Enhanced privacy and authentication for the global system for mobile communications

The Global System for Mobile Communications (GSM) is widely recognized as the modern digital mobile network architecture. Increasing market demands point toward the relevancy of securityrelated issues in communications. The security requirements of mobile communications for the mobile users include: (1) the authentication of the mobile user and Visitor Location Register/Home Location Register; (2) the data confidentiality between mobile station and Visitor Location Register, and the data confidentiality between Visitor Location Register and Visitor Location Register/Home Location Register (VLR/HLR); (3) the location privacy of mobile user. However, GSM does not provide enough security functions to meet these requirements. We propose three improved methods to enhance the security, to reduce the storage space, to eliminate the sensitive information stored in VLR, and consequently to improve the performance of the system. Proposed methods include an improved authentication protocol for the mobile station, a data confidentiality protocol, and a location privacy protocol. The merit of the proposed methods is to improve but not to alter the existing architecture of the system. Furthermore, this study also performs computational and capacity analyses to evaluate the original GSM system and proposed approaches on a comparative basis.     

带门槛的环形搜索移动性管理策略中移动台所 越过的位置区环数

位置管理或移动性管理是移动计算研究领域的一个具有挑战性的问题.我国及其他国家目前正在使用的个人通信网络如GSM、IS-41中,用两层数据库HLR/VLR支持位置管理.在这些网络中,每当移动台从一个位置区LA(Location area)移动到另一个位置区,其基本的位置管理策略(简称"基本策略")不管是否必要均立即进行位置更新操作,因而造成系统资源的极大浪费,降低了系统的性能.本文给出一种带门槛的环形搜索策略(简称"门槛环形策略")——将位置区分成环,设定一个门槛(整数),当移动台越过的位置区的环数没有达到门槛时,系统不进行位置更新操作,以减少位置管理的费用.在假定移动台的呼入是一个泊松过程,移动台在各个位置区的逗留时间是符合一般概率分布的随机变量的条件下,推导出在两次呼入之间移动台处于各位置区环的概率及移动台所越过的位置区环数公式,给出了"门槛环形策略"的位置管理费用小于"基本策略"的条件.     

改进的3G认证与密钥分配协议

本文详细分析了3G认证与密钥分配协议的过程以及协议的安全性，找出了协议中的安全缺陷，并给出了攻击者可能进行的攻击。针对协议的安全漏洞，提出了一种改进的认证与密钥分配方案，解决了对VLR的认证以及网络端信息传输的安全性。最后，对改进方案的安全性进行了分析。     

An efficient authentication protocol for mobile communications

In this paper, a new Global System of Mobile Communications (GSM) authentication protocol is proposed to improve some drawbacks of the current GSM authentication protocol for roaming users including: (a) communication overhead between VLR; (b) huge bandwidth consumption between VLR and HLR; (c) storage space overhead in VLR; (d) overloaded in HLR with authentication of mobile stations; and (e) not supporting bilateral authentication. The main contribution of this paper is that it does not only improve the drawbacks listed above but also fits the needs of roaming users. In addition, the proposed protocol does not change the existing architecture of GSM, and the robustness of the proposed protocol is the same as that of the original GSM, which is based on security algorithms A3, A5, and A8.     

3G移动网络中逆向GLR故障恢复算法及分析

在3G网络中,当漫游用户在网关位置寄存器(GLR)中的位置信息不正确时,其位置查询将失败,此时将严重恶化系统性能,而传统的位置恢复算法需占用大量长途电路资源。为减少GLR位置恢复过程中对长途电路资源的占有及缩短GLR故障恢复时延,本文提出了一种新的算法逆向GLR故障恢复算法。该算法充分利用用户在访问位置寄存器(VLR)中的用户信息,从而避免在恢复过程中GLR和归属位置寄存器(HLR)的长途信令开销。通过对算法的性能作分析,证明所提出的算法是可行的。     

基于PCL的3GPP-AKA协议的形式化分析与证明

3GPP-AKA协议在第三代移动通信的安全性方面起着至关重要的作用,它保证了移动用户MS与VLR/HLR之间的双向认证及密钥协商.文中通过协议组合逻辑(PCL)对3GPP-AKA协议进行了形式化分析及安全性证明.分析表明3GPP-AKA协议可以满足它的安全目标,因此该协议可以安全的作为第三代移动通信中的认证和密钥分配协议.     

