Citation
Mobile Authentication in Wireless Systems

Material Information

Title:
Mobile Authentication in Wireless Systems
Creator:
AGGARWAL, PANKAJ ( Author, Primary )
Copyright Date:
2008

Subjects

Subjects / Keywords:
Architectural models ( jstor )
Authentication ( jstor )
Cryptography ( jstor )
Local area networks ( jstor )
Modeling ( jstor )
Network security ( jstor )
Simulations ( jstor )
Traffic delay ( jstor )
Traffic models ( jstor )
Traffic simulation ( jstor )

Record Information

Source Institution:
University of Florida
Holding Location:
University of Florida
Rights Management:
Copyright Pankaj Aggarwal. Permission granted to the University of Florida to digitize, archive and distribute this item for non-profit research and educational purposes. Any reuse of this item in excess of fair use or other copyright exemptions requires permission of the copyright holder.
Embargo Date:
2/28/2006
Resource Identifier:
436098796 ( OCLC )

Downloads

This item is only available as the following downloads:


Full Text

PAGE 1

MOBILE AUTHENTICATION IN WIRELESS SYSTEMS By PANKAJ AGGARWAL A THESIS PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLOR IDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE UNIVERSITY OF FLORIDA 2005

PAGE 2

Copyright 2005 by Pankaj Aggarwal

PAGE 3

This document is dedicated to my parents

PAGE 4

ACKNOWLEDGMENTS I would like to thank my advisor, Dr. Janise McNair, for her faith in me, and for her constant support and inspiration. Her constant encouragement, timely critical evaluation and enthusiasm for my work resulted in the successful completion of my thesis. I would also like to thank Dr. Dapeng Oliver Wu and Dr. Tuba Yavuz for serving on my supervisory committee. I would like to thank the members of the WAM lab. I would also like to thank my networking team, Matt Perkins, Dr. Lance Hester and Dr. Yan Huang, at Motorola Labs for constant encouragement and ideas. Finally, I would like to thank my parents, my brother and all my friends. iv

PAGE 5

TABLE OF CONTENTS page ACKNOWLEDGMENTS.................................................................................................iv LIST OF TABLES............................................................................................................vii LIST OF FIGURES.........................................................................................................viii ABSTRACT.........................................................................................................................x CHAPTER 1 INTRODUCTION........................................................................................................1 Fundamental Principles of Security..............................................................................2 Confidentiality.......................................................................................................2 Integrity.................................................................................................................2 Availability............................................................................................................2 General Security Aspects of the Wireless System........................................................3 Authentication, Authorization and Accounting............................................................4 2 BACKGROUND..........................................................................................................6 Cryptography................................................................................................................6 Symmetric Key Cryptography...............................................................................7 Public key Cryptography.......................................................................................7 Hashes and Message Digest..................................................................................9 Digital Signatures................................................................................................10 Authentication at Link Layer...............................................................................10 Network Layer Authentication............................................................................11 Encapsulating security payload (ESP).........................................................12 Secure sockets layer (SSL)...........................................................................12 Transport layer security (TLS).....................................................................12 Remote Authentication Dial in User Service (RADIUS)....................................13 3 AUTHENTICATION IN GSM AND UMTS NETWORKS.....................................14 Global System for Mobile Communication (GSM)...................................................14 GSM Architecture...............................................................................................14 GSM Authentication............................................................................................16 v

PAGE 6

Universal Mobile Telecommunications System (UMTS)..........................................18 UMTS Architecture.............................................................................................18 UMTS Authentication.........................................................................................21 4 ZIGBEE NETWORKS...........................................................................................24 General Description....................................................................................................26 LR-WPAN Architecture......................................................................................27 Physical Layer.....................................................................................................28 MAC Sublayer.....................................................................................................28 ZigBee Authentication.....................................................................................29 Opnet Simulator..........................................................................................................32 Typical Applications of OPNET.........................................................................32 OPNET Architecture...........................................................................................33 Simulation Architecture for ZigBee.......................................................................35 Simulation Results for ZigBee Networks...............................................................40 5 MOBILE ASSISTED BIT SEQUENCE AUTHENTICATION AND AUTHORIZATION...................................................................................................43 MABSAA Architecture..............................................................................................43 Sequence Acquisition.................................................................................................45 MABSAA Bit Sequence Structure.............................................................................47 Key Management........................................................................................................48 Simulation Architecture for MABSAA and SSL.......................................................50 Simulation Scenarios..................................................................................................52 Scenario 1: MABSAA Traffic Modeling............................................................53 Scenario 2: SSL Traffic Modeling......................................................................55 Simulation Results and Analysis................................................................................57 MABSAA Traffic................................................................................................57 SSL Traffic..........................................................................................................61 6 CONCLUSION...........................................................................................................64 LIST OF REFERENCES...................................................................................................66 BIOGRAPHICAL SKETCH.............................................................................................69 vi

PAGE 7

LIST OF TABLES Table page 5-1 Example table maintained by authentication server.................................................49 5-2 Different phases of a task (MABSAA authentication).............................................54 5-3 Client to server traffic..............................................................................................55 5-4 Server to client traffic...............................................................................................55 5-5 Traffic generated during MABSAA authentication.................................................57 5-6 Wireless LAN statistics during MABSAA authentication.......................................58 5-7 Traffic generated during SSL authentication...........................................................61 5-8 Wireless LAN statistics during SSL authentication.................................................61 vii

PAGE 8

LIST OF FIGURES Figure page 1-1 Layered Structure of Security.....................................................................................3 1-2 Security Mechanisms Used in Different Layers of the OSI Model...........................3 2-1 Simple Cryptography.................................................................................................6 2-2 Symmetric Key Operations........................................................................................7 2-3 Asymmetric Key Operation.......................................................................................8 2-4 Digital Signature......................................................................................................10 2-5 Authentication Header Format.................................................................................12 2-5 Radius Protocol........................................................................................................13 3-1 GSM Architecture....................................................................................................15 3-2 GSM Authentication and Access Control................................................................17 3-3 UMTS Architecture..................................................................................................19 3-4 RNC Functions.........................................................................................................20 3-5 Node B Functions.....................................................................................................21 3-7 Sequence Diagram of AKA......................................................................................23 4-1 ZigBee(TM) Stack....................................................................................................25 4-2 ZigBee Network and Contemporary Wireless Technology.................................26 4-3 LR-WPAN Device Architecture..............................................................................28 4-4 Authentication Sequence Diagram...........................................................................31 4-5 Simulation Project Cycle..........................................................................................34 4-6 Network Model for ZigBee (Physical).................................................................35 viii

PAGE 9

4-7 Logical Topology for Three Node Network............................................................36 4-8 Logical Topology for Single Hop Network.............................................................36 4-9 Node model for ZigBee Nodes.............................................................................37 4-10 Process Model for APS Layer..................................................................................38 4-11 Sequence Diagram for Authentication Process........................................................39 4-12 Authentication Time for Multi-Hop.........................................................................40 4-13 Key Establishment Time for Multi-Hop..................................................................40 4-14 Authentication time for Single-Hop Network..........................................................41 4-15 Key Establishment Time for Single-Hop Network..................................................41 5-1 Difference between MABSAA and the Existing Systems.......................................45 5-2 MABSAA Bit Sequence Encapsulation by the Software Interface.........................46 5-3 Example Bit Sequence.............................................................................................48 5-4 Office Enterprise Topology......................................................................................50 5-5 Office Subnet Architecture.......................................................................................51 5-6 WLAN Supporting HTTP, FTP and E-mail servers................................................52 5-7 MABSAA Traffic Model and Flow Diagram..........................................................53 5-8 SSL Traffic Model and Flow Diagram....................................................................56 5-9 MABSAA Traffic Generated...................................................................................57 5-10 Wireless LAN Load Absolute (MABSAA).............................................................59 5-11 Average Wireless LAN Load (MABSAA)..............................................................59 5-12 Wireless LAN Delay (MABSAA)...........................................................................60 5-13 Average Wireless LAN Delay (MABSAA).............................................................60 5-14 Load Comparison SSL with MABSAA...................................................................62 5-15 Average delay Comparison SSL with MABSAA....................................................62 ix

PAGE 10

Abstract of Thesis Presented to the Graduate School of the University of Florida in Partial Fulfillment of the Requirements for the Degree of Master of Science MOBILE AUTHENTICATION IN WIRELESS SYSTEMS By Pankaj Aggarwal August 2005 Chair: Janise McNair Major Department: Electrical and Computer Engineering With the new millennium, wireless communication took a giant step into global network. 3G networks like UMTS promised to provide the convergence of data and voice with seamless mobility. Wireless personal area networks and wireless sensor networks are visualized as the next big thing. Allowing users to move freely between so many networks creates security risks. It also makes authentication distributed, since now the user is no longer in a single network. 2G and 3G networks approach the authentication problem in a centralized manner, which involves overhead on the overall network moreover it increases the authentication time. Wireless networks like ZigBee are still in nascent stages; their authentication scheme needs to be modeled. In this thesis a novel decentralized scheme is described and its OPNET simulation is presented. Results obtained for this novel scheme are compared to already existing x

