Documente Academic
Documente Profesional
Documente Cultură
Abstract. The growing area of lightweight devices, such as mobile cell phones,
PDA conduct to the rapid growth of mobile networks, they are playing important
role in everyones day. Mobile Networks offer unrestricted mobility and tender
important services like M-business, M-Learning, where, such services need to
keep security of data as a top concern. The root cause behind the eavesdroppers
in these networks is the un-authentication. Designing authentication protocol for
mobile networks is a challenging task, because, mobile devices memory,
processing power, bandwidths are limited and constrained. Cryptography is
the important technique to identify the authenticity in mobile networks. The
authentication schemes for this networks use symmetric or asymmetric
mechanisms. In this paper, we propose a hybrid authentication protocol that is
based on Elliptic Curve Cryptography which is, actually, the suitable technique
for mobile devices because of its small key size and high security.
1 Introduction
A. Amine et al. (Eds.): Modeling Approaches and Algorithms, SCI 488, pp. 195204.
DOI: 10.1007/978-3-319-00560-7_24 Springer International Publishing Switzerland 2013
196 M. Bensari and A. Bilami
The first authentication protocols designed for mobile networks are symmetrical;
the authentication procedure is carried out using symmetric-key cryptography such as
the Advanced Encryption Standard (AES).
Several symmetrical authentication protocols were presented like the first protocols
designed to GSM systems [8]. The authentication in these protocols is only unilateral.
Furthermore, the user's identity and location are not anonymous.
The enhanced protocols such as in [9] provide more security functions like
identity, confidentiality and mutual authentication, but they all need a third trust part
such as HLR or the old VLR [10].
These protocols seem suitable to mobile environments. However, the authenti-
cation by these protocols is often vulnerable and needs a third part for the
construction and the distribution of keys. The solution is the sensationalism to the
asymmetric protocols.
The asymmetric protocols are based on asymmetric key cryptography and use
different keys i.e. public key and private key, such as RSA and ECC.
Several certificate-based protocols have been proposed for mobile networks like the
one proposed by [8] for the GSM and The ASPeCT protocol [11] for UMTS. They
are the most significant examples of asymmetric protocols. The basic idea behind
these protocols consists in reducing the frequency of long-distance signaling across
domains when the roaming across an area becomes more frequent. The drawback of
these schemes consists in the incorrect use of certificates which may generates
security flaws [10].
These protocols are more effective and less vulnerable than the symmetrical
protocols. However, these protocols use keys of big sizes and require a longer
computing time and more resources comparing to the symmetrical protocols, because
of the complexity of the executed operations. Therefore, it is not encouraging to use
these protocols in a mobile environment in spite of their effectiveness in security.
The adequate solution tends to use Elliptic Curve Cryptography because of its high
security and its compatibility with mobile networks constraints. The protocols defined
in [12] are good examples in this context.
Other proposed protocols have proposed a hybrid scheme while using a
combination of both symmetric and asymmetric key cryptographies.
A series of authentication protocols described in [13] are suitable for the GSM
architecture using the hybrid approach. The protocols proposed by Beller et al.
presented in [8], were built using the Rabin crypto-system based on the difficulty of
computing a square root modulo a composite integer. The Rabin crypto-system was
specifically chosen because of its very efficiency and its appropriateness for
implementations in mobile stations (MS).
y2 = x3 + ax + b (1)
Where a and b, in Fp, satisfy 4a3 + 27b2 0 (mod p), if Fp is a Prime Field. Else
(Binary Field):
y2 + xy = x3 + ax2 + b (2)
Where b 0.
A pair (x, y), where x, y in Fp, is a point on the curve if (x, y) satisfying the
equation (1) or (2) [7], [12].
ECC's main cryptographic operation is scalar point multiplication, which computes
Q = kP where P is a point; k is an integer and Q is also a point of the curve. Scalar
multiplication is performed through a combination of point additions and point
doublings.
The force of ECC relies on the difficulty of solving the Elliptic Curve Discrete
Logarithm Problem (ECDLP), which states that given P and Q, it is hard to find k in
ECC, this problem is indissoluble for great values of k. The integer k acts as a private
key, while the result of the multiplying Q serves as the corresponding public key [12].
In some curves, ECDLP may be solved efficiently, for that; a set of curves
possessing the necessary security properties has been published. The use of these
curves is also recommended as a means of facilitating interoperability between
different implementations of a security protocol.
