Secure Handoff Protocol in 3GPP LTE Networks

Imen El bouabidi
LETI laboratory, University of Sfax Sfax, Tunisia imen_bouabidi@yahoo.fr

Ikbel Daly
LETI laboratory, University of Sfax Sfax, Tunisia ikbel.daly@gmail.com

Faouzi Zarai
LETI laboratory, University of Sfax Sfax, Tunisia faouzi.zarai@isecs.rnu.tn
Abstract To provide secure 3GPP LTE-WLAN interworking, Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) is used. However, EAP-AKA has several vulnerabilities such as disclosure of user identity, man-in-themiddle attack, Sequence Number (SQN) synchronization, and additional bandwidth consumption. Therefore, in this paper, we propose new re-authentication protocol for wireless 3GPP LTE. The proposed protocol guarantees stronger security, mutual authentication, and resistance against many attacks. The suggested solution proves its effectiveness following the studies of simulation which carried out according to different criteria handoff latency, loss and blocking rate. Keywords-3GPP LTE; Handoff; Security; Authentication; Quality of Service; Handoff Latency.

I.

INTRODUCTION

Since the last years, Wireless communications technologies, especially the mobile ones, expand rapidly. Although, these technologies know several generations, they are far from satisfying the users requests, who seek a very significant data rate with seamless mobility. Indeed, the current tendency is with the convergence of the wireless networks for much more multi-media applications and more of services. LTE (Long Term Evolution) is the most recent mobile communication standard which is proposed by the organization 3GPP (Generation Partnership Project) in the context of the 4G. Also, it allows the integration of another access technology, in particular the WLAN (Wireless Local Area Network). This network allows an automated handoff mechanism and a transparency between different technologies so that the mobile station can profit from the advantages of each technology while moving between the various interconnected systems. But, this heterogeneity of access technology is generally perceived like a constraint and a vulnerability which it is necessary to take into account in an architecture of security. Consequently, it should be made only within a precise and adapted policy of security. Indeed, the announced advantages of such a network remain to be relativized taking into consideration vulnerability and its limit such as the access control, the availability of the connections, the integrity of the messages and the confidentiality of

exchanges. Efforts were in particular made in order to well manage security during the displacements in the heterogeneous networks. But, in spite of the progress made in the standardization of interconnection WLAN/UMTS, the majority of the efforts were concentrated on the AAA (Authentication, authorization, and accounting) rather than on the mobility management and Quality of Service (QoS). New protocols appear to provide the required security and QoS. So the installation of an optimized vertical authentication protocol in the case of handoff is crucial for the continuity of services. The objective of this work is to suggest an authentification protocol in order to secure the handoff calls in the heterogeneous wireless networks. This problematic catches the attention of researchers community which results in the standardization of some authentication and key management protocols such as UMTS Authentication and Key Agreement (AKA), specified by [3], and Extensible Authentication Protocol (EAP) [4] AKA (EAP-AKA, specified by [5]). Moreover, many papers in the literature proposed mechanisms to secure the handoff mechanisms. The first study [7] is made with an aim of improving the security aspect in 3G-WLAN domain. This work proposes a new authentication procedure between various types of networks in order to facilitate and make secure the movement of the mobile users between the integrated networks. The contribution of this study leads to the improvement of the performances of authentication and key management procedure in particular the security aspect. In this same context, a second study [8] enumerates the various vulnerabilities resulting from the application of EAP-AKA protocol such as man in the middle attack, sequence number synchronization and disclosure of user identity, with the intention of accentuating on the need to have more effective and robust authentication procedure. In this context, this work proposes a new authentication and key management protocol based on EAP-AKA. The suggested solution associates the Elliptic Curve Diffie-Hellman (ECDH) mechanism with symmetric key cryptosystem in order to confront these vulnerabilities. Moreover, this protocol brings a better level of security against many attacks and by applying a mutual authentication between mobile user, AAA server and the HSS entity. But, it does not take into account the mutual authentication between the two networks types in 3G-WLAN