3G认证和密钥分配协议的形式化分析及改进

介绍了第三代移动通信系统所采用的认证和密钥分配(AKA)协议,网络归属位置寄存器/访问位置寄存器(HLR/VLR)对用户UE(用户设备)的认证过程和用户UE对网络HLR/VLR的认证过程分别采用了两种不同的认证方式,前者采用基于"询问-应答"式的认证过程,后者采用基于"知识证明"式的认证过程.使用BAN形式化逻辑分析方法分别对这两种认证过程进行了分析,指出在假定HLR与VLR之间系统安全的前提下,基于"知识证明"式的认证过程仍然存在安全漏洞.3GPP采取基于顺序号的补充措施;同时,文中指出了另一种改进方案.     

Location tracking with distributed HLR's and pointer forwarding

Location tracking operations in a personal communications service (PCS) network are expensive. A location tracking algorithm called pointer forwarding has been proposed to reduce the location update cost. The key observation behind forwarding is that if users change PCS registration areas (RAs) frequently, but receive calls relatively infrequently, it should be possible to avoid registrations at the home-location register (HLR) database by simply setting up a forwarding pointer from the previous visitor-location register (VLR). Calls to a given user will first query the user's HLR to determine the first VLR, which the user was registered at, and then follow a chain of forwarding pointers to the user's current VLR. To reduce the “find” cost in call delivery, the PCS provider may distribute HLR databases in the network. This paper integrates the concept of distributed HLRs with pointer forwarding, and the new scheme is referred to as the pointer forwarding with distributed HLR (PFDHLR). Since no registration to the HLR is performed in the pointer forwarding scheme when a user moves to the new locations, the cost of updating multiple HLRs is eliminated in PFDHLR. Our study indicates that PFDHLR may significantly reduce the mobility management cost compared with the single HLR approach     

个人通信系统中的用户登记认证

个人通信系统(PCS)的智能网络层上每个结点的数据库采用全分布式结构。根据PCS的智能层数据库结构特点以及X.509目录认证架构,提出了一种移动用户登记认证方案。此方案克服了X.509所具有的“静态”特性,使其能够满足PCS用户移动性及终端移动性的要求。在进行用户登记认证的同时,用户与本地的访问网络之间还建立起一个秘密数据。基于这一秘密数据,用户与网络之间可以在呼叫建立阶段进行相互认证。这就避免了现有的移动通信系统(如GSM,IS-41等)呼叫建立阶段的认证受归属网位置登记数据库(HLR)控制的缺陷。因此,用于位置修订和查询的信令负荷大大减小;同时,有关骨干网络(如PSPDN或共路信令网)安全的假定也可以被取消。     

一种CDMA-HLR内存数据库的实现方案

针对移动通信系统中归属位置寄存器(HLR)的业务处理过程对系统的实时性和数据的安全可靠性要求,提出了一种以内存数据库作为主数据库、商用大型数据库作为备份数据库的方案,给出了系统结构和实现方式.采用该方案的HLR系统在实际使用过程中取得了很好的效果.     

