Basav Roychoudhury

Enhancing User Identity Privacy in LTE

Identity privacy is a security issue that is crucial for the users of a cellular network. Knowledge of the permanent identity of a user may allow an adversary to track and amass comprehensive profiles about individuals. Such profiling may expose an individual to various kind of unanticipated risks, and above all may deprive an individual of his right to privacy. With the introduction of sensitive services like online banking, shopping, etc. through cellular phones, identity privacy has now become a bigger security issue. In GSM and UMTS, the problem of user identity privacy vulnerability is proven to exist. In both these systems, there are situations where the permanent identity of a subscriber may get compromised. Long Term Evolution (LTE), which evolved from GSM and UMTS, is proposed by 3GPP for inclusion into the fourth generation of cellular networks. Although security of LTE has evolved from the security of GSM and UMTS, due to different architectural and business requirements of fourth generation systems, LTE security is substantially different and improved compared to its predecessors. However, the issue of identity privacy vulnerability continue to exist in LTE. In this paper, we discuss how the security architecture of LTE deals with identity privacy. We also discuss a possible solution that may be utilised to overcome the problem of user identity privacy in LTE.

UMTS user identity confidentiality: An end-to-end solution

In all mobile communication scenario, it is envisaged that user identity remains confidential. Universal Mobile Telecommunication System (UMTS) is no exception to this. Every Mobile Station (MS) in UMTS is assigned a unique International Mobile Subscriber Identity (IMSI). If this IMSI is compromised, so will be the user identity. There is restriction on transmission of this IMSI over radio link. Unfortunately, circumstances when such transmission happens can be created by an adversary, thereby compromising anonymity of users. In this paper, we build on our End-to-End User Identity Confidentiality (E2EUIC) solution [1], an extension to 3GPP-AKA that not only takes care of identity confidentiality vulnerability over the wireless link, but goes one step ahead to ensure the same over the wired network as well.

End-to-End User Identity Confidentiality for UMTS networks

A standard security feature in any wireless network is user identity confidentiality. In Universal Mobile Telecommunication System (UMTS), there are circumstances where this important security feature is compromised due to transmission of the International Mobile Subscriber Identity (IMSI) in clear-text over the radio interface. Such situations defy anonymity of users. In addition, it is assumed that there is no threat from the agents in the wired network. In this paper, we introduce End-to-End User Identity Confidentiality (E2EUIC), an extension to 3GPP-AKA which not only takes care of identity confidentiality vulnerability over the wireless link, but goes one step ahead to ensure the same over the wired network as well.

Handling missing values: A study of popular imputation packages in R

Abstract In real world data are often plagued by missing values which adversely affects the final outcome of the analysis based on such data. The missing values can be handled using various techniques like deletion or imputation. Of late, R has become one of the most preferred platform for carrying out data analysis, and its popularity is growing further. R provides various packages for handling missing values through imputation. The presence of multiple packages however, calls for an analysis of their comparative performance and examine their suitability for handling a given set of data. The performance of different R packages may differ for different datasets and may depend on the size of the dataset and richness of the missing values in the datasets. In this paper, the authors perform comparative study of the performance of the common R packages, namely VIM, MICE, MissForest, and HMISC, used for missing value imputation. The authors measured the performances of the said packages in terms of their imputation time, imputation efficiency and the effect on the variance. The imputation efficiency was measured in terms of the difference in predictive performance of a model built using original dataset vis-a-vis a dataset with imputed values. Similarly, the variance of the variables in the original dataset was compared that of corresponding variables in the imputed dataset. A missing value imputation package can be considered to be better if it consumes less imputation time and provides high imputation accuracy. Also in terms of variance, one would like to have the imputation package maintain the original variance of the variables. On analysing the four imputation packages on two datasets over three predictive algorithms–Logistic Regression, Support Vector Machines, and Artificial Neural Networks–it was observed that the performances varies depending on the size of the dataset, and the missing values present in them. The study highlights that certain missing value package used in conjunction with a given predictive algorithm provides better performance, which is again a function of the dataset characteristics.

Provably secure group authentication and key agreement for machine type communication using Chebyshev’s polynomial

Abstract While the current cellular networks are optimized only for Human to Human, or Human Type Communication (HTC), the future generation of cellular networks foresees a rapid growth in the quantum of Machine Type Communication (MTC) i.e., communication among heterogeneous entities without the involvement of any human entity which can be seen in different Internet of Things(IoT) applications. A significant issue in Machine Type Communication is the presence of large numbers of communicating devices overloading the network with their signaling messages. This overload can have negative impacts in terms of delays and termination of security procedures, like authentication, affecting both HTC and MTC. In this paper, we propose a group authentication and key agreement protocol using Extended Chebyshev’s Chaotic Map. The proposed protocol provides an efficient, in terms of reduced signaling traffic generated during the authentication procedure, and provably secure method for authenticating a group of MTCDs by the core network. The security analysis of the proposed protocol shows that it is secured against various threats like man-in-the-middle, replay attack etc.

