Security and performance enhancement of authentication protocols in heterogeneous wireless networks

For mobile users, interworking environment comprised of Long Term Evolution (LTE), Worldwide Interoperability for Microwave Access (WiMAX) and Wireless Local Area Networks (WLAN) has become a practical consideration. As a prevalent technology, LTE and WiMAX have desirable features that support high...

Full description

Saved in:
Bibliographic Details
Main Author: Alezabi, Kamal Ali Ahmed
Format: Thesis
Language:English
Published: 2017
Online Access:http://psasir.upm.edu.my/id/eprint/67886/1/FK%202017%20126%20IR.pdf
http://psasir.upm.edu.my/id/eprint/67886/
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Putra Malaysia
Language: English
id my.upm.eprints.67886
record_format eprints
institution Universiti Putra Malaysia
building UPM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Putra Malaysia
content_source UPM Institutional Repository
url_provider http://psasir.upm.edu.my/
language English
description For mobile users, interworking environment comprised of Long Term Evolution (LTE), Worldwide Interoperability for Microwave Access (WiMAX) and Wireless Local Area Networks (WLAN) has become a practical consideration. As a prevalent technology, LTE and WiMAX have desirable features that support high data rate, mobile capabilities, good quality of service (QoS), and wide coverage area. On the other hand, WLAN provides higher bit rate but weaker mobility support. Additional features such as cost effectiveness in covering signal dead zones of LTE networks and its plentiful bandwidth for better QoS makes the WLAN a good complementary solution for LTE networks. Accordingly, integration between these wireless network technologies allows users to move from one to another wireless network to get better QoS in case of some applications that demand higher data rates or to connect to a network that has a stronger signal. However, interworking solutions between these different technologies increase the possibility of intrusion on such networks, consume their resources, affect the QoS and disclose its exchanged data. Thus, the security in such environment is considered as an urgent need. The authentication process is the basis of the security which should be performed appropriately whether in the homogeneous or heterogeneous networks. It is becoming an increasingly important factor during the handover (HO) process in the heterogeneous architecture, where authentication delay and signalling cost may contribute signiffcantly to the handover delay and cost. On the other hand, the 3GPP standards have speciffed that, in interworking architectures between LTE and other wireless networks, each user should be authenticated by the home server in LTE network, which makes this server a subject of single point of failure. Therefore, designing authentication and re-authentication protocols that address the mentioned limitations and contribute to fast, seamless and secure roaming or HO at the same time is an open area that needs to be studied and improved. Several studies have modiffed the existing authentication protocols, but they are limited to 3G-WLAN interworking architecture. Besides, most of the existing authentication schemes are complex and vulnerable to network attacks such as User Identity Disclosure (UID) and Man In The Middle (MITM) attacks. This thesis presents authentication protocols for homogeneous and heterogeneous wireless networks. In particular, a new method called Extensible Authentication Protocol-Tunnelled Transport Layer Security -Improved Secure Remote Password (EAP-TTLS-ISRP) is proposed for WiMAX networks. This method embeds the transmission of security messages in a secure tunnel. The proposed method outperforms other methods in terms of number of messages exchanged, where it is reduced by 16% compared to other WiMAX protocols, which leads to reducing the communication overhead. It also satisfies the EAP requirement for secure and ef- ficient data exchange, as well as robust to MITM attack. In LTE networks, an Efficient Evolved Packet System (EEPS-AKA) protocol is proposed to overcome security and performance problems such as UID and MITM attacks; storage overhead and authentication delay. The proposed protocol is based on the Simple Password Exponential Key Exchange (SPEKE) protocol. Compared to the previous methods, our method is faster, since it uses a secret key method which is faster than certificate-based methods. In addition, the size of messages exchanged between the User Equipment (UE) and Home Subscriber Server (HSS) is reduced by 19%, this effectively reduces authentication delay and storage overhead. In LTE-WLAN interworking architecture, EAP with improved Authentication and Key Agreement (EAPAKA0) protocol is introduced to present new inter and intra re-authentication protocols. These protocols provide an efficient method to improve security against network attacks, protect the user identity and reduce the burden on HSS during the sequential handovers. Compared to the standard authentication protocols, the reduction of the authentication delay, signaling cost, handover delay, handover cost, and energy consumption reaches up to 23%, 30%, 34%, 21%, and 13%, respectively. In LTE-WiMAX-WLAN interworking architecture, authentication and reauthentication protocols are proposed, where they can be invoked if users perform vertical HO (between those networks) or horizontal HO (within the same network). These protocols provide an efficient method to protect user identity and reduce the burden on HSS. The results of analytical model show that the proposed protocols achieve better performance than standard and other protocols in terms of delay, cost, and energy consumption. Compared to the standard and other authentication protocols, the reduction of authentication delay, signaling cost, handover delay, handover cost, and energy consumption reaches up to 14%, 42%, 30%, 18%, and 17%, respectively. The Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is used to provide a formal verification. Results show that the proposed protocols are efficient and secure against active and passive attacks.
format Thesis
author Alezabi, Kamal Ali Ahmed
spellingShingle Alezabi, Kamal Ali Ahmed
Security and performance enhancement of authentication protocols in heterogeneous wireless networks
author_facet Alezabi, Kamal Ali Ahmed
author_sort Alezabi, Kamal Ali Ahmed
