ISSN : 2249-9423
EISSN : 2249-9431
SHIRBHATE D.D.1*, KALE A.R.2*
1M.E computer science and engg. dept., Sipna C.O.E.T Badnera, Sant Gadge Baba University, Amravati, MS, India.
2M.E computer science and engg. dept., Sipna C.O.E.T Badnera, Sant Gadge Baba University, Amravati, MS, India.
* Corresponding Author : anuradhakale20@yahoo.co
Received : 21-02-2012 Accepted : 15-03-2012 Published : 19-03-2012
Volume : 2 Issue : 1 Pages : 19 - 22
Bioinfo Secur Inform 2.1 (2012):19-22
Several research groups are working on designing new security architectures for 4G networks such as Hokey and Y-Comm. A good way to achieve this is by investigating the possibility of extending current security mechanisms to 4G networks. Fourth generation wireless system is a packet switched wireless system with wide area coverage and high throughput. It is designed to be cost effective and to provide high spectral efficiency. The 4g wireless uses Orthogonal Frequency Division Multiplexing (OFDM), Ultra Wide Radio Band (UWB), and Millimeter wireless. Data rate of 20mbps is employed. Mobile speed will be up to 200km/hr. The high performance is achieved by the use of long term channel prediction, in both time and frequency, scheduling among users and smart antennas combined with adaptive modulation and power control. Frequency band is 2-8 GHz. it gives the ability for worldwide roaming to access cell anywhere. The results show that due to the fact that 4G is an open, heterogeneous and IP-based environment, it will suffer from new security threats as well as inherent ones. In order to address these threats without affecting 4G dynamics, we propose an integrated security module to protect data and security models to target security on different entities and hence protecting not only the data but, also resources, servers and users.This paper presents a study of security advances and challenges associated with emergent 4G wireless technologies.
4G systems, IEEE X.805, IPV6 protocol, Integrated Security Layers, Targeted Security Models.
Due to some security weaknesses in 2/2.5G networks and the need to support voice and data transmission, third generation (3G) networks have been recently deployed. Aside from supporting multimedia communication, 3G-based technologies, e.g., Universal Mobile Telecommunications System provide new services such as location dependent services, which along with the support of voice and high quality video traffic are the major innovations, compared to 2G technologies. Furthermore, 2G’s main security weaknesses have been tackled in 3G systems; a more generic Authentication and Key Agreement (AKA) method has been developed. In addition, integrity and stronger encryption mechanisms have been introduced. However, due to the increasing demand for ubiquitous connectivity and service provision, there is growing momentum to move towards Beyond 3G or 4G communication systems. 4G networks represent an open environment where different wireless technologies and service providers share an IP-based core network to provide uninterrupted services to their subscribers with almost the same quality of service (QoS). In 4G systems, mobile devices are expected to switch between networks of different operators and technologies; this is referred to as vertical handover and it is required to maintain the Service Level Agreements (SLAs) needed by their applications. It is no longer the case that security for communication frameworks is considered as an add-on rather than a fundamental issue. Future communication systems consider security from the initial stages of the design process. This is reflected in the design of 4G architectures such as Y-Comm where security is considered as an integral part of the design. However, in order to develop an efficient security module, it is necessary to identify the threats and risks faced by communication systems. But since analyzing security requirements of communication systems is quite complex, the ITU introduced a systematic analysis tool called X.805 as a holistic approach to network security by discussing systems security requirements at different levels and pinpointing potential network vulnerabilities. In this paper, we examine whether it is possible to use 3G security mechanisms such as for 4G systems.
Firewall enforces a security policy on data from and to a corporate network. Established at the borders of core network. Application firewalls prevent direct access through the use of proxies for services.
Ensures secure access to the Mobile Station. Based on a physical device called UMTS Integrated Circuit Card.
Represents and identifies a user and association to his Home Environment. Responsible for subscriber and network authentication. USIM authenticate user by secret (e.g. a PIN) Terminal authenticate USIM by a secret Application Domain Security Deals with secure messaging between the MS and the Serving Network or the Service Provider. Remote application should authenticate a user. Application-level security mechanisms are needed. Because the lower layers functionality may not guarantee end-to-end security.
Wireless Application Protocol (WAP) WAP is a suite of standards for delivery and presentation of Internet services on wireless terminals. Taking into account the limited bandwidth and processing capabilities of mobile devices. To connect wireless domain to the Internet WAP gateway is needed.
V1.2.1 and v2.0
i. WAP 1.2.1
To secure data transmission in WAP Wireless Transport Layer Security (WTLS) based upon the TLS WAP device and WAP Gateway.
WTLS
WAP Gateway and Web server
TLS
Does not support end-to-end security
ii. WAP 2.0
Re-design of the WAP architecture.
Introducing Internet protocol stack including the Transmission Control Protocol (TCP).
TCP-level gateway allows for two versions of TCP. One for wired and the other for wireless TLS channel can be established all the way from the mobile device to the server.
Backup procedure for TMSI reallocation. IMSI confidentiality in wireline part.
WAP Architecture (V1.2.1) Data Privacy Voice Call Transcoded Threat Backup Procedure for TMSI Reallocation. VLR cannot associate the TMSI with the IMSI because of TMSI corruption or database failure when the user roams, and the SN/ VLRn cannot contact the previous VLRo.
Voice calls may need to be transcoded when they cross network borders. Such as, bit rate change it is not possible to apply such transformation on an encrypted signal. Signal has to be decrypted before transcoding. Network-wide confidentiality lacks flexibility.
