Analyzing secure key authentication and key agreement protocol for promising features of IP multimedia subsystem using IP multimedia server-client systems

详细信息    查看全文

• 作者：Bakkiam David Deebak ; Rajappa Muthaiah…
• 关键词：Session initiation protocol ; Authentication and key agreement ; IP multimedia subsystem ; Context identity ; Elliptic curve Diffie Hellman ; Serving call session control function ; Bandwidth consumption ; Signalling congestion
• 刊名：Multimedia Tools and Applications
• 出版年：2016
• 出版时间：February 2016
• 年：2016
• 卷：75
• 期：4
• 页码：2111-2143
• 全文大小：1,165 KB
• 参考文献：1.3GPP TS 21.133 V4.1.0 (2001) 3G security: security threats and requirements
  2.3GPP TS 33.401 V12.5.0 (2012) 3GPP System Architecture Evolution (SAE): security architecture
  3.Al-Saraireh J, Yousef S (2006) A new authentication protocol for UMTS mobile networks. EURASIP J Wirel Commun Netw 2:19
  4.Arapinis M, Mancini L, Ritter E, Ryan M, Golde N, Redon K, Borgaonkar R (2012) New privacy issues in mobile telephony: fix and verification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS ’12), ACM, New York, NY, USA, 2012, pp. 205–216
  5.Babu BS, Venkataram P (2009) A dynamic authentication scheme for mobile transactions. Int J Netw Secur 8(1):59–74
  6.Boyd C, Mathuria A (2003) Protocols for authentication and key establishment. Springer, BerlinCrossRef
  7.Chang K-D, Chen C-Y, Hsu S-W, Chao H-C, Chen J-L (2012) Advanced path-migration mechanism for enhancing signaling efficiency in IP multimedia subsystem. KSII Trans Internet Inf Syst 6(1):305–321
  8.Chang CC, Lee JS, Chang YF (2005) Efficient authentication protocols of GSM. Comput Commun 28:921–928CrossRef
  9.Chen C-Y, Tin-Yu W, Huang Y-M, Chao H-C (2008) An efficient end-to-end security mechanism for IP multimedia subsystem. Comput Commun 31(18):4259–4268CrossRef
  10.Chen YW, Wang JT, Chi KH, Tseng CC (2010) Group-based authentication and key agreement. Wireless Pers Commun 62(4):965–979CrossRef
  11.Choi Y, Kim S (2004) An improvement on privacy and authentication in GSM. In Proceedings of workshop on information security applications (WISA 2004), pp. 14–16
  12.Dominguez AP (2006) Cryptanalysis of Park’s authentication protocol in wireless mobile communication systems. Int J Netw Secur 3(3):279–282MathSciNet
  13.Fadullah ZM, Taleb T, Vasilakos AV, Guizani M, Kato N (2010) DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis. IEEE ACM T Netw 18(4):1234–1247CrossRef
  14.Gardezi AI (2006) Security in wireless cellular networks. Washington University in St. Louis, St. Louis
  15.Harn L, Hsin WJ (2003) On the security of wireless network access with enhancements. In:2nd ACM Workshop on Wireless Security, San Diego, CA, USA, p. 88–95. doi:10.​1145/​941311.​941325
  16.Huang CM, Li JW (2005) Authentication and key agreement protocol for UMTS with low bandwidth consumption. In Proceeding of the 19th international conference on information networking and applications (AINA 2005), IEEE, 28–30th March 2005, pp. 392–397
  17.Huang YL, Shen CY, Shieh SW (2011) S-AKA: a provable and secure authentication key agreement protocol for UMTS networks. IEEE T Veh Technol 60(9):4509–4519CrossRef
  18.Juang WS, Wu JL (2007) Efficient 3GPP authentication and key agreement with robust user privacy protection. In Proceeding of the IEEE communications and networking conference (WCNC2007), Kowloon, 11–15 March 2007, pp. 2720–2725
  19.Lee C-C, Chen C-L, Hsia-Hung O, Chen LA (2013) Extension of an Efficient 3GPP Authentication and Key Agreement Protocol. Wirel Personal Commun 68:861–872CrossRef
  20.Lee CC, Hwang MS, Liao IE (2006) Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE T Ind Elect 53(5):1683–1687CrossRef
  21.Lee CC, Hwang MS, Liao IE (2008) A new authentication protocol based on pointer forwarding for mobile communications. Wirel Commun Mob Comput 8:661–672CrossRef
  22.Lee CC, Hwang MS, Yang WP (2003) Extension of authentication protocol for GSM. IEE Proceedings-Commun 150(2):91–95CrossRef
