GGSN (Gateway GPRS Support Node) is mainly from the gateway role, it can be a variety of data network connection such as ISDN, PSPDN and LAN. Some of the literature, the GGSN called GPRS router. GGSN to the GSM network in GPRS packet data protocol conversion package, which can transmit data packets to the packet to a remote TCP / IP or X.25 network.
slangiS & smetsyS nO ecnerefnoC lanoitanretnI 5002SSCI EEEI A Secure Vertical Handoff Scheme for UMTS-WLAN Interworking Yen-Chieh Ouyang , Chung-Hua Chu, and Chang-Bu Jang National Chung-Hsing University , 250 , Kuo-Kwang Road , Taichung , 402 , Taiwan , R.O.C. Abstract The handoff processes to 802.11 WLAN and the UMTS still could be hijacked through middle of a communication session. In this paper, we propose a secure vertical handoff scheme for the interworking between UMTS and 802.11 WLAN networks. The Dynamic Key Exchange Procedure (DKEP) is applied to prevent session hijacking during a UMTS handover to a 802.11 WLAN environment and have provided security for both mobile station (MS) and access point (AP). DKEP includes three phases and all the steps of the phases are protected by public-key encryption. The MS and AP compute their session key individually. The security analysis of DKEP is done by using the SPEARII. The results show that no information can be hijacked between MS and AP. The scheme is guaranteed in various secure aspects. For Fig. 1. Architecture of integration. example, user identity, efficient authentications and key distributions can be protected, thus avoiding denial of service, key reuse, and so on. We assume that a MS is a dual-mode terminal Key words: vertical handoff, dynamic key with two interfaces – a UMTS interface and a 802.11 Exchange procedure, secure aspect WLAN interface, and we also assume that an AP includes a RADIUS server and AR function (see 1 Introduction Figure 1). So the AP can do certification and In recent years, 802.11 WLAN already offer authentication. The 802.11 WLAN users can use date mobile users broadband, high-speed wireless Internet connection (UMTS PS service) and the UMTS users access but are often found lacking with respect to can use voice connection (UMTS CS service). The roaming and mobility support. By contrast, UMTS two interfaces can be auto switch in the different will provide wide coverage and nearly universal system. Figure 1 displays the UMTS-WLAN roaming, but will not realistically live up to the bit interworking architecture where the Serving GPRS rate expectations placed on them. They can’t replace Support Node (SGSN) is the integration point . The each other. When WLAN and UMTS coexist, the Radio Network Controller (RNC) performs radio handoff mechanism should be created and provided. specific tasks, such as converting packets into radio Many researches have proposed about it in fact [8, 9, frames, managing the radio resources, and controlling 10, 11], but it is insufficient to the security handover etc. The Gateway GPRS Support Node requirements. Therefore we will focus on the security (GGSN) is the node that can be accessed by the of the communication sessions when a handoff packet data network due to evaluation of the packet mechanism is trigged. The DKEP is proposed for a date protocol (PDP) address. It contains routing secure vertical handoff procedure from UMTS to information for PS-attached users. The routing WLAN. A security scheme of a vertical handoff from information is used to tunnel network protocol data WLAN to UMTS is also presented. The remainder of units (N-PDUs) to the MS’s current point of this paper is organized as follows. In section 2 we attachment, i.e. the SGSN. The GGSN may request describe the architecture for interworking of 802.11 location information from the home location register WLAN and the UMTS. In section 3 the proposed (HLR) via the optional Gc interface. The GGSN is the DKEP for the security handoff is trigged from UMTS first access point of packet data network (PDN) to WLAN. In section 4 the analysis of the handoff interconnection with a public land mobile network procedure is presented. In section 5 we further verify (PLMN) supporting GPRS (i.e. the Gi reference point and survey the DKEP using SPEAR II. Section 6 is is supported by the GGSN). The GGSN functionality the conclusion. is common for all types of RANs. The SGSN is the node that is serving the MS. The SGSN supports 2 Architecture for Interworking of 802.11 GPRS for A/Gb mode (i.e. the Gb interface is WLANand the UMTS supported by the SGSN) and/or Iu-mode (i.e. the Iu ~ 1120 ~ slangiS & smetsyS nO ecnerefnoC lanoitanretnI 5002SSCI EEEI interface is supported by the SGSN). When the PS is with a human-chosen password, and it is hard to trace attached, the SGSN establishes a mobility and detect. The OTP1 is equal to management context containing information HASH[HASH[pass-phrase,challenge text]]. The OTP2 pertaining to mobility and security for the MS. At is equal to HASH[pass-phrase, challenge text]. Note PDP Context Activation, the SGSN establishes a PDP that the Counter is a positive integer and will decrease context, which is used for routing purposes