Fast and Universal Inter-Slice Handover Authentication with Privacy Protection in 5G Network

In a 5G network-sliced environment, mobility management introduces a new form of handover called inter-slice handover among network slices. Users can change their slices as their preferences or requirements vary over time. However, existing handover-authentication mechanisms cannot support inter-slice handover because of the fine-grained demand among network slice services, which could cause challenging issues, such as the compromise of service quality, anonymity, and universality. In this paper, we address these issues by introducing a fast and universal inter-slice (FUIS) handover authentication framework based on blockchain, chameleon hash, and ring signature. To address these issues, we introduce an anonymous service-oriented authentication protocol with a key agreement for inter-slice handover by constructing an anonymous ticket with the trapdoor collision property of chameleon hash functions. In order to reduce the computation overhead of the user side in the process of authentication, a privacy-preserving ticket validation with a ring signature is designed to finish in the consensus phase of the blockchain in advance. Thanks to the edge computing capabilities in 5G, distributed edge nodes help to store the anonymous ticket information, which guarantees that the legal users can finish authentication swiftly during handover. Our scheme's performance is evaluated through simulation experiments to testify the efficiency and feasibility in a 5G network-sliced environment. The results show that compared to other authentication schemes of the same type, the overall inter-slice handover delay has been reduced by 97.94%.

Download Full-text

SEAI: Secrecy and Efficiency Aware Inter-gNB Handover Authentication and Key Agreement Protocol in 5G Communication Network

10.21203/rs.3.rs-262554/v1 ◽

2021 ◽

Author(s):

Shubham Gupta ◽

Balu L. Parne ◽

Narendra S. Chaudhari ◽

Sandeep Saxena

Keyword(s):

Key Agreement ◽

Mutual Authentication ◽

Base Station ◽

Security Evaluation ◽

Communication Overhead ◽

Session Key ◽

Handover Authentication ◽

Authentication And Key Agreement ◽

Security Proof ◽

5G Network

Abstract Recently, the Third Generation Partnership Project (3GPP) has initiated to work in the Fifth Generation (5G) network to fulfill the security characteristics of IoT-based services. 3GPP has proposed the 5G handover key structure and framework in a recently published technical report. In this paper, we evaluate the handover authentication methodologies available in the literature and identify the security vulnerabilities such as violation of global base-station, failure of key forward/backward secrecy, de-synchronization attack, and huge network congestion. Also, these protocols suffer from high bandwidth consumption that doesn’t suitable for energy efficient mobile devices in 5G network. To overcome these concerns, we introduce Secrecy and Efficiency Aware Inter-gNB (SEAI) handover Authentication and Key Agreement (AKA) protocol. The formal security proof of the protocol is carried out by random oracle model to achieve the session key secrecy, confidentiality, and integrity. For the protocol correctness and achieve the mutual authentication property, simulation is performed using the AVISPA tool. Also, the informal security evaluation represents that the protocol defeats all the possible attacks and achieves the necessary security properties. Moreover, the performance evaluation of the earlier 5G handover protocols and proposed SEAI protocol is carried out. From the evaluations, the significant results are obtained based on computation, transmission, and communication overhead.

Download Full-text

Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

The Scientific World JOURNAL ◽

10.1155/2014/281305 ◽

2014 ◽

Vol 2014 ◽

pp. 1-15 ◽

Cited By ~ 19

Author(s):

Younsung Choi ◽

Junghyun Nam ◽

Donghoon Lee ◽

Jiye Kim ◽

Jaewook Jung ◽

...

Keyword(s):

Key Agreement ◽

User Authentication ◽

Mutual Authentication ◽

Smart Cards ◽

Security Requirements ◽

Impersonation Attack ◽

Single Server ◽

Authenticated Key Agreement ◽

Session Key ◽

Authentication Schemes

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme.

