Securing Control Signaling in Mobile IPv6 with Identity-Based Encryption

Ehmke, Martin; Forsgren, Harri; Grahn, Kaj J.; Karlsson, Jonny; Karvi, Timo; Pulkkis, Göran

doi:10.28945/3371

Cited by 1 publication

(1 citation statement)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [25], the authors worked in securing control signaling messages in MIPv6 when the network attachment point of the MN is changed. They proposed an approach for implementing Identity-Based Encryption (IBE) authentication between HA and MN as well as between CN and MN.…”

Section: Related Workmentioning

confidence: 99%

Improved IPSec tunnel establishment for 3GPP–WLAN interworking

Samoui

Bouabidi

Obaidat

et al. 2014

Int J Communication

View full text Add to dashboard Cite

Interworking between wireless local area network (WLAN) and the 3rd Generation Partnership Project (3GPP) such as Long Term Evolution (LTE) is facing more and more problems linked to security threats. Securing this interworking is a major challenge because of the vastly different architectures used within each network. Therefore, security is one of the major technical concerns in wireless networks that include measures such as authentication and encryption. Among the major challenges in the interworking security is the securing of the network layer. The goal of this article is twofold. First, we propose a new scheme to secure 3GPP LTE-WLAN interworking by the establishment of an improved IP Security tunnel between them. The proposed solution combines the Internet Key Exchange (IKEv2) with the Host Identity Protocol (HIP) to set up a security association based on two parameters, which are location and identity. Our novel scheme, which is called HIP_IKEv2, guarantees better security properties than each protocol used alone. Second, we benefit from Mobile Internet Key Exchange protocol (MOBIKE) in case of mobility events (handover). And we extend HIP_IKEv2 to HIP_MOBIKEv2 protocol in order to reduce the authentication signaling traffic. The proposed solution reinforces authentication, eliminates man-in-the-middle attack, reduces denial-of-service attack, assures the integrity of messages, and secures against reply attack. Finally, our proposed solution has been modeled and verified using the Automated Validation of Internet Security Protocols and Applications and the Security Protocol Animator, which has proved its security when an intruder is present.First, the UE authenticates 3GPP_AAA server on AUTN and MAC sever . Then the 3GPP_AAA server authenticates the UE on RES. These three parameters are derived from the random number RAND. Thus, we have modeled this goal in HLPSL as follows:The same procedure is adopted to authenticate the UE by 3GPP_AAA server. Then, in the goal section of the protocol, we write the following: 8.2.2.2 Secrecy of the shared key The Diffie-Hellman shared key must only be known by the UE and the ePDG entities. The secret is the goal fact related to secrecy.This goal has been modeled in HLPSL as follows:Also, the Cipher Key CK and the Integrity Key IK must be a secret between UE and the 3GPP_AAA server to guarantee the secrecy of the Master Session Key MSK.This goal has been modeled in HLPSL, as follows:Then, in the goal section of the protocol, we write the following: 1195 3GPP-WLAN INTERWORKING some other types of attacks such as connection hijacking or impersonation, and trying to give solution for securing new mobility management protocols, such as FHMIPv6 and PMIPv6.

show abstract

Section: Related Workmentioning

confidence: 99%