Christoforos Ntantogian

One-Pass EAP-AKA Authentication in 3G-WLAN Integrated Networks

The incorporation of Wireless Local Area Networks (WLANs) within the third generation (3G) networks materializes the next generation of mobile/wireless systems, named 3G-WLANs integrated networks. This paper proposes an improved authentication procedure for the 3G-WLANs integrated networks that enables a WLAN user to get access to the 3G packet switched services or to the public Internet through the 3G public land mobile network. The proposed procedure reduces significantly the authentication overhead compared to the legacy one, without compromising the provided security services. A security analysis of the proposed authentication procedure is elaborated that ensures the correctness of the authentication procedure, the provision of advanced security services and the elimination of possible attacks that may threaten the proposed authentication procedure. In addition, an energy cost analysis is carried out that compares the energy consumption induced by the legacy and the proposed authentication procedures. Finally, a communication cost analysis is provided that estimates the cost improvement of the proposed over the legacy authentication procedure.

Discovering Authentication Credentials in Volatile Memory of Android Mobile Devices

This paper investigates whether authentication credentials in the volatile memory of Android mobile devices can be discovered using freely available tools. The experiments that we carried out for each application included two different sets: In the first set, our goal was to check if we could recover our own submitted credentials from the memory dump of the mobile device. In the second set of experiments, the goal was to find patterns that can indicate where the credentials are located in a memory dump of an Android device. The results revealed that the majority of the Android applications are vulnerable to credentials discovery even in case of applications that their security is critical, such as web banking and password manager applications.

Gaithashing: A two-factor authentication scheme based on gait features

Abstract Recently, gait recognition has attracted much attention as a biometric feature for real-time person authentication. The main advantage of gait is that it can be observed at a distance in an unobtrusive manner. However, the security of an authentication system, based only on gait features, can be easily broken. A malicious actor can observe the gait of an unsuspicious person and extract the related biometric template in a trivial manner and without being noticed. Another major issue of gait as an identifier has to do with their high intra-variance, since human silhouettes can be significantly modified, when for example the user holds a bag or wears a coat. This paper proposes gaithashing, a two-factor authentication that interpolates between the security features of biohash and the recognition capabilities of gait features to provide a high accuracy and secure authentication system. A novel characteristic of gaithashing is that it enrolls three different human silhouettes types. During authentication, the new extracted gait features and the enrollment ones are fused using weighted sums. By selecting appropriate weight values, the proposed scheme eliminates the noise and distortions caused by different silhouette types and achieves to authenticate a user independently of his/her silhouette. Apart from high accuracy, the proposed scheme provides revocability in case of a biometric template compromise. The performance of the proposed scheme is evaluated by carrying out a comprehensive set of experiments. Numerical results show that gaithashing outperforms existing solutions in terms of authentication performance, while at the same time achieves to secure the gait features.

A generic mechanism for efficient authentication in B3G networks

A user in Beyond 3rd Generation (B3G) networks in order to get access to the network services must perform a multi-pass authentication procedure, which includes two or three sequential authentications steps. These multiple authentication steps include a redundant repetition of the same or similar authentication functions, which impose an unnecessary authentication overhead. This paper proposes a security binding mechanism, which reduces the execution of the redundant authentication functions of multi-pass authentications in a simple yet effective and secure manner. To achieve this, the proposed mechanism authenticates a user in the second and third step of a multi-pass authentication, by using the users authentication credentials of the initial step. The focal point of the security binding mechanism is its generic application in multi-pass authentications, regardless of the underlying network architecture or protocols. To prove this, we have selected to present and analyze the application of the proposed mechanism in two different B3G scenarios (i.e., 3G-WLAN and WiMAX), resulting in the improved authentication procedures. A security analysis of the improved procedures has been carried out to identify possible attacks and propose security measures to eliminate them. Moreover, a simulation model has been developed to estimate and compare the performance of the improved 3G-WLAN authentication procedure to that of the legacy 3G-WLAN authentication. Simulation results show that the improved procedure presents better performance than its legacy counterpart.

