To ensure secure mobile communication, the communicating entities must know their mutual identities. The entities which need to be identified in a mobile communication system are mobile devices and the network. Third Generation Partnership Project (3GPP) has specified Evolved Packet System Authentication and Key Agreement (EPS AKA) procedure for the mutual authentication of user and the Long Term Evolution (LTE) network. EPS AKA certainly overcomes most of the vulnerabilities in the Global System for Mobile Communications (GSM) and Universal Mobile Telecommunication System (UMTS) access procedures. However, the LTE access procedure still has security weaknesses against some of the sophisticated security threats, such as, Denial-of-Service (DoS) attacks, Man-in-the-Middle (MitM) attacks, rogue base station attacks and fails to ensure privacy protection for some of the important parameters. This paper proposes an improved security framework for the LTE access procedure by ensuring the confidentiality protection of International Mobile Subscriber Identity (IMSI) and random-challenge RAND. Also, our proposed system is designed to reduce the impact of DoS attacks which try to overwhelm the network with useless computations. We use a one-time shared key with a short lifetime between the UE and MME to protect IMSI and RAND privacy. Finally, we explore the parameters design for the proposed system which leads to satisfy the requirements imposed on computational load and latency as well as security strength.

Currently, a correspondent host will have difficulties in establishing a direct session path to a mobile host because of the partial deployment of MIPv6-aware mobile hosts. Even MIPv6-aware hosts will spend up to several seconds to obtain the new location of the mobile host during Layer 3 (L3) handover. This paper proposes an application-level mobility management scheme that can solve the problems related to the increase of Internet traffic end-to-end delay under the current situation that most of the mobile devices are MIPv6-non-aware. The proposed Secure Mobility Management Application (SMMA) enables the updates of care-of address to be faster and more reliable even when L3 handovers occur frequently. SMMA uses a cross-layer approach for session mobility management with the support of Binding Updates to the home agent via IPSec tunnels. The main feature of SMMA is to handle the session-related mobility management for which operation starts just after the completion of name resolution as a pre-call mobility management, which operates in conjunction with the DNS. Our session-related mobility management introduces three new signaling messages: SS-Create for session state creation, SS-Refresh for session state extension and SS-Renewal for updating new care-of address at the mid-session. Finally, this paper analyzes the work load imposed on a mobile host to create a session state and the security strength of the SS-Renewal message, which depends on the key size used.