PAGE 11

protocol. Moreover, the authentication process in ZigBee networks is also modeled and studied. xi

PAGE 12

CHAPTER 1 INTRODUCTION Last decade of 20th century saw exponential growth for wireless system users. It is expected that this number will continue to grow. The number of cellular subscribers has grown from the 10’s of millions of users in the1990’s to 100’s of millions of users in the year 2000 to projections of 1 billion wireless users by 2010 [1]. Beginning of this century also marks the beginning of the global of wireless networks, like Universal Mobile Telecommunication Systems. UMTS provides architecture and standards and maintains a single network for different services. Such global networks are also known as convergent networks. Wireless networks can be wireless local area networks (WLAN), wireless wide area networks (WWAN), wireless ad-hoc networks, and wireless sensor networks. In each case different technologies are used depending upon the nature of network, such as different power control settings, routing protocols, and transport protocols. The network provides services to the users and then users are charged depending upon the nature and the quality of service required. When a network supports lot of users and provides services to them, it becomes imperative to provide requisite service without any noticeable interruption. Proper management of resources is needed. Mismanagement of resources can lead to loopholes in the system that can make system vulnerable. Security has always been an associated problem. Broadcasting information is easily accessible not only by the intended user but also to any other potential eavesdropper 1

PAGE 13

2 Fundamental Principles of Security There are many objectives of any security policy, but the main three principles in all policies are confidentiality, integrity, and availability (CIA). The level of security required to accomplish theses principles differs per policy. Any risk or vulnerability is measured in its potential to compromise one or more of theses CIA principles [1-4]. Confidentiality Confidentiality is the ability of the system to hide information from unauthorized and unlawful people. Attackers can thwart confidentiality mechanisms by network sniffing, stealing password files, and social engineering. Confidentiality can be provided by encrypting information as it is stored and transmitted, and by a strict access controls mechanism. Integrity Integrity is the ability to make sure that received data is an accurate representation of original data. Hardware, software, and communication mechanisms must work in a joint manner to process and deliver the data to intended destination without any alterations. Settings that enforce this attribute ensure that attackers or mistakes by users do not compromise the integrity of the system. Availability Availability is the ability to make sure that the data is timely available to its intended lawful users. System availability can be affected by device or software failure. Environmental issues like heat, cold and humidity can also affect system availability. Denial of service (DOS) attacks are popular methods for attackers to disrupt system availability and productivity.

PAGE 14

3 General Security Aspects of the Wireless System Security is an issue that needs to be considered by all the participants of the system. Modern wireless systems can be represented as shown in Figure 1-1, where content Provider, Service Provider, Carrier Provider and User represent different players in business chain [1, 2]. Figure 1-1 Layered Structure of Security Different mechanisms are used to secure these layers for example in terms of open system interconnection (OSI) model. Figure 1-2 Security Mechanisms Used in Different Layers of the OSI Model Figure 1-2 shows the security approaches at different layers within a computer network in terms of the open system interconnection (OSI) model. IP spoofing is an

PAGE 15

4 attack at network layer, sniffing is at physical layer and data link layer and viruses enter through application layer. Authentication, Authorization and Accounting AAA is an authentication authorization and accounting scheme that maintains the status of the user in a network in terms of letting the right people use the correct services (the ones they are entitled to), and maintaining log of their usage for billing purposes [4]. Authentication is to establish the identity of a user to check if that user is actually recognized by the system. It is based on password-oriented access to services. The second step, authorization, checks precisely which services the user can access. Accounting is a record of how long the service has been used. The existing cellular schemes use established infrastructures such as location databases for the home network and visitor databases for authenticating mobile users traveling from a one-coverage area to another. This entails information exchange between the location registers, leading to a large overhead and drop in throughput. Current research focuses on the optimization of this exchange between foreign network and home network during the time of a hand-off [5, 6]. This thesis investigates a mobile-assisted authentication protocol that reduces the involvement of inter-system information exchange between location registers by employing a unique code for each user that can be exchanged locally between the user and a foreign network. Chapter 2 provides a background on security protocols, such as cryptography and authentication mechanisms. Chapter 3 provides current security mechanisms in existing wireless networks like GSM and UMTS. Chapter 3 will also give the background on IEEE 802.15.4 and ZigBee stack. Chapter 4 and Chapter 5 will describe Mobile Assisted

PAGE 16

5 Bit Sequence Authentication and Authorization (MABSAA) scheme in detail and its performance evaluation, finally Chapter 6 will concludes with future work discussion.

PAGE 17

CHAPTER 2 BACKGROUND Complete authentication requires two procedures: first to establish the identity of the user on a network and second to make sure data transferred between two points is secured. The latter is done by encryption and cryptography. Cryptography Cryptography is the method of storing and transmitting information in a form that only those it is intended for can read and process. Sender encodes the information in such a way that intended receiver could only decode it. The unprocessed information is called plain text, while the encoded information is known as cipher-text. Cryptographic systems use encryption algorithms, which determine how complex, or simple, the process will be. Most encryption algorithms are complex mathematical equations applied in a specific sequence to the plain text. Encryption is the process of encoding the information in unreadable format while decryption is the reverse process of encryption. Figure 2-1 illustrates the mechanism [1, 2]. Figure 2-1 Simple Cryptography 6

PAGE 18

7 Cryptography can be broadly classified in two categories: symmetric key, also called secret key cryptography, and asymmetric key, also called public key cryptography. Symmetric Key Cryptography In a cryptosystem using symmetric keys, both the sender and receiver use the same-shared key for encryption as well as for decryption as shown in Figure 2-2. Figure 2-2 Symmetric Key Operations Symmetric key encryption can further be divided into two types block ciphers and stream ciphers. Block cipher algorithms divide plain text into blocks of bits. These blocks then undergo mathematical operations like substitution and transposition in order to randomize the data. In block ciphers, it is the key that determines what functions are applied to the plain text and in what order. Stream ciphers do not divide message into blocks. They process individual bits or bytes to perform mathematical functions. When using stream cipher, the same plain-text bit is transformed into a different, cipher text bit. Public key Cryptography In public key systems, sender and receiver uses different keys. However, these two keys are mathematically related. In public key systems, a pair of keys is made up of one public key, which is known to everyone and the private key, which is only known to owner. Usually public keys are listed in directories and other databases so that they can be obtained by anyone who wants to encrypt information when communicating with particular user. Figure 2-3 illustrates the public key mechanism.

PAGE 19

8 Figure 2-3 Asymmetric Key Operation If confidentiality were the most important security issue to a sender, then sender would encrypt the message with receiver’s public key. This is called secure message format because the person who has the corresponding private key can decrypt it. If authentication were the most important security issue, then sender would encrypt the message with the sender’s private key. This provides assurance to the receiver that the only person who could have encrypted the message is the individual who has possession of private key. This is called open message format because anyone having the corresponding public key can decrypt the message. When both confidentiality and authentication are required, the sender would first encrypt the message with its private key and then again encrypt it with receiver’s public key. The Receiver needs to decrypt this message first with its private key, then with sender’s public key [6-8]. Most of the public key algorithms are based on modular arithmetic. Modular arithmetic uses the non-negative integers less than some positive integer n, performs ordinary arithmetic operations like addition and multiplication, and then replaces the result with its remainder when divided by n. Result is said to be modulo n (mod n). RSA, ElGamal and Schnorr algorithms are few popular public key cryptosystems [2].

PAGE 20

9 Cryptography is used in AAA to help validate a user’s identity before giving him network access. The authentication process depends on the idea that end user maintains unique information, such as a username/password combination, a secret key or some biometric information like finger prints. AAA server processes this information to authenticate end user. Authorization means granting certain services to user within a authentication context. For instance two different users authenticated on a server might have rights for different types of services. User 1 might have rights for only FTP while user 2 has rights for FTP and TELNET. An authorization server has to make sure that user 1 and user 2 are entitled to receive the respective services. The final component of AAA framework, accounting, provides the framework for resource consumption which may be used for resource planning and billing purposes. Rest of this chapter will focus on different authentication mechanism and protocols. Hashes and Message Digest One technique used to provide authentication is the use of hashes and message digest. Hashes or message digest are one-way functions, which take an input value and produce an output which cannot be converted back into the original input value. For a hash to be secured it is imperative that it must be impractical to find a message that has a pre-determined message digest. Moreover it should be impossible to find two messages that produces same message digest. MD4, MD5, secured hash algorithm (SHA-1) are few frequently used hashes. Message authentication codes (MAC) are evaluated using a message digest and secret key, and then the MAC is then appended to the message to be transmitted. The authentication server recalculates the MAC and compares it with the appended MAC to validate the message [2].

