expanding, MNOs need to adapt in order to keep up with the demand. This has led to MNOs virtualising the Core Network (CN) by utilising Software Defined Networking (SDN) and Network Functions Virtualisation(NFV). The security and reliability of the MN are under higher levels of scrutiny as more traffic and subscribers make use of the MN. As MNs become more popular so do they become more enticing for malicious actors as targets for attacks. The virtualisation of the CN has led to new security issues being introduced such as unused network paths being created for attackers to exploit. This research aims to utilise SDN and NFV to mitigate this issue by only allowing for critical network paths to be traversable in a virtualised CN without triggering alerts and node quarantines. The CN of a MN controls/manages all network traffic flows through the mobile network from User Equipment (UE) to a backhaul network (e.g., the Internet). Flows are streams of data that make use of a network path between two or more nodes within a network. Security has mostly been focussed on defending the perimeter of the CN to prevent unwanted access to the internals of the CN, as well as preventing the UE of subscribers from getting compromised. This perimeter only focus has led to the High Value Assets (HVAs) of the CN being vulnerable to attacks from malicious actors that have gained access to the internal nodes of a CN. Vulnerabilities still exist in the system that could allow for the attacker to compromise a node within the CN. If an attacker were to gain access to a node within the CN then they would be able to manoeuvre throughout the network undetected and unhindered along any and every network path with an HVA being their most likely goal. Therefore a Network Intruder Prevention System (NIPS) is proposed that will limit the paths that are allowed within the CN and detects whenever an attempt is made to traverse a non critical network path. This will greatly increase the probability of an attacker being detected. The NIPS will leverage off of two new network architectures in order to protect the CN’s HVAs. First SDN is leveraged to gain a holistic view of network traffic flows within the CN. SDN allows for network control functions to integrate with a logically centralised controller. The controller also allows for programmatic management of the network which proves to be crucial in detecting, containing and responding to security threats internal to a network. Second is NFV which allows for specific network functions within the CN to be virtualised. With the ability to virtualise the specific nodes within the CN comes the chance to programmatically deploy network functions with the specific goal of security once an anomaly is detected within the network. NFV is selected for this research due to its ability to quickly deploy false instances of the target of a network attack, therefore allowing for comprehensive containment. SDN and NFV create a better environment in which attackers attempting to target a HVA can be mitigated. A SDN based NIPS is proposed that applies strict control rules to the network traffic flows allowed between nodes in the CN. During normal functionality of the CN, only flows that make use of critical network paths are required. If a flow is requested from the SDN controller that is determined to be malicious, then the SDN application is designed to automatically deploy a virtualised decoy version of the intended target, by means of NFV. The controller is then able to redirect malicious flows away from their intended target towards the decoy, effectively quarantining the compromised node therefore mitigating the attacks damage. It is shown that a NIPS with the described functionality would detect, contain and respond to the attackers attempting lateral movement