  23.Liang XH, Li X, Lu RX, Lin XD, Shen XM (2012) Enabling pervasive healthcare with privacy preservation in smart community. In: 2012 I.E. International Conference on Communications (ICC), 10–15 June 2012, pp. 3451–3455
  24.Liang XH, Lu RX, Chen L, Lin XD, Shen XM (2011) PEC: a privacy preserving emergency call scheme for mobile healthcare social networks. J Commun Netw 13(2):102–112CrossRef
  25.Lifei Wei, Haojin Zhu, Zhenfu Cao, Weiwei Jia, Athanasios V Vasilakosb (2014) SecCloud: Bridging Secure Storage and Computation in Cloud. In: Proceedings of the 2010 I.E. 30th International Conference on Distributed Computing Systems Workshops (ICDCSW), Genova, 21–25 June 2010, pp 52–61
  26.Lin YB, Chang MF, Hsu MT, Wu LY (2005) One-pass GPRS and IMS authentication procedure for UMTS. IEEE J Sel Areas Commun 23(6):1233–1239CrossRef
  27.Liu B, Bi J, Vasilakos AV (2014) Toward incentivizing anti-spoofing deployment. IEEE T Inf Foren Sec 9(3):436–450CrossRef
  28.Mao W (2004) Modern cryptography theory and practice. Prentice Hall, New York
  29.Menezes AJ, Oorschot PC, Vanstone SA (1997) Handbook of applied cryptograph. CRC Press, New York
  30.Meyer U, Wetzel S (2004) A man-in-the-middle attack on UMTS, in: Proc. 3rd ACM WiSe, New York, 2004, pp. 90–97
  31.Ntop. (2012) A traffic analysis tool : Online : www.​ntop.​org/​
  32.OpenIMSCore (2009) Website Link: http://​www.​openim-score.​org/​
  33.Ou HH, Hwang MS, Jan JK (2010) A cocktail protocol with the authentication and key agreement on the UMTS. J Syst Softw 83(2):316–325CrossRef
  34.Poikselka M, Mayer G, Khartabil H, Niemi A (2006) The IMS: IP multimedia concepts and services. Second Edition, John Wiley & Sons
  35.Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R, Handley M, Schooler E (2002) SIP: Session Initiation Protocol, IETF, IETF RFC 3261
  36.Shen JJ, Lin CY, Yang HW (2005) Cryptanalysis of a new efficient mAKEP for wireless communications. Int J Netw Secur 1(2):118–121
  37.Shneier B (1996) Applied cryptography, 2nd edn. Wiley, New York
  38.Stinson D (2002) Cryptography theory and practice, 2nd edn. Chapman & Hall/CRC, London/Boca Raton
  39.UCTIMS (2012) Website Link: http://​uctimsclient.​berlios.​de/​
  40.Weia L, Zhua H, Caoa Z, Donga X, Jiaa W, Chena Y, Athanasios AV (2014) Security and privacy for storage and computation in cloud computing. Inf Sci 258:371–386CrossRef
  41.Wu S, Zhu Y, Pu Q (2010) Security analysis of a cocktail protocol with the authentication and key agreement on the UMTS. IEEE Commun Lett 14(4):366–368CrossRef
  42.Yan Z, Zhang P, Vasilakos AV (2014) A survey on trust management for Internet of Things. J Netw Comput Appl 42:120–134CrossRef
  43.Yang CC, Chu KH, Yang YW (2006) 3G and WLAN interworking security: current status and key. Int Jf NetwSecur 2(1):1–13MathSciNet
  44.Yang H, Zhang Y, Zhou Y, Xiaoming F, Liu H, Vasilakos AV (2014) Provably secure three-party authenticated key agreement protocol using smart cards. Comput Netw 58:29–38CrossRef
  45.Zhang M (2003) Provably-secure enhancement on 3GPP authentication and key agreement protocol, Verizon Commun., Cryptology ePrint Archive Rep. 2003/092, 2003
  46.Zhang M, Fang Y (2005) Security analysis and enhancements of 3GPP authentication and key agreement protocol. IEEE T Wirel Commun 4(2):734–742CrossRef
  47.Zhang Z, Qi Q, Kumar N, Chilamkurti N, Hwa-Young (2014) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography. Multimedia Tools and Applications. doi:10.​1007/​s11042-014-1885-6
  48.Zhang X, Zhou F, Zhu X, Sun H, Perrig A, Vasilakos AV, Guan H (2014) DFL: secure and practical fault localization for data center networks. IEEE ACM T Netw 22(4):1218–1231CrossRef
  49.Zhu HJ, Lin XD, Shi MH, Ho PH, Shen XM (2009) PPAB: a privacy preserving authentication and billing architecture for metropolitan area sharing networks. IEEE Trans Veh Technol 58(5):2529–2543CrossRef
  