PAGE 21

10 Digital Signatures Digital signatures are encrypted hash values. Sender computes the hash of the message to be sent. This hash value is then encrypted using sender’s private key and is added to the message. Receiver computes the hash on the received message, and decrypts the encrypted hash using sender’s public key. These two values will be compared. If they are same, receiver can be sure of the authenticity. Figure 2-4 shows the digital signing process. Figure 2-4 Digital Signature Authentication at Link Layer As described in chapter 1, security mechanisms can be applied at every layer of the OSI protocol stack. Point to point protocol (PPP), a prevalent link layer protocol describes two methods for authentication: password authentication protocol (PAP) and the challenge handshake authentication protocol (CHAP). PAP is a very simple method, which provides authentication using 2-way handshake [9-12]. After initial link establishment a login/password pair is repeatedly send to the authenticator by the peer entity until a response is received from the authenticator. PAP is not a very strong

PAGE 22

11 authentication mechanism, since the communication takes place in plain-text. CHAP uses a 3-way handshake to authenticate a peer. The authenticator sends a challenge to peer entity. The peer then calculates the response by operating a one-way hash function over the challenge. Authenticator calculates the expected hash value and then compares it with the response from the peer. CHAP depends on the key being known only to authenticator and the peer entity [8]. Network Layer Authentication IPsec a protocol used to achieve network layer security. It provides security to the IP layer using cryptography. Security services provided at network layer include access control, connectionless integrity, data origin authenticity, protection against reply and confidentiality. IPSec is a suite of protocol that includes the Authentication Header (AH), which addresses authentication for IP traffic, and the Encapsulating Security Payload (ESP), which defines encryption for IP data. The Authentication Header ensures that the packet has not been altered or tampered with during transmission. It can also be used in combination with the ESP (if you need privacy as well as verifying authenticity), or it can simply be used to verify the authenticity of a regular IP packet. The AH also allows the receiver to verify the identity of the sender [11-13]. Conventional IP packet consists of an IP header and a payload. If the AH is used, it immediately follows the IP header. AH is shown in the Figure 2-5. The first field in the AH is the next header field. This is an 8-bit field that tells which higher-level protocol (such as UDP, TCP, or ESP) follows the AH. The payload length is an 8-bit value that indicates the length of the authentication data field in 32-bit words. The reserved area is a 16-bit field that's not currently in use. SPI is a 32-bit field that tells the recipient which security protocols the sender is using. The sequence number tells how many packets with

PAGE 23

12 the same parameters have been sent. At the end of the AH is the authentication data, which is a digital signature for the packet [11]. Figure 2-5 Authentication Header Format Encapsulating security payload (ESP) ESP handles encryption of IP data at the packet level. It uses symmetric or secret key and cryptographic algorithms like Data Encryption Standard (DES) to encrypt the payload. The ESP header is inserted after the IP header and before the upper layer protocol header (transport mode) or before an encapsulated IP header (tunnel mode). Transport mode provides security mainly to the payload but not to the complete header. However, tunnel mode encrypts the whole packet, including the header [12]. Secure sockets layer (SSL) SSL is a two-layered transport security protocol, developed by Netscape [14]. SSL record protocol works on the top of some reliable protocol like TCP. Moreover, SSL is also used to encapsulate higher-level protocols like file transfer protocol (FTP). SSL record protocol takes the higher layer message, breaks it into chunks, encrypts it, adds the header and then passes it on to the TCP layer [13]. Transport layer security (TLS) The IETF developed TLS based on SSL. The main goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. TLS is composed of two layers: the TLS record protocol and the TLS handshake protocol. At the

PAGE 24

13 lowest level, layered on top of some reliable transport protocol is the TLS record protocol [13]. Remote Authentication Dial in User Service (RADIUS) RADIUS is a complete security service developed by the IETF. Its aim is to centralize authentication, configuration, and accounting for dial-in services to an independent server. Figure 2-5 illustrates the working of RADIUS [9]. RADIUS is based on client server architecture, where the network access server (NAS) acts as a client of RADIUS. The NAS is responsible for passing user information to designated RADIUS servers. These servers in turn authenticate user information provided by the client [9]. Transactions between user and server are secured using secret key, and user information is encrypted when sent over network to RADIUS server . Figure 2-5 Radius Protocol

PAGE 25

CHAPTER 3 AUTHENTICATION IN GSM AND UMTS NETWORKS This chapter discusses GSM and UMTS networks and their authentication mechanisms. Global System for Mobile Communication (GSM) GSM is a digital mobile telephone system that is widely used in Europe and other parts of the world. GSM Time Division Multiple Access (TDMA) is the most widely used of the three digital wireless telephone technologies (TDMA, GSM, and CDMA) and operates in the 900 MHz, 1800 MHz, or 1900 MHz frequency bands. GSM Architecture GSM consists of the following major entities: mobile equipment (ME), the subscriber identity module (SIM), the base station transceiver (BTS), the base station controller (BSC), the mobile services switching center (MSC), the home location register, the visitor location register (VLR), and the equipment identity register (EIR) [15]. Mobile station, as shown in the Figure 3-1, is composed of mobile equipment and subscriber identity module. A SIM is used to determine the ME’s directory number and to track the calls billed to the subscriber [16-21]. It is composed of following information: 1. An international mobile subscriber identity (IMSI), that uniquely identifies a subscriber within GSM. 2. A secret subscriber authentication key (Ki). 3. A cryptographic algorithm A3, which provide security functions for authenticating the SIM. 4. Temporary network related data: temporary mobile subscriber identity (TMSI), Location Area Identity (LAI) and Kc. 14

PAGE 26

15 5. Service related data like language preference and advice of charge. 6. Cardholder verification information (CHV1/CHV2) authenticates the user holding the SIM card and provides protection against the use of stolen cards. All radio related functions are performed in base station system, which is composed of Base Station Controller (BSC) and Base Transceiver Stations (BTS). BSC performs radio signal management functions for set of base transceiver stations, managing functions such as frequency assignment and handoff. It also provides control functions and physical links. Figure 3-1 GSM Architecture [15]

PAGE 27

16 The following functional units are utilized to maintain Switching System: Home location register (HLR)—The HLR is the database used for storage and management of user subscriptions, it stores permanent data about subscribers, including a subscriber's service profile, location and activity status. HLR also stores authentication key (Ki) and IMSI. Mobile services switching center (MSC)—The MSC performs switching functions of the system. It controls the large number of BSC’s. It also controls calls to and from other networks. Visitor location register (VLR) —VLR stores the temporary information about the subscriber’s, which is serviced by the current MSC. The information in the VLR is dynamically changes, as the subscribers move around and register themselves to the network, and this information is necessary so that their calls can be effectively routed. Authentication center (AUC) —AUC provides the parameters for encryption and authentication. GSM Authentication GSM systems have a simple challenge response based authentication mechanism, which employs secret key algorithms. The GSM authentication process can be summarized as follows. The Fixed home Network transmits a non-predictable number RAND to the MS. Then MS computes the signature of RAND, say SRES, using an algorithm A3 and the secret key Ki and transmits the SRES back to the Network. The Fixed Subsystem tests SRES for validity. For each subscriber, the HLR stores additional information that provides security information to the VLR without revealing the secret key. The information is stored in form of triples, which consist of a subscriber-unique random challenge RAND, an expected response SRES and a resulting cipher-key (Kc). The triplets are sent to the VLR for registration. Figure 3-2 shows the authentication process in GSM. [16]

PAGE 28

17 Figure 3-2 GSM Authentication and Access Control [16]

PAGE 29

18 When a mobile node is in a foreign network it sends in IMSI to VLR. Then VLR asks the HLR of the corresponding IMSI for the triplet. HLR forwards the triplet to VLR after checking it with AUC. VLR then sends the challenge to a mobile node. Mobile node generates the response and sends it to VLR. VLR than compares the response from the mobile node and the response included in the triplet. After comparing the responses, VLR authenticates the mobile node. Universal Mobile Telecommunications System (UMTS) The Universal Mobile Telecommunications System (UMTS) is a 3G global wireless network standard being developed by the European Telecommunication Systems Institute (ETSI). Another 3G standards body is the 3GPP (Third-Generation Partnership Project) which is a global-initiative involving various world telecommunication organizations [22-32]. UMTS Architecture UMTS is composed of three main sub systems and interfaces between them. Figure3-3 shows all the major components, interfaces and sub system of the UMTS network. User Equipment (UE) is at one end of the network. UMTS terrestrial radio access network (UTRAN) is introduced in UMTS systems. The Iu is the UTRAN interface between the radio network controller (RNC) and CN (Core Network), the UTRAN interface between RNC and the packet-switched domain of the CN (Iu–PS) is used for PS data and the UTRAN interface between RNC and the circuit-switched domain of the CN (Iu–CS) is used for CS data. UTRAN is subdivided into individual radio network systems (RNSs), where each RNS is controlled by an RNC. The RNC is connected to a set of Node B elements, each of which can serve one or several cells. UMTS defines a few new open interfaces:

PAGE 30

19 Uu: UE to Node B (UTRA, the UMTS W–CDMA air interface ) Iu: RNC to GSM Phase 2+ CN interface (MSC/VLR or SGSN) Iu-CS for circuit-switched data Iu-PS for packet-switched data Iub: RNC to Node B interface Iur: RNC to RNC interface, not comparable to any interface in GSM The Iu, Iub, and Iur interfaces are based on ATM transmission principles. Figure 3-3 UMTS Architecture [30]

PAGE 31

20 Figure3-4 shows main functions of RNC. It is similar to GSM’s BSC and controls node B. It also performs radio resource management functions. RNC communicates over Iu interface with CN and over Iur interface with neighboring RNC Figure 3-4 RNC Functions [30] . Figure 3-5 illustrates Node-B, it is equivalent to BTS in GSM. It communicates with UE over Uu interface and with RNC over Iub. Main function includes calculating link quality and signal strength. Node-B also takes part in soft handovers. UE is at one end of UMTS architecture. Like node-B UE also process radio signals. It is simultaneously a counterpart to RNC, Node-B and CN as shown in the Figure 3-6.