On Message Authentication in 4G LTE System

After decades of evolution, the cellular system has become an indispensable part of modern life. Together with the convenience brought by the cellular system, many security issues have arisen. Message integrity protection is one of the urgent problems. The integrity of a message is usually protected by message authentication code (MAC). Forgery attacks are the primary threat to message integrity. By Simon's definition, forgery is twofold. The first is impersonation forgery, in which the opponent can forge a MAC without knowing any message-MAC pairs. The second is substitution forgery, in which the opponent can forge a MAC by knowing certain message-MAC pairs. In the 4G LTE system, MAC is applied not only to RRC control messages and user data, but also to authentication of the identities in the radio network during the authentication and key agreement (AKA) procedure. There is a set of functions used in AKA, which is called A3/A8. Originally, only one cipher suite called MILENAGE followed the definition of A3/A8. Recently, Vodafone has proposed another candidate called TUAK. This thesis first analyzes a MAC algorithm of the 4G LTE system called EIA1. The analysis shows that because of its linear structure, given two valid message-MAC pairs generated by EIA1, attackers can forge up to $2^{32}$ valid MACs by the algorithm called linear forgery attack proposed in this thesis. This thesis also proposes a well-designed scenario, in which attackers can apply the linear forgery attack to the real system. The second work presented in this thesis fixes the gap between the almost XOR universal property and the substitution forgery probability, and assesses the security of EIA1 under different attack models. After the security analysis, an optimized EIA1 using an efficient polynomial evaluation method is proposed. This polynomial evaluation method is analog to the fast Fourier transform. Compared with Horner's rule, which is used in the official implementation of EIA1, this method reduces the number of multiplications over finite field dramatically. The improvement is shown by the experiment results, which suggests that the optimized code is much faster than the official implementation, and the polynomial evaluation method is better than Horner's rule. The third work in this thesis assesses the security of TUAK, and proves TUAK is a secure algorithm set, which means $f_1$, $f_1^*$, and $f_2$ are resistant to forgery attacks, and key recovery attacks; $f_3$ - $f_5$, and $f_5^*$ are resistant to key recovery attacks and collision. A novel technique called multi-output filtering model is proposed in this work in order to study the non-randomness property of TUAK and other cryptographic primitives, such as AES, KASUMI, and PRESENT. A multi-output filtering model consists of a linear feedback shift register (LFSR) and a multi-output filtering function. The contribution of this research is twofold. First, an attack technique under IND-CPA using the multi-output filtering model is proposed. By introducing a distinguishing function, we theoretically determine the success rate of this attack. In particular, we construct a distinguishing function based on the distribution of the linear complexity of component sequences, and apply it on studying TUAK's $f_1$ algorithm, AES, KASUMI and PRESENT. The experiments demonstrate that the success rate of the attack on KASUMI and PRESENT is non-negligible, but $f_1$ and AES are resistant to this attack. Second, this research studies the distribution of the cryptographic properties of component functions of a random primitive in the multi-output filtering model. The experiments show some non-randomness in the distribution of the algebraic degree and nonlinearity for KASUMI. The last work is constructing two MACs. The first MAC called WGIA-128 is a variant of EIA1, and requires the underlying stream cipher to generate uniform distributed key streams. WG-16, a stream cipher with provable security, is a good choice to be the underlying cipher of WGIA-128 because it satisfies the requirement. The second MAC called AMAC is constructed upon APN functions. we propose two different constructions of AMAC, and both of these two constructions have provable security. The probability of substitution forgery attacks against both constructions of AMAC is upper bounded by a negligible value. Compared with EIA1 and EIA3, two message authentication codes used in the 4G LTE system, both constructions of AMAC are slower than EIA3, but much faster than EIA1. Moreover, both constructions of AMAC are resistant to cycling and linear forgery attacks, which can be applied to both EIA1 and EIA3

The Weakness of Integrity Protection for LTE

In this paper, we concentrate on the security issues of the integrity protection of LTE and present two different forgery attacks. For the first attack, referred to as a linear forgery attack, EIA1 and EIA3, two integrity protection algorithms of LTE, are insecure if the initial value (IV) can be repeated twice during the life cycle of an integrity key (IK). Because of the linearity of EIA1 and EIA3, given two valid Message Authentication Codes (MACs) our algorithm can forge up to 2 32 valid MACs. Thus, the probability of finding a valid MAC is dramatically increased. Although the combination of IV and IK never repeats in the ordinary case, in our well-designed scenario, the attacker can make the same combination occur twice. The duplication provides the opportunity to conduct our linear forgery attack, which may harm the security of communication. To test our linear forgery attack algorithm, we generate two counter check messages and successfully forge the third one. We also examine the attack timing by simulating real communication. From the experimental results, our attack is applicable. The second attack is referred to as a trace extension forgery attack, which works only in theory. However, this attack is more general than the linear forgery attack. Known only one MAC and message pair, we can construct a different message, who has the same MAC as the original one, with the probability 1 2 16. In this attack, trace function is applied to the message to shrink the guessing space. Index Terms. Forgery, MAC, LTE, man-in-the-middle.