Download Full-text

Generalized Elliptic Curve Digital Signature Chain Based Authentication and Key Agreement Scheme

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.108-111.1503 ◽

2010 ◽

Vol 108-111 ◽

pp. 1503-1508

Author(s):

Li Hua Zhang ◽

Li Ping Zhang ◽

Er Fei Bai

Keyword(s):

Elliptic Curve ◽

Digital Signature ◽

Key Agreement ◽

Clock Synchronization ◽

Mutual Authentication ◽

Password Authentication ◽

Authentication And Key Agreement ◽

Insider Attack ◽

Authentication Schemes ◽

One Time Password

Recently, several one time password authentication schemes have been proposed. However, most one-time password authentication schemes have security flaws. In this paper, a novel one-time password authentication and key agreement scheme (EAKAS) based on elliptic curve digital signature chain is developed. The proposed scheme has the following merits password or verification table is not required in the server; users can choose or change password; it can resist off-line dictionary attacks and achieves mutual authentication; it has no system clock synchronization and no constraint of transmission delay; it can resist replay attacks, man-in-the-middle attack and insider attack; it is sensitive to password error and strong in security restoration; the session keys in proposed scheme have the feature of freshness, confidentiality, known key security and forward security. Compared with the related schemes, our proposed scheme has better security and well suited to scenarios requiring a high level security.

Download Full-text

Service-oriented 5G network architecture: an end-to-end software defining approach

International Journal of Communication Systems ◽

10.1002/dac.2941 ◽

2015 ◽

Vol 29 (10) ◽

pp. 1645-1657 ◽

Cited By ~ 11

Author(s):

Mao Yang ◽

Yong Li ◽

Bo Li ◽

Depeng Jin ◽

Sheng Chen

Keyword(s):

Network Architecture ◽

5G Network ◽

Service Oriented ◽

End To End

Download Full-text

Formal Analysis of an Efficient Handover Authentication Scheme for EAP-Based Wireless Networks with Extending BAN Logic

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.401-403.1864 ◽

2013 ◽

Vol 401-403 ◽

pp. 1864-1867 ◽

Cited By ~ 2

Author(s):

Li Ling Cao ◽

Wan Cheng Ge

Keyword(s):

Wireless Networks ◽

Privacy Preservation ◽

Formal Analysis ◽

Main Idea ◽

Authentication Protocol ◽

Security Requirements ◽

Ban Logic ◽

Handover Authentication ◽

Authentication Schemes ◽

Extensible Authentication Protocol

The existing Extensible Authentication Protocol (EAP) based handover authentication schemes have show robust security features especially the Qi Jing et al.'s design, which not only meets the essential security requirements in handover authentication but also achieves privacy preservation. However, it still suffers pitfalls in the process of authentication. The main idea of this paper is to extend the work by Qi Jing et al. and particularly focus on the formal analysis using extending BAN logic which is more concise yet practical to use on PKI-based protocols.

Download Full-text

Individual-Based Modelling of Bacterial Ecologies and Evolution

Comparative and Functional Genomics ◽

10.1002/cfg.368 ◽

2004 ◽

Vol 5 (1) ◽

pp. 100-104 ◽

Cited By ~ 13

Author(s):

C. Vlachos ◽

R. Gregory ◽

R. C. Paton ◽

J. R. Saunders ◽

Q. H. Wu

Keyword(s):

Computational Models ◽

Classifier Systems ◽

Simulation Experiments ◽

Computational Tools ◽

Agent Based ◽

Fine Grained ◽

Learning Classifier ◽

Potential Applications ◽

The Individual ◽

Behavioural Strategies

This paper presents two approaches to the individual-based modelling of bacterial ecologies and evolution using computational tools. The first approach is a fine-grained model that is based on networks of interactivity between computational objects representing genes and proteins. The second approach is a coarser-grained, agent-based model, which is designed to explore the evolvability of adaptive behavioural strategies in artificial bacteria represented by learning classifier systems. The structure and implementation of these computational models is discussed, and some results from simulation experiments are presented. Finally, the potential applications of the proposed models to the solution of real-world computational problems, and their use in improving our understanding of the mechanisms of evolution, are briefly outlined.

Download Full-text

Service oriented and fine-grained bandwidth allocation in large scale IP networks

2010 Seventh International Conference on Fuzzy Systems and Knowledge Discovery ◽

10.1109/fskd.2010.5569775 ◽

2010 ◽

Author(s):

Fenglei Ji ◽

Xuefen Chi ◽

Chuanjun Xia ◽

Yahui Wang ◽

Lin Guan

Keyword(s):

Bandwidth Allocation ◽

Large Scale ◽

Ip Networks ◽

Fine Grained ◽

Service Oriented

Download Full-text

Event Based Approach for Web Services Composition

International Journal of Computer and Communication Technology ◽

10.47893/ijcct.2014.1220 ◽

2014 ◽

pp. 52-58

Author(s):

A. Vani Vathsala ◽

Hrushikesha Mohanty

Keyword(s):

