A New Authentication Protocol for UMTS Mobile Networks

This paper analyzes the authentication and key agreement (AKA) protocol for universal mobile telecommunications system (UMTS) mobile networks, where a new protocol is proposed. In our proposed protocol, the mobile station is responsible for generating of authentication token (AUTN) and random number (RAND). The home location register is responsible for comparison of response and expected response to take a decision. Therefore, the bottleneck at authentication center is avoided by reducing the number of messages between mobile and authentication center. The authentication time delay, call setup time, and signalling tra ﬃ c are minimized in the proposed protocol. A ﬂuid mobility model is used to investigate the performance of signalling tra ﬃ c and load transaction messages between mobile database, such as home location register (HLR) and visitor location register (VLR) for both the current protocol and the proposed protocol. The simulation results show that the authentication delay and current load transaction messages between entities and bandwidth are minimized as compared to current protocol. Therefore, the performance and the authentication delay time have been improved signiﬁcantly.


INTRODUCTION
In order to provide security services in wireless networks, authentication is used as an initial process to authorize a mobile terminal for communication through secret credentials [1].In authentication process, a mobile terminal is required to submit secret materials such as certificate or "challenge and response" values for verification [2].Without strong authentication, mobile networks access is unprotected through the release of message contents, and modification of message or denial of service can be accomplished easily by an intruder.
There are different approaches done to enhance UMTS authentication mechanisms, there are four approaches being discussed in Europe [3].The 1st scheme is proposed by Royal Holloway College.This protocol is a symmetric scheme, it works with a challenge response mechanism and it offers a mutual authentication of the user and the network operator as well as confidentiality about the user identity towards the network operator.In general the mechanism consists of five messages, which are exchanged between the user, the network operator, and the service provider.If the user has already logged on at the network operator who possesses a temporary identity, two of the five messages are dropped and the service provider is not involved.The 2nd scheme is proposed by Siemens.It is an asymmetric protocol.This protocol requires five messages, which are exchanged between the user, the network operator, and a certificate server storing certified copies of the necessary public keys.Only three messages are required for this without a certificate server being involved.The 3rd scheme is proposed by KPN.It is a variant of the station-to-station (STS) protocol and similar to the protocol that was developed by Siemens as far as the message flow and the mechanism of key exchange are concerned.The 4th scheme is proposed by Siegen University.This protocol is based on asymmetrical certified-based algorithms.By making use of time variant parameters, digital signatures supply the authentication of the communicating partners.
In this paper, analysis model is used to investigate the performance of signalling traffic, load, and bandwidth that are generated by these protocols as well as the delay in the call setup time.Also, a new protocol is proposed to improve the performance of authentication by reducing the authentication times and signalling messages.
This paper is organized as follows.Section 2 specifies and describes the AKA protocol in 3G.In Section 3, the UMTS authentication protocol is analyzed.A proposed authentication protocol for UMTS mobile networks is described in Section 4. The traffic load in the proposed  authentication protocol is analyzed in Section 5.In Section 6, simulation results, comparison, and discussion between the two protocols are presented.The paper is concluded in Section 7.

UMTS AUTHENTICATION PROTOCOL
In UMTS, three components participate in authentication.
This authentication protocol is using secret key K and cryptographic algorithms-including three message authentication codes f 1 , f * 1 , and f 2 and four key generation functions f 3 , f 4 , f 5 , and f * 5 [4][5][6][7] that are shared between MS and the HLR/AuC.This is known as authentication and key agreement protocol (AKA); also the AuC maintains a counter called sequence number (SQN H LR), and user mobile station maintains a counter (SQN MS ), the initial value for these counters are set to zeroes [7][8][9].
There are three goals for the UMTS AKA [10]: (1) the mutual authentication between the user and the network; (2) the establishment of a cipher key and an integrity key upon successful authentication; and (3) the freshness assurance to the user of the established cipher and integrity keys.
There are two phases in AKA protocol [11]: (1) the distribution of authentication vectors from the HLR/AuC to the VLR/MSC; (2) the authentication and key agreement procedure between the MS and the VLR.
As illustrated in Figure 1, UMTS authentication procedure works as follows. (

