Abstract
This paper analyzes the security architectures employed in the interworking model that integrates third-generation (3G) mobile networks and Wireless Local Area Networks (WLANs), materializing Beyond 3G (B3G) networks. Currently, B3G networks are deployed using two different access scenarios (i.e., WLAN Direct Access and WLAN 3GPP IP Access), each of which incorporates a specific security architecture that aims at protecting the involved parties and the data exchanged among them. These architectures consist of various security protocols that provide mutual authentication (i.e., user and network authentication), as well as confidentiality and integrity services to the data sent over the air interface of the deployed WLANs and specific parts of the core network. The strengths and weaknesses of the applied security measures are elaborated on the basis of the security services that they provide. In addition, some operational and performance issues that derives from the application of these measures in B3G networks are outlined. Finally, based on the analysis of the two access scenarios and the security architecture that each one employs, this paper presents a comparison of them, which aims at highlighting the deployment advantages of each scenario and classifying them in terms of: a) security, b) mobility, and c) reliability.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Aboba, B., & Beadles, M. (1999). The network access identifier. RFC 2486, Jan. 1999.
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., & Levkowetz, H. (2004). The Extensible Authentication Protocol (EAP). RFC 3748, Jun. 2004.
Arkko, J., & Haverinen, H. (2006). EAP-AKA authentication. RFC 4187, Jan. 2006.
Asokan, N., Niemi, V., & Nyberg, K. (2005). Man-in-the-middle in tunneled authentication protocols, 3364, 28–41.
Borisov, N., Goldberg, I., & Wagner, D. (2001). Intercepting mobile communications: The insecurity of 802.11. 7th ACM/IEEE International Conference on Mobile Computing and Networking (MOBICOM), Rome, Italy, Jul. 2001.
Calhoun, P., Loughney, J., Guttman, E., Zorn, G., & Arkko, J. (2003). Diameter base protocol. RFC 3588, Sep. 2003.
Dutta, A., Zhang, T., Madhani, S., Taniuchi, K., Fujimoto, K., Katsube, Y., Ohba, Y., & Schulzrinne, H. (2004). Secure universal mobility for wireless internet. Proceedings of the 2nd ACM international workshop on Wireless mobile applications and services on WLAN hotspots (WMASH), Philadelphia, USA, Oct. 2004.
Eastlake, D., & Jones, P. (2001). US Secure Hash Algorithm 1 (SHA1). RFC 3174, Sep. 2001.
Eronen, P. (2006). IKEv2 Mobility and Multihoming Protocol (MOBIKE). RFC 4555, Jun. 2006.
Haverinen, H., & Saloway, J. (2006). EAP-SIM authentication. RFC 4186, Jan. 2006.
Kaufman, C. (2005). The Internet Key Exchange (IKEv2) protocol. RFC 4306, Dec. 2005.
Kent, S., & Atkinson, R. (1998). IP Encapsulating Security Payload (ESP). RFC 2406, Nov. 1998.
Kent, S., & Atkinson, R. (1998). IP Authentication Header (AH). RFC 2402, Nov. 1998.
Kent, S., & Atkinson, R. (1998). Security architecture for internet protocol. RFC 2401, Nov. 1998.
Kivinen, T., & Tschofenig, H. (2006). Design of the mobike protocol. RFC 4621, Aug. 2006.
Krawczyk, H., Bellare, M., & Canetti, R. (1997). HMAC: Keyed-hashing for message authentication. RFC 2104, Feb. 1997.
Laat, C., Gross, G., Gommans, L., Vollbrecht, J., & Spence, D. (2000). Generic AAA architecture. RFC 2903, Aug. 2000.
Ntantogian, C., Xenakis, C., & Merakos, L. (2006). An enhanced EAP-SIM authentication scheme for securing WLAN. 15th IST Mobile & Wireless Communications, Myconos, Greece, Jun. 2006.
Patel, S. Analysis of EAP-SIM session keys agreement. Lucent Technologies.
Prasithsangaree, P., & Krishnamurthy, P. (2004). On a framework for energy-efficient security protocols in wireless networks. Computer Communications, 27(17), 1716–1729.
Rajavelsamy, R., Jeedigunta, V., Holur, B., Choudhary, M., & Song, O. (2005). Performance evaluation of VoIP over 3G-WLAN interworking system (Vol. 4, pp. 2312–2317). IEEE Wireless Communications and Networking Conference (WCNC), Mar. 2005.
Rigney, C., Rubens, A., Simpson, W., & Willens, S. (1997). Remote Authentication Dial In User Services (RADIUS). RFC 2138, Apr. 1997.
Saha, D., Mukherjee, A., Misra, I. S., & Chakraborty, M. (2004). Mobility support in IP: A survey of related protocols. IEEE Network, 18(6), 34–40.
Salkintzis, A. K. (2004). Interworking techniques and architectures for WLAN/3G integration toward 4G mobile data networks. IEEE Wireless Communications, 11(3), 50–61.
Whiting, D., Housley, R., & Ferguson, N. (2003). Counter with CBC MAC (CCM). RFC 3610, Sep. 2003.
Xenakis, C., & Merakos, L. (2004). Security in third generation mobile networks. Computer Communications, 27(7), 638–650.
Xenakis, C., Laoutaris, N., Merakos, L., & Stavrakakis, I. (2006). A generic characterization of the overheads imposed by IPsec and associated cryptographic algorithms. Computer Networks, 50(17), 3225–3241.
IEEE Std 802.11 (1999). Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications.
IEEE Std 802.11X (2004). Port based network access control.
IEEE Std 802.11i (2004). Wireless Medium Access Control (MAC) and Physical Layer (PHY) specifications: Medium Access Control (MAC) security enhancements.
ETSI TS 100 922 (v7.1.1) (1999). Subscriber Identity Modules (SIM) functional characteristics, Jul. 1999.
3GPP TS 22.100 (v3.7.0) (2001). UMTS phase 1 release ’99, Oct. 2001.
3GPP Tdoc S3-0304 (2003). Cipher key separation or A/Gb security enhancements. SA3#29, Jul. 2003.
3GPP TS 23.234 (v7.3.0) (2006). 3GPP system to WLAN interworking; system description. Release 7, Sep. 2006.
3GPP TS 33.234 (v7.2.0) (2006). 3G security; WLAN interworking security; system description. Release 7, Sep. 2006.