Improved IPSec tunnel establishment for 3GPP-WLAN interworking

Summary Interworking between wireless local area network (WLAN) and the 3rd Generation Partnership Project (3GPP) such as Long Term Evolution (LTE) is facing more and more problems linked to security threats. Securing this interworking is a major challenge because of the vastly different architectur...

Full description

Saved in:
Bibliographic Details
Published in:International journal of communication systems 2015-04, Vol.28 (6), p.1180-1199
Main Authors: Samoui, S., El Bouabidi, I., Obaidat, M. S., Zarai, F., Hsiao, K. F., Kamoun, L.
Format: Article
Language:English
Subjects:
3GPP LTE
Authentication
AVISPA
Internet
Interworking
IP (Internet Protocol)
Mathematical models
Networks
Security
Tunnels (transportation)
Wireless communication
WLAN
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Summary Interworking between wireless local area network (WLAN) and the 3rd Generation Partnership Project (3GPP) such as Long Term Evolution (LTE) is facing more and more problems linked to security threats. Securing this interworking is a major challenge because of the vastly different architectures used within each network. Therefore, security is one of the major technical concerns in wireless networks that include measures such as authentication and encryption. Among the major challenges in the interworking security is the securing of the network layer. The goal of this article is twofold. First, we propose a new scheme to secure 3GPP LTE–WLAN interworking by the establishment of an improved IP Security tunnel between them. The proposed solution combines the Internet Key Exchange (IKEv2) with the Host Identity Protocol (HIP) to set up a security association based on two parameters, which are location and identity. Our novel scheme, which is called HIP_IKEv2, guarantees better security properties than each protocol used alone. Second, we benefit from Mobile Internet Key Exchange protocol (MOBIKE) in case of mobility events (handover). And we extend HIP_IKEv2 to HIP_MOBIKEv2 protocol in order to reduce the authentication signaling traffic. The proposed solution reinforces authentication, eliminates man‐in‐the‐middle attack, reduces denial‐of‐service attack, assures the integrity of messages, and secures against reply attack. Finally, our proposed solution has been modeled and verified using the Automated Validation of Internet Security Protocols and Applications and the Security Protocol Animator, which has proved its security when an intruder is present. Copyright © 2014 John Wiley & Sons, Ltd. In this article, we propose first a new scheme called (HIP_IKEv2) to secure 3GPP LTE‐WLAN interworking by the establishment of an improved IPSec tunnel between them. Second, we benefit from MOBIKE in case of handover, and we extend HIP_IKEv2 to HIP_MOBIKEv2 protocol in order to reduce the authentication signaling traffic. The proposed solution reinforces authentication, eliminates man in the middle attack, reduces denial of service attack, assures the integrity of messages, and secures against reply attack.
ISSN:1074-5351
1099-1131
DOI:10.1002/dac.2769