An advanced persistent threat in 3G networks: Attacking the home network from roaming networks

The HLR/AuC is considered to be one of the most important network elements of a 3G network. It can serve up to five million subscribers and at least one transaction with HLR/AuC is required for every single phone call or data session. This paper presents experimental results and observations that can be exploited to perform a novel distributed denial of service attack in 3G networks that targets the availability of the HLR/AuC. More specifically, first we present an experiment in which we identified and proved some zero-day vulnerabilities of the 3G network that can be exploited by malicious actors to mount various attacks. For the purpose of our experiment, we have used off-the-shelf infrastructure and software, without any specialized modification. Based on the observations of the experiment, we reveal an Advanced Persistent Threat (APT) in 3G networks that aims to flood an HLR/AuC of a mobile operator. We also prove that the discovered APT can be performed in a trivial manner using commodity hardware and software, which is widely and affordably available.

Evaluation of Cryptography Usage in Android Applications

Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.

Reducing Authentication Traffic in 3G-WLAN Integrated Networks

The security architecture of the 3G-WLAN integrated networks specifies that a WLAN user, in order to get access to the 3G packet switched services or the public internet through the 3G PLMN, he must follow a two-pass EAP-AKA authentication procedure. This involves a double execution of EAP-AKA, which introduces a duplicated authentication overhead. This paper proposes a one-pass EAP-AKA authentication procedure for the 3 G-WLAN integrated networks that reduces significantly the authentication traffic, compared to the two-pass EAP-AKA authentication, without compromising the provided level of security. The proposed procedure has minimal impact on the existing 3 G-WLAN network infrastructure and functionality. A security analysis of the proposed authentication procedure is elaborated that identifies potential attacks and proposes possible countermeasures. In addition, a cost analysis is considered that compares the total number of messages required for users authentication using the two-pass EAP-AKA and the proposed one-pass EAP-AKA authentication.

Efficient authentication for users autonomy in Next Generation All-IP networks

Next generation networks (NGNs) provide multimedia services to mobile users through different access networks that facilitate users autonomy. The security architecture of NGNs specifies that a WLAN user must follow a multi-pass authentication and key agreement (AKA) procedure in order to get access to the IP multimedia subsystem (IMS) services. This paper proposes an improved one-pass AKA procedure for NGNs that reduces significantly the authentication overhead compared to the multi-pass, without compromising the provided security services. A communication cost analysis is provided that estimates the cost improvement of the proposed one-pass over the multi-pass AKA authentication procedure. The proposed procedure has minimal impact on the network infrastructure and functionality and does not require any changes to the existing authentication protocols.

Attacking the baseband modem of mobile phones to breach the users' privacy and network security

As people are using their smartphones more frequently, cyber criminals are focusing their efforts on infecting smartphones rather than computers. This paper presents the design and implementation of a new type of mobile malware, named (U)SimMonitor for Android and iPhone devices, which attacks the baseband modem of mobile phones. In particular, the mobile malware is capable of stealing security credentials and sensitive information of the cellular technology including permanent and temporary identities, encryption keys and location of users. The developed malware operates in the background in a stealthy manner without disrupting the normal operation of the phone. We elaborate on the software architecture of (U)SimMonitor and provide implementation details for the specific AT commands used by the malware. We analyse the security impacts of (U)SimMonitor malware and we show that it can entirely breach the privacy of mobile users and the security of cellular networks. In particular, a mobile user with an infected phone can be identified and all his/her movements can be tracked. Moreover, all his/her encrypted phone calls and data sessions can be disclosed.

A Security Protocol for Mutual Authentication and Mobile VPN Deployment in B3G Networks

This paper proposes a security protocol that provides mutual authentication between a user and a WLAN that the first tries to connect to, and deploys a mobile Virtual Private Network (VPN) that protects the users data conveyed over the wireless network. For the user authentication as well as for the initialization of the VPN and the related key agreement, the EAP-SIM encapsulated within the Internet Key Exchange version 2 (IKEv2) is proposed. The deployed VPN, which is based on IPsec, ensures confidentiality, source authentication and integrity of the data exchanged over the WLAN. At the same time, the user has been subscribed to the 3G-network for charging and billing purposes using the legacy EAP-SIM authentication protocol. The established VPN can seamlessly operate and continuously provide security services as the mobile user moves and roams, materializing the notion of mobile VPN. The proposed security protocol eliminates the required enhancements to the current network infrastructure and operates transparently to the existing network functionality.