• 作者单位：Bakkiam David Deebak (1)
  Rajappa Muthaiah (1)
  Karuppuswamy Thenmozhi (2)
  Pitchai Iyer Swaminathan (1)
  
  1. School of Computing, SASTRA University, Thanjavur, TN, 613401, India
  2. School of Electrical and Electronics, SASTRA University, Thanjavur, TN, 613401, India
  
• 刊物类别：Computer Science
• 刊物主题：Multimedia Information Systems
  Computer Communication Networks
  Data Structures, Cryptology and Information Theory
  Special Purpose and Application-Based Systems
  
• 出版者：Springer Netherlands
• ISSN：1573-7721

文摘

Recently, Session Initiation Protocol (SIP) has become a prime signaling protocol for the multimedia communication systems, though none of the researchers have analyzed its promising features, namely access independence, authentication scheme verification, AKA (Authentication and Key Agreement) security properties, 3GPP security properties, signal congestion, bandwidth consumption and computation overhead using the physical multimedia server-client platform. To examine the issues realistically, the existing authentication schemes, such as UMTS AKA, EPS AKA, Cocktail AKA, S AKA, HL AKA and ZZ AKA were designed and developed in the multimedia server-client systems deployed on Linux platform. The cross-examination revealed that the existing schemes failed to satisfy the IMS (IP Multimedia Subsystem) promising features, like mutual authentication, session-key sharing, (perfect) forward secrecy and implicit-key authentication. Thus, this paper proposes a Secure-Key Authentication and Key Agreement protocol (SK AKA) to meet out the standard demands of IMS. To curtail its authentication steps, the secure authentication vector S _AV computes and dispenses the generated vectors between the multimedia server-client systems in advance, through the serving call session control function S _CSCF . As a result, the execution steps of UMTS AKA are annulled for the sake of accomplishment of the IMS features. In addition, the protocol of SK AKA integrates the strategies of Context Identity C _ID and Elliptic Curve – Diffie Hellman (EC-DH) to resist most of the potential attacks like SIP flooding, forgery, man-in-the-middle, password guessing and key impersonation. To analyze the parameters, such as (SIP) Flooding Attack Detection Rate, End-To-End Delay of Multiple Voice Call Session, Call Success Rate, SIP Utilization, RTP Utilization, Call Response Time, Bandwidth Consumption and Signalling Congestion realistically, the proposed and existing authentication schemes have been coded and integrated in the real-time IMS client-server system. Above all, the thoroughgoing research has revealed that the proposed protocol of SK AKA accomplishes all the IMS challenges: 1. Adhere the promising features of IMS; 2. Attack resiliency; and 3. Fulfill the promising parameters of IMS, in comparison with the other existing schemes.