PAGE 32

21 Figure 3-5 Node B Functions [30] Figure 3-6 UE Functions [30] UMTS Authentication Authentication and Key Agreement (AKA) are two of the most important features of the UMTS system The Authentication and Key Agreement procedures take place in

PAGE 33

22 the USIM, SGSN/VLR and the HLR/AuC. Since the Serving Network is divided into Packet Switched (PS) and Circuit Switched (CS) domains, VLR/SGSN means either the SGSN/VLR node in the packet switched domain or the VLR/MSC node in the circuit switched domain. The authentication procedures are performed in the same way in both domains, so there is no need to make a distinction between these. There are no common information base between the SGSN/VLR and VLR/MSC, except from the Home Environment, so the AKA procedures take place independently in both PS and CS domain. Figure 3-7 shows the authentication and key agreement process by sequence diagram [32]. 1 VLR/SGSN in charge of the mobile sends an Authentication data request (IMSI) to the subscriber’s Home Location Register. 2 HLR answers with an Authentication data response (AV1,AV2, AVn). 3 VLR/SGSN sends User authentication request (RAND(i)||AUTN(i)) to the USIM, through the RNC, Node B and Terminal. 4 USIM sends an User authentication response (RES(i)) back to the VLR/SGSN. A. The AuC retrieves/generates the AVs. B. VLR/SGSN stores AVs in its database. C. VLR/SGSN selects one of AVs received (in 2). D. USIM verify AUTN and computes the User Response (RES). E. VLR/SGSN compares the RES and XRES to authenticate the user. F. USIM generates the cipher and integrity keys, CK and IK, and VLR/SGSN retrieves the CK and IK of the current AV.

PAGE 34

23 Figure 3-7 Sequence Diagram of AKA [32]

PAGE 35

24 This chapter has provided a background of authentication procedure for several existing wireless systems. The next chapter explores a new system for wireless personal area networks. CHAPTER 4 ZIGBEE NETWORKS ZigBee networks are based on IEEE 802.15.4 standard, which specifies the MAC [33, 34] and physical layers for low rate wireless personal area networks (LR-WPAN). ZigBee is an Alliance of several companies that specifies the layer 3 and above. Figure 4-1 shows the ZigBee stack. Low power and large network sizes are the main feature of ZigBee. Figure 4-2 shows the comparison of ZigBee network with contemporary wireless technologies like Wi-Fi etc.

PAGE 36

25 ns ZDO Uppermost Layer, Applications are defined in this layer ZigBee(TM) Alliance APS Security Management NWK Routing Management, Network Management MAC (CSMA-CA), optional time slotting variable duty cycle, Supports star and peer-to-peer topologies, and beaco Defined by IEEE PHY 2.5 GHz: 16 Channels, 250 kbps (USA) 902-928 MHz; 10 Channels, 40 kbps (USA) 868.3 MHz: 1 Channel, 20 Kbps (Europe) Figure 4-1 ZigBee(TM) Stack

PAGE 37

26 Cost, Convenience Speed, Flexibility Reach, Quality Reliability, Power, Cost Success Matrices 1-10+ 1-100 1000+ 1-100+ Transmission Range (meters) 720 11,000+ 64-128+ 20-250 Bandwidth (kBps) 7 32 1 Unlimited (264) Network Size 1-7 .5-5 1-7 100-1000+ Battery Life (days) 250KB+ 1MB+ 16MB+ 4KB-32KB System Resources Cable Replacement Web, E-mail, Video Wide Area Voice and Data Monitoring and Control Application Focus BluetoothTM 802.15.1 Wi-FiTM 802.11b GSM/GPRS CDMA/1xRTT ZigBeeTM 802.15.4 Market Name Standard Figure 4-2 ZigBee Network and Contemporary Wireless Technology [34] APS layer handles authentication in ZigBee, which is application support sublayer. ZigBee document 1.0 [35, 36] specifies functionality of network, APS and ZDO layers. Network layer describes the routing and management of network as a whole. APS layer describes security management of the network. APS layer and its security mechanisms are described later in the chapter. General Description A Low Rate WPAN is a simple, low-cost communication network that allows wireless connectivity in applications with limited power and relaxed throughput

PAGE 38

27 requirements. The main objectives of an LR-WPAN are ease of installation, reliable data transfer, short-range operation, extremely low-cost, and a reasonable battery life, while maintaining a simple and flexible protocol [33-35]. Some of the characteristics of an LR-WPAN are: Over air data rates of 250 kb/s, 40 kb/s, and 20 kb/s. Star or Peer-to-Peer operation. Allocated 16-bit short or 64-bit extended addresses. Allocation of guaranteed time slots. CSMA-CA channel access. Fully acknowledged protocol for transfer reliability. Low power consumption. Energy detection. Link quality indication. 16 channels in the 2450 MHz band, 10 channels in the 915MHz band, and 1 channel in the 868MHz band [33]. LR-WPAN Architecture The LR-WPAN architecture is defined in terms of a number of layers. Each layer is responsible for one part of the standard and offers services to the higher layers. An LR-WPAN device is comprised of a physical (PHY) layer, which contains the RF transceiver along with its low-level control mechanism, and a medium access control (MAC) sublayer that provides access to the physical channel for all types of transfer. Figure 4-3 shows these blocks in a graphical representation.

PAGE 39

28 Figure 4-3 LR-WPAN Device Architecture [33] Upper layers shown in the figure includes network layer, application support sublayer and application layers. Network layer provides message routing and application layer provides functionality [33]. Physical Layer The features of the PHY layer are activation and deactivation of the radio transceiver, energy detection, link quality indication, channel selection, clear channel assessment, and transmitting as well as receiving packets across the physical medium [33]. Operating frequencies are as follows: 868 868.6 MHz (e.g. Europe), 902 928 MHz (e.g. north America) or 2400 2483.5 MHz (worldwide). MAC Sublayer The MAC sublayer provides two services; these are the MAC data service and the MAC management service interfacing to the MAC sublayer management entity (MLME) service access point. The MAC data service enables the transmission and reception of MAC protocol data units across the PHY data service. The features of the MAC sublayer

PAGE 40

29 are beacon management, channel access, guaranteed time slot management, frame validation, acknowledged frame delivery, association and disassociation. In addition, the MAC sublayer provides hooks for implementing application appropriate security mechanisms. [33] ZigBee Authentication ZigBee Network is composed of trust center or PAN coordinator, which authenticates the joining nodes. Trust center can operate in 2 modes: commercial or residential modes. In commercial mode the trust center shall maintain a list of devices, master keys, link keys, and Network keys that it needs to control and enforce the policies of Network key updates and network admittance. In this mode, the memory required for the trust center grows with the number of devices in the network [36]. The residential mode of the trust center is designed for low-security residential applications. In this mode, the trust center may maintain a list of devices, master keys, or link keys with all the devices in the network; however, it shall maintain the Network key and controls policies of network admittance. In this mode, the memory required for the trust center does not grow with the number of devices in the network [36]. Security in ZigBee is based on three main keys. 7. Master Key: This key is normally pre installed on the nodes for more secured networks like in commercial mode. However it can also be transported over the air for less secured networks. Master key is one of the inputs for symmetric key key establishment (SKKE) protocol. SKKE is a key establishment protocol used for link key establishment. 8. Link Key: Link key is use to encrypt peer to peer communication, this key must by the output of SKKE protocol used in key establishment phase. 9. Network Key: Network key is acquired via APSME-TRANSPORT-KEY command from trust center or it can be pre installed. This key is used for broadcast or multicast communications.