The ECC crypto operations are adopted and standardized by NIST, ANSI, IEEE
and IETF. Currently, there are three applications of ECC in cryptography, the Elliptic
Curve Integrated Encryption Scheme (ECIES), which is a variant of the ElGamal
encoding scheme, the Elliptic Curve Digital Signature Algorithm (ECDSA), which is
the elliptic curved variant of the DSA and the Elliptic Curve Diffie-Hellman (ECDH),
which is the typical diagram of key exchange based on Diffie-Hellman mechanism
applied to the elliptic curves [7].
4 HAPMON Protocol
We propose a new hybrid authentication protocol for mobile networks, which is based
on ECC. Our protocol called HAPMON (Hybrid Authentication Protocol for MObile
Networks) provides a compromise between high security and the constraints of
mobile environment. It is a protocol suitable composed of two parts: certificate-based
authentication protocol (CBA); and the ticket-based authentication protocol (TBA)
(Figure 1), where, each one of these protocols provides a mutual authentication.
A New Hybrid Authentication Protocol to Secure Data Communications 199
Ticket-based
authentication
Cell
Certificate-based authentication
Like other authentication protocols for mobile networks, HAPMON has two
phases, the bootstrapping and the authentication phase.
In this phase (registration phase), the nodes that ask for services are provided with
some data (bootstrapping material) and must prove the knowledge of the appropriate
information in the authentication phase like a proof of eligibility. The responsible part
in this phase is the HLR where a public key infrastructure (PKI) is employed.
Before the generation of X.509v3 certificate, the HLR chooses an elliptic curve (E)
defined over a finite field Fq such as the ECDLP, which is more difficult to be
solved. It chooses also a reference point (P) on E. Then it chooses a secret number d
and calculates Q = dP.
The HLR generates after the pair key, public key (KU), KU= Q, and the private
key (KR), KR= d. It generates, also, for MS a key ki used for coding the data before
the checking of the certificate, so that nothing is sent clearly on the network. This key
is equivalent to the ki of GSM network. E, Fq, P and KU are public, where the KR
and ki are private.
After the first phase was completed successfully, the authentication phase starts. In
this phase, the mobile node and the VLR exchange mutually the evidence that has
been provided by HLR in the first phase. The authentication phase is a suite of CBA
protocol and TBA protocol. The choice of one protocol depends mainly on MS
localization at the time of requesting services and other considerations (certificate and
ticket validity).
200 M. Bensari and A. Bilami
VLR MS
auth- msg
auth-rep
msg-aqt
Step 1:
When the MS receives or asks for service, the VLR in which MS resides uses the
temporal identifier of MS (TID) to access a secret database and extract the MSs data
that are E, P and ki. Then, the VLR generates an authentication message auth-
msg(CertVLR;R1)ki which contains a random point R1 = aP (a selected randomly
from Fq) and their certificate CertVLR. This message is encrypted using ki then sent
to MS. At the reception of auth-msg, MS decrypts it using ki then, it checks the
validity of CertVLR by the public key of HLR (KUHLR), if it is valid, MS calculates
the shared key with the VLR ( kc),
kc = KRMSKUV LR (3)
Step 2:
VLR decrypts the message using its private key (KRVLR), it checks the validity of
CertMS using KUHLR, if it is valid, it calculates the shared key with MS,
kc = KRVLRKUMS (4)
KUMS is consulted from CertMS. Then, it calculates R1, R1= R1`- kc, if the
calculated R1 is equivalent to the sent one in auth-msg, then this implies that MSs
secret key is valid, (it isnt a case of identity usurpation). Thus MS is well
authenticated to VLR. VLR will generate a ticket (Figure 3) to MS and calculate the
key of the next session K1.
The ticket is a data structure containing: the MSs ID, the tickets issues, the end
date, and the signature of the VLR. Then, It also calculates R2`= R2 + kc.
A New Hybrid Authentication Protocol to Secure Data Communications 201
Ms-id: F904.6001.B270.9845
The issue date: 19/03/2013
The end-date: 15/14/2013
VLR-sign: D0F4
Fig. 3. Ticket
K1 = aR2 (5)
Step 3:
After the reception of msg-aqt, MS decrypts it by its KRMS, it calculated R2, R2=
R2`- kc. If R2 corresponds to the sent one in auth-resp, then it implies that VLRs
secret key KRVLR is valid. Thus, the VLR is well authenticated to MS.
The MS will register the ticket and calculates the key of the next session based on
ECDH using R1. k1= bR1.
MS VLR
Tic-auth-msg
Tic-auth-resp
Step 1:
With each request of service, MS constructs a ticket authentication message, Tic-auth-
msg( ticket, R1 )k0 , containing R1= aP and the ticket. The message is encrypted using
the generated key during the last session (k0) and sent to VLR.