with the by one after each successful connection. When it GGSN that the subscriber will be using . reaches to zero, the MS should request a new one time The 802.11 WLAN can be connected at GGSN, password (OTP). The value of the Counter can’t but during the 802.11 WLAN user handover to UMTS, exceed the number of iterations of OTPs . the SGSN needs to recreate the mobility state and acquire or reestablish the session (PDP) and radio access bearer (RAB) contexts that the GGSN does not have. In this situation, the handover procedure was proposed by Jaseemuddin . The HLR contains GPRS subscription data and routing information. The HLR is accessible from the SGSN via the Gr interface and from the GGN via the Gc interface. Home Environment (HE)  may have pre- computed the required number of authentication vectors and retrieved them from the HLR database, or may compute them on demand . The different networks would share the same authentication, transport, signaling and billing infrastructures, independently from the protocols used at the physical layer on the radio interface . The WLAN sends traffic directly into the SGSN, so the configuration and the design of network elements have to be modified to sustain the Fig. 2. The initialization phase. increased load . B. Key exchange phase 3 A Security Vertical Handoff between WLAN In practice, the key generation phase is used to to UMTS using DKEP negotiate a new session key for every communication The goal of using the dynamic key exchange session between the MS and the AP. The MS has to do procedure (DKEP) is to create a secure handoff the initialization phase first. These steps are shown in scheme when a handoff mechanism is trigged between Figure 3 MS and AP using the DKEP can protect communication data on air for a UMTS user handover to the environment of the 802.11 WLAN. When the air interface is protected, it can prevent from several attacking methods. In the DKEP, the MS and the AP get mutual authentication through the authentication server. A message authentication code (MAC), produced by HASH functions, is added to every packets and then encrypted together. We assume that the authentication server (RADIUS) is served for only at a single AP domain. There are three phases in dynamic key exchange protocol, which includes “initialization phase”, “key exchange phase”, and “refresh password phase”. A. Initialization phase In this phase the MS on-line registers itself as a legal member through the AP. The detailed steps are shown in Figure 2 . The reason to use a one time password is that if Figure 3. The key exchange phase. varies per session, the length is long enough compared ~ 1121 ~ slangiS & smetsyS nO ecnerefnoC lanoitanretnI 5002SSCI EEEI C. Refresh password phase When the Counter decreases to zero, the MS should change its OTP; otherwise the AP has the right to prohibit the MS from using its services. The steps are given in Figure 4. Figure 4. The refresh password phase. D. The Secure Handoff from UMTS to WLAN During the UMTS user handover to a WLAN environment, we use the DKEP to build a secure handoff procedure. Figure 5 displays a detail handoff Figure 5. Secure handoff procedure from UMTS to procedures between MS-AP, AP-SRNC and WLAN using DKEP. SRNC-SGSN. 4) DKEP has strong mutual authentication E. Security Vertical Handoff Procedure from WLAN to procedure based on the OTP which can avoid a UMTS man-in-middle attack. When the handoff from WLAN to UMTS is 5) Using the DKEP can protect an AP from denial trigged, UMTS authentication procedure  is used to of service (DOS) attacks and session hijack attacks build a secure handoff. The procedure is shown in because every message frame includes MAC were Figure 6. encrypted by a dynamic session key. 6) Each new shared element will be protected by a 4 Security Analysis of the DKEP and the handoff similar key exchange procedure. process 7) DKEP is compatible with any existing cipher A. Analysis of the DKEP and the advantages of the algorithms. handoff from UMTS to WLAN 8) All the message frame and exchanging element The security performance improvements of the are protected by a shared secret channel. DKEP protocols are evaluated using several secure 9) DKEP is secure against passive attacks criteria. These criteria were selected by secure (eavesdropping/replay attacks) is based on the counter requirements defined in 3GPP. And the DKEP make number and its own session key. the security advantages of the handoff procedure 10) DKEP is secure against dictionary attacks apparently. because the MS uses the initial password to produce 1) DKEP has no more initial vectors, and avoids an OTP with a different challenge. The MS requires exhaust of IVs to cause key reuse. certification (e.g. Cert(MS)) on the AP so the MS’s 2) DKEP extends the lifetime of the shared secret certification is not based on the MS’s password and channel with Counter times. ID. 3) Using DKEP, each new session will generate a 11) DKEP can be used on any client-server wireless different session key. and wired environments. ~ 1122 ~ slangiS & smetsyS nO ecnerefnoC lanoitanretnI 5002SSCI EEEI procedures are shown in Figure 7. The visual GNY environment is a component of the SPEAR and is used to construct GNY statements necessary for protocol analysis. From the result of BAN analysis of DKEP, we can see that the procedure has high confidentiality against attacks (see figure 8, 9, 10, 11 and 12). Figure 6. Secure handoff procedure from WLAN to UMTS. B. The Advantages of the Handoff from WLAN to UMTS Figure 7. Simulation of the DKEP in SPEARII The UMTS authentication procedure has following features : 1) Using an encryption key shared by a group of users to protect the user’s identity. 