Abstract
The 3rd Generation Partnership Project (3GPP) defined a new architecture, called Home eNode B (HeNB). HeNB is able to provide new services with higher data rate in a low cost. Security is a critical aspect of HeNB. In order to have HeNB secure access to core network, 3GPP defines an authentication protocol based on IKEv2. A number of security vulnerabilities such as HeNB masquerading have not been addressed and solved by 3GPP technical specification yet. In this paper an improved HeNB authentication protocol is introduced which does not allow an attacker to connect unauthorized network users using a mask. Finally, we evaluate our protocol performance and verify it by Automated Validation of Internet Security Protocols and Applications (AVISPA). Through our security analysis, we conclude that not only the proposed protocol prevents the various security threats but also it has no significant effect on authentication delay and cost.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Forsberg, D., Horn, G., Moeller, W., Niemi, V.: LTE Security. Wiley Publishing, New York (2010)
Ali-Yahiya, T.: Understanding LTE and its Performance. Springer, Berlin (2011)
Doraswamy, N., Harkins, D.: IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, 2nd edn. Prentice Hall PTR, Upper Saddle River (2003)
3rd Generation Partnership Project: Technical Specification Group Services and System Aspects; Security of H(e)NB (Rel. 8). 3GPP TR 33.820 v1.3.0 (January 2009)
Chengzhe, L., Hui, L., Yueyu, Z., Jin, C.: Simple and Low-cost re-authentication protocol for HeNB. IEEE J. Mag. Chin. Commun. 10, 105–115 (2013)
Zong, Z., Zhou, X., Zhu, L.: HNB or HeNB security access method and system and core network element. U.S. Patent No. 355, 299, Shenzhen City (2014)
Han, C.K., Choi, H.K., Kim, I.H.: Building femtocell more secure with improved proxy signature. In: Global Telecommunications Conference, pp. 1–6 (2009)
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible authentication protocol (EAP). RFC3748 (2004)
Arkko, J., Haverinen, H.: Authentication and key agreement (EAP-AKA). RFC4187 (2006)
Narayanan, V., Dondeti, L.: EAP extensions for EAP re-authentication protocol (ERP). RFC5296 (2008)
Kent, S., Atkinson, R.: Security architecture for the internet protocol. RFC2401 (1998)
Kent, S., Atkinson, R.: IP authentication header. RFC2402 (1998)
Kent, S., Atkinson, R.: IP encapsulating security payload (ESP). RFC2406 (1998)
Piper, D.: The internet IP security domain of interpretation for ISAKMP. RFC2407 (1998)
Clancy, T., Nakhjiri, M., Narayanan, V., Dondeti, L.: Handover key management and re-authentication problem statement. RFC5169 (2008)
3rd generation partnership project: technical specification group services and system aspects; 3GPP system architecture evolution (SAE); security architecture (Release 10). 3GPP TS 33.401 V10.2.0 (September 2011)
3rd generation partnership project: technical specification group services and system aspects; rationale and track of security decisions in long term evolved (LTE) RAN/3GPP System Architecture Evolution (SAE) (Release 8). 3GPP TR 33.821 V8.0.0 (March 2009)
Han, C.K.: Security analysis and enhancements in LTE-advanced networks. Ph.D. Thesis, Sungkyunkwan University (2011)
Cao, J., Ma, M., Li, H., Zhang, Y., Luo, Z.: A survey on security aspects for LTE and LTE-A networks. IEEE J. Mag. Commun. Surv. Tutorials 16, 283–302 (2014)
Smaoui, S., Zarai, F., Kamoun, L.: IPSec tunnel establishment for 3GPP-WLAN interworking. In: 8th International Conference on Informatics and Systems (INFOS), pp 74–80 (2012)
Raza, H.: A brief survey of radio access network backhaul evolution, Part I. IEEE J. Mag. Commun. Mag. 49, 164–171 (2011)
Raza, H.: A brief survey of radio access network backhaul evolution, Part II. IEEE J. Mag. Commun. Mag. 51, 170–177 (2013)
Ntantogian, C., Xenakis, C.: One-pass EAP-AKA authentication in 3G-WLAN integrated networks. Wireless Pers. Commu. 48, 569–584 (2009)
OPENSSL[EB/OL] (2012). http://www.openssl.org/
AVISPA—Automated Validation of Internet Security Protocols [EB/OL] (2012). http://www.avispa-project.org
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Ghasemi Najm, F., Payandeh, A., Habibi, H. (2015). Making HeNB More Secure with Improved Secure Access Protocol and Analyzing It. In: Agüero, R., Zinner, T., García-Lozano, M., Wenning, BL., Timm-Giel, A. (eds) Mobile Networks and Management. MONAMI 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 158. Springer, Cham. https://doi.org/10.1007/978-3-319-26925-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-26925-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26924-5
Online ISBN: 978-3-319-26925-2
eBook Packages: Computer ScienceComputer Science (R0)