and supposes the existence of a confidence relation between these two parts, which contradicts with the reality. [9] is based on the use of a hybrid unit. This entity makes it possible to establish a preparative phase which precedes the execution of the handoff mechanism. Indeed, these works covet to improve the performances of the suggested authentication protocols without taking into account the level of confidence relation between different technologies from the heterogeneous interworking LTEWLAN. Consequently, our study is characterized by a high level of security without QoS degradation since we can ensure the mutual authentication between LTE network / their users, WLAN network / their stations and finally the servers of the two networks LTE and WLAN. The remainder of this paper is organized as follows: In Section 2, we present the architecture of interworking networks 3GPP-LTE and WLAN. In the third section, we detail a new solution to secure interworking and roaming between 3GPP LTE and WLAN. The proposed authentication protocol uses hybrid unit. In Section 4, we describe a simulation method of our scheme and analyze the numerical results derived from simulation and highlight the contribution developed in the previous sections. Finally, we conclude the paper in Section 5. II. INTERWORKING ARCHITECTURE

III.

PROPOSED AUTHENTICATION PROTOCOL

In order to enable the integration of heterogeneous networking technologies into common system architecture a fast and secured handoff is required. In this section, we present the proposed protocol to secure the handoff from GPP-LTE to WLAN network. It involves a sequence of messages being exchanged between the Mobile Station (MS), the target network and the home network. This sequence of messages can be divided into three phases: preparation of authentication vector, preparation of authentication ballot, and preauthentication with the home network and authentication with the target network, which will be described later in details. The proposed approach eliminates the need of communication between the target network and home network to verify the MS identity during handoff process. It is based on the preparation of authentication tickets. A. Assumption: In the proposed protocol, we assume the following directives: - A secure channel is established between the AAA server and the HSS. - The MS can identify the identity of AAA server and the associated AP. B. The Workflow of the Protocol Our protocol consists of four procedures which are shown in Figure 2.
TABLE I. Notation IDx U, A, H, HIU MACi,x fK RANDx Kx,y TK AUTHENTICATION PROCEDURE PARAMETERS Description ID of entity x Denote the UE, the AAA server and the HSS, HIU respectively MAC number i computed by x MAC generation function using the key K Random number generated by entity x Symmetric key shared between entity x and y Temporary Key

One of the main requirements of an Interworking model is to manage mobility transparently and more effectively between heterogeneous wireless networks. In this context, several interworking models have been proposed such as WLANUMTS interconnection [1], WLAN-GPRS, 3G-WiMAX, etc. Depending on the degree of interdependence that will be introduced between the networks (e. g. networks of third generation (3G) and WLAN), there are several architectures using multiple radio access networks. The main models are the loose coupling, tight coupling and the hybrid coupling. The distinction between these models is in the layer with which the radio access network communicates. The architecture adopted in our work is shown in Figure 1. The configuration of this environment of study deploys a Hybrid Interconnection Unit (HIU) to serve as a relay between the integrated networks and may perform several functions within the requested parameters of quality of service [2]. The HIU is a node serving as a bridge between two different access networks.

Figure 1. Interworking architecture

USIM

MME

HSS

HIU

Pre-Handoff decision
AKA Identity (IDSIM_LTE, NAIWLAN AKA Challenge (RANDH, AUTHH, MACH) AKA Challenge (RES, MACU) AKA Identity (NAIWLAN, IMSI)

Preparation phase

AAAWLAN Authentication vector ({IDi, Ki}

(NAIWLAN, HSSID, RAND1, MAC1,H, SQN1) RAND2, MAC2,HIU, SQN2 [IDi, Ki] KH-LTE

Generation: - LK, LID - HK, HID HSSID, [LK, LID, HK, HSSID, [LK, LID, HK, HID, AKA Notification [IDi, HID, NReauth] Kpub_AAAWLAN NReauth]Kpub_ AAAWLAN Ki,RAND, NReauth] CK

AKA Notification [IDi, Ki, RAND, NReauth] CK Generations of Keys and identities: LK, LID HK, HID Handoff decision AP EAPoL Request / Identity EAPoL/ID Rsp(HID)

Access Request (HID) EAP ID Rsp EAP Method Access Accept / EAP Success (HK)