PAGE 41

30 APS layer specifies following six main security commands. 1. APSME-ESTABLISH-KEY: This command is used to establish link keys between 2 nodes in the network. It requires SKKE protocol to establish link keys. 2. APSME-TRANSPORT-KEY: When one key is required to be transported from one node to another, this command is used. 3. APSME-UPDATE-DEVICE: Router uses this command to inform trust center that a node has joined the network so that authentication process can be started. 4. APSME-REMOVE-DEVICE: trust center uses this command to inform router and other nodes that a node has been removed from the network for example when a node fails to authenticate it self, it is removed from the network. 5. APSME-REQUEST-KEY: Network nodes use this command to ask for keys from trust center. 6. APSME-SWITCH-KEY: trust center maintains series of network keys and at one time only one network key is activated. There is a sequence number associated with the network keys. Trust center uses this command to tell network nodes when to switch network keys and use other key. These commands provide the framework for security services implementation. For example, authentication process requires APSME-TRANSPORT-KEY and APSME-ESTABLISH-KEY command to complete authentication process. Figure 4-4 shows the authentication sequence diagram when a joiner joins a network in a 2-hop network. As shown when a joiner joins the network, router generates Update-Device command and sends it to the trust center. Trust center sends the master key to the joiner via router, if master key is not previously shared. This is done in order to minimize total unsecured air time for master key. After that trust center starts key establishment process with the joiner. Key establishment phase is the start of SKKE protocol which is exchange of data between trust center and the joiner. This process will results in generation of the link keys these keys then can be used directly to encrypt data between trust center and joiner. After establishing link keys, trust center sends the

PAGE 42

31 network key to the joiner and this key is used by joiner for all the broadcast or multi cast communications. Transfer of network key also marks the completion of the authentication process. Figure 4-4 Authentication Sequence Diagram

PAGE 43

32 Opnet Simulator OPNET provides a comprehensive development environment supporting the modeling of communication networks and distributed systems. Both behavior and performance of modeled systems can be analyzed by performing discrete event simulations. The OPNET environment incorporates tools for all phases of a study, including model design, simulation, data collection, and data analysis. OPNET is a vast software package with an extensive set of features designed to support general network modeling and to provide specific support for particular types of network simulation projects. [38] Typical Applications of OPNET OPNET can be used as a platform to develop models of a wide range of systems. Some examples of possible applications are listed below with specific mention of supporting features: Standards-based LAN and WAN performance modeling: detailed library models provide major local-area and wide-area network protocols. The library also provides configurable application models, or new ones can be created. Internet work planning: hierarchical topology definitions allow arbitrarily deep nesting of sub networks and nodes and large networks are efficiently modeled; scalable, stochastic, and/or deterministic models can be used to generate network traffic. Research and development in communications architectures and protocols: OPNET allows specification of fully general logic and provides extensive support for communications-related applications. Finite state machines provide a natural representation for protocols.

PAGE 44

33 Distributed sensor and control networks, “on-board” systems: OPNET allows development of sophisticated, adaptive, application level models, as well as underlying communications protocols and links. Customized performance metrics can be computed and recorded, scripted and/or stochastic inputs can be used to drive the simulation model, and processes can dynamically monitor the state of objects in the system via formal interfaces provided by statistic wires. Resource sizing: accurate, detailed modeling of a resource’s request processing policies is required to provide precise estimates of its performance when subjected to peak demand (for example, a packet switch’s processing delay can depend on the specific contents and type of each packet as well as its order of arrival). Queuing capabilities of Proto-C provide easy-to-use commands for modeling sophisticated queuing and service policies; library models are provided for many standard resource types. Mobile packet radio networks: specific support for mobile nodes, including predefined or adaptive trajectories; predefined and fully customizable radio link models; geographical context provided by OPNET network specification environment. Satellite networks: specific support for satellite nodes, including automatic placement on specified orbits, a utility program for orbit generation, and an orbit visualization and orbital-configuration animation program. OPNET Architecture OPNET provides a comprehensive development environment for modeling and performance-evaluation of communication networks and distributed systems. The package consists of a number of tools, each one focusing on particular aspects of the modeling task. These tools fall into three major categories that correspond to the three

PAGE 45

34 phases of modeling and simulation projects: Specification, Data Collection and Simulation, and Analysis. These phases are necessarily performed in sequence. They generally form a cycle, with a return to Specification following Analysis. Specification is actually divided into two parts: initial specification and re-specification, with only the latter belonging to the cycle, as illustrated in the following figure. Figure 4-5 Simulation Project Cycle OPNET Models are structured hierarchically, in a manner that parallels real network systems. Specialized editors address issues at different levels of the hierarchy. This provides an intuitive modeling environment and also permits re-use of lower level models. Main editors of OPNET are as follows [38]: 7. Project Editor: Develop network models. Network models are made up of subnets and node models. This editor also includes basic simulation and analysis capabilities. 8. Node Editor: Develop node models. Node models are objects in a network model. Node models are made up of modules with process models. Modules may also include parameter models. 9. Process Editor: Develop process models. Process models control module behavior and may reference parameter models. 10. External System Editor: Develop external system definitions. External system definitions are necessary for co simulation.

PAGE 46

35 11. Link Model Editor: Create, edit, and view link models. 12. Packet Format Editor: Develop packet formats models. Packet formats dictate the structure and order of information stored in a packet. 13. ICI Editor: Create, edit, and view interface control information (ICI) formats. ICIs are used to communicate control information between processes. 14. PDF Editor: Create, edit, and view probability density functions (PDF). PDFs can be used to control certain events, such as the frequency of packet generation in a source module [14]. In the simulation of ZigBee network editor, node editor, process editor and packet editors are extensively used. Simulation Architecture for ZigBee Figure 4-6 shows the physical network model used for simulation. Although the figure shows three joiners, actual simulation run had thirteen nodes. Figure 4-6 Network Model for ZigBee (Physical) Logical topology for three node network is shown in Figure 4-7

PAGE 47

36 Trust center Router Joiner 2 Joiner Joiner 1 Figure 4-7 Logical Topology for Three Node Network Simulation was run in two topologies one with a router in the middle or multi-hop simulation as shown in the figure 4-7. Other scenario for the simulation was single hop where, all joiner nodes attached to the trust center directly. This scenario is shown in figure 4-8. Trust center Joiner 2 Joiner Joiner 1 Figure 4-8 Logical Topology for Single Hop Network Figure 4-9 shows the node model that was used for the ZigBee nodes, as shown, ZigBee nodes are made up of application layer, application support sublayer(APS), network layer, mac layer and a pair of receiver and transmitter.

PAGE 48

37 Figure 4-9 Node model for ZigBee Nodes Figure 4-10 shows the process model fro application support sublayer, which also performs authentication functions of ZigBee stack. Process model is the finite state machine model and it shows the states in which APS layer can be.

PAGE 49

38 Figure 4-10 Process Model for APS Layer Figure 4-11 shows the sequence diagram, in authentication process, when only single hop communication is required. This diagram also shows all the intermediate commands invoked by layers in this process. For example to transport master key to the joiner, APP will invoke APSME-TRANSPORT-KEY.request, in turn APS will invoke NLDE-DATA.request and so on. Figure does not show the MAC layer for simplicity.

PAGE 50

39 Figure 4-11 Sequence Diagram for Authentication Process

PAGE 51

40 Simulation Results for ZigBee Networks Focus was on two main results, one is total authentication time and the other is key establishment time. These two results were obtained for 15 node network scenario. Figure 4-12 shows authentication time and figure 4-13 shows key establishment times for multi-hop network model. Figure 4-12 Authentication Time for Multi-Hop Figure 4-13 Key Establishment Time for Multi-Hop

PAGE 52

41 Average authentication time for multi-hop scenario was around 45msec and average key establishment time was around 30 msec. Key establishment was 67% of total authentication time. Next set of figures shows authentication time and key establishment times for single hop network. Figure 4-14 Authentication time for Single-Hop Network Figure 4-15 Key Establishment Time for Single-Hop Network Average authentication time for single hop network was around 22 msec and corresponding key establishment time was around 15 msec. Therefore, for single hop network key establishment time was around 68.18%.

PAGE 53

42 From above four figures it can be safely concluded: increasing hop count relative key establishment time remains constant. Key establishment time for both the networks was around 67%. Moreover increasing hop count increases total authentication time by around 52%. Finally, we present a proposed algorithm for authentication in a distributed wireless system.

