Fast Authentication Using User Path Prediction In ...

International Conference on Innovations in Engineering and Technology(ICET 2016)

Fast Authentication Using User Path Prediction In Wireless Broadband Access 1

Rajakumar Arul, 2Gunasekaran Raja, 3Kottilingam Kottursamy, 4Ramkumar Jayaraman, 5 Sheeba Backia Mary Baskaran, 6Sathya Pavithra, 7SwaminathanVenkatraman 1,3,4,5 Research Scholar, Department of Computer Technology, Anna University 2 Associate Professor, Department of Computer Technology, Anna University 6,7 Student,Department of Computer Technology, Anna University Email:[email protected], [email protected]

Abstract Wireless Interoperability for Microwave Access (WiMAX) utilizes the IEEE 802.16X mechanism for authentication. However this mechanism incurs considerable delay during handoffs. To overcome this delay, our article proposes a key caching mechanism based on user path prediction. The most frequent path of the mobile user is determined and the authentication keys are cached along that path. If the mobility follows that path, the user bypasses the normal IEEE 802.1X mechanism and establishes the necessary authentication keys directly. Through analytical and simulation modeling, we have proved that our mechanism effectively decreases the handoff delay thereby achieving fast authentication.

Keywords:Authentication; authorization; and accounting (AAA); handoff; mobile; User Path Prediction (UPP) and User Pattern.

1. Introduction Wireless broadband networks have emerged as a promising wireless technology due to its high data rate, wide coverage, low cost and built in support for mobility. Wireless Broadband Access (WBA) technology was standardized by IEEE 802.16 in the name of WiMAX. WiMAX technology is a telecommunications technology that offers transmission of wireless data via a number of transmission methods. It is basically classified into fixed and mobile WiMAX. The simplest fact that differentiates mobile and fixed WiMAX is that, the former enables a hand off scheme as the user moves from one coverage zone to another. The overall network is divided into three components: 1)Mobile Stations (MS) used by the end user to access the network. 2)The Access Service Network (ASN), which comprises one or more base stations and one or more ASN gateways (ASN - GW) that form the radio access network at the edge. 3) Connectivity Service Network (CSN), which provides IP connectivity and all the IP core network functions. In spite of all the advantages, there are numerous issues which may result in deployment challenges. As with all wireless communications, security is a major issue in WiMAX. WiMAX security is typically handled at multiple layers within a system. Each layer handles different aspects of security. A major security aspect is authentication. WiMAX offers a flexible means for authenticating Subscriber Stations and users to prevent from unauthorized use. With most applications being driven by highly mobile users, there is a need to study the mobility issue as part of the system. During handoff, authentication takes place and all the steps in authentication need to be carried out. A failure in this process may lead to session termination due to any of the reasons such as latency or lack of resources. To ensure timely handoffs, we need to reserve resources at neighboring APs so as to facilitate the mobile user to seamlessly join an adjacent AP. Discarding the other issues, our paper is aimed in improving the efficiency of authentication thereby achieving seamless handover in mobile WiMAX [1]. The authentication mechanisms that are compatible with WiMAX are RSA and Extensible Authentication Protocol (EAP). The authentication structure is based on the Internet Engineering Task Force (IETF) EAP, which supports a variety of identifications, such as username/password, digital certificates, and smart cards. The EAP protocol is the only stated authentication method in the next generation mobile WiMAX standard (IEEE 802.16m) because of the flexibility and ability to interact with Authentication, Authorizing and Accounting (AAA) infrastructures. In spite of having such an 57

International Conference on Innovations in Engineering and Technology(ICET 2016)

authentication structure, EAP cannot offer seamless handover. Many schemes have been proposed to provide seamless handovers and also reduce the handover authentication delay like pre-authentication, re-authentication, key caching. This paper is organized as follows. Schemes related to hand off latency and various refined authentication mechanisms are described in section 2. The core purpose of this paper is mentioned in section 3. The design principle is illustrated in section4. The formal verification using NS2 and the performance analysis of our proposal are presented in Section 5, respectively. And finally, in Section 6, we conclude the paper along with the future work.

