1-10hit |
Smart cities aim to improve the quality of life of citizens and efficiency of city operations through utilization of 5G communication technology. Based on various technologies such as IoT, cloud computing, artificial intelligence, and big data, they provide smart services in terms of urban planning, development, and management for solving problems such as fine dust, traffic congestion and safety, energy efficiency, water shortage, and an aging population. However, as smart city has an open network structure, an adversary can easily try to gain illegal access and perform denial of service and sniffing attacks that can threaten the safety and privacy of citizens. In smart cities, the global mobility network (GLOMONET) supports mobile services between heterogeneous networks of mobile devices such as autonomous vehicles and drones. Recently, Chen et al. proposed a user authentication scheme for GLOMONET in smart cities. Nevertheless, we found some weaknesses in the scheme proposed by them. In this study, we propose a secure lightweight authentication for roaming services in a smart city, called SLARS, to enhance security. We proved that SLARS is more secure and efficient than the related authentication scheme for GLOMONET through security and performance analysis. Our analysis results show that SLARS satisfies all security requirements in GLOMONET and saves 72.7% of computation time compared to that of Chen et al.’s scheme.
Wireless LAN (WLAN) roaming systems, such as eduroam, enable the mutual use of WLAN facilities among multiple organizations. As a consequence of the strong demand for WLAN roaming, it is utilized not only at universities and schools but also at the venues of large events such as concerts, conferences, and sports events. Moreover, it has also been reported that WLAN roaming is useful in areas afflicted by natural disasters. This paper presents a novel WLAN roaming system over Wireless Mesh Networks (WMNs) that is useful for the use cases shown above. The proposed system is based on two methods as follows: 1) Automatic authentication path generation method decreases the WLAN roaming system deployment costs including the wiring cost and configuration cost. Although the wiring cost can be reduced by using WMN technologies, some additional configurations are still required if we want to deploy a secure user authentication mechanism (e.g. IEEE 802.1X) on WLAN systems. In the proposed system, the Access Points (APs) can act as authenticators automatically using RadSec instead of RADIUS. Therefore, the network administrators can deploy 802.1X-based authentication systems over WMNs without additional configurations on-site. 2) Local authentication method makes the system deployable in times of natural disasters, in particular when the upper network is unavailable or some authentication servers or proxies are down. In the local authentication method, users and APs can be authenticated at the WMN by locally verifying the digital certificates as the authentication credentials.
The widespread adoption of IP-based telecommunication core networks is leading to a paradigm shift in international interconnection where the traditional Time-Division Multiplexing (TDM) interconnection between telecommunication networks is being replaced by IP interconnection. IP eXchange (IPX) is an emerging paradigm in international IP interconnection that has novel requirements, such as an end-to-end Quality of Service (QoS) guarantee across multiple carriers. IPX is a future direction for international telecommunications, but it is not easy to understand the overall concept of IPX because it is derived from a wide variety of services, technical knowledge, and telecommunication backgrounds. The confusion and complexity of the technical elements hinder the development of IPX. Thus, this paper clarifies the state-of-the-art technical elements from an IPX perspective and discusses ongoing challenges and emerging services on IPX, particularly end-to-end QoS, Voice over IP issues, IP Multimedia Subsystem (IMS) interworking, and Long Term Evolution (LTE) roaming. This paper also surveys published academic research studies that were not focused primarily on IPX but which are likely to provide potential solutions to the challenges.
Bo GU Kyoko YAMORI Sugang XU Yoshiaki TANAKA
With the proliferation of IEEE 802.11 wireless local area networks, large numbers of wireless access points have been deployed, and it is often the case that a user can detect several access points simultaneously in dense metropolitan areas. Most owners, however, encrypt their networks to prevent the public from accessing them due to the increased traffic and security risk. In this work, we use pricing as an incentive mechanism to motivate the owners to share their networks with the public, while at the same time satisfying users' service demand. Specifically, we propose a “federated network” concept, in which radio resources of various wireless local area networks are managed together. Our algorithm identifies two candidate access points with the lowest price being offered (if available) to each user. We then model the price announcements of access points as a game, and characterize the Nash Equilibrium of the system. The efficiency of the Nash Equilibrium solution is evaluated via simulation studies as well.
