25-08-2017, 09:32 PM
INITIAL NETWORK ENTRY BASICS
[attachment=38807]
THREATS TO INITIAL NETWORK ENTRY PROCESS
The threats that are possible to initial network entry process are given below [1, 6]:
(1) RNG-RSP vulnerability
(2) Auth-Request and Invalid vulnerability
(3) Rogue BS
RNG-RSP vulnerability
The messages that are used in the initial ranging process are RNG-REQ and RNG-RSP. RNG-REQ
message is used by the MS for requesting the BS to join the network [3] and RNG-RSP message is used by the
BS in response to the RNG-REQ message to the MS containing basic and primary CID. These ranging messages
are not encrypted and hence the attacker can access it and modify it accordingly.
In RNG-RSP vulnerability, the attacker can modify this message and set the status as failed. The attacker
can resends this message to the MS, which indicates the MS that it has to go for initial ranging again. An
attacker may intercept the RNG-RSP message again and again with the status providing as failed [1, 6]. Hence,
the MS cannot join the network and leads to the DoS attack. The solution to this problem is to use Diffie-
Hellman key exchange algorithm.
Auth-Request and Invalid vulnerability
In Auth-Request and Invalid vulnerability, the attacker intercepts the Auth-Request message and resends it
to the BS continuously. As the BS gets Auth-Request message continuously, it would be confused and sets the
Auth-Response message as failed. In some cases, an attacker may intercept the Auth-Response message and
resend it to the MS after time out period [1, 6].
The solution to this problem is to use the time-stamps. By adding time-stamps to the authorization
messages, MS and BS can verify that whether the authorization message is proper. Hence the attacker also
cannot modify the message. Use of time stamps avoids the replay attack.
PROPOSED MECHANISM
The suggested solution for the initial network entry process in some paper is to use Diffie-Hellman key
exchange algorithm. In this paper the mechanism is given which uses Elliptic Curve Diffie-Hellman (ECDH)
key exchange algorithm, which is explained in the next section, instead of Diffie-Hellman algorithm. The reason
behind using ECDH algorithm is to improve the security as well as to improve the performance of the system.
The performance will be increased because ECDH is much faster than the simple Diffie-Hellman algorithm.
The proposed model for initial network entry is shown in fig. 2. This proposed mechanism solves two
issues of initial network entry: RNG-RSP vulnerability and Rouge BS [6]. Here, the ECDH algorithm is used to
generate a common secrete key called as pre-TEK. This key is used to encrypt the RNG-RSP message. Hence
the intruder cannot modify the message. Hence MS and BS can perform secure ranging process. In the ranging
process the secure channel will be established, because of which the SBC parameter and authentication
messages are securely exchanged. As the complete initial network entry process is secure, the authentication
vulnerability gel also solved.
[attachment=38807]
THREATS TO INITIAL NETWORK ENTRY PROCESS
The threats that are possible to initial network entry process are given below [1, 6]:
(1) RNG-RSP vulnerability
(2) Auth-Request and Invalid vulnerability
(3) Rogue BS
RNG-RSP vulnerability
The messages that are used in the initial ranging process are RNG-REQ and RNG-RSP. RNG-REQ
message is used by the MS for requesting the BS to join the network [3] and RNG-RSP message is used by the
BS in response to the RNG-REQ message to the MS containing basic and primary CID. These ranging messages
are not encrypted and hence the attacker can access it and modify it accordingly.
In RNG-RSP vulnerability, the attacker can modify this message and set the status as failed. The attacker
can resends this message to the MS, which indicates the MS that it has to go for initial ranging again. An
attacker may intercept the RNG-RSP message again and again with the status providing as failed [1, 6]. Hence,
the MS cannot join the network and leads to the DoS attack. The solution to this problem is to use Diffie-
Hellman key exchange algorithm.
Auth-Request and Invalid vulnerability
In Auth-Request and Invalid vulnerability, the attacker intercepts the Auth-Request message and resends it
to the BS continuously. As the BS gets Auth-Request message continuously, it would be confused and sets the
Auth-Response message as failed. In some cases, an attacker may intercept the Auth-Response message and
resend it to the MS after time out period [1, 6].
The solution to this problem is to use the time-stamps. By adding time-stamps to the authorization
messages, MS and BS can verify that whether the authorization message is proper. Hence the attacker also
cannot modify the message. Use of time stamps avoids the replay attack.
PROPOSED MECHANISM
The suggested solution for the initial network entry process in some paper is to use Diffie-Hellman key
exchange algorithm. In this paper the mechanism is given which uses Elliptic Curve Diffie-Hellman (ECDH)
key exchange algorithm, which is explained in the next section, instead of Diffie-Hellman algorithm. The reason
behind using ECDH algorithm is to improve the security as well as to improve the performance of the system.
The performance will be increased because ECDH is much faster than the simple Diffie-Hellman algorithm.
The proposed model for initial network entry is shown in fig. 2. This proposed mechanism solves two
issues of initial network entry: RNG-RSP vulnerability and Rouge BS [6]. Here, the ECDH algorithm is used to
generate a common secrete key called as pre-TEK. This key is used to encrypt the RNG-RSP message. Hence
the intruder cannot modify the message. Hence MS and BS can perform secure ranging process. In the ranging
process the secure channel will be established, because of which the SBC parameter and authentication
messages are securely exchanged. As the complete initial network entry process is secure, the authentication
vulnerability gel also solved.