2. Related Works 2.1. EAP Framework and Authentication The basic authentication in WiMAX is carried out using the Authentication Authorization and Accounting (AAA) server. EAP is used for this basic authentication and it is encapsulated in Privacy Key Management (PKMV2). IEEE 802.1X authentication scheme is used for the initial network entry as in Figure 1. The basic process of authentication is through ASN-GW which serves as the authenticator for MS. It forwards the authentication messages between the AAA server and the MS. ASN-GW stores information after authentication. The authenticator sends the EAP request message to MS which in turn responds with the EAP response and the user identity (AAA server address and user account). The message is then forwarded to AAA server using the AAA server address. Then the AAA server issues an EAP request to MS, MS responds with a random number MS-RAND. The AAA server contacts Home Location Register (HLR) to obtain a RAND number and generate a Singed RESponse (SRES) and a cipher key Kc. The AAA then utilizes the Kc and MS-RAND to compute Master Session Key (MSK) and EAP integrity key KEAP. Message Authentication Code (MAC) is derived from KEAP and the AAA sends the MAC and the RAND to MS. The MS then uses the RAND, MS-RAND and Ki (from sim card) to generate its SRES*, Kc, MSK, KEAP. Then it verifies the MAC it received from AAA server. This ensures that AAA server is authenticated. The MS then responds with MAC*, SRES*, KEAP. The AAA also verifies the MAC* using the SRES. This ensures MS is authenticated. The MSK, MSK lifetime and the MS authorization profile is sent to ASN-GW. The ASN-GW derives AK using the BS address and MSK. The MS informed with the authentication successful message. The BS then generates the Traffic Encryption Key (TEK) to ensure the integrity.

3. Proposed Scheme With fast moving users handovers occur more frequently and the available handover authentication mechanisms do deteriorate. To support fast moving users, we propose a key caching mechanism with User Path Prediction (UPP). Mobility of fast moving users is not always random. Most of the users follow a general pattern. This pattern can be extracted and can be used for authentication. The user mobility is logged in the User Database of the AAA server. Fast moving users following a general pattern will have frequent visits to some BSs. Every visit of the user will be logged and pattern mining algorithms can be used on these logs to determine the frequent pattern. Once the pattern is determined and every user is associated with his frequent pattern, the authentication keys can be given to the BSs in that pattern to facilitate fast authentication during handoffs. The authentication mechanisms based on UPP during the initial network entry and during handoffs are described below. a. Initial Network entry 1. As with normal authentication mechanisms, all the steps of 802.1X authentication takes place during the initial network entry and the MSK is derived for the user (MS). 2. Once the MS enters the network after its initial authentication, the frequent pattern of the MS is determined from the User Database log of the AAA server. 3. The MSK established during the initial network entry is given to the BSs in the frequent pattern of the MS. b. Handover authentication 58

International Conference on Innovations in Engineering and Technology(ICET 2016)

1. The identity of the MS is examined by processing the certificate using certificate authority (CA). 2. Once the identity of the MS is confirmed, the MSK obtained by the BS is used directly.

4. Mathematical Analysis 4.1 Systematic Analysis Of Existing Algorithm With UPP In order to expedite the inter ASN-GW handoffprocess we propose a mechanism which involves caching keys only along the predicted pattern. That is, if the user moves only along the pattern predicted, the key being cached can be reused. Otherwise normal authentication mechanism has to be followed [21]. Although this proposed algorithm effectively avoids the execution of IEEE 802.1X authentication, it consumes extra storage to keep track of the user‘s pattern along with the key which includes 512 or 1024 bits totally. This can be justified with the fact that the actual time taken by the user to follow normal IEEE 802.1X authentication mechanism is gargantuan.