PAGE 54

CHAPTER 5 MOBILE ASSISTED BIT SEQUENCE AUTHENTICATION AND AUTHORIZATION This chapter introduces a novel scheme for mobile device authentication and authorization in a geographically wide spread area spanning the coverage of multiple network service providers. The existing set up involves the exchange of a large number of control signals between the foreign network and mobile node, and between foreign network and home network for authentication and authorization, which is therefore vulnerable to eavesdropping and malicious attacks. Our scheme provides a lesser number of transactions for this purpose and incorporates multiple layers of security against attacks. First, the mobile device is equipped with an encrypted bit sequence that contains its authentication and authorization information. Then, when it moves into the domain of a foreign network, its bit sequence is read in order to provide it with the appropriate services. In essence, this procedure limits the need for the foreign network to explicitly communicate with the home network, every time for establishing the mobile’s identity. Its effectiveness is shown by comparing the authentication time between the existing set up and the proposed scenario [39, 40]. MABSAA Architecture The new Mobile Assisted Bit Sequence Authentication and Authorization (MABSAA) is based on a simple idea that information about the user is encrypted in the mobile node itself, in the form of a pre-defined sequence of bits set in its memory. This sequence follows a pre-structured format, and the home network sets the bits at the time 43

PAGE 55

44 of purchase of the device. The information can be reconfigured by home network if required, as described in a later section on sequence acquisition. Each segment of the sequence signifies some attribute of the user in terms of its identity and privileges. When the mobile user wanders into the coverage area of a foreign network that has a business association with the home network to provide services to its users, the foreign network can authenticate the user. The foreign network reads the user’s bit sequence, decrypts it on the basis of a shared secret key, and provides services accordingly [40]. Figure 5-1 shows the basic difference between MABSAA and common procedures of existing systems such as GSM or UMTS described in chapter 3. In the existing systems, there are 4 sets of signals being exchanged amongst the mobile, the foreign network and the home network. The mobile first contacts the foreign network with its Electronic Serial Number (ESN) and Mobile Identification Number (MIN). The foreign network then contacts the relevant home network asking for confirmation on identity of the user and the types of services for which the user is authorized to have access. The home network processes this request, updates its location database, and sends back the desired information. The foreign network, on receiving this information, updates its visitor database and sends confirmation to the mobile node. The new MABSAA procedures are also shown in Figure 5-1. Here, the foreign network, on detecting the mobile node’s presence, reads the encrypted bit sequence, processes the information, and allows the mobile node to access its services as if the mobile were at home in its network. Meanwhile, the foreign network simultaneously informs the home network of the presence of this node. Foreign network informs the mobile device’s home network for two reasons. First, to route incoming calls to the

PAGE 56

45 mobile terminal’s existing location and secondly to have redundancy so that if something goes wrong with the bit sequence mobile terminal’s home network can be informed in time. This parallel processing significantly reduces the time of authentication from the sequential nature of the existing system. Original 3 Backbone 2 Two extra transmission Server 4 1 Server Mobile Node (MN) Home Network Foreign Network MABSAA Backbone 2 Server 2 1 Server Mobile Node (MN) Home Network (Verizon) Foreign Network Sprint Figure 5-1 Difference between MABSAA and the Existing Systems Sequence Acquisition The MABSAA bit sequence is both readable (by the home network and any authorized foreign network) and writable (only by the home network. For example, in case some of the privileges have to be changed, the foreign network and the mobile user should not be able to change the sequence). To facilitate these operations, and to prevent

PAGE 57

46 accidental or malicious access to the sequence, it is encapsulated by a software interface that acts as an upper layer, as shown in the Figure 5-2 below. The interface has two Access Codes one that can be matched only by the home network and the other that can be matched by any legitimate foreign network. The home network’s code opens a read/write port to the bit sequence, and the foreign network’s code opens a read-only port. On proper authorization (authentication), the interface either transmits the encrypted bit sequence or changes it [40]. Foreign Network’s access code Interface MABSAA Bit Sequence Write Port Read Port Home Network’s access code Mobile Node (MN) Home Network (FN) Foreign Network (FN) Server Server Figure 5-2 MABSAA Bit Sequence Encapsulation by the Software Interface At the time of establishment of a business policy, the following entities are given to the foreign network by the home network. The access code for the interface (all the foreign networks are given the same code), and a secret key with which to decrypt the received bit sequence. So any network in contract with several other networks will have

PAGE 58

47 the guest’s network ID, the access code from that network, and the shared secret key from that network. MABSAA Bit Sequence Structure The structure of the MABSAA bit sequence is clearly predefined, where specific combinations of bits represent specific aspects of the user’s profile. We envision the following coverage of the sequencefor authentication: Home Network ID and Mobile Identification Number, and for authorization: various aspects like Data Rate, Video on Demand, Voice over IP, Priority Calling, Roaming allowance etc. Each of these parameters is assigned a fixed number of bits. For example 1 for priority calling, 1 for video on demand, 2 for data rate, etc. Figure 4-3 shows an example structure for the bit sequence. The Bit structure is divided into two main parts, as shown in Figure 5-3, authentication part and authorization part. The authentication part consists of a Network Id and Mobile Identification Number. The authorization part consists of different service request attributes. Most of the attributes are of 1 bit, signifying only the absence or presence of that service for the user. The data rate is of 2 bits, indicating 4 levels of maximum data rate that can be provided. There may be other services that can be provided by the networks, and some space for future expansion is also reserved. As an example, one bit could be reserved for service active aspect. That is, if a person wants to suspend service for a period of time when they know they would not be using their mobile phone, this bit can be set to zero for that amount of time, making the service inactive. The total size of the sequence is a matter of protocol design, and can be optimized with respect to the industry standard.

PAGE 59

48 Authentication Authorization Bits: 128 bits 1 bit 1 bit 2 bits 1 bit 1 bit 890 bits N etwork Id/Mobile Id Video on Demand Data Rate Internet Surfing Priority Calling Reserved for other services Roaming 1024 bits “ The Bit Sequence” Figure 5-3 Example Bit Sequence Key Management One of the improvements of MABSAA over existing system is the increased protection against unauthorized access. However, even in MABSAA, the exchange of bit sequences can be intercepted, and the decryption key can be figured using many samples of the bit sequence (statistical analysis of encrypted data is possible). To prevent this, the home network periodically changes the encryption key for its set of mobile nodes. For this to happen, the mobile node has to be in the domain of its home network, so that its bit sequence can be rewritten in accordance with the new key. The home network also distributes the new key to other partner foreign networks. In case the mobile node is not present in its home network, it will be book marked for change whenever it comes in the home network territory. The foreign network maintains both the present key and the old key for a guest network. When a visitor mobile node comes in, the latest key is used first to decrypt the bit sequence. If the mobile node hasn’t had its bit sequence rewritten in accordance with the new key, the foreign network would not be able to read it. In fact it

PAGE 60

49 would recognize the fallacy of the decryption by the garbled network ID that doesn’t match any existing guest network’s ID. Then the previous key will be applied to the sequence for decryption. This way, the exchange of bit sequence will be more reliable and less prone to hacker intrusions. Example MABSAA Authentication Consider a situation with 4 networks. The information maintained by one of them might look as follows: Table 5-1 Example table maintained by authentication server ID of Guest Network Access Code Shared Secret Key (present) Shared Secret Key (old) 1 A 100 200 2 B 101 201 3 C 102 202 Self Self (for R/W) Self key (present) Self Key (old) When a mobile node visits a foreign network, the foreign network applies all its access codes. If the mobile is from an accredited network, one (and only one) of the access codes will work and the foreign network will retrieve the encrypted bit sequence. On receiving the encrypted bit sequence, the foreign network will use the corresponding secret key to decrypt it (this will add another level of reliability). The home network will be informed of this user’s presence, the mobile will be provided the demanded services, and an account of usage will be made. This account will be sent to the home network periodically.

PAGE 61

50 In the next section, a performance analysis examines the signaling load generated as well as the authentication time incurred by the MABSAA protocol, and compares it to a common security protocol, SSL. Simulation Architecture for MABSAA and SSL Figure 5-4 shows the OPNET office enterprise architecture used for simulating the MABSAA protocol. The simulation uses four office buildings, each containing a single wireless LAN and is each represented by one subnet. Each subnet is connected to a dedicated router in the wireline distribution system as shown in the figure. Figure 5-4 Office Enterprise Topology

PAGE 62

51 The routers are Ethernet slip gateways, running on a single processor. Each subnet has a wireless access point that serves all of the resident mobile devices. The access point is a WLAN Ethernet router running on a single processor. It has the IP Gateway Function enabled with OPNET default Ethernet parameters, IGMP and TCP parameters. The WLAN has a data rate of 1 Mbps with frequency hopping spread spectrum physical characteristics and has a receive lifetime of 0.5 seconds and drops large packets. Each subnet supports 20 mobile devices and mobile device supports MABSAA traffic. Each subnet also supports WLAN server running on SUN Ultra 10 333 MHz simple CPU. This server acts as a MABSAA authentication server. Therefore, a MABSAA server in that WLAN authenticates every mobile node in a particular subnet. The mobile terminals can access each of the servers with equal probability. Figure 5-5 shows the subnet architecture. Figure 5-5 Office Subnet Architecture

PAGE 63

52 Network architecture also includes HTTP, FTP and E-mail servers as shown in the figure 5-6. All the nodes were configured as the source of the HTTP, FTP and E-mail traffic. Nodes were modeled in such a way that HTTP, FTP and E-mail traffic starts after the authentication phase. Figure 5-6 WLAN Supporting HTTP, FTP and E-mail servers Simulation Scenarios Simulation will be run in two scenarios, one with MABSAA traffic and other one with Secured Socket Layer (SSL) traffic. Purpose of SSL traffic modeling is to study the overhead involved in MABSAA. In both the scenario first custom traffic model is described, then the results are shown and finally the results are compared.

