A lightweight mutual authentication mechanism for network mobility in IEEE 802.16e wireless networks
Introduction
The IEEE 802.16e standard (also called Mobile WiMAX) [1] describes a novel technique that supports high mobility, provides high bandwidth, and supplies large coverage area in the next generation broadband wireless networks. In such environments, people use mobile devices to access all kinds of services, such as Web-browsing, VoIP, video conferencing, and other multimedia applications, anytime-anywhere. In addition, users prefer that the system provides secure and seamless communications on the move. Therefore, developing an effective authentication mechanism and seamless handoff procedures have become important research issues.
In real life, using public methods of transportation such as ships, trains, buses and airplanes, many mobile network nodes (MNNs) move together as a large-scale mobile network. The Internet Engineering Task Force (IETF) proposed a network layer solution called network mobility (NEMO) [2], which is an extension of Mobile IPv6 (MIPv6) [3] and enables a mobile network moving among different foreign networks to maintain continuous connections. Although NEMO reduces the signaling overhead for mobility management, it inherits the drawbacks of long handoff latency from MIPv6. Moreover, NEMO does not specify how authentication, authorization and accounting (AAA) should be handled in mobile networks.
IETF proposed the AAA model [4], [5], [6] and diameter protocol [7] to solve the AAA problems when a network receives a request from a mobile node for roaming in a foreign network. Within this AAA model, there are four security associations (SAs) in the MIPv6 as shown in Fig. 1. The security association means two network entities share some secret information with each other. When a mobile router (MR) moves in a foreign domain, it has to provide some authentication information before it can access the resources of that domain. However, in traditional authentication mechanisms, one of the technical challenges is that a roaming MR and a local AAA (LAAA) server cannot pre-share any secret information because they lack a direct security association as shown in Fig. 1. As the LAAA does not have sufficient information to verify the authentication information of the MR, it must send the information back to the home AAA (HAAA) server of the MR and wait for a reply. This restriction results in authentication inefficiency since the authentication information needs to be passed between the home and the foreign networks. Moreover, the MR needs to be authenticated frequently if it often roams in different domains. The problem becomes more serious as the distance between the foreign and home networks increases.
In this paper, we develop a lightweight mutual authentication mechanism (LMAM) with low computational overhead and achieving local authentication based on NEMO and the AAA model over IEEE 802.16e networks. In addition, an efficient authentication scheme should take account of two factors: the computation cost of cryptography and the authentication latency. Therefore, our proposed LMAM has the following characteristics. (1) The computation cost is low because LMAM is a lightweight security mechanism that only uses symmetric cryptography and a hash function [8] to resolve the high computation problem of the public key infrastructure (PKI). (2) LMAM provides local authentication (i.e., authentication can be finished locally), which reduces the authentication latency and decreases the workload of the HAAA server without assuming that the MR and the LAAA server pre-share a session key. (3) LMAM fulfills the following security requirements: replay attack resistance, stolen-verified attack resistance, mutual authentication to prevent server spoofing attacks, and session key generation. Moreover, we propose an enhanced hierarchical Mobile IPv6 (E-HMIPv6) scheme to reduce intra-domain handoff latency. We then integrate LMAM into E-HMIPv6, called LE-HMIPv6 without increasing the signal overhead. The performance results show that the integrated scheme outperforms existing schemes in terms of authentication and handoff latency.
The remainder of this paper is organized as follows. In Section 2, we review related work in respect of security and handoff. Section 3 describes the operations of the proposed LMAM, E-HMIPv6, and LE-HMIPv6 mechanisms in detail. In Section 4, we present a security analysis of LMAM, and we analyze the performance of the proposed mechanisms in Section 5. Then, in Section 6, we summarize our conclusions and future work.
Section snippets
The security aspect
Previous research [9], [10] focus on the AAA authentication in the host mobility environment. However, NEMO does not specify how AAA should be handled in mobile networks, and fewer studies consider the AAA authentication in the NEMO environment. Fathi et al. [11] and Shi and Tang [12] use the AAA model to deal with the security issues in NEMO. Fig. 2 shows the network architecture that combines NEMO with the AAA model [11] in a mobile network. In [11], the authors propose a leakage
Lightweight mutual authentication mechanism (LMAM)
In this section, we describe the proposed lightweight mutual authentication mechanism (LMAM) based on the AAA model illustrated in Fig. 1. The operations of LMAM involve three procedures: home registration, first authentication, and fast re-authentication. Before joining a foreign network, an MR must register with the HAAA server. When the MR first moves into a new foreign network, LMAM performs the first authentication procedure. It executes the fast re-authentication procedure when the MR
Security analysis
Before describing the security analysis, we add some notes as follows. (1) Although we define the group key GK as a pre-shared key among LAAA and ARs securely, the long-term key is still possible to be cracked by brute force attack for a long time if the attacker has enough time and high speed computer. Therefore, we assume the key length is long enough for the system to be robust. Moreover, the system needs to change the long-term key timely for reducing the cracked opportunity by brute force
Performance metrics
We evaluate the proposed mechanisms based on the following performance metrics.
- •
Computation Cost (CC): The computational complexity of a mobile node.