Movement Time Line Of MS

t0 – Initial network entry authentication occurs t1 – MS moves to a random ASN or new ASN t2 – MS moves via the predicted pattern tn – End point of mobility Hence, Tk= tn - t1 If MS does not take the path via pattern, the key remains unused. If the MS follows predicted pattern, the time taken would be, Tk* = Tk– S, where S = t2 - t1 Tk– Entire life time, which may vary exponentially Tk *- Reuse time period As with any stochastic process, the comparison of IEEE 802.1X mechanism with UPP based mechanism can be accomplished by analyzing the time factor [19]. Three output measures are evaluated in our study: 1. α : the probability that the MS returns to the old ASN-GW 2. E [Tk| ( t2 - t1 ) Tk] : The MS doesn‘t take the predicted path 3. E [Tk*| ( t2 - t1 ) Tk] : MS uses the path along the pattern 4. We derive the above output measures for exponentially distributed S with fixed T and then generalize the derivation for generally distributed S with exponentially distributed T. A.

Derivation for Exponentially Distributed S and Fixed T

Suppose that the departure of the MS from the old ASN-GW is a random observer to the MSK lifetime. For the fixed MSK lifetime T, from the residual life theorem, T k has a uniform distribution over 0 ≤ Tk ≤ T. Then, α is derived as

59

International Conference on Innovations in Engineering and Technology(ICET 2016)

Similarly,

Where,

From the above equations,

B. Derivation for Generally Distributed S and Exponential T Tk is exponentially distributed with mean E[T]= 1/μ. . Let S have an arbitrary distribution with density function f(S) and Laplace transform f∗(S). Then, α is derived as

60

International Conference on Innovations in Engineering and Technology(ICET 2016)

5. Performance Measure The authentication mechanism based on User Path Prediction reduces the resource wastage by 32% for the given input than the existing IEEE 802.1X mechanism. Therefore on an average scale, the UPP based algorithm is proved to be better than the existing one considering the resource storage efficiency. When the availability of the cached MSK is considered, every time when the user deviates from the frequent path, the deviation is recorded and it is considered for determining the pattern, next time. This accurate measure is found by taking the ratio of slope values of the vectors and parameters from the analytic proof discussed in the previous section. Based on the proof, a graph is constructed for both the mechanism and a comparison is made as shown in the figure 3. The graph is constructed based on the expectation value (E[t]) along horizontal axis and the total mobility time (t) along vertical axis.Values of UPP based mechanism for best case,average case and worst case are compared with the IEEE 802.1X mechanism and plotted in a planar graph. It is found that, under best and average case scenario, the UPP based mechanism is exponentially efficient with reduction in latency whereas in worst case scenario, it coincides with the existing work depicting the fact that, if the user does not have frequent path, or if the user is not frequently mobile, UPP based mechanism is not efficient and hence follows the standard procedure.The Network Simulator NS2 is used for simulating our proposed model. NS2 as such does not support WiMAX technology. Therefore the WiMAX patch with WiMAX 802.16 PHY and MAC functions for NS2, provided by National Institute of Standards and Technology (NIST) is used [22].

6. Conclusion And Future Work This paper proposed a caching mechanism where the keys are cached only along a predicted path. The most frequent pattern in the user‘s path is determined using suitable pattern prediting algorithm to minimize the computational complexity. The resources for authentication can be reserved along this pattern so as to reduce the wastage of resources and making authentication faster along the pattern as the resources are already reserved.When the performance was analytically investigated, it was found that the proposed scheme reduces the resource wastage by an average of 32%. The future work is aimed at analysing and extracting all the services that a user avails in a particular BS.This will allow us to provide only the services that the user frequently avails in a BS, thereby further optimizing the allocation of resources without compromising in security or handoff time.

Acknowledgement Rajakumar Arul, Gunasekaran Raja, Kottilingam Kottursamy, Ramkumar Jayaraman, Sheeba Backia Mary Baskaran, Sathya Pavithra, SwaminathanVenkatraman gratefully acknowledge the

support from NGN Labs, Department of Computer Technology, Anna University, Chennai.

61

International Conference on Innovations in Engineering and Technology(ICET 2016)

References [1] Ali AlShidhaniand Victor C.M. Leung, 2011. ‗Fast and Secure Reauthentications for 3GPP Subscribers during WiMAX-WLAN Handovers‘, IEEE transactions on dependable and secure computing, 8(5), pp.699-713. [2] Amar Farouk Merah, SamerSamarah and AzzedineBoukerche, 2012, June. ‗Vehicular Movement Patterns:A Prediction-Based Route Discovery Technique for vanets‘, IEEE ICC Wireless Networks Symposium, (pp.5291 – 5295).

