Security architectures for B3G mobile networks

IEEE Trans. Wireless Commun.

Stavrakakis

2011

Self Cite

Abstract-Authentication in 3G encompasses a mechanism, which ensures that the authentication vectors (AVs) are used only once. To achieve this, the employed mechanism maintains counters at both sides (mobile station and network) and verifies that the provided AVs are among the last α generated. However, there are many cases in which the mobile station receives AVs that have not been previously used, but the employed mechanism rejects them as outdated. This phenomenon, called false synchronization, causes signaling overhead and delays, and increases the cost of the network use. False synchronizations are more frequent in 3G-WLAN integrated networks. The frequency of false synchronizations decreases with α, while at the same time the risk of a replay attack increases. This paper aims at analytically determining an appropriate value of α, which balances effectively in 3G-WLANs the tradeoff between the rate of false synchronizations and exposure to adversaries exploiting compromised AVs. This is done by determining a threshold value of α beyond which the further reduction in false synchronizations is marginal, while the potential for a replay attack is constantly increasing and substantial. To this end, an analytical model based on a four dimensional Markov chain is developed whose accuracy is verified through simulations.

Section: G-wlan Network Architecture and Related Workmentioning

confidence: 99%

Reducing False Synchronizations in 3G-WLAN Integrated Networks

IEEE Trans. Wireless Commun.

Stavrakakis

2011

Self Cite

“…Each time that AVR is executed the requesting network receives L the size of fresh 3G AV [7]. A 3G AV includes a random challenge (RAND), the authentication token (AUTN), the expected response (XRES), the encryption key (CK) and the integrity key (IK) [6] [25]. To proceed with the EAP-AKA authentication, the AAA server selects a fresh AV and uses the CK and IK keys (of the selected AV) as well as the identity of the user to compute the EAP-AKA Master Key (MK).…”

Section: Initial Authentication Stepmentioning

confidence: 99%

A generic mechanism for efficient authentication in B3G networks

Stavrakakis

2010

Computers & Security

Self Cite

“…3 -step a9). Trying to avoid the double execution of EAP-AKA [26], 3GPP 23.234 [1] specifies that in cases that the PDG trusts the WLAN network, the first execution of EAP-AKA for registration in the WLAN domain can be omitted. Although this policy speeds up the authentication procedure, it may raise new security risks and threats.…”

Section: G-wlan Interworking Architecturementioning

confidence: 99%

One-Pass EAP-AKA Authentication in 3G-WLAN Integrated Networks

2008

Wireless Pers Commun

Self Cite

The incorporation of Wireless Local Area Networks (WLANs) within the third generation (3G) networks materializes the next generation of mobile/wireless systems, named 3G-WLANs integrated networks. This paper proposes an improved authentication procedure for the 3G-WLANs integrated networks that enables a WLAN user to get access to the 3G packet switched services or to the public Internet through the 3G public land mobile network. The proposed procedure reduces significantly the authentication overhead compared to the legacy one, without compromising the provided security services. A security analysis of the proposed authentication procedure is elaborated that ensures the correctness of the authentication procedure, the provision of advanced security services and the elimination of possible attacks that may threaten the proposed authentication procedure. In addition, an energy cost analysis is carried out that compares the energy consumption induced by the legacy and the proposed authentication procedures. Finally, a communication cost analysis is provided that estimates the cost improvement of the proposed over the legacy authentication procedure.