ANALYSIS OF UMTS AUTHENTICATION PROTOCOL
The mobile station is continuously listening to the broadcast message from MSC/VLR to identify the location area by using location area identity (LAI), the MS is comparing the LAI which is received with the LAI stored in the USIM.When the LAI is different then the MS requires a new registration.Figure 2 illustrates registration area boundary.The registration occurs when the mobile is switched on, or when it has moved from one registration area to a new one.Movement of MS within the same registration area will not generate any registration messages.The authentication processes is done in every registration, call originating, and call terminating.Figure 3 illustrates the signalling messages flow for registration activity.Figure 4 illustrates the signalling message flow for call origination and termination.
In our analysis, a fluid mobility model is used to investigate and analyze the performance of signalling traffic, load, and bandwidth that are generated by these protocols and the delay in the call setup time.In this model, we have the following parameters: (1) user who is carrying mobile station (MS) is moving at an average velocity v; (2) direction of MS movement is uniformly distributed over [0, 2π]; (3) mobile users are uniformly populated with the density ρ within the registration area; (4) registration area (RA) boundary is of length L.
Then the rate of registration area crossing R, the average number of active mobile crossing the registration area, is given by From ( 1), we can calculate the signalling traffic for registration, origination, and termination call.Mobile traffic of network depends on the MS user's movement.Table 1 summarizes assumptions which are made to perform numerical analysis.
The traffic due to authentication request at registration is generated by mobile moving into new registration area, this equals the number of deregistration (registration cancellations).The rate of registration area crossing R is given by The rate of deregistration area crossing R is equivalent to the rate of registration The total number of authentication request message per second that arrives at the HLR is  The number of calls terminating per registration area (R Call Termination/RA ) is equivalent to the number of calls originating per registration area, R Call Termination/RA = 15.19 /s.Table 2 summarizes the total authentication requests per VLR and HLR for each type of activity as computed above.From Figures 3 and ??fig: 4 it can be summarized that the signalling messages flow for each activity registration, call origination, and call termination as shown in Table 3.The total signalling traffic and load The transaction messages between mobile databases (VLR and HLR) are shown in Table 4 which are calculated from the values in Tables 2 and 3.
From the above equations and calculations, it has been found that the relationships between velocity of movement of users and the total authentication requests per VLR and HLR for UMTS authentication process is directly proportional, and the relationship between the registration area and total authentication requests per VLR and HLR for UMTS registration process is directly proportional.
The authentication delay is the time between the MS starting to create a registration request until the completion of the registration after the last successful signature verifi-cation by the mobile node.Assume that the authentication time delay is T Auth and the time delay to access VLR database is the same as to access HLR database, and let this time be T DB and let the time between MS and MSC be T MS-MSC .From Figure 3, it can be seen that there are four messages between databases (M2, M3, M4, and M5), and three messages between MS and VLR/MSC (M1, M6, and M7).Then T Auth can be computed as follows: (ii) M6 is the sixth message which contains the parameters Rand and AUTN, where and the length of AUTN = max[L(SQN), L(AK)] + L(AMF) + L(MAC), L(AUTN) = 48 + 16 + 64 = 128 bits.
The size of the authentication messages between MS and VLR/MSC is calculated as follows: L MS-MSC = L(M1) + L(M6) + Lm (7) = 464 bits = 58 bytes.(11) The size of messages between databases can be calculated as follows.
(i) M2 is the 2nd message which contains the parameters IMS/TMSI, Service Request, and LAI; the length of M2 is equal to the length of M1 = 176 bits.(ii) M3 is the 3rd message which contains the same parameters as M2 the L(M3)= 176.For each AV generated from AuC that contains 5 records, the total size is The size of authentication messages between databases is calculated as follows: L DB = 176 + 176 + 2720 = 3616 bits = 452 bytes.( 14) The total size of messages in the authentication process is L Auth = 464 + 3616 = 4080 bits = 510 bytes.As shown in Table 2 for registration activity there are 5.60 authentication requests and for origination/termination call activity there are 15.19 authentication requests.Table 6 summarizes the bandwidth used between MS and VLR/MSC and between databases.

THE PROPOSED AUTHENTICATION PROTOCOL FOR UMTS MOBILE NETWORKS
The secret key K, the cryptographic algorithms f 1 , f * 1 , and f 2 , and the four key generation functions f 3 , f 4 , f 5 , and f * 5 are shared between MS and the HLR/AuC.The proposed protocol here works as follows.
(1) MS generates authentication vector AV ( Figure 5 illustrates the proposed UMTS authentication protocol.

ANALYSIS OF THE PROPOSED AUTHENTICATION PROTOCOL
From Figure 6, we can summarize the signalling messages per authentication for each activity registration, call origination, and call termination as illustrated in    2 and 7.
The authentication delay for the proposed protocol T Auth is computed as follows: To compute the bandwidth, there are four messages to authentication; one of them is between MS and VLR/MSC and the other three are between databases, the sizes of these messages can be computed as follows.
The size of messages between MS and VLR/MSC can be calculated as follows.The size of the authentication messages between MS and VLR/MSC is calculated as follows: The size of messages between databases can be calculated as follows.
(i) M2 is the 2nd message in which the length of M2 is equivalent to the length of M1 = 432 bits.(ii) M3 is the 3rd message which contains the same parameters as M2 the L(M3) = 432 bits.(iii) M4 is the 4th message which contains only RES, where the length M4 = 32 bits.
The size of authentication messages between databases is calculated as follows.
(18) The total size of messages in the authentication process is L Auth = 54 + 112 = 166 bytes.As shown in Table 2 for registration activity, there are 5.60 authentication requests and for origination/termination call activity, there are 15.19 authentication requests.Table 9 summarizes the bandwidth used between MS and VLR/MSC and between databases.