[3] Anmin Fu, ShaohuaLan, Bo Huang, Zhenchao Zhu and Yuqing Zhang, 2012.‗A Novel GroupBased Handover Authentication Scheme with Privacy Preservation for Mobile WiMAX Networks‘, IEEE communications letters, 16(11), pp. 1744-1747. [4] Anmin Fu, Yuqing Zhang, Zhenchao Zhu and Xuefeng Liu, 2010. ‗A Fast Handover AuthenticationMechanism Based on Ticket for IEEE 802.16m‘, IEEE communications letters, 14(12), pp. 1134-1136. [5] Bo Wu, Defu Zhang, QihuaLan andJieminZheng, 2008, November. ‗An efficient frequent patterns Mining Algorithm based on Apriori Algorithm and the FP-tree Structure‘,Third International Conference on Convergence and Hybrid Information Technology (pp. 1099-1102). [6] David Q. Liu and Mark Coslow, 2010, September. ‗Extensible Authentication Protocols for IEEE Standards 802.11 and 802.16‘ (pp. 792 – 799). [7] IEEE Standard for Air Interface for Broadband Wireless Access Systems, 2012. ‗Enhancements to Support Machine-to-Machine Applications‘, IEEE Std 802.16p™. [8] IEEE Standard for Local and metropolitan area networks, 2011. ‗Air Interface for Broadband Wireless Access Systems‘,IEEE Std 802.16m™. [9] Jaeduck Choi and Souhwan Jung, 2010. ‗A Handover Authentication Using Credentials Based on Chameleon Hashing‘,IEEE communications letters, 14(1),pp. 54-56. [10] Liang zhang, Naoya seta, Haruyamiyajima and Hideki hayashi, 2007, March. ‗Fast Authentication Based on Heuristic Movement Prediction for Seamless Handover in Wireless Access Environment‘, IEEE Communications Society subject matter experts for publication in the WCNC proceedings, (pp. 2891-2895). [11] Pratap S. Prasad and PrathimaAgrawal, 2010. ‗Movement Prediction in Wireless Networks Using Mobility Traces‘, IEEE Communications Society subject matter experts for publication in the IEEE CCNC proceedings, (pp. 1-5). [12] S. Pack and Y. Choi, 2004, October. ‗Fast handoff scheme based on mobility prediction in public wireless LAN systems‘, IEEE Proceedings - Communication, 151(5), pp. 489-495. [13] Sheng Chai, Jia Yang and Yang Cheng, 2007, June. ‗The Research of Improved Apriori Algorithm for Mining Association Rules‘, pp. 1-4.

62

International Conference on Innovations in Engineering and Technology(ICET 2016)

[14] Shih-Feng Hsu and Yi-Bing Lin, 2009, October. ‗A Key Caching Mechanism for Reducing WiMAX Authentication Cost in Handoff‘,IEEE transactions on vehicular technology, 58(8),pp. 4507-4513. [15] SrijanChakraborty, Yu Dong, David K.Y. Yau and John C.S. Lui, 2006, February.‗On the effectiveness ofMovement Prediction to Reduce Energy Consumption in Wireless Communication‘, IEEEtransactions on mobile computing, 5(2), pp. 157-169, February 2006. [16] Thuy Ngoc Nguyen and Maode Ma, 2012, June. ‗Enhanced EAP-Based Pre-Authentication for Fast and Secure Inter-ASN Handovers in Mobile WiMAX Networks‘, IEEE transactions on wireless communications, 11(6), pp. 2179-2181. [17] Tzung-Shi Chen, Yen-Ssu Chou and Tzung-Cheng Chen, 2012, January. ‗Mining User Movement Behaviour Patterns in a Mobile Service Environment‘, IEEE transactions on systemsand cybernetics, 42(1),pp. 87-101.