title Security and performance enhancement of authentication protocols in heterogeneous wireless networks
title_short Security and performance enhancement of authentication protocols in heterogeneous wireless networks
title_full Security and performance enhancement of authentication protocols in heterogeneous wireless networks
title_fullStr Security and performance enhancement of authentication protocols in heterogeneous wireless networks
title_full_unstemmed Security and performance enhancement of authentication protocols in heterogeneous wireless networks
title_sort security and performance enhancement of authentication protocols in heterogeneous wireless networks
publishDate 2017
url http://psasir.upm.edu.my/id/eprint/67886/1/FK%202017%20126%20IR.pdf
http://psasir.upm.edu.my/id/eprint/67886/
_version_ 1643839039133974528
spelling my.upm.eprints.678862019-04-03T00:43:50Z http://psasir.upm.edu.my/id/eprint/67886/ Security and performance enhancement of authentication protocols in heterogeneous wireless networks Alezabi, Kamal Ali Ahmed For mobile users, interworking environment comprised of Long Term Evolution (LTE), Worldwide Interoperability for Microwave Access (WiMAX) and Wireless Local Area Networks (WLAN) has become a practical consideration. As a prevalent technology, LTE and WiMAX have desirable features that support high data rate, mobile capabilities, good quality of service (QoS), and wide coverage area. On the other hand, WLAN provides higher bit rate but weaker mobility support. Additional features such as cost effectiveness in covering signal dead zones of LTE networks and its plentiful bandwidth for better QoS makes the WLAN a good complementary solution for LTE networks. Accordingly, integration between these wireless network technologies allows users to move from one to another wireless network to get better QoS in case of some applications that demand higher data rates or to connect to a network that has a stronger signal. However, interworking solutions between these different technologies increase the possibility of intrusion on such networks, consume their resources, affect the QoS and disclose its exchanged data. Thus, the security in such environment is considered as an urgent need. The authentication process is the basis of the security which should be performed appropriately whether in the homogeneous or heterogeneous networks. It is becoming an increasingly important factor during the handover (HO) process in the heterogeneous architecture, where authentication delay and signalling cost may contribute signiffcantly to the handover delay and cost. On the other hand, the 3GPP standards have speciffed that, in interworking architectures between LTE and other wireless networks, each user should be authenticated by the home server in LTE network, which makes this server a subject of single point of failure. Therefore, designing authentication and re-authentication protocols that address the mentioned limitations and contribute to fast, seamless and secure roaming or HO at the same time is an open area that needs to be studied and improved. Several studies have modiffed the existing authentication protocols, but they are limited to 3G-WLAN interworking architecture. Besides, most of the existing authentication schemes are complex and vulnerable to network attacks such as User Identity Disclosure (UID) and Man In The Middle (MITM) attacks. This thesis presents authentication protocols for homogeneous and heterogeneous wireless networks. In particular, a new method called Extensible Authentication Protocol-Tunnelled Transport Layer Security -Improved Secure Remote Password (EAP-TTLS-ISRP) is proposed for WiMAX networks. This method embeds the transmission of security messages in a secure tunnel. The proposed method outperforms other methods in terms of number of messages exchanged, where it is reduced by 16% compared to other WiMAX protocols, which leads to reducing the communication overhead. It also satisfies the EAP requirement for secure and ef- ficient data exchange, as well as robust to MITM attack. In LTE networks, an Efficient Evolved Packet System (EEPS-AKA) protocol is proposed to overcome security and performance problems such as UID and MITM attacks; storage overhead and authentication delay. The proposed protocol is based on the Simple Password Exponential Key Exchange (SPEKE) protocol. Compared to the previous methods, our method is faster, since it uses a secret key method which is faster than certificate-based methods. In addition, the size of messages exchanged between the User Equipment (UE) and Home Subscriber Server (HSS) is reduced by 19%, this effectively reduces authentication delay and storage overhead. In LTE-WLAN interworking architecture, EAP with improved Authentication and Key Agreement (EAPAKA0) protocol is introduced to present new inter and intra re-authentication protocols. These protocols provide an efficient method to improve security against network attacks, protect the user identity and reduce the burden on HSS during the sequential handovers. Compared to the standard authentication protocols, the reduction of the authentication delay, signaling cost, handover delay, handover cost, and energy consumption reaches up to 23%, 30%, 34%, 21%, and 13%, respectively. In LTE-WiMAX-WLAN interworking architecture, authentication and reauthentication protocols are proposed, where they can be invoked if users perform vertical HO (between those networks) or horizontal HO (within the same network). These protocols provide an efficient method to protect user identity and reduce the burden on HSS. The results of analytical model show that the proposed protocols achieve better performance than standard and other protocols in terms of delay, cost, and energy consumption. Compared to the standard and other authentication protocols, the reduction of authentication delay, signaling cost, handover delay, handover cost, and energy consumption reaches up to 14%, 42%, 30%, 18%, and 17%, respectively. The Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is used to provide a formal verification. Results show that the proposed protocols are efficient and secure against active and passive attacks. 2017-09 Thesis NonPeerReviewed text en http://psasir.upm.edu.my/id/eprint/67886/1/FK%202017%20126%20IR.pdf Alezabi, Kamal Ali Ahmed (2017) Security and performance enhancement of authentication protocols in heterogeneous wireless networks. PhD thesis, Universiti Putra Malaysia.