The recent development of mobile networks has led to the emergence of new threats and methods of implementing existing ones. Phishing attacks, including robocalls, are causing record losses to both individual users and large corporations. At the same time, existing countermeasures cannot provide protection against such attacks because most existing solutions focus on device authentication, whereas user authentication does not occur during a call. Another problem with mobile networks is that there is no point-to-point encryption, i.e., the speech is encrypted only on the segment from the subscriber to the base station. The subject of study in this article is the process of ensuring user security during a call. The purpose of this study is to develop a model of mutual user authentication and end-to-end data encryption in a mobile network during a call. The main objectives are the protection of users from spoofing and vishing and the proposal of a protection method by implementing mutual authentication of users during a call without storing confidential information on the side of a "trusted third party". Method of secure key exchange and end-to-end encryption during a call in the mobile network was proposed. It prevents the interception of calls by the operator for circuit-switched and packet networks. The methods used are mathematical modelling, ontological approach, and multi-criteria optimization models. Because of this research, an algorithm for mutual authentication of users is proposed by introducing biometric authentication methods and modifying the sequence of messages during a call. The proposed approach can be implemented for CS-call and VoLTE/VoWiFi calls. A call cannot be received without user biometric authentication; such as ear pattern or bone conduction methods. Modified SETUP and CONNECT ACK messages are used to inform the other party about the user verification result. This prevents user spoofing, call masquerading, and robocalls. A combination of the proposed asymmetric encryption, a short authentication string, and hashes of previous calls provides a higher level of confidentiality, integrity, and additional resistance to man-in-the-middle attacks. Conclusions. The scientific novelty of the obtained results is the integration of the above methods into the sequence of call flow messages for providing mutual authentication, end-to-end encryption, and counteraction to the number of network attacks. The proposed methods allow one level to increase the provision of services of privacy and observation groups and can be implemented in the software part of user equipment.
Read full abstract