An auxiliary user location strategy employing forwarding pointers to reduce network impacts of PCS

We propose an auxiliary strategy, calledper-user forwarding, for locating users who move from place to place while using Personal Communications Services (PCS). The forwarding strategy augments the basic location strategy proposed in existing standards such as GSM and IS-41, with the objective of reducing network signalling and database loads in exchange for increased CPU processing and memory costs. The key observation behind forwarding is that if users change PCS registration areas frequently but receive calls relatively infrequently, it should be possible to avoid registrations at the Home Location Register (HLR) database, by simply setting up a forwarding pointer from the previous Visitor Location Register (VLR). Calls to a given user will first query the user's HLR to determine the first VLR which the user was registered at, and then follow a chain of forwarding pointers to the user's current VLR. We use a reference PCS architecture and the notion of a user'scall-to-mobility ratio (CMR) to quantify the costs and benefits of using forwarding and classes of users for whom it would be beneficial. We show that under a variety of assumptions forwarding is likely to yield significant net benefits in terms of reduced signalling network traffic and database loads for certain classes of users. For instance, under certain cost assumptions, for users withCMR<0.5, forwarding can result in 20–60% savins over the basic strategy. This net benefit is due to the significant saving in location update compared to a penalty of moderately increased call setup times for the infrequent occasions when these users do receive calls.     

Demand re‐registration for PCS database restoration

In a Personal Communications Services (PCS) network, mobility databases such as Home Location Register (HLR) and Visitor Location Register (VLR) are utilized to support mobility management for Mobile Stations (MSs). If the location databases fail, the location information loss or corruption will seriously degrade the service offered to the subscribers. In this paper, we propose a new VLR failure recovery scheme called demand reregistration. In this scheme, the VLR broadcasts a reregistration request to all MSs after the VLR failure. When an MS receives the reregistration request, it sends a registration message to the VLR to recover the location record. Since all MSs will reregister after receiving the broadcasting request, traffic jam (and thus collisions) may occur. If a collision occurs, then the involved MSs must resend the registration messages. This paper studies the performance of demand reregistration by investigating how effectively the reregistration can recover the location record for an MS before the first MS call termination occurs. Our results indicate that demand reregistration can effectively recover VLR failure.     

低空空域VHF动态接入移动性管理

低空空域超短波( VHF)动态接入移动性管理技术是保障低空飞行不间断、跨区域通信的关键。根据低空空管通信网络框架,设计了低空空管二级移动性管理模型;借鉴GSM经典移动性管理模型,引入访问/归属位置寄存器机制,解决了地面通信网有效管理低空飞行器位置信息的问题。详细阐述了登记注册、入网/退网、站内移动性管理和站间移动性管理等流程。最后,分析了移动性管理时延,并给出了系统演示和仿真,为进一步研究打下了基础。     

Research on HLR mobility database failure recovery and performance analysis for CDMA2000 systems

In this paper, a novel Home Location Register(HLR) mobility database recovery scheme is proposed. With database backing-up and signal sending as its key processes, the presented scheme is designed for the purpose of both decreasing system costs and reducing number of lost calls. In our scheme, an algorithm is developed for an HLR to identify such VLRs that there are new MSs roaming into them since the latest HLR database backing up. The identification of those VLRs is used by the HLR to send Unreliable Roaming Data Directive messages to each of them to get the correct location information of those new MSs.Additionally, two kinds of relationships, one between the number of lost calls and the database backing-up period and the other between the backing-up cost and the period, are well analyzed. Both analytical and numerical results indicate that there will be an optimal HLR database backing-up period if certain system parameters are given and the total cost can be consequently minimized.     

Introduction of the Asymmetric Cryptography in GSM,GPRS, UMTS,and Its Public Key Infrastructure Integration

The logic ruling the user and network authentication as well as the data ciphering in the GSM architecture is characterized, regarding the transferring of the parameters employed in these processes, by transactions between three nodes of the system, that is the MS, actually the SIM, the visited MSC/VLR, and the AuC, which is attached to the HLR in most cases. The GPRS and the UMTS architecture carry the heritage of the GSM's philosophy regarding the user/network authentication and the data ciphering. So, the corresponding three nodes (MS, VLR, and HLR) of these systems are involved as well in the authentication and data ciphering procedures. Moreover, the methods of the conventional cryptography have been adopted by all three systems. This paper describes in brief the subscriber authentication and data ciphering, as they are recommended by the Specifications for all three aforementioned systems. Based on what the specifications define, we pinpoint the vulnerable points of the systems, exposed to third party attacks, and propose asymmetric cryptography procedures for their coverage, consisting of the introduction of public–private key pairs for the transactions between the VLR-HLR, as well as the MS-VLR. On the other hand, the nature of the services constituting a Public Key Infrastructure (PKI) renders the telecommunication operators the main candidates for the development of PKIs fully or partially fledged. The private–public key pair, stored by the PLMN operator in the SIM, for the GSM/GPRS case, or in the USIM for the UMTS case and created to deal initially with internal system functions, can easily be extended, adopted and employed in secure e/m-transactions, if bound to a digital certificate, in the case the PLMN operator supports PKI services as well.     

