Advancing authentication for cellular networks and mobile users

Thumbnail Image

Files

isbn9789526413365.pdf (608.11 KB)

URL

Journal Title

Journal ISSN

Volume Title

School of Science | Doctoral thesis (article-based) | Defence date: 2023-08-02
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2023

Department

Tietotekniikan laitos
Department of Computer Science

Major/Subject

Mcode

Degree programme

Language

en

Pages

91 + app. 103

Series

Aalto University publication series DOCTORAL THESES, 102/2023

Abstract

Cellular networks provide connectivity and network services to billions of users. Therefore, it is critically important to protect the cellular network and its users against malicious actors. This thesis contributes to two aspects of cellular network security: authentication and transparency.  Authentication is a crucial element in cellular network security. It is required for authorizing subscribers to access the cellular services, authenticating users to applications, and logging in administrators to the cellular backend. We integrated federated OpenID authentication with an early version of the OpenStack cloud for authenticating the cloud administrators. One of the authentication methods in OpenID was the Generic Bootstrapping Architecture (GBA), which uses the mobile subscriber credentials for the authentication. We performed formal modeling and analysis of OpenID with GBA internetworking. The analysis provided security assurance of the integration for critical applications, such as administering virtual mobile backend functions in the cloud. The security of the mobile subscriber authentication depends on how the user credentials are provisioned, and this is changing from physical SIM cards to remotely downloadable SIM profiles. We perform formal modeling and analysis of the consumer Remote SIM Provisioning (RSP) protocol that is used for downloading the credentials. We verify that the protocol meets its stated and implicit security goals against a network adversary. We also analyze the protocol in realistic partial compromise scenarios, such as in the presence of some compromised servers and phones. We then suggest how to make the protocol more robust in these scenarios.  In the cloud, a tenant relies on the cloud provider for its security. We developed an automated security compliance monitoring tool for the OpenStack cloud. Its primary purpose was to increase trust in the cloud platform and to enable the implementation of virtual network functions. This work was done before commercial cloud providers had widely adopted such compliance monitoring mechanisms. We also designed two transparency mechanisms that enable the tenants and third-party auditors to monitor for security breaches. The first is a smart contract based transparency mechanism for the web PKI, and the second is transparency for issued SIM profiles in RSP.  Overall, this thesis presents research results that have addressed timely and relevant security issues in cellular networks over a time span of about ten years. We have contributed technologies and provided research-based input to the design and implementation of secure cellular networks.

Description

Supervising professor

Aura, Tuomas, Prof., Aalto University, Department of Computer Science, Finland

Keywords

cellular authentication, federated authentication, symbolic analysis, security compliance, transparency, blockchain, PKI, eSIM, cloud

Other note

Parts

  • [Publication 1]: Abu Shohel Ahmed, Peeter Laud. Formal Security analysis of OpenID with GBA protocol. In International Conference on Security and Privacy in Mobile Information and Communication Systems, Aalborg, Denmark, 2011.
  • [Publication 2]: Rasib H Khan, Abu Shohel Ahmed, Jukka Ylitalo. Service Oriented Integration of OpenID Authentication in OpenStack. Journal of Information Assurance & Security, Volume 7, number 2, 2012.
  • [Publication 3]: Kazi Wali Ullah, Abu Shohel Ahmed, Jukka Ylitalo. Towards Building an Automated Security Compliance Tool for the Cloud. In 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Australia, 2013.
  • [Publication 4]: Abu Shohel Ahmed, Tuomas Aura. Turning trust around: Smart Contract-assisted Public Key Infrastructure. In 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, USA, 2018.
    Full text in Acris/Aaltodoc: http://urn.fi/URN:NBN:fi:aalto-201810165379
    DOI: 10.1109/TrustCom/BigDataSE.2018.00026 View at publisher
  • [Publication 5]: Abu Shohel Ahmed, Mukesh Thakur, Santeri Paavolainen, Tuomas Aura. Transparency of SIM Profiles for the Consumer Remote SIM Provisioning Protocol. Annals of Telecommunications, Volume 76, July 2020.
    Full text in Acris/Aaltodoc: http://urn.fi/URN:NBN:fi:aalto-202102021908
    DOI: 10.1007/s12243-020-00791-2 View at publisher
  • [Publication 6]: Abu Shohel Ahmed, Aleksi Peltonen, Mohit Sethi, Tuomas Aura. Security Analysis of the Consumer Remote SIM Provisioning Protocol. Submitted to a journal, November 2022.

Citation

Permanent link to this item

https://urn.fi/URN:ISBN:978-952-64-1336-5

Collections

[diss] Perustieteiden korkeakoulu / SCI