PAGE 64

53 Scenario 1: MABSAA Traffic Modeling As already mentioned MABSAA is two-tier client server architecture. Traffic flow in MABSAA can be viewed as shown in the Figure 5-7. It can be seen from the figure mobile device on entering the foreign network sends a hello message, authentication server then reply by access codes. Depending upon the validity of access codes, mobile device sends the encrypted bit sequence. After receiving encrypted bit sequence authentication server decrypts the bit sequence using the secret key. Sequence of the messages as depicted in the figure is as follows: 1. Initial setup. 2. Server Access. 3. Client Processing. 4. Client sends. 5. Server Process. 6. Final Setup. Foreign Network 5 3 4 1 Server Mobile Node 2 6 Figure 5-7 MABSAA Traffic Model and Flow Diagram

PAGE 65

54 To model MABSAA traffic OPNET custom application design is used, it comprised of a hierarchy of objects. At the bottom of the hierarchy is the task, which is a basic unit of user activity within the context of the application. In MABSAA modeling a single task, known as MABSAA Authentication is considered. Included in a task is a phase, which is an interval of related activity, e.g. a data transfer process. In MABSAA Authentication six different phases, as shown in the Table 5-2 are there. A task specification is a table that describes the sequence of phases and steps involved in a task. The next step in the hierarchy is an application. The application epitomizes a software product that is used to perform a task. At the top of the hierarchy lies the profile definition. The profile determines the manner of execution of the application, and on which objects it is executed. Table 5-2 Different phases of a task (MABSAA authentication) Phase Name Start Phase after Source Destination Initial_setup Application Starts Mabsaa Client Mabsaa Server Server Access Previous Phase Ends Mabsaa Server Mabsaa Client Client Processing Previous Phase Ends Mabsaa Client Not Applicable Client_Mabsaa_BitSeq Previous Phase Ends Mabsaa Client Mabsaa Server Server Processing Previous Phase Ends Mabsaa Server Not Applicable Final_Setup Previous Phase Ends Mabsaa Server Mabsaa Client For MABSAA authentication task six phases are defined, all theses phases executes sequentially one after another. This can be shown with a help of flow diagram shown in Figure 5-7. The MABSAA server to MABSAA client traffic was modeled as presented in Table 5-3. Similarly, MABSAA client to MABSAA server traffic is shown in Table 5-4.

PAGE 66

55 The Request Packet Size was a major factor in the network traffic. It was dependent on the data being transmitted over the network for a particular phase. Table 5-3 Client to server traffic Attribute Value Initialization Time (seconds) Exponential(0) Request Count Constant(1) Interrequest Time (seconds) Constant(0) Request Packet Size (bytes) Constant(1024) Packets Per Request Constant(1) Table 5-4 Server to client traffic Attribute Value Initialization Time (seconds) Exponential(0) Request Count Constant(1) Interrequest Time (seconds) Constant(1) Request Packet Size (bytes) Constant(1024) Packets Per Request Constant(1) Once the tasks were generated the application was defined which included an instances of the MABSAA Authentication. The MABSAA Authentication had a serial task ordering, TCP transport protocol, best effort type of service and a refresh connection after every phase. Thereafter a profile definition object was generated. Each profile operated in serial order, starting exponentially with an average outcome of 20. Each profile ran through the end of the simulation. Each application repeated itself in an unlimited manner as the requests were submitted randomly from the mobile node to the MABSAA centers. Scenario 2: SSL Traffic Modeling The MABSAA protocol was compared with OPNET’s secure sockets layer (SSL) application. SSL has become the de facto standard for secure communications between end users and Internet sites, and today, SSL support is built into virtually every browser. The SSL protocol includes two sub protocols the SSL handshake protocol and the SSL

PAGE 67

56 record protocol. Both provide authenticated, confidential and tamper-resistant connections to applications, particularly HTTP. SSL's footprint fits into the Internet's processing stack, above TCP/IP and below the application layer without significantly affecting the other protocol layers. OPNET’s SSL application simulates the SSL Handshake protocol that authenticates the client and the server. The messages involved authenticate the server and the client to each other, allow the client and the server to select cryptographic algorithms and the level of security that they want and use public key cryptography to generate shared secret keys that will be used later to transmit data securely. Traffic flow in SSL can be represented as follows. Foreign Network Home Network 2 4 1 3 Server Mobile Node Server 7 5 6 Figure 5-8 SSL Traffic Model and Flow Diagram Sequences of the message in the SSL model are 1. Initial Setup 2. Processing in FN 3. Contact HN of Mobile Node 4. Processing by HN 5. Transmits to FN

PAGE 68

57 6. Processing by FN 7. Final Setup Simulation Results and Analysis First, authentication traffic generated by MABSAA and MABSAA with real time traffic using FTP, FTTP and E-mail is shown. Than same process is described for SSL traffic MABSAA Traffic The first set of results describes the parameters related to the MABSAA authentication traffic. The traffic generated by the MABSAA can be categorized as the traffic received, which is traffic from the MABSAA server to the mobile node, and the traffic sent, which is the traffic from the mobile node to the MABSAA server. Table 5-5 Traffic generated during MABSAA authentication Statistic Average Maximum Minimum Custom Application Traffic Received (bytes/sec) 119 1,109 0 Custom Application Traffic Sent (bytes/sec) 119 1,109 0 The graphs for these statistics are shown in the following figure. Figure 5-9 MABSAA Traffic Generated

PAGE 69

58 Graphs shows that initial period when all the 20 nodes are unauthenticated, traffic generated is much greater than the traffic generated in the middle of the simulation, where randomly any nodes is getting authenticated. This also shows the maximum traffic generated is equals to 1109 bytes per sec as shown in Table 5-5 From Table 5-5, it can be determine that no data was dropped. Hence, it can be assumed, that the resending any of the packets did not generate the network load. Table 5-6 also shows the load in bits/sec when the FTP, HTTP and E-mail traffic is in the network. Absolute load in the network can also be shown graphically as in Figure 5.10. Absolute delay incurred in the LAN is shown in the Figure5-12. Table 5-6 Wireless LAN statistics during MABSAA authentication Statistic Average Maximum Minimum Data Dropped (bits/sec) 0 0 0 Delay (sec) 0.0128 0.0420 0.0077 Load (bits/sec) 98,115 344,164 1,604 Throughput (bits/sec) 84,362 316,140 802 As seen from the table average delay for MABSAA is around 12.8 msec and the average load is around 98Kbps. Later these statistics are compared with SSL for the performance evaluation of MABSAA.

PAGE 70

59 Figure 5-10 Wireless LAN Load Absolute (MABSAA) Load statistics in above figure is composed of traffic generated by FTP, HTTP, E-mail and MABSAA. Average load over the simulation is also shown in the Figure5-9 Figure 5-11 Average Wireless LAN Load (MABSAA)

PAGE 71

60 Figure5-10 illustrates the delay incurred in that LAN. Table 5.5 illustrates the wireless LAN characteristics, with a maximum delay of 0.0420 seconds, and an average delay of 0.0128 seconds. Figure 5-12 Wireless LAN Delay (MABSAA) Average delay incurred in the LAN is illustrated in the Figure5-11 Figure 5-13 Average Wireless LAN Delay (MABSAA)

PAGE 72

61 The total time taken for the application is the sum of the processing time for individual phases of the application, data transmission time, delay and other overheads like TCP ack time. In the next section, a similar analysis is performed on the SSL authentication. SSL Traffic The first set of results describes the parameters related to the SSL traffic. The traffic generated by the SSL can be categorized as the traffic received, which is traffic from the SSL server to the mobile node, and the traffic sent, which is the traffic from the mobile node to the SSL server. Table 5-7 Traffic generated during SSL authentication Statistic Average Maximum Minimum Custom Application Traffic Received (bytes/sec) 131 1,109 0 Custom Application Traffic Sent (bytes/sec) 131 1,109 0 Table5-7 shows the LAN parameters when HTTP, FTP and E-mail traffic is also present. Table 5-8 Wireless LAN statistics during SSL authentication Statistic Average Maximum Minimum Data Dropped (bits/sec) 0 0 0 Delay (sec) 0.0149 0.0190 0.0067 Load (bits/sec) 88,367 295,880 4,308 Media Access Delay (sec) 0.0070 0.0133 0.0034 Throughput (bits/sec) 77,494 268,748 4,308 Figure 5-14 shows the load generated by SSL traffic and it also shows the load by MABSAA. Figure 5-15 shows the average delay in both the schemes.

PAGE 73

62 Figure 5-14 Load Comparison SSL with MABSAA Figure 5-15 Average delay Comparison SSL with MABSAA

PAGE 74

63 Figure 5-14 and 5-15 clearly shows that, delay in MABSAA scheme is lesser than SSL. This initial delay corresponds to authentication time of the system. However with the lowering of authentication time, total load on the system is increased. Increase in the load = 98115 – 88367 = 9748 (bytes/sec) Percentage increase in load = 9748/98115 = 11.03 % Decrease in authentication time = 0.0149 0.0128 = 0.0021(sec) Percentage decrease in authentication time 0.0021/0.0149 = 14.09% Therefore, with the increase in 11.03% load on the overall system total authentication is decreased by 14.09% are able to decrease the authentication time by 14.09%.