2) Message authentication and replay inhibition have not been suppressed by an attacker. 3) Integrity protection of critical signaling messages protects against denial of service attacks. 4) A sequence number in the challenge allows the USIM  to verify the freshness of the cipher key. 5 Further Verification and Survey for the DKEP in SPEAR II The goal of the Security Protocol Engineering and Analysis Resource II (SPEAR II) tool is to facilitate cryptographic protocol engineering and aid users in distilling the critical issues during an engineering session by presenting them with an appropriate level of detail and guiding them as much as possible. BAN logic systems have successfully been used to reveal flaws in the protocols. A popular BAN is GNY, and the SPEARII is based on the GNY logic system. We use SPEARII to make cryptographic protocol analysis for DKEP and the examine Fig. 8 Analysis result. ~ 1123 ~ slangiS & smetsyS nO ecnerefnoC lanoitanretnI 5002SSCI EEEI Fig. 9 Assumptions of supplicant Fig. 11 The goals of supplicant Fig. 10 Assumptions of AP Fig. 12 The goals of AP ~ 1124 ~ slangiS & smetsyS nO ecnerefnoC lanoitanretnI 5002SSCI EEEI 6 Conclusions WLANs”, IEEE Security Technology, 2003, Carnahan In this paper, we propose a secure vertical Conference, October 14-16, 2003. handoff process when a handoff mechanism is trigged  G. M. Koien, and Thomas Haslestad, “Security between UMTS and 802.11 WLAN networks. In order aspects of 3G-WLAN interworking”, Comm. Mag., to prevent users’ privacy from intuited eavesdropping IEEE, Volume: 41, Issue: 11, Nov. 2003. and spoofing, a robust handoff procedure is necessary.  All information about SPEARII can be found at The DKEP is used to resolve these security problems http://www.cs.uct.ac.za/Research/DNA/resources/publ when the UMTS users handover to 802.11 WLAN. ications_repository/saul1999_SPEAR_SATNAC.pdf Using the DKEP, we can achieve high confidentiality http://dimacs.rutgers.edu/Workshops/Security/progra and strong mutual authentication. The other situation m2/hutch/ is that 802.11 WLAN users handover to a UMTS  Kalle Ahmavaara, Henry Haverlnen, Roman environment. We use UMTS authentication procedure Pichna, “Interworking Architecture between 3GPP to build a secure vertical handoff while the WLAN and WLAN Systems”, IEEE Communications users handoff to a UMTS environment. The UMTS Magazine, November 2003. authentication provides a permanent user identity  Ming hui Shi, Xuemin (Sherman) Shen, and Jon W. IMSI and user location, so that user services can’t be Mark, “IEEE 802.11 Roaming and Authentication in determined by eavesdropping. From the security Wireless LAN/Cellular Mobile networks”, IEEE analysis, we know that the security of the handoff Wireless Communications Magazine, August 2004. between WLAN and UMTS will be improved and  Milind M. Buddhikot, Girish Chandranmenon, guaranteed. Seungjae Han, Yui-Wah Lee, Scott Miller, and Luca Salgarelli, “Design and Implementation of a Appendix: Symbols used in this paper WLAN/CDMA2000 Interworking Architecture”, Kp: AP’s public key. IEEE Communications Magazine, November 2003. Cert(x): a certificate related with x.  Qian Zhang, Chuanxiong Guo, Zihua Guo, and E_AsymK[x]: encrypts x by using Wenwu Zhu, “Efficient Mobility Management for asymmetric algorithm with key K. Vertical Handoff between WWAN and WLAN”, E_SymK[x]: encrypts x by using IEEE Communications Magazine, November 2003. symmetric algorithm with key K. ID: the identity of the MS. Ru and RT: Ru and RT are both random numbers. But Ru is not equal to RT. Counter: the counter of OTP. ||: this vertical bar is used to denote concatenation of strings. HASH[x]: a one-way hash function which x is the input. It is used to create the MAC. References  M. Jaseemuddin, “An architecture for integrating UMTS and 802.11 WLAN networks”, IEEE Symposium on Computers and Communication, 2003. (ISCC 2003). Proceedings. Eighth IEEE International Symposium on, pp. 716-723, June 30-July 3 2003.  3GPP TS 23.060, “3GPP General Packet Radio Service (GPRS), Service Description, Stage 2(Release 6)”, June 2003.  3GPP TS 33.102, “3G Security, Security architecture (Release 5)”, June 2003.  M. Buddhikot, G., Chandranmenon, S. Han, Y. W. Lee, S. Miller, L. Salgarelli, “Integration of 802.11 and third-generation wireless data networks”, INFOCOM 2003.  Y. C. Ouyang, R. L. Chang and J. H. Chiu, “A New Security Key Exchange Channel for 802.11 ~ 1125 ~
Pages to are hidden for
"A Secure Vertical Handoff Scheme for UMTS-WLAN Interworking"Please download to view full document