Hierarchical Group Based Mutual Authentication and Key Agreement for Machine Type Communication in LTE and Future 5G Networks

In view of the exponential growth in the volume of wireless data communication among heterogeneous devices ranging from smart phones to tiny sensors across a wide range of applications, 3GPP LTE-A has standardized Machine Type Communication (MTC) which allows communication between entities without any human intervention. The future 5G cellular networks also envisage massive deployment of MTC Devices (MTCDs) which will increase the total number of connected devices hundredfold. This poses a huge challenge to the traditional cellular system processes, especially the traditional Mutual Authentication and Key Agreement (AKA) mechanism currently used in LTE systems, as the signaling load caused by the increasingly large number of devices may have an adverse effect on the regular Human to Human (H2H) traffic. A solution in the literature has been the use of group based architecture which, while addressing the authentication traffic, has their share of issues. This paper introduces Hierarchical Group based Mutual Authentication and Key Agreement (HGMAKA) protocol to address those issues and also enables the small cell heterogeneous architecture in line with 5G networks to support MTC services. The aggregate Message Authentication Code based approach has been shown to be lightweight and significantly efficient in terms of resource usage compared to the existing protocols, while being robust to authentication message failures, and scalable to heterogeneous network architectures.

Security Extension for Relaxed Trust Requirement in Non3GPP Access to the EPS

Third Generation Partnership Project (3GPP) has standardized the Evolved Packet System (EPS) as a part of their Long Term Evolution System Architecture Evolution (LTE/SAE) initiative. In order to provide ubiquitous services to the subscribers and to facilitate interoperability, EPS supports multiple access technologies where both 3GPP and Non-3GPP defined access networks are allowed to connect to a common All-IP core network called the Evolved Packet Core (EPC). However, a factor that continues to limit this endeavor is the trust requirement with respect to the subscribers identity privacy. There are occasions during Non-3GPP access to the EPS when intermediary network elements like the access networks that may even belong to third party operators have to be confided with the subscribers permanent identity. In this paper, we propose a security extension that relaxes this need. Contrary to several other solutions proposed recently in this area, our solution can be adopted as an extension to the existing security mechanism.

Enhanced Identity Privacy in UMTS

Subscribers identity privacy in mobile networks has been an exciting research area. Earlier, researchers were focused on protecting it over the radio link between the mobile device and the serving network. Whereas now, they are considering the need for protecting the same from the serving network itself, due to the security and flexibility that it promises to bring into roaming situations. Towards this, numerous protocols have been proposed for mobile networks in general. However, in universal mobile telecommunications system (UMTS), one of the most widely deployed mobile networks, not much research has been conducted in this direction. In this paper, we make an effort to fill in this gap by proposing an extension that can be easily adapted in UMTS. We also establish the security, robustness and correctness of this extension through statistical, security and formal analysis.

A group-based authentication scheme for vehicular Moving Networks

Uninterrupted mobile connectivity in fast moving public transportation systems like bus and train is difficult to achieve. Frequent handovers and security procedures for a large number of mobile users travelling together in these mass transportation systems can cause disruption in connectivity and signaling overload on the network. A possible solution to this problem is to group together all co-located users and perform a single authentication/handover procedure for the entire group. In this paper, the authors propose a lightweight, multi-layered, group based authentication protocol for a group of mobile users travelling in public transportation systems.

Improving Identity Privacy in 3GPP-WLAN

The mobile telephony system has become popular due to its wide coverage, resulting in near-universal roaming service to its subscribers. However, when it comes to data transfer rates, the WLANs lead the way. WLANs have much restricted hot-spot coverage compared to mobile telephony systems, but provide better data rates at lower costs. Combining the two, results in best of both the worlds. Thus, 3GPP has proposed 3GPP-WLAN architecture to bring in this synergy between the two systems. From the subscriber’s perspective, one of the issues to be taken care of is “identity privacy”—how the identity of the subscriber be hidden from the eavesdroppers wanting to track the subscriber. 3GPP has devised a scheme for taking care of this in 3GPP-WLAN, which is different from that followed in other 3GPP systems. However, the said scheme does have certain vulnerabilities, and cannot guarantee the desired privacy. In this paper, we put forward an extension to the existing scheme to take care of these vulnerabilities. Also, this can be implemented without changes to intermediary networks or components, allowing for an easier transition.