Important Changes in Security Defeat the false base station attack. Key lengths were increased. Support security within and between networks Integrity mechanisms.
Eavesdropping Impersonation of a user Impersonation of the network Man-in-the-middle Compromising authentication vectors in the network
‘3G Security Feature’- 3G network enhances much vulnerability in 2G. Many 2G attacks are not suitable for 3G network.
Denial of service Attack- De-registration request spoofing the intruder spoofs a de-registration request (IMSI detach) to the network Location update request spoofing User spoofs a location update request in a different location area camping on a false BS/MS.
Denial of Service Solution- Integrity protection of critical signaling messages Location update request spoofing and Deregistration request spoofing. In Camping on a false BS/MS Integrity can’t prevent the false BS/MS ignoring certain service requests and/or paging requests.
Identity Catching Attack- Passive identity catching requires a modified MS. Expect network may sometimes request the user to send its identity in plaintext. Active identity catching requires a modified BS Requests the target user to send its permanent user identity in plaintext.
Identity Catching Attack Solution- Identity confidentiality mechanism counteracts this attack Encryption key shared by a group of users to protect the user identity when new registrations or temporary identity database failure in the serving.
Eavesdropping on user data- Suppression of encryption between the target user and the true network Modified BS/MS When set up a connection, false BS/MS modifies the ciphering capabilities of the MS; network may then decide to establish an un-enciphered connection.
Eavesdropping on user data Solution- Message authentication and replay inhibition of the mobile’s ciphering capabilities. Network can verify that encryption has not been suppressed by an attacker.
Seamless integrated Mobility, QoS and Security Delay across different networks for QoS Privacy AAA for 4G Heterogeneous Network Mobility.
When handoff in heterogeneous network Acquire a new CoA (Care of Address) only, Security Association (SA) between HA and MN is not impacted (MIPv6 Routing Header Type2 and Home address option are transparent to IPSec SA) Kbm is encapsulated in BU RRP (Return Routability Procedure) mechanism is vulnerable to attacks along the path between the HA and the CN, where a malicious node, aware of a session between MN and CN, might simulate a handoff of the MN by sending fake HoTI and CoTI messages. > Impersonation attack/Man-in-the middle attack (Adversary can obtain Kbm and send fake BU to CN or MN) When MN roams away from its HN => Binding new address by sending Binding Update (BU) message to HA by RRP.
1. At set-up, Kbm distribute to MN and CN within the body of the SIP 200 OK and ACK message => Instead of RRP.
2. Kbm can be generated by AAA Server.
3. The distribution of keys is secured by IPSec and ESP between SIP user (MN and CN) and P-CSCF.
As the SA is not impacted, a solution is:
• Every handoff => update BU,
• On each path, IPSec or ESP is employed to protect the distribution of key.
• It is very difficult for ME to verify the validity of BS’s public key certificate since ME and BS usually belongs to different CA.
• It is hard to achieve mutual authentication between ME and FA, and ME is vulnerable to be cheated by forged BS/FA. A Trusted Computing-Based Security Architecture for 4G (PKBP).
1. Authentication on heterogeneous networks
2. Against the man-in-the-middle attack
3. Mutual authentication
4. Anonymity and Non-repudiation
5. Security of key agreement
In this paper we have demonstrated that the security requirements for 4G systems are much greater than those of 3G. A lot of this is due to the fact that in 4G systems we require a more open architecture with its inherent security vulnerabilities compared to the closed network of 3G systems. These requirements clearly indicate that we need an integrated security module to protect data across different networks and in addition, we need targeted security models to protect various entities: users, servers and network infrastructure.3GP provided more security mechanisms than 1G and 2G as- Mutual authentication, stronger confidentiality and integrity, …, etc. 3G and 4G still exists some problems as - privacy, DoS, IMSI: plaintext,…. etc. Convergence of heterogeneous networks, for example, 4G, is an important trend, and exists a lots of issues as - Seamless connection, high mobility, QoS, secure service,…, etc. All-IP is an important and necessary environment for communication networks.
I express my sincere gratitude to Resp. Dr A. D. Gawande , Head of the Department, Computer Science & Engineering & Resp.Prof V. T. Gaikwad for providing their valuable guidance and necessary facilities needed for the successful completion of this seminar throughout. I am also obliged to our principal, Resp. Dr. S. A. Ladhake who has been a constant source of inspiration throughout.
Lastly, but not least, I thank all my friends and well-wishers who were a constant source of inspiration.
[1] [3GPPTS202] 3GPP TS 35.202 V3.1.1 Technical Specification.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[2] [3GPPTS205] 3GPP TS 35.205 V6.0.0 Technical Specification.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[3] [3GPPTS201] 3GPP TS 35.201 V6.1.0 Technical Specification.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[4] [3GPPTS121] 3GPP TS 23.121 V3.6.0 Technical Specification.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[5] Yu Zheng, Dake He, Lixing Xu and Xiaohu Tang (2005) International Conference on Communications Circuits and Systems, 1, 397-401.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[6] Joseph V.C. and Talukder A.K. (2006) IFIP International Conference on Wireless and Optical Communications Networks, 11-13.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[7] Muxiang Zhang and Yuguang Fang (2005) IEEE Transactions on Wireless Communications, 49(2), 734-742.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
[8] Barba A., Recacha F. and Melus J.L. (1993) IEEE Singapore International Conference on Networks, International Conference on Information Engineering, Communications and Networks 1, 421-425.
» CrossRef » Google Scholar » PubMed » DOAJ » CAS » Scopus
 | Fig. 1- |
 | Fig. 2- |
 | Fig. 3- |
 | Fig. 4- |