[18] Yongge Shi andYiqun Zhou, 2011, July. ‗An Improved Apriori Algorithm‘,IEEE International Conference on Granular Computing, 1, pp. 476 -478. [19] Hermanns. H, 1995, April. ‗Stochastic process algebras as a tool for performance and dependability modelling‘, Computer Performance and Dependability Symposium, Proceedings., International Conference, (pp. 102-111). [20] W. Ma, Y. Fang and P. Lin, 2007, January. ‗Mobility management strategy based on user mobility patterns in wireless networks‘, IEEE Transactions on Vehicular Technology, 56(1), pp. 322–330. [21] A. M. Taha, A. T. Abdel-Hamid and S. Tahar, 2009, April. ‗Formal analysis of the handover schemes in mobile WiMAX networks‘, IFIP International Conference on Wireless and Optical Communications Networks (pp. 1-5). [22] The Network Simulator NS-2 NIST add-on IEEE 802.16 model (MAC+PHY), January 2009. Available: http://www.nist.gov/itl/antd/emntg/upload/wimax_module.pdf

63

International Conference on Innovations in Engineering and Technology(ICET 2016)

Author Biography RajaKumar Arul pursued his Bachelor of Engineering in Computer Science and Engineering from Anna University, Chennai. He received his Masters in Computer Science and Engineering at Anna University - MIT Campus. Currently, he is doing Doctorate of Philosophy under the Faculty of Information and Communication in NGN Labs, Department of Computer Technology, Anna University - MIT Campus. He is a recipient of Anna Centenary Research Fellowship. His research interest includes Security in Broadband Wireless Networks, WiMAX, LTE, Robust resource allocation schemes in Mobile Communication Networks.

Gunasekaran Raja is an Associate Professor in Department of Computer Technology at Anna University, Chennai and leads NGN Labs at Anna University. He received his UGC-Raman Post-Doctoral Fellow in Department of Computer Science at University of California, Davis in 20142015. USA. He received his B.E degree in Computer Science and Engineering from University of Madras in 2001, a M.E in Computer Science and Engineering from Bharathiyar University in 2003, and the Ph.D in Faculty of Information and Communication Engineering from Anna University, Chennai in 2010. He was a recipient of Young Engineer Award from Institution of Engineers India (IEI) in 2009 and FastTrack grant for Young Scientist from Department of Science and Technology (DST) in 2011. Current research interest includes 5G Networks, LTE-Advanced, Wireless Security and Mobile Database. He is a member of IEEE, ACM, CSI and ISTE.

Kottilingam Kottursamy is a candidate for Ph.D in Department of Computer Technology at Anna University, Chennai and a seniorscholar of NGN Labs at Anna University. He received his B.E degree in Computer Science and Engineering from Anna University in 2006, a M.E degree in Computer Science and Engineering from Anna University in 2009. His research interest includes Data management in Next Generation Networks, Software Defined Networking, Mobile Databases and Power aware Computing.

Ramkumar Jayaraman received B.Tech. degree in Information Technology from Anna University, Chennai in 2009 and M.E.in Computer Science and Engineering from Anna University, Coimbatore in 2011. He is currently doing Doctorate of Philosophy program under the Faculty of Information and Communication in NGN Labs, Department of Computer Technology, Anna University - MIT Campus. He is a recipient of Anna Centenary Research Fellowship. His key research areas of interests are Broadband Wireless Networks and Scheduling in WiMAX.

64

International Conference on Innovations in Engineering and Technology(ICET 2016)

Sheeba Backia Mary Baskaran received the Bachelor of Technology degree in Information Technology from Anna University, Chennai and Master of Engineering degree in Computer Science and Engineering from Anna University, Coimbatore. Currently, she is pursuing her Ph.D. at Next Generation Networks laboratory in the department of computer technology at Anna University-MIT Campus, Chennai. She is carrying out her research in Security Solutions for Broadband Wireless Networks. Her research interest includes WiMAX Security, LTE, LTE-A Security, 5G and MAC layer protocol design. She is a recipient of UGC-Maulana Azad National Fellowship.

Pavithra Sathiyanarayanan completed B.E in Computer Science and Engineering from Madras Institute of Technology in 2014. Research interest includes Broadband Wireless Networks and Wireless Security.

Swaminathan Venkatraman completed B.E in Computer Science and Engineering from Madras Institute of Technology in 2014. Research interest includes Network Security and Future Generation Networks. He is also a student member in IEEE.

65