SIMULATION RESULTS (COMPARISON AND
DISCUSSION) The simulation study has been carried out in order to analyze signalling traffic performance and load transaction messages and bandwidth that is consumed between mobile networks entities.The simulation is carried out by using different mobility rate.
The software we have used to simulate the current and proposed authentication protocol is network simulator (NS-2).NS-2 is an object-oriented, discrete event driven network simulator developed at UC Berkely written in C++ and OTcl.
The proposed authentication protocol preserved the same security as such as the security available in the current UMTS.The authentication and privacy are preserved.The MS is still authenticated using the secret key and the authentication result is computed first in the mobile SIM card then it is sent to the AuC for verification and validation.
In the proposed protocol, the signalling messages are reduced between the mobile networks entities.Tables 10,11, 12, and 13 illustrates the differences between current UMTS authentication protocol and the proposed protocol.The The simulation results show that the authentication delay and current load transaction messages between entities and bandwidth are minimized comparing to current protocol, as illustrated in Figures 7,8,9,10,and 11.Therefore, the performance and the authentication delay time have been improved significantly.
As shown in Table 12-which is extracted from Tables 4  and 8-the percentage of improvement is more than 50%.From ( 7) and (15), where it is assumed that TDB = 1, the proposed protocol has less delay than the current UMTS protocol as shown in Figure 7.
Varying the MS mobility rate (the speed of movement), it can be seen in Table 14 that the proposed scheme is maintaining the same level of improvement in terms of total network signalling which is around 50 percent compared to the conventional UMTS approach.The advantage of the proposed scheme is the structure itself which is a very important issue in this analysis study.In the current UMTS AKA, the challenge response is based on challenging the MS after preparing the authentication vector in the AuC.Then the VLR has to send the RAND number to the MS and waits for the response (SRES), and upon comparison the authentication decision is taken.Our design concept is based on the general form of the authentication definition.The proposed protocol starts from preparing the authentication result in the MS, then sending it to the AuC for verification and validation in three messages only.Deregistration of the old VLR in the proposed protocol is faster than the current UMTS authentication protocol, which is vital in decreasing the total delay.

CONCLUSION
In this paper, the UMTS authentication and key agreement protocol and the signalling traffic that are generated by registration, call termination, and call origination have been investigated and analyzed as well as the bandwidth that is used between MS and VLR and between databases registers.The proposed authentication protocol has improved the performance of authentication by reducing the authentication times, setup time, and data sizes.Also, the proposed authentication mechanism has less signalling traffic and consequently, the bottleneck at authentication center is avoided significantly by reducing the number of messages between mobile and authentication center.The proposed protocol is tight for security, because no data-authentication vector (AV) is stored in VLR/MSC and the AV is generated in the mobile for each authentication request.The proposed authentication for UMTS has been generated while keeping in mind that the complexity of this function is as low as possible while keeping a high level of security and efficiency of the used bandwidth.

Figure 3 :
Figure 3: UMTS signalling messages flow for registration.

Figure 5 :
Figure 5: The proposed authentications and key agreement protocol.

Figure 6 :
Figure 6: Signalling messages flow for the proposed authentications protocol.

Figure 9 :
Figure 9: Total signalling messages/second for all activity in current and proposed protocol.

Figure 10 :
Figure 10: Network signalling traffic with different mobility rate.

Figure 11 :
Figure 11: Comparing the bandwidth for each activity between current and proposed protocol.

Table 5
has the authentication parameters that enable us to compute the bandwidth for each activity.The size of messages between MS and VLR/MSC can be calculated as follows.

Table 2 :
Total authentication request per VLR and HLR.

Table 3 :
Signalling messages per authentication request for each activity.

Table 4 :
Total Signalling traffic and load transaction messages per second for each activity in UMTS entity.

Table 6 :
Bandwidth that is used between entities for current protocol.

Table 7 .
The total signalling traffic and load transaction messages between mobile

Table 7 :
Signalling messages per authentication request in the proposed protocol.

Table 8 :
Total signalling traffic and load transaction messages per second for each activity in the proposed protocol.

Table 9 :
Bandwidth that is used between entities for the proposed protocol.

Table 10 :
Comparing signalling messages between the current and the proposed authentication protocol.

Table 11 :
Comparing total signalling traffic and load messages per second between entities for each activity.

Table 12 :
Comparing total signalling traffic and load messages per second between entities.

Table 13 :
Comparing the bandwidth for each activity between database and VLR/MSC.

Table 14 :
Network signalling traffic with different mobility rate.