EAP Success Ks Derivation

Figure 2. Workflow of the Protocol

C. Preparation (between the home network and the target network): The authentication server of the WLAN (AAAWLAN) sends to the authenticated unit hybrid (using EAP) n vectors (identity, key). Each vector will be used to generate an authentication ticket containing an identity and a key to the mobile network 3GPP LTE. Once all the vectors are used, a new set of vectors

is sent from the server AAAWLAN to the hybrid unit. AAAWLAN HIU: Authentication Vectors D. Preparation of authentication ballot This phase aims to prepare a temporary identity that is used to identify the station in the case of handoff to the WLAN. Indeed, a temporary key will be calculated by the 3GPP LTE

network and sent to the WLAN authentication server. The authentication ballot is composed by the temporary identity, the number of re-authentication and the key. The steps in this phase are: 1. The preparation phase starts immediately after the pre-handoff decision by sending to the MME a message AKA Identity containing the temporary identity of the mobile in the 3GPP-LTE network and the identity of the visited network (NAI) (Network Access Identifier: the identity of the visited WLAN) Upon the reception of this message, MME entity runs the intra MME AKA re-authentication procedure. Once this process is completed successfully, MME sends a message to the HSS AKA Identity containing the NAI and IMSI of the mobile Upon receipt of this message, the HSS generates a random value (RAND1) and calculates the value of the Message Authentication Code (MAC1, H) that ensures message authentication. The MAC1 and H are obtained by applying the SHA-1(Secure Hash Algorithm) on the parameters KH-HIU and RAND1. The HSS sends to the hybrid unit a encrypted message containing the parameters KH-HIU, NAIWLAN, RAND1, MAC1, H, HSSID, and SQN1. with: HSSID: The HSS identity, SQN: Sequence Number, MAC1,H =SHA-1(RAND1, KH- HIU) 5. On receipt of this message, the hybrid unit recalculates the value of hybrid MAC1,HIU, using the shared key KH-HIU. If MAC1,H is equal to MAC1,HIU, HIU generates a second random value (RAND2) and calculates the value of MAC2, HIU. Then it checks if it has a local vector identity key obtained in the first phase of preparation. If so, HIU communicates RAND2, MAC2, HIU, SQN2, and the identity-key vector to the HSS. If it is not the case, HIU requests the server AAAWLAN to send the identity-key vector. Next, HSS decrypts the received message using the key KH-HIU and verifies the legitimacy of the HIU. At this stage, we are able to ensure the security between HSS and HIU through the implementation of mutual authentication. If successful mutual authentication, HSS calculates: The Local Key (LK): This key is shared between the UE and the AAAWLAN server. The validity of this key is Nreauth re-authentication. LK = f (CK, IK, Ki, IMSI) The Local IDentity (LID): This identity will be used to identify the station UE in the WLAN in all Nreauth re-authentication. LID = f (CK, IK, IDi, IMSI) 7.

The Handoff Key (HK): This key is used to prove the identity of the UE at the 3GPP LTE network handoff to the WLAN. HK = f (RAND, LK, Ki)

The Handoff IDentity (HID): This identity will be used to identify the UE in vertical handoff from the 3GPP LTE network to the WLAN. HID = f (RAND, LID, IDi)

2. 3.

The HSS sends to the AAAWLAN server a message containing the parameters LK, LID, HK, and HID encrypted by the AAAWLAN server's public key (KAAAWLAN). The HSS sends to the UE a message containing the parameters Ki, IDi, RAND, and Nreauth encrypted by CK. On receipt of these parameters, the station recalculates the UE parameters: LK, LID, HK, and HID.

8.

4.

9.

E. Authentication and Key Agreement in WLAN The third phase is based on the EAP protocol in order to authenticate locally the mobile station using the keys and the identities generated in the second phase. Once mutual authentication procedures between the home network (3GPPLTE) and the mobile station and between the visited network and home network are completed, the AAAWLAN server sends the key HK to the access point. This key will be used later to derive the session key Ks. IV. PERFORMANCE EVALUATION

In this section, we evaluate the performance of our secured handoff system. We have carried out simulations to analyze the vertical handoff in different configurations and scenarios. We have used the network simulator developed using the Java language [11]. The simulated network is depicted in Figure 3. It is composed of two WLANs. The objective of these simulations is to validate our authentication protocol as an enhancement to reduce handoff latency, blocking rate and packet loss. A. Handoff latency We define the vertical handoff latency as the amount of time when the mobile disconnected from the old base station to the moment when the station receives the first packet from the new base station. Figure 4 shows the handoff latency performance for the proposed authentication protocol. Clearly, the two schemes have similar latency variation curves. From Figure 4, we see that the proposed secured handoff scheme has better handoff latency performance than the proposed scheme in the literature [10]. Also, it shows that the handoff latency increases when the number of admitted user increases. We notice also that the propose authentication protocol guarantees a handoff latency less than the proposed solution in the literature. We justify this decrease in the handoff latency by the improvement resulting in considering a pre-handoff process that minimizes the time gap between the different handoff

