Journal of KIISE (정보과학회 논문지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

Security Enhanced Authentication Protocol in LTE With Preserving User Location Privacy

LTE에서 사용자 위치 정보 보호를 위한 보안 향상 인증 프로토콜

  • 한창희 (중앙대학교 컴퓨터공학과) ;
  • 권현수 (중앙대학교 컴퓨터공학과) ;
  • 허준범 (중앙대학교 컴퓨터공학과)
  • Received : 2014.05.07
  • Accepted : 2014.07.09
  • Published : 2014.09.15
⟨ Previous Next ⟩

Abstract

The number of subscribers in 4th generation mobile system has been increased rapidly. Along with that, preserving subscribers' privacy has become a hot issue. To prevent users' location from being revealed publicly is important more than ever. In this paper, we first show that the privacy-related problem exists in user authentication procedure in 4th generation mobile system, especially LTE. Then, we suggest an attack model which allows an adversary to trace a user, i.e. he has an ability to determine whether the user is in his observation area. Such collecting subscribers' location by an unauthorized third party may yield severe privacy problem. To keep users' privacy intact, we propose a modified authentication protocol in LTE. Our scheme has low computational overhead and strong secrecy so that both the security and efficiency are achieved. Finally, we prove that our scheme is secure by using the automatic verification tool ProVerif.

최근 네트워크 및 통신 기술의 발달로 4세대 무선이동통신은 사용자가 급격하게 늘어나고 있다. 하지만 이와 동시에 통신 데이터 및 프라이버시에 대한 외부 공격 또한 증가하고 있는 실정이다. 따라서 안전한 통신에 대한 고려는 성공적인 4세대 이동통신을 위해서 매우 중요한 사항이라고 할 수 있다. 본 논문에서는 4세대 LTE 이동통신 환경에서 통신 기기의 위치 정보를 탐지함으로써 사용자의 위치 프라이버시를 침해하는 공격모델을 제시한다. 그리고 이를 해결하기 위한 개선된 LTE 프로토콜을 제시한다. 제안하는 기법은 연산량이 적은 대칭키 암호화 알고리즘을 이용함으로써 위치정보에 대한 구별가능성을 제거함으로써 프로토콜의 효율성과 안전성을 보장할 수 있다. 또한 위치 프라이버시 보호 측면에서 제안기법의 안전성은 ProVerif 툴을 이용하여 검증하였다.

Keywords

Acknowledgement

Supported by : 한국연구재단, 정보통신산업진흥원

References

  1. Kim Moowan, Kang Chulhee, Kim Younghan, Kim Woontae, WiBro/WiMAX LTE Mobile Broadband, Kwangmoonkag, 2011. (in Korean)
  2. Park Jongil, Kim Hyeungu, Joo Younghyun, Pyeun Sukjoon, Lim Joungsun, Lte New World, miraebook, 2012. (in Korean)
  3. G. Koien and V. Oleshchuk, Location privacy for cellular systems; analysis and solution, Annual Network & Distributed, Vol. 3856, pp. 2-4, 2006.
  4. U. Meyer and S. Wetzel, A man-in-the-middle attack on UMTS, ACM Workshop on Wireless Security, WiSe 04, pp. 90-91, 2004.
  5. M. Arpinis and L. Mancini and E. Ritter and M. Ryan and N. Golde and K. Redon and R. Borgaonkar, New Privacy Issues in Mobile Telephony: Fix and Verification, CCS'12, pp. 4-10, 2012.
  6. L. Xiehua and W. Yongjun, Security Enhanced Authentication and Key Agreement Protocol for LTE/SAE Network, Wireless Communications Networking and Mobile Computing, 7th International Conference, pp. 1-3, 2011.
  7. 3GPP, Universal Mobile Telecommunications System (UMTS); USIM and IC card requirements, 3GPP TS 21.111 version 8.0.1 Release 8, p. 11, 2008.
  8. 3GPP, Universal Mobile Telecommunications System (UMTS); LTE; Evolved Packet System (EPS); Mobility Management Entity (MME) and Serving GPRS Support Node (SGSN) related interfaces based on Diameter protocol, 3GPP TS 29.272 version 9.9.0 Release 9, p.14, 2012.
  9. 3GPP, Technical Specification Group Core Network and Terminals; Characteristics of the IP Multimedia Services Identity Module (ISIM) application, 3GPP TS 31.103 version 9.1.0 Release 9, p. 26, 2010.
  10. S. Gueron and S. Johnson and J. Walker, SHA-512/256, Information Technology: New Generation, 8th Conference, pp. 2-6, 2011.
  11. M. Purkhiabani and A. Salahi, Enhanced Authentication and Key Agreement Procedure of next Generation 3GPP Mobile Networks, International Journal of Information and Electronics Engineering, Vol. 2, pp. 3-5, 2012.
  12. 3GPP, Technical Specification Group Services and System Aspects; 3G Security; Cryptographic algorithm requirements, 3GPP TS 33.105 V9.0.0, pp.5-10, 2009.
  13. 3GPP, Network Access Security in Next-Generation 3GPP Systems: A Tutorial, IEEE Communications Magazine, pp. 70-88, 2009.
  14. M. Bortolozzo and M.Centenaro and R. Focardi and G. Steel, Attacking and fixing PKCS#11 security tokens, ACM Conference on Computer and Communications Security, pp. 1-3, 2010.
  15. N. Golde and K. Redon and R. Borgaonkar, Weaponizing femtocells: The effect of rogue devices on mobile telecommunications, Annual Network & Distributed System Security Symposium, NDSS, pp. 2-4, 2012.
  16. D. Forsberg and G. Horn and W. Moeller and V. Niemi, LTE Security, John Wiley & Sons, pp. 100-111, 2012.
  17. Agilent Technologies, LTE and the Evolution to 4G Wireless: Design and Measurement Challenges, WILEY, 2013, Bonus Material, pp. 3-5.
  18. V. Cheval and B. Blanchet, Proving More Observational Equivalences with ProVerif, POST'13 2nd Conference on Principles of Security and Trust, Vol. 7796, pp. 9-17, 2013.
  19. A. Pfitzmann and M. Kohntopp, Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology, International Workshop on Design Issues in Anonymity and Unobservability, p. 8, 2005.
  20. M. Ryan and B. Smyth, Applied pi calculus, Veronique Cortier and Steve Kremer editors, IOS Press, p. 2, 2011.
  21. Wei Dai, Crypto++(R) Library 5.6.2, www.cryptopp.com