Skip to main content
Log in

Provably Secure Mutual Authentication and Key Exchange Scheme for Expeditious Mobile Communication Through Synchronously One-Time Secrets

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The Universal Mobile Telecommunication Standard (UMTS) is continuously evolving to meet the increasing demand of modern mobile and Internet applications for high capacity and advanced features in security and quality of service. Although admittedly enhanced in terms of security as compared to GSM (2G) systems, UMTS still has some weaknesses that may often lead to several security incidents. In this article, we come up with a novel authentication mechanism based on the one-time-secret security capabilities, which can assure an expeditious mobile communication environment and simultaneously be able to deal with the several issues related to security vulnerabilities (Redirection Attack, Man-in-the-Middle-Attack) and others like the excessive bandwidth consumption, storage overhead in VLR etc. existing in the current mobile communication (UMTS). In addition, here we also introduce a new concept called “Neighborhood Policy”, where several VLRs can form groups among themselves and carry out significant responsibilities in order to authenticate a User without interfering HLRs even though the User moves to a new VLR (belongs to the same group). We argue that the proposed solution not only achieves the mutual authentication in a secure manner, but at the same time, it also greatly reduces the computation and communication cost of the mobile User as compared to the existing state of the art authentication schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. 3rd Generation Partnership Project: Technical Specification Group SA: 3G Security, Security Architecture, Version 4.2.0 released 4, 3GPP, TS 33.102.2001.

  2. AL-Tawil, K., Akram, A., & Youssef, H. (1998). A new authentication protocol for GSM networks. In Proceedings of the IEEE 23rd annual conference on local computer networks (LCN’98)199821–30.

  3. Ammayappan, K., Saxena, A., & Negi, A. (2006). Mutual authentication and key agreement based on elliptic curve cryptography for GSM. ADCOM, 2006, 183–187.

    Google Scholar 

  4. Biryukov, A., Shamir, A., & Wagner, D. (2001). Real time cryptanalysis of (A5/1) on (PC), LNCS, vol. 1978, http://www.isaac.cs.berkeley.edu/isaac/gsm-press.html.

  5. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. Proceedings of the ACM Transactions on Computer Systems (TOCS), 8(1), 18–36.

    Article  Google Scholar 

  6. Buttyan, L., Gbaguidi, C., Staamann, S., & Wilhemlm, U. (2000). Extesions to an authentication technique proposed for the global mobile network. Proceedings of the IEEE Transactions on Communications, 48(3), 400–407.

    Google Scholar 

  7. Chang, C. C., Lee, J. S., & Chang, Y. F. (2005). Efficient authentication protocol of GSM. Proceedings of the Computer Communications, 28(8), 921–928.

    Article  Google Scholar 

  8. Fan, C. I., Ho, P. H., & Chen, H. Y. Nested one-time secret mechanisms for fast mutual authentication in mobile communications. In Proceedings of IEEE Wireless Communications and Networking Conference, WCNC-2007 (pp. 2714–2719).

  9. Gong, L., Needham, R., & Yahalom, R. (1990). Reasoning about belief in cryptographic protocols. Oakland, California: Proceedings of the IEEE Symposium on Research in Security and Privacy (pp. 234–248).

  10. Horn, G., & Howard, P. (2000). Review of third generation mobile system security architecture. ISSE.

  11. Huang, C.-M., & Li, J.-W. (2005). Authentication and key agreement protocol for UMTS with low bandwidth consumption. In Proceedings of the 19th international conference AINA (pp. 392–397).

  12. Hwang, K. F., & Chang, D. C. C. (2003). A self-encryption mechanism for authentication of roaming and teleconference services. Proceedings of the IEEE Transaction of the Wireless Communications, 2(2), 400–407.

    Article  MathSciNet  Google Scholar 

  13. ISAAC: Smartcard Developer Association Clones Digital GSM Cellphones, http://www.isaac.cs.berkeley.edu/isaac/gsm-press.html, 1998.

  14. Kumar, K. P., Shailaja, G., Kavitha, A., & Saxena, A. (2006). Mutual authentication and key agreement for GSM. In Proceedings of the ICMB (p. 25).

  15. Lee, C. H., Hwang, M. S., & Yang, W. P. (1999). Enhanced privacy and authentication for global system for mobile communications. Proceedings of the Wireless Networks, 5, 231–243.

    Google Scholar 

  16. Lee, C. C., Hwang, M. S., & Yang, W. P. (2003). Extension of authentication protocol for GSM. IEEE Proceedings-Communication, 150(2).

  17. Lee, T.-F., Chang, C. C., & Hwang, T. (2005). Private authentication techniques for the global mobility network. Wireless Personal Communications, 35(4), 329–336.

    Article  Google Scholar 

  18. Lo, C. C., & Chen, Y. J. (1999). Secure communication mechanism for GSM networks. In Proceedings of the IEEE Pacific rim conference on communications, computer and signal processing (pp. 221–224).

  19. Lo, C. C., & Chen, Y. J. (1997). Secure communication mechanisms for GSM networks. Proceedings of the IEEE Transactions on Consumer Electronics, 45, 1074–1080.

    Google Scholar 

  20. Meyer, U., & Wetzel, S. (2004). A man-in-the-middle attack on UMTS. In Proceedings of the 3rd ACM WiSe. New York, 2004 (pp. 90–97).

  21. Ou, H.-H., Hwang, M.-S., & Jan, J. K. (2010). A cocktail protocol with the authentication and key agreement on the UMTS. Proceedings of the Journal of Systems and Software, 83(2), 316–325.

    Article  Google Scholar 

  22. Suzuki, S., & Nakanda, K. A. (1997). An authentication technique based on distributed security management for global mobility network. Proceedings of the IEEE Journal on Selected Areas in Communications, 15(8), 1608–1617.

    Article  Google Scholar 

  23. Wen, J., Zhang, M., & Li, X. (2005). The study on the application of BAN logic in formal analysis of authentication protocols [C]. Proceedings of the 7th International Conference on Electronic Commerce, 113, 744–747.

    Google Scholar 

  24. Zhang, M. A. (2003). Adaptive protocol for entity authentication and key agreement in mobile networks. In Proceedings of the ICISC, 2003 (pp. 166–183).

  25. Zhang, M. (2003). Provably-secure enhancement on 3GPP authentication and key agreement protocol verizon Commun. In Proceedings of the cryptology ePrint archive Rep. 2003/092.

  26. Zhang, M., & Fang, Y. (2005). Security analysis and enhancements of 3GPP authentication and key agreement protocol. Proceedings of the IEEE Transactions on Wireless Communications, 4(2), 734–742.

    Article  Google Scholar 

Download references

Acknowledgments

This work is financially supported by the National Science Council of Republic of China (Taiwan), under Contract No. NSC 100-2221-E-006-152-MY3 and 101-2221-E-006-266. The authors would like to thank the editor and the anonymous referees for their valuable comments.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Tzonelih Hwang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hwang, T., Gope, P. Provably Secure Mutual Authentication and Key Exchange Scheme for Expeditious Mobile Communication Through Synchronously One-Time Secrets. Wireless Pers Commun 77, 197–224 (2014). https://doi.org/10.1007/s11277-013-1501-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-013-1501-5

Keywords

Navigation