PAGE 75

CHAPTER 6 CONCLUSION The nature of wireless communication is becoming highly distributed, with users and service providers choosing to inter-operate as their data service and business needs require. New mechanisms are needed to allow service providers to interoperate in order to validate unknown users that enter a network. This thesis provided an option, an alternate authentication mechanism, MABSAA, which can be used for this purpose. The entities and procedures were outlined, and several performance measurements were made, according to the load generated by the new mechanisms, as well as the delays incurred. It was demonstrated that the MABSAA load demands and delays comparable to common applications, such as a SSL operation. As we saw MABSAA is a tradeoff between authentication time and load generated. 11% increase in the total system load results in 14% decrease in authentication time. Use of MABSAA comes down to service providers, which requires less load for certain applications and less delay for certain applications. Information and modules resulting from the OPNET simulation study are available at the following website: http://plaza.ufl.edu/pankaja This thesis also provided the simulation study of authentication mechanisms in low rate wireless personal area network such as ZigBee. This is first such simulation model of authentication scheme specified by ZigBee Alliance. 64

PAGE 76

65 We modeled MABSAA using traffic modulations, results can be further obtained using process model of OPNET, which gives more flexibility and real life results. MABSAA only addresses authentication mechanism. It can be further developed for authorization and accounting. MABSAA was modeled using bit sequence of the fixed size 1024 bits and it is compared to SSL with the size 512 bits. Effect of increasing and decreasing packet size can also effect load and authentication times, which can be studied in future. We focused on the complete architecture to decentralize the authentication mechanism. Still, there are some areas like key management, which requires more insight. We saw that 66% of the authentication time is spent in key establishment phase, it can be optimized further to reduce total authentication time. We modeled ZigBee authentication mechanism from APS layer’s perspective; some security and authentication issues are still needs to be dealt with, when a specific layer generates the packet. For example our model does not yet authenticate a packet generated by network layer.

PAGE 77

LIST OF REFERENCES 1. W. Stallings, Cryptography and Network Security, Second Edition, Prentice Hall, Upper Saddle River, NJ. 2. Data Encryption Standard, Federal Information Processing Standard (FIPS) Publication 46, National Bureau of Standards, U.S. Department of Commerce, Washington D.C. (January 1977). 3. Bruce Schneier, “The Blowfish Encryption Algorithm,” http://www.schneier.com/blowfish.html Last accessed April 24, 2005. 4. B. Aboba and J. Wood, “Authentication, Authorization and Accounting (AAA) Transport Profile,” RFC 3539, June 2003. 5. A. Platt, “Cost Implications of Mobility Management,” Networking Aspects of Radio Communication Systems, IEE Colloquium, March 1996. 6. H. Kim and H. Afifi, “Improving Mobile Authentication with New AAA Protocols,” IEEE International Conference on Communications, Volume: 1, Pages: 497 -501, 2003. 7. R. Baldwin and R. Rivest, “The RC5, RC5 -CBC, RC5-CBC-Pad, and RC5-CTS Algorithms,” RFC 2040, October 1996. 8. de Laat, G. Gross, L. Gommans, J. Vollbrecht and D. Spence, “Generic AAA Architecture,” RFC 2903, August 2000. 9. Rigney, S. Willens, A. Rubens and W. Simpson, “ Remote Authentication Dial In User Service (RADIUS),” RFC 2865, June 2000. 10. B. Lloyd and W. Simpson, “ PPP Authentication Protocols,” RFC 1334, October 1992. 11. S. Kent and R. Atkinson, “IP Authentication Header,” RFC 2402, November 1998. 12. S. Kent and R. Atkinson, “IP Encapsulating Security Payload (ESP),” RFC 2406, November 1998. 13. T. Dierks and C. Allen, “The TLS Protocol Version 1.0,” RFC 2246, January 1999. 14. A. Freier, P. Karlton, P. Kocher “The SSL Protocol Version 3.0,” November 18, 1996. 66

PAGE 78

67 15. International Engineering Consortium on-line education “global system for mobile communications,” http://www.iec.org/online/tutorials/gsm Last accessed April 25, 2005. 16. Vijaya Chandran Ramasami, “Security, Authentication and Access Control for Mobile Communications,, http://www.ittc.ku.edu/~rvc/documents/865/865_securityreport.pdf , Last accessed April 5, 2005. 17. European Telecommunications Standards Institute European digital cellular telecommunications system (Phase 2); Radio network planning aspects, February 1995, http://www.etsi.org , Last accessed April 25, 2005. 18. System for Mobile Communication 01.02:Digital Cellular Telecommunications System (Phase 2+), General Description of a Public Land Mobile Network (PLMN), ETSI Technical Report, October 1993. 19. Global System for Mobile Communication 02.17:Digital Cellular Telecommunications System (Phase 2+), Subscriber Identity Modules, Functional Characteristics, ETSI Technical Report 1998. 20. Global System for Mobile Communication 02.07:Digital Cellular Telecommunications System (Phase 2+), Mobile Station (MS) features, ETSI Technical Report 1998. 21. Global System for Mobile Communication 11.11: Digital Cellular Telecommunications System (Phase 2+), Specification of the Subscriber Identity Module Mobile Equipment (SIM-ME) Interface, Sophia Antipolis, France, 1998. 22. Third Generation Partnership Project (3GPP), Release 99 Specifications, December 1999, http://www.3gpp.org/ftp/Specs/December_99/ , April 25, 2005. 23. Universal Mobile Telecommunication System (UMTS) 23.01, UMTS Network Architecture, Version 0.2.0, November 1997. 24. 3rd Generation Partnership Project; 3G TS 21.133, Technical Specification Group (TSG); 3G Security, Security Threats and Requirements, Version 3.1.0, 1999. 25. 3rd Generation Partnership Project; 3G TS 33.102, Technical Specification Group (TSG),3G Security; Security Architecture, 1999. 26. 3rd Generation Partnership Project; 3G TS 33.120, Technical Specification Group (TSG), 3G Security; Security Principles and Objectives, 1999. 27. 3rd Generation Partnership Project; 3G TS 33.900, Technical Specification Group (TSG), A Guide to 3rd Generation Security, Version 1.2.0, 2000.

PAGE 79

68 28. Global System for Mobile Communication 02.22, Personalization of GSM Mobile Equipment (ME); Mobile Functionality Specification, Version6.0.0. 29. S. Weatherspoon, “Overview of IEEE 802.11b Security,” http://www.intel.com/technology/itj/q22000/articles/art_5.htm , Network Communication, Intel Technology, Last accessed April 25, 2005. 30. International Engineering Consortium on-line education “Universal Mobile Telecommunication Systems” http://www.iec.org/online/tutorials/umts/ Last accessed April 25, 2005. 31. Universal mobile telecommunications system, overview “ http://www.umtsworld.com/technology/overview.htm ,” Last accessed April 25, 2005. 32. Jon Robert Dohmen and Lars Smo Olaussen , UMTS Authentication and Key Agreement, Graduate Master’s Thesis -2001, Agder University College, Norway. 33. Institute of Electrical and Electronics Engineers, Inc.,IEEE Std 802.15.4-2003, IEEE Standard for Information technology---Telecommunications and information exchange between systems---Local and metropolitan area networks---Specific requirements--Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low Rate Wireless Personal Area Networks (WPANs). New York: IEEE Press. 2003. 34. Lance Hester, Yan Huang, Spyros Kyperountas, Edgar H. Callaway, Jr., Paul Gorday Florida Communication Research Lab, Motorola Labs IEEE 802.15.4: Exploring Features of the Standard for Low-Rate WPANs. 35. ZigBee Alliance “ http://www.zigbee.org ,” Last accessed April 25, 2005. 36. Zigbee Alliance Document 03322: Security Services Specification, July 2004. 37. Zigbee Alliance Document 03244: Application Support Sub-Layer Specification, July 2004. 38. Optimized network engineering tool (OPNET) “ www.opnet.com ,” Last accessed April 25, 2005. 39. A. Bharathan, J. McNair, “VISA: An AdVanced Inter-System Authentication Protocol for Wireless Networks,” Submitted to Elsevier Computer Networks Journal, 2003. 40. Pankaj Aggarwal, Kartikeya Tripathi, Janise McNair, Haniph Latchman “ Mobile Assisted Bit Sequence Authentication and Authorization ,” Presented at International Conference on Cybernetics and Information Technologies, Systems and ApplicationsCITSA 2004, Orlando, July-2004.

PAGE 80

BIOGRAPHICAL SKETCH Pankaj Aggarwal is a graduate student in the Electrical and Computer Engineering Department of the University of Florida, Gainesville. He will graduate in August 2005 with a Master of Science degree. Pankaj has a bachelor’s degree in electrical engineering from Faculty of Engineering, Jamia Millia Islamia University, Delhi, India. During his graduate studies, Pankaj worked as a graduate research assistant at the Wireless and Mobile Systems Laboratory, where he conducted research on authentication mechanisms in wireless networks and their simulation study. 69