Web Services ◽

Service Oriented Architecture ◽

Research Work ◽

Ongoing Research ◽

Loosely Coupled ◽

Fine Grained ◽

Business Applications ◽

Event Driven ◽

Service Oriented ◽

Event Based

The success of the Internet and the ongoing globalization led to a demand for new solutions to meet the requirements for ITsystems. The paradigm of service-oriented and event-driven architecture with fine grained and loosely coupled services tries to cope with those needs. Service Oriented Architecture (SOA) and Event Driven Architecture (EDA) are two acknowledged architectures for the development of business applications and information systems, which have evolved separately over the years. Today both architectures are acknowledged, but their synergy is not. There are numerous benefits of having an architecture that supports coexistence between operations and events, and composition of services based on operation invocation and event triggering. As part of our ongoing research work, we have tried to analyze in this paper, the basic design of Event based systems, issues that have to be addressed when event based approach is used for composing and coordinating web services. Then we have specified the techniques available that handle these issues, and gave a comparative study on these techniques. Finally we have attempted to sort out the unhandled/ partially handled issues that could be addressed as part of our research.

Download Full-text

BA2P : Bidirectional and Anonymous Auction Protocol with Dispute-Freeness

Security and Communication Networks ◽

10.1155/2021/6690766 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Ke Huang ◽

Yi Mu ◽

Fatemeh Rezaeibagha ◽

Zheyuan He ◽

Xiaosong Zhang

Keyword(s):

Task Assignment ◽

Building Blocks ◽

Huge Number ◽

Ring Signature ◽

Broad Domain ◽

Electronic Auction ◽

The One ◽

Public Verification ◽

Chameleon Hash ◽

Provably Secure

Electronic auction is a popular platform to sell goods, task assignment, and resources’ allocation due to reductions of transaction costs and has attracted a huge number of potential buyers. However, it is challenging to address the disputes between the buyer and the auctioneer. The main reason is, on the one hand, solving such problem leverages to the broad domain of research aspects, such as economic theory, engineering, and cryptography, and, on the other hand, it is difficult to arbitrate in a decentralized and anonymous setting. In this work, we consider a more general framework to solve the potential disputes by enforcing bidirectional confirmation and public verification. Hence, the bidding procedure is clear to inspect and potential disputes can be erased. To achieve this goal, we propose policy-driven chameleon hash and revised linkable-and-redactable ring signature as building blocks. We used these two tools to build a bidirectional and anonymous auction protocol called BA 2 P. In our BA 2 P protocol, the bidders can competitively and anonymously place their bids to outbid others. At the end of the auction protocol, everyone can verify the validity of the bidding proof and decide the winner. Thus, dispute-freeness feature is achieved. The analysis suggests that our proposal is provably secure and practically efficient, and it trades some efficiencies with dispute-freeness feature.

Download Full-text

An Anonymous Device to Device Authentication Protocol Using ECC and Self Certified Public Keys Usable in Internet of Things Based Autonomous Devices

Electronics ◽

10.3390/electronics9030520 ◽

2020 ◽

Vol 9 (3) ◽

pp. 520

Author(s):

Bander A. Alzahrani ◽

Shehzad Ashraf Chaudhry ◽

Ahmed Barnawi ◽

Abdullah Al-Barakati ◽

Taeshik Shon

Keyword(s):

Internet Of Things ◽

Key Agreement ◽

Formal Model ◽

Third Party ◽

Impersonation Attack ◽

Internet Of Vehicles ◽

Moving Vehicles ◽

Public Keys ◽

Device To Device ◽

Authentication Schemes

Two party authentication schemes can be good candidates for deployment in Internet of Things (IoT)-based systems, especially in systems involving fast moving vehicles. Internet of Vehicles (IoV) requires fast and secure device-to-device communication without interference of any third party during communication, and this task can be carried out after registration of vehicles with a trusted certificate issuing party. Recently, several authentication protocols were proposed to enable key agreement in two party settings. In this study, we analyze two recent protocols and show that both protocols are insecure against key compromise impersonation attack (KCIA) as well as both lack of user anonymity. Therefore, this paper proposes an improved protocol that does not only resist KCIA and related attacks, but also offers comparable computation and communication. The security of proposed protocol is tested under formal model as well as using well known Burrows–Abadi–Needham (BAN) logic along with a discussion on security features. While resisting the KCIA and related attacks, proposed protocol also provides comparable trade-of between security features and efficiency and completes a round of key agreement in just 13.42 ms, which makes it a promising candidate to be deployed in IoT environments.

Download Full-text