Abstract
Aiming at to avoid the drawbacks of the identity privacy protection scheme in Long Term Evolution-Wireless Local Area Network (LTE-WLAN) heterogeneous converged network proposed by the 3rd Generation Partnership Project (3GPP), an improved scheme based on identity index is proposed to achieve anonymity, untraceability and dynamic identity. Security analysis shows that our proposed scheme can prevent replay attack and man-in-the-middle attack for network layer authentication. The results of comparison with the related schemes show that security and efficiency of our proposed scheme is prior to some other existing ones with low computation cost and short time delay.
Highlights
Wireless communication networks can be divided roughly into five types according to the distance of data transmission and network coverage, (i)satellite network [1], (ii)Wireless Wide Area Network (WWAN), such as Long Term Evolution (LTE) wireless cellular network [2], (iii)Wireless Metropolitan Area Network (WMAN) [3], (iv) Wireless Local Area Network (WLAN) [4], (v) Wireless Personal Area Network (WPAN) [5]
In the LTE-WLAN heterogeneous converged network proposed by the 3rd Generation Partnership Project (3GPP), Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA’) protocol [12], which includes user identity privacy protection, is proposed to realize mutual authentication between communication entities such as the User Equipment (UE) and the Home Subscriber Server (HSS)
Recent identity privacy protection schemes in the process of user authentication have been studied and limitations of these schemes have been analyzed, and an improved scheme based on identity index is proposed to achieve anonymity, untraceability and dynamic identity
Summary
The secret key K, IMSI and corresponding parameter SQN HSK is shared by the UE and HSS. Hamandi et al.’s scheme uses an identity index for corresponding IMSI to each user to achieve privacy protection. Insteading of IMSI, SQN HSK is sent in EAP response/identity message Such scheme does not achieve forward secrecy in case of the threat to the database. On receiving the DMSI, HSS searches this RIC in the database to identify the IMSI, and gets RICpadded with decryption function fd using the initial shared secret key K of corresponding user. The UE chooses the shared secret key KS , random number n, timestamp TC and operation pattern PS as input to message authentication code function HMAC, and generates function output bit string HKS,PS. As the temporary identity, SHMAC could not be updated. (ii) New security parameters such as KS , PS , KC and PC in Ghafghazi et al.’s scheme increase the cost of storage and management. (iii) Timestamp is used, which has synchronization issue between the UE and HSS
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
