Chan-Kyu Han

Building Femtocell More Secure with Improved Proxy Signature

Demand for the femtocell is largely credited to the surge in a more always best connected communication conscious public. 3GPP define new architecture and security requirement for Release 9 to deal with femtocell, Home eNode B referred as HeNB. In this paper, we analyze the HeNB security with respect to mutual authentication, access control, and secure key agreement. Our analysis pointed out that a number of security vulnerabilities have still not been addressed and solved by 3GPP technical specification. These include eavesdropping, man-in-the-middle attack, compromising subscriber access list, and masquerading as valid HeNB. To the best of our knowledge, any related research studying HeNB security was not published before. Towards this end, this paper proposes an improved authentication and key agreement mechanism for HeNB which adapts proxy-signature and proxy-signed proxy-signature. Through our elaborate analysis, we conclude that the proposed not only prevents the various security threats but also accomplishes minimum distance from user-tolerable authentication delay.

Effective discovery of attacks using entropy of packet dynamics

Network-based attacks are so devastating that they have become major threats to network security. Early yet accurate warning of these attacks is critical for both operators and end users. However, neither speed nor accuracy is easy to achieve because both require effective extraction and interpretation of anomalous patterns from overwhelmingly massive, noisy network traffic. The intrusion detection system presented here is designed to assist in diagnosing and identifying network attacks. This IDS is based on the notion of packet dynamics, rather than packet content, as a way to cope with the increasing complexity of attacks. We employ a concept of entropy to measure time-variant packet dynamics and, further, to extrapolate this entropy to detect network attacks. The entropy of network traffic should vary abruptly once the distinct patterns of packet dynamics embedded in attacks appear. The proposed classifier is evaluated by comparing independent statistics derived from five well-known attacks. Our classifier detects those five attacks with high accuracy and does so in a timely manner.

Improvement of security protocol for Machine Type Communications in LTE-advanced

Machine type communication (MTC) takes advantages of billions of devices being connected to each other in sensing our ambient environments. When a large number of MTC devices in a group attempt to access a radio link of LTE, congestions in the link may drop throughput of data and signaling traffic significantly. This paper is presented to enhance security overheads in the radio access network by utilizing group-based authentication. Comparing to related works the proposed protocol does not require a radical change in the incumbent security protocol. Further, the proposed protocol is confirmed by performance evaluations that it produces less computational and communication overheads than the current LTE-AKA.

Building More Secure Femtocell with Improved Proxy Signature

ABSTRACT Demand for the femtocell is largely credited to the surge in a more always best connected communication conscious public. 3GPP defines new architecture and security requirement for Rele ase 9 to deal with femtocell, Home eNode B referred as HeNB. In this paper, we analyze the HeNB security with respect to mutual authentication, access control, and secure key agreement. Our analysis pointed out that a number of security vulnerabilities have still not been addressed and solved by 3GPP technical specification. These include eavesdropping, man-in-th e-middle attack, compromising subscriber access list, and masquerading as valid HeNB. To the best of our knowledge, any r elated research studying HeNB security was not published before. Towards this end, this paper proposes an improved authe ntication and key agreement mechanism for HeNB which adopts proxy-signature and proxy-signed proxy-signature. Throug h our elaborate analysis, we conclude that the proposed not only prevents the various security threats but also accomplishe s minimum distance from use-tolerable authentication delay.Keywords: long term evolution(LTE), home eNode B(HeNB), femtocell, mobi le network security접수일(2013년 6월 26일), 수정일(2013년 9월 24일), 게재확정일(2014년 1월 7일)†주저자, meosery@skku.edu‡교신저자, ksryong0@nate.com (Corresponding author)

Optimal Handover Key Refresh Interval in 3GPP LTE/SAE Network

LTE/SAE has presented the handover key management to revoke the compromised keys and to isolate corrupted network devices. In this paper, we identify that the handover key management is vulnerable to so-called de-synchronization attacks, which is jeopardizing the forward secrecy of handover key management. We place an emphasis on periodic root key update to minimize the effect of the de-synchronization attacks. An optimal value for the root key update interval is suggested in order to minimize signaling load and ensure security of user traffic.