An Efficient Authentication Protocol for Integrating WLAN and Cellular Networks

1
An Efficient Authentication Protocol for
Integrating WLAN and Cellular Networks
Y.M. Tseng, C.C. Yang and J.H. Su, An Efficient
Authentication Protocol for Integrating WLAN and
Cellular Networks, Proceeding of the Sixth
International Conference on Advanced
Communication Technology 2004 (IEEE/ICACT2004),
Korea, Vol.1, pp. 416-420, 2004.

• Speaker Y.M. Tseng
• Department of Mathematics, NCUE
• February 10, 2004

2
Outline

• Introduction
• Preliminaries
• Proposed protocol
• Security analysis
• Performance analysis
• Conclusions Future works

3
Introduction
System environment and Service Scenario Goal
Legal subscribers of 3G can use WLAN services
Access Point
Base Station
WLAN
Cellular network
4
Introduction Cont.
5
Introduction Cont.

• Integration with Cellular and WLAN Networks
• 3G and WLAN possess complementary properties
• Advantages
• High-speed data transmitting rate (for
  Multi-media)
• Always-on connectivity
• Several problems must be discussed
• Authentication (and Key distribution)
• Billing (Partial)
• Quality of services (QoS)
• Seamless connectivity
• ...

6
Introduction Cont.

• Related works about integration of two
  heterogeneous networks( WLAN and 3G/2.5G)
• Ala-Laurila et al., 2001
• A architecture of integrating GPRS and WLAN
• Two networks share the same resource
• Two networks should belong to the same provider
• Luo et al., 2003
• The internet roaming solution for enterprise to
  integrate 3G and WLAN
• VPN (Virtual Private Network) architecture
• Buddhikot et al., 2003
• Two architectures tightly-coupled and
  loosely-coupled
• Only concepts about authentications and billing
  problems

7
Preliminaries

• Security methods used in our protocol
• Symmetric encryption scheme
• One-way hash function
• Lamport, 198123
• One-way hashing function gt Hashing chain
• Hash function MD5 or SHA-1
• GSM/GPRS A3, A5, A8
• 3G f1, f2, f3, f4 and f5
• Given x, easy to compute yh(x)
• Given y, hard to compute x
• Hash chaining hi(s) hi(s)h(h(h(s)) ) is
  composition of i hs
• Given hi-1(s), easy to compute hi(s)
• Given hi(s), hard to compute hi-1(s)

8
Proposed Protocol
9
Proposed Protocol Cont.

• System assumptions
• A subscriber with dual-interface (2.5G/3G and
  WLAN) mobile terminal (MT, Nokia D211).
• A subscriber with the mobile terminal (MT) has
  been a legal subscriber of the 3G
• The 3G operator and the WLAN provider have signed
  a roaming agreement or contact.
• 3G operator hn(s), hn-1(s), hn-2(s), hn-2(s),
  h1(s)
• WLAN provider hn(s)

10
Proposed Protocol Cont.

• Notations
• Ad advertisements which an AP periodically
  broadcasted
• CK a cipher key established between 3G and its
  subscriber MT, we omit the detail in the
  protocol.
• EK(.) a secure symmetric-key encryption scheme
  using a key, K
• h(.) a one-way hash function, such as MD5
• IDA the identification of the entity A
• PWWEP a random password generated by 3G
• s a random integer, which is used as a seed of a
  one- way hash function
• T a time stamp

11
Proposed Protocol Cont.
MT
3G
WLAN
(1)
(2)
Get PWWEP
(3)
Check hi(s)h(hi-1(s)) Record hi-1(s) Get PWWEP
(4) EAP-Success or EAP-Failure
12
Security analysis

• Withstanding guessing or dictionary attacks
• One-time password,
• Withstanding Replay attack
• Replaying
• hi-1(s) is recorded by the WLAN-AS
• Thus,
  for the next connection.
• Solving the weakness of WEP (Wired Equivalent
  Privacy)
• Weakness a fixed key between MT and WLAN.
• A random password is distributed to
  MT and WLAN.

13
Performance analysis
14
Performance analysis Cont.

• The simulation result

• Java 1.4.2 API
• AES
• MD-5

• It does not include the internal delay time in
  3GWLAN

15
Conclusions Future Works

• An efficient authentication protocol for
  integrating two heterogeneous wireless networks
• Hashing chain
• Symmetric encryption scheme
• Little computation time
• Non-repudiation of billing problem
• Asymmetric (Public-key) cryptography
• Requiring more computation time
• Problem lower computational power of a mobile
  device.

16
Thank You !