Souheil BEN AYED Fumio TERAOKA
The evolution of Internet, the growth of Internet users and the new enabled technological capabilities place new requirements to form the Future Internet. Many features improvements and challenges were imposed to build a better Internet, including securing roaming of data and services over multiple administrative domains. In this research, we propose a multi-domain access control infrastructure to authenticate and authorize roaming users through the use of the Diameter protocol and EAP. The Diameter Protocol is a AAA protocol that solves the problems of previous AAA protocols such as RADIUS. The Diameter EAP Application is one of Diameter applications that extends the Diameter Base Protocol to support authentication using EAP. The contributions in this paper are: 1) first implementation of Diameter EAP Application, called DiamEAP, capable of practical authentication and authorization services in a multi-domain environment, 2) extensibility design capable of adding any new EAP methods, as loadable plugins, without modifying the main part, and 3) provision of EAP-TLS plugin as one of the most secure EAP methods. DiamEAP Server basic performances were evaluated and tested in a real multi-domain environment where 200 users attempted to access network using the EAP-TLS method during an event of 4 days. As evaluation results, the processing time of DiamEAP using the EAP-TLS plugin for authentication of 10 requests is about 20 ms while that for 400 requests/second is about 1.9 second. Evaluation and operation results show that DiamEAP is scalable and stable with the ability to handle more than 6 hundreds of authentication requests per second without any crashes. DiamEAP is supported by the AAA working group of the WIDE Project.
Soochang PARK Euisin LEE Min-Sook JIN Sang-Ha KIM
In Proxy Mobile IPv6 (PMIPv6), when a Mobile Node (MN) enters a PMIPv6 domain and attaches to an access link, the router on the access link detects attachment of the MN by the link-layer access. All elements of PMIPv6 including the router then provide network-based mobility management service for the MN. If the MN moves to another router in this PMIPv6 domain, the new router emulates attachment to the previous router by providing same network prefix to the MN. In other words, PMIPv6 provides rapid mobility management based on layer-2 attachment and transparent mobility support to the MN by emulating layer-3 attachment with respect to intra-domain roaming. However, when the MN moves to other PMIPv6 domains, although the domains also provide the network-based mobility management service, the MN should exploit the host-based mobility management protocol, i.e. Mobile IPv6 (MIPv6), for the inter-domain roaming. Hence, this letter proposes the rapid and transparent inter-domain roaming mechanism controlled by the networks adopting PMIPv6.
SeongHan SHIN Kazukuni KOBARA Hideki IMAI
In this paper, we propose a leakage-resilient and proactive authenticated key exchange (called LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. And we show that the LRP-AKE protocol is provably secure in the random oracle model with the reduction to the computational Diffie-Hellman problem. In addition, we discuss about some possible applications of the LRP-AKE protocol.
The roaming services with the predefined security associations among the entities in various networks are especially complex. We propose a novel architecture to support future context-aware interoperator roaming services throughout 4G networks by using Roaming Coordinators. We design a secure context management model for the practical use of Smart Cards in the secure roaming services. Our architecture solves the interoperator roaming management problems while minimizing the processing overhead on the mobile nodes.
This letter proposes a hierarchical key management scheme based on hash key chain for authentication of roaming mobile nodes in both intra-domain and inter-domain. The key management scheme uses a local master key concept for reducing the latency of the authentication procedure and the communication overhead between a home authentication server and an access point in the foreign domain. The proposed scheme also supports secure separation of the authentication key among local authentication servers using hash key chain.
Shuhong WANG Feng BAO Jie WANG
The Virtual Software Token Protocol was proposed by Know as a practical method for secure public key infrastructure roaming. However, he recently found a weakness of the protocol under the original assumption, and proposed two revised versions, namely refinement and improvement, which lost the desirable properties of scalability and efficiency respectively. In this letter, a secure improvement is proposed for better performance in both scalability and efficiency. Unlike the author's improvement, our improvement provides parallel execution as the original protocol did.