Extensible Authentication Protocol Method for 3 rd Generation Authentication

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documents in effect on the date of publication of this documen

Seamless LTE-WiFi Architecture for Offloading the Overloaded LTE with Efficient UE Authentication

Nowadays a cellular network suffers from a data traffic load in a metropolitan area due to the enormous number of mobile devices connectivity. Therefore, the users experience many issues because of a congestion and overload at an access network such as low throughput, long latencies and network outages. Current network operator’s solutions, such as capping data usage and throttling a connection speed, have a negative effect on the user satisfaction. Therefore, alternative solutions are needed such as Access Point (AP)-based complementary network. In this paper, we use WiFi as a complementary network to Long-Term Evolution (LTE). We propose a seamless network architecture between LTE and WiFi networks, by utilizing the packet gateway (P-GW) as an IP flow anchor between LTE and WiFi to maintain a seamless connectivity. The proposed architecture has two new components, Access Network Query Protocol-Data Server (ANQP-DS) and Access Zone Control (AZC), to WiFi core network for managing UE authentication and balancing the load of UEs between APs. Finally, we demonstrate and validate the effectiveness of our proposed idea over other prior approaches based on comparison with a current handover and Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) mechanisms in the literature through simulations

Formal verification of secondary authentication protocol for 5G secondary authentication

The Fifth-Generation mobile network (5G) will enable interconnectivity between the Home Network (HN) and Data Network (DN) whereby mobile users with their User Equipment (UE) will be able to access services provided by external Service Providers (SP) seamlessly. The mobile user and SP will rely on security assurances provided by authentication protocols used. For 5G, primary authentication between the UE and the HN has been defined and specified by the Third Generation Partnership Project (3GPP) while the secondary authentication has also been defined but not specified. 3GPP recommends the Extensible Authentication Protocol (EAP) framework for secondary authentication between the UE and the SP. However, the secondary authentication methods have not been formally verified, so this paper proposes a Secondary Authentication Protocol (SAP) for service authentication and provides a comprehensive formal analysis using ProVerif a security protocol verifier. Finally, it conducts a security analysis on the protocol's security properties

Classification of EAP methods and Some Major Attacks on EAP

This paper presents an overview of authentication protocol and analysis of Extensible Authentication Protocol (EAP) and its place in securing network. In general, authentication procedure adds extra messages to the original message flow and results in throughput reduction/ increase in processing time. Extensible Authentication Protocol (EAP) is a framework which aims to provide a flexible authentication for wireless networks. A number of specific widely used EAP methods are examined and evaluated for their advantages and susceptibility to types of attack. In addition, we evaluate how we communicate between two entities over the network

Strong Authentication for Web services with Mobile Universal Identity

To access services on the Web, users need quite often to have accounts, i.e. user names and passwords. This becomes a problem when the number of accounts keeps increasing at the same time password is a very weak form of authentication exposing the users to fraud and abuses. To address both mentioned issues we propose a Mobile Universal identity, which by combining Internet identifiers with mobile identifiers is capable of delivering strong authentication for Internet services. By introducing an identity provider, the solution enables the user to employ the Mobile Universal identity for multiple service providers. By federation with other identities, Mobile Universal identity can be used with service providers worldwide.© Springer International Publishing Switzerland 2015. This is the authors' accepted and refereed manuscript to the article. Locked until 2016-08-08

An efficient authentication and key agreement protocol for 4G (LTE) networks

Long Term Evolution (LTE) networks designed by 3rd Generation Partnership Project (3GPP) represent a widespread technology. LTE is mainly influenced by high data rates, minimum delay and the capacity due to scalable bandwidth and its flexibility. With the rapid and widespread use LTE networks, and increase the use in data/video transmission and Internet applications in general, accordingly, the challenges of securing and speeding up data communication in such networks is also increased. Authentication in LTE networks is very important process because most of the coming attacks occur during this stage. Attackers try to be authenticated and then launch the network resources and prevent the legitimate users from the network services. The basics of Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) are used in LTE AKA protocol which is called Evolved Packet System AKA (EPS-AKA) protocol to secure LTE network, However it still suffers from various vulnerabilities such as disclosure of the user identity, computational overhead, Man In The Middle (MITM) attack and authentication delay. In this paper, an Efficient EPS-AKA protocol (EEPS-AKA) is proposed to overcome those problems. The proposed protocol is based on the Simple Password Exponential Key Exchange (SPEKE) protocol. Compared to previous proposed methods, our method is faster, since it uses a secret key method which is faster than certificate-based methods, In addition, the size of messages exchanged between User Equipment (UE) and Home Subscriber Server (HSS) is reduced, this reduces authentication delay and storage overhead effectively. The automated validation of internet security protocols and applications (AVISPA) tool is used to provide a formal verification. Results show that the proposed EEPS-AKA is efficient and secure against active and passive attacks