- •
Authentication Latency (AL): The delay time between an MR sending an authentication request and receiving the corresponding authentication reply.
- •
Handoff Latency (HL): The time required for an MR to change its association. The total handoff latency is the sum of the data link layer handoff latency, the authentication latency, and the handoff latency
Conclusions and future work
In this paper, we propose a lightweight mutual authentication mechanism called LMAM to support network mobility over IEEE 802.16e wireless networks. Since LMAM only uses symmetric cryptography and a hash function, the amount of cryptographic calculation is reduced substantially. Moreover, LMAM has the property of local authentication, which can complete authentication process locally without returning to the HAAA or LAAA server to reduce the authentication latency. We also enhance the HMIPv6 to
Ming-Chin Chuang received the B.S. degree in computer and information science from Aletheia University, Tamsui, Taiwan, ROC., in 2003 and the M.S. degree in computer science and information engineering from Chaoyang University of Technology, Wufeng, Taiwan, in 2005. He is currently working toward the Ph.D. degree at the Department of Computer Science and Information Engineering, National Chung Cheng University, Chiayi, Taiwan. His research interests include mobility management, network
References (30)
- IEEE Standard 802.16e-2005, in: IEEE standard for local and metropolitan area networks, air interface for fixed...
- V. Devarapalli, R. Wakikawa, A. Petrescu, P. Thubert, in: Network Mobility (NEMO) Basic Support Protocol, RFC 3963,...
- C. Perkins, D. Johnson, Mobility support in IPv6, in: RFC 3775, June...
- C. de Laat, G. Gross, L. Gommans, J. Vollbrecht, D. Spence, Generic AAA architecture, in: RFC 2903, August...
- S. Glass, T. Hiller, S. Jacobs, C. Perkins, Mobile IP authentication, authorization, and accounting requirements, in:...
Mobile IP joins forces with AAA
IEEE Personal Communications
(2000)- P. Calhoun, T. Johansson, C. Perkins, T. Hiller, Diameter Mobile IPv4 application, in: P. McCann (Ed.), RFC4004, August...
Password authentication with insecure communication
Communications of the ACM
(1981)- et al.
Fast handoff scheme based on mobility prediction in public wireless LAN systems
IEE Communications
(2004) - et al.
Proactive key distribution using neighbor graphs
IEEE Wireless Communications
(2004)
LR-AKE-based AAA for network mobility (NEMO) over wireless links
IEEE Journal on Selected Areas in Communications (JSAC)
Analysis on Imai–Shin’s LR-AKE protocol for wireless network security
Communications in Computer and Information Science
Cited by (23)
An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics
2014, Expert Systems with ApplicationsCitation Excerpt :We use Crypto++ Library to evaluate the computing time of the operation; see Table 4 for the computing time of each operation. According to (Chuang & Lee, 2011, 2012, 2013; Chuang, Lee, & Chen, 2013; The SANS Technology Institute-Security Laboratory, 2008), for bulk encryption, symmetric encryption is about 1000 times faster than asymmetric encryption and the hash operation is faster than symmetric encryption. Therefore, our scheme is clearly a lightweight authentication scheme.
HOTA: Handover optimized ticket-based authentication in network-based mobility management
2013, Information SciencesCitation Excerpt :Then, authentication issue, i.e., handover authentication, is left in the basket for further work or relies on existing authentication schemes. However, it is clear that previously developed authentication schemes [4,3,5,26,23] cannot be well adapted to PMIPv6 because PMIPv6 involves different characteristics compared to the host-based mobility management protocols [13,15]. For instance, an MN in PMIPv6 does not maintain its binding update cache that can be used in authentication, as the MN does not generate its own mobility signaling.
Guest editorial
2011, Computer NetworksSecuring NEMO Using a Bilinear Pairing-Based 3-Party Key Exchange (3PKE-NEMO) in Heterogeneous Networks
2020, Foundations of ScienceLeakage-Resilient and Lightweight Authenticated Key Exchange for E-Health
2020, 2020 6th IEEE International Conference on Information Management, ICIM 2020Design of a VANET privacy and non-repudiation accident reporting system
2016, Security and Communication Networks
Ming-Chin Chuang received the B.S. degree in computer and information science from Aletheia University, Tamsui, Taiwan, ROC., in 2003 and the M.S. degree in computer science and information engineering from Chaoyang University of Technology, Wufeng, Taiwan, in 2005. He is currently working toward the Ph.D. degree at the Department of Computer Science and Information Engineering, National Chung Cheng University, Chiayi, Taiwan. His research interests include mobility management, network security, and VANET.
Jeng-Farn Lee received the B.S. and M.S. degrees in the Department of Information Management from National Taiwan University, Taiwan, in 1998 and 2000, respectively, and the Ph.D. degree in the Department of Electrical Engineering from National Taiwan University, Taiwan, in January 2007. He was a Postdoctoral fellow in the Institute of Information Science, Academia Sinica, Taiwan until July 2007, and joined Department of Computer Science and Information Engineering, National Chung Cheng University as an Assistant Professor in Aug. 2007. His current research interests include QoS networking, scheduling, and wireless access network.