Authentication of Mobile Users in Third Generation Mobile Systems

The goal of the third-generation mobile systems is to provide worldwide operation, enhance service capabilities, and improve performance over the second-generation mobile systems. In this paper, we propose an authentication procedure for third-generation mobile systems. The authentication procedure is a protocol suite consisting of two subprotocols: a certificate-based authentication (CBA) protocol and a ticket-based authentication (TBA) protocol. Only two parties, MS and VLR, are involved in executing our protocol. Our authentication procedure uses both public- and secret-key cryptosystems. Our authentication procedure not only provides uniform authentication across domains, but also reduces computational costs in the process of repeated authentication. We provide firm proof of our procedure's correctness.     

基于阈值的两级指针推进的移动性管理策略

提出了基于阈值的两级指针推进策略(TPFT,two-level pointer forwarding with thresholds)将一部分VLR(visitor location register)中的移动用户选为移动代理(MA,mobile agent),在MA之间建立第一级指针链;在MA与VLR之间建立第二级指针链,两级指针链均设定长度阈值。将该策略与“基本位置管理策略”及“通行用户指针推进策略”和“带门槛的指针推进策略”的开销进行比较得出:选择适当的两级阈值,TPFT策略的开销优于上述策略。同时,TPFT策略是将系统中对HLR(home location register)的修改与查询的信号量分布到各个MA中,提高了系统效率。     

移动网络中一种分布式GLR设计方案

UMTS核心网在访问网络处引入可选网元GLR来减少用户远离HLR漫游时的位置管理信令开销。传统GLR方案中,GLR一般在访问网络处集中设置,随着访问网络处漫游用户数的增多,GLR有可能成为系统瓶颈,且GLR的故障对系统是致命的。针对集中式GLR存在的问题,该文提出一种分布式GLR设置方案,使用户在访问网络处的首个访问VLR成为其GLR,从而提高系统对GLR故障的抗毁性,有效降低GLR潜在的瓶颈问题。分析结果表明,该文提出的分布式GLR方案在抗毁性,缓解瓶颈问题,降低入呼数据库查询开销及延迟等指标方面都优于传统GLR方案,同时,所提出的分布式GLR方案易于实现,只需相关网元软件升级即可。     

基于身份保护的高效3GPPAKA协议

针对3GPP AKA协议中存在的安全缺陷,在消息中加入访问网络的身份信息,利用秘密令牌机制,提出了一种可以防止重定向攻击、SQN同步缺陷和用户身份信息泄露的改进方案,并对其安全性和效率进行了分析。分析表明,本方案可以有效解决上述问题,以较少的资源开销就能获取协议效率和安全性能的提高。     

Performance analysis of cache strategy for signaling traffic management in a wireless ATM network

In a wireless ATM network for mobile multimedia services, conventional signaling protocols generate heavy traffic because the signaling load must be handled in a HLR (Home Location Register). This centralized structure of the wireless ATM network causes critical connection setup delays. Thus, distributed processing based on a reduction of the connection setup delays is needed in wireless ATM networks. A cache strategy for call delivery with cache updates of registration based on ATM multicasting is introduced with a comparison of the cost of cache scheme with the cost of a conventional scheme. Results show that the cache scheme has better performance than conventional methods when portable mobility is low with large traffic density. This revised version was published online in July 2006 with corrections to the Cover Date.