6.

steps. This important improvement will better satisfy the requirements of real time applications over the heterogeneous wireless networks and as a result, it will achieve a better quality of service.
Handoff blocking rate (%)

Stations number
Figure 5: Handoff blocking rate

Figure 3: Simulated Network

C. Loss rate The packet loss counts from the MS disconnecting to serving attachment point to receiving new packets from the target attachment point. Figure 6 illustrates the number of packet loss vs. the number of MSs. The number of packet loss of proposed authentication protocol is higher than that of our proposed authentication protocol. Also, it shows that the number of packet loss of our proposed re-authentication is better than that of [10].

Handoff latency

Stations number
Figure 4: Handoff latency

Loss Rate (%)

Stations number
Figure 6: Loss rate

B. Handoff blocking rate The blocking probability rate presents the percentage of blocked calls according to the totality of calls which ask for points of attachment change. Figure 5 illustrates the rates of blocking gained with the application of the proposed reauthentication protocol in the environment of simulation for the heterogeneous network. Also, this figure shows that these rates increase gradually with the increase in the population of MS. This increase is caused by the increase of the handoff latency and the rise in the list of the packets with need to be treated. In fact, the handoff call is considered blocked when exceeding a handoff latency interval of threshold.

V.

CONCLUSION

The interoperability of different wireless access systems into a single platform brings many benefits for both network providers and users. It can be achieved through specific solutions to secure the mobility mechanisms. In this paper, we present a new protocol to secure handoff without degrading the quality of service parameters (delay and packet lost). The proposed re-authentication protocol guarantees stronger security, mutual authentication, and resistance against many attacks. The simulation results in heterogeneous environment

show that our protocol has higher packet delivery ratio as compare to some existing protocols [10]. In the future, we plan to expand our study by exploring the performance of our protocol for multiple handoff types (intratechnology (WLAN to WLAN) and WLAN to 3GPP LTE.

[5]

REFERENCES
[1] Third Generation Partnership Project (3GPP), 3GPP system to Wireless Local Area Network (WLAN) interworking (Release 7),3GPP TS 23.234 v7.7.0, June 2008. Faouzi Zarai et Noureddine Boudriga, Intelligent Network Functionalities in Wireless 4G Networks, Int. Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS2007), San Diego, USA, 16-18 Juillet 2007 Third Generation Partnership Project (3GPP), 3G System Architecture Evolution (SAE): Security architecture (Release 8) , 3GPP TS 33.401 v8.1.1, October 2008. Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Security of Home Node B (HNB) / Home evolved Node B (HeNB) (3G TS 33.320 version 9.0.0 Release 2010) (http://www.3gpp.org/).

[2]

[3]

[4]

Yuh-Min Tseng, USIM-based EAP-TLS authentication protocol for wireless local area networks, Computer Standards & Interfaces, November 2007. [6] J. Arkko and H. Haverinen, Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA), IETF,RFC 4187, January 2006. [7] Third Generation Partnership Project (3GPP), Rationale and track of security decisions in Long Term Evolved (LTE) RAN/3GPP System Architecture Evolution (SAE) (Release 8), 3GPP TS 33.821 v1.0.0, Dcember 2007. [8] C. Ntantogian and C. Xenakis, One-Pass EAPAKA Authentication in 3G-WLAN Integrated Networks, Springer Science+Business Media, LLC.2008. [9] H. Mun, K. Han and K. Kim, 3G-WLAN Interworking: Security Analysis and New Authentication and Key Agreement based on EAPAKA, International symposium on Taiwan, April 2009. [10] I. Daly, F. Zarai and L. Kamoun Re-authentication Protocol for Vertical Handoff in Heterogeneous Wireless Networks 3rd International Conference on Mobile Lightweight Systems, Espagne, 2011 [11] I. Daly, F. Zarai and L. Kamoun, Design and implementation of a simulation environment for the evaluation of authentication protocols in IEEE 802.11s networks, 3rd International ICST Conference on Mobile Lightweight Wireless Systems, publi par Springer, Bilbao Espagne, 0911 Mai 2011