After receiving the Tic-auth-msg, the VLR uses the TID of MS to find the k0 and
the ticket of MS. Then VLR checks the ticket, if it is legal, it decrypts the message.
202 M. Bensari and A. Bilami
5 Analysis
The performances of HAPMON are evaluated and compared while considering the
following security requirements:
Confidentiality: all the messages exchanged between MS and VLR are encrypted
by ECIES or AES. Therefore, the confidentiality of the exchanged data is
completely guaranteed and the uses of the session key based on ECC augments the
confidentiality.
Non-repudiation: HAPMON ensures a mutual non-repudiation by using electronic
certificate and checking the domination of the private key associated to the public key
indicated in the certificate.
Explicit mutual authentication: Unlike several protocols like in GSM, HAPMON
ensures a mutual authentication. It is explicitly expressed. MS and VLR are mutually
authenticated, if each one of them proves to the other that it has the correct Kc.
Resistance to the dictionary attack: HAPMON is able to ensure protection against the
dictionary attack upon the shared key. Even with the knowledge of E, P and KU of
MS and VLR, an adversary cannot carry-out the dictionary attack in order to obtain
the session key, because the time necessary to find the session key (the resolution
time of ECDLP), is considered higher than the desired one.
A New Hybrid Authentication
A Protocol to Secure Data Communications 203
Bits
10000
8000
6000
Bandwidth
4000
Storage
2000
0
Beller Aziz
A Aydos CBA TBA
T
Table 1. Computational load analysis
PKE: Public Key Encryptio on. PKD: Public Key Decryption. eP : Point Multiplicatiion.
ECAES: elliptic curve AES S. SKE: Secret Key Encryption or Decryption.
ECDSAV: Elliptic Curve Digital
D Signature Algorithm Verification.
ECIES: Elliptic Curve Integ
grated Encryption Scheme
204 M. Bensari and A. Bilami
From the table 1, we remark that our scheme has a low computational load
(ECAES and ECIES operations in CBA, 2 ECAES operations in TBA), since it is
based on ECC. The other protocols need complex operations, because they are based
on the traditional cryptography (RSA, Rabin, SHA), they demand even Pre-
computation (Beller). So, they have a complex computational load.
6 Conclusion
The difficulty to secure mobile networks is due to the limited capacity of the nodes.
Authentication protocol for mobile networks was tackled by many researchers, but the
results didnt reach the awaited ones. In this paper, we have presented a new
authentication scheme for mobile networks respecting security requirements and
networks constraints. Our hybrid proposal has low communication and computation
cost. Our scheme is secure enough because it inherits the security and the properties
of the powerful elliptic curve crypto-systems.
References
1. Huber, J.F.: Mobile next-generation networks. IEEE MultiMedia (2004)
2. Nicolas SIMON : Scurit Dans Les Smartphones, memoir. Free university of Bruxelles,
1137 (2007)
3. Neonakis Aggelou, G.: On the relaying capability of next-generation GSM cellular
networks. IEEE Personal Communications (2001)
4. Tatli, E.I.: Security in Context-awareMobile Business Applications, pp. 1115. Mannheim
University (2008)
5. Beghriche, A., Bilami, A.: Modlisation et Gestion de la Confiance dans les Rseaux
Mobiles Ad hoc, CIIA (2009)
6. Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic CurveCryptography. Springer
(2004)
7. Rajeswari, G., Thilagavathi, K.: A Novel Protocol For Indirect Authentication. In: Mobile
Networks Based On Elliptic Curve Cryptography, JATIT (2009)
8. Aydos, M., Yank, T., Koc, .K.: An High-Speed ECC-based Wireless Authentication
Protocol on an ARM Microprocessor . IEE Pro.: Comms (2001)
9. Molva, R., Samfat, D.: Tsudik: Authentication of Mobile Users. IEEE Network 8(2), 2634
(1994)
10. Stojmenovic, I.: Handbook of Wireless Networks and Mobile Computing, 87109 (2002)
11. Gnther, H., Kheith, M., Chiris, J.: Authentication protocols for mobile network
environment value-added services. IEEE Transactions on Vehicular Technology 2 (2002)
12. Rajeswari, G., Thilagavathi, K.: An Efficient Authentication Protocol Based on Elliptic
Curve Cryptography for Mobile Networks. IJCSNS 9(2) (2009)
13. Tzeng, Z.-J., Tzeng, W.-G.: Authentication of Mobile Users in Third Generation Mobile
Systems. National Chiao Tung University (2001)