The 18th Annual IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC'07) 1-4244-1144-0/07/$25.00 ©2007 IEEE. A SECURITY PROTOCOL FOR MUTUAL AUTHENTICATION AND MOBILE VPN DEPLOYMENT IN B3G NETWORKS Christoforos Ntantogian Christos Xenakis Department of Informatics and Telecommunications Department of Technology Education and Digital Systems University of Athens, Greece University of Piraeus, Greece ntantogian@di.uoa.gr xenakis@unipi.gr ABSTRACT This paper proposes a security protocol that provides mutual authentication between a user and a WLAN that the first tries to connect to, and deploys a mobile Virtual Private Network (VPN) that protects the user’s data conveyed over the wireless network. For the user authentication as well as for the initialization of the VPN and the related key agreement, the EAP-SIM encapsulated within the Internet Key Exchange version 2 (IKEv2) is proposed. The deployed VPN, which is based on IPsec, ensures confidentiality, source authentication and integrity of the data exchanged over the WLAN. At the same time, the user has been subscribed to the 3G-network for charging and billing purposes using the legacy EAP-SIM authentication protocol. The established VPN can seamlessly operate and continuously provide security services as the mobile user moves and roams, materializing the notion of mobile VPN. The proposed security protocol eliminates the required enhancements to the current network infrastructure and operates transparently to the existing network functionality I. INTRODUCTION The evolution and successful deployment of Wireless Local Area Networks (WLANs) worldwide has yielded a demand to integrate them with third-generation (3G) mobile networks. The effort to develop 3G-WLAN integrated networks, also referred as Beyond 3G (B3G) networks, materializes the vision for the next generation mobile/wireless systems, which promise to provide high quality services and anywhere- anytime connectivity to mobile users. An attempt to integrate the two incompatible technologies (i.e., WLAN and 3G) and ensure cooperation at the level of security is the EAP-SIM protocol [3]. EAP-SIM provides authentication and session key agreement to users that try to connect to a WLAN by employing the users’ subscription in the Global System for Mobile communications (GSM)/General Packet Radio Services (GPRS). However, as the relative specifications document acknowledges, EAP-SIM presents some fundamental security flaws that may allow an attacker to compromise the integrity of EAP-SIM transactions [4]. In addition, the currently deployed confidentiality mechanisms, which protect data conveyance over the WLAN, do not adequately satisfy the explicit requirements of B3G networks and their users for high level security services and minimum enhancements to the existing network infrastructure. More specifically, the Wired Equivalent Privacy (WEP) protocol and the Temporary Key Integrity Protocol (TKIP) suffer from certain security flaws [8], [10], while the deployment of the Counter Mode CBC-MAC protocol (CCMP) may arise several compatibility issues, since it requires considerable changes to the existing WLAN infrastructure [9], since the wireless Access Points (APs) must incorporate additional software and hardware for implementing the Advanced Encryption Standard (AES) security algorithm. Moreover, all the aforementioned security mechanisms apply encryption over the radio interface, leaving unprotected the fixed part of the WLAN. To overcome the above deficiencies, this paper proposes a security protocol that provides secure authentication between a user and a WLAN that the first tries to connect to, and deploys a mobile Virtual Private Network (VPN) that protects the user’s data conveyed over the wireless network. The proposed security protocol is carried out in two distinct phases. In the first phase, an EAP-MD5 authentication takes place, which authenticates the user to a wireless AP, protecting the latter from blind Denial of Service (DoS) attacks at the network layer. In addition, WEP encryption is activated over the radio interface protecting the latter from traffic analysis and the IP address assigned to the user from being disclosed. Although the EAP-MD5 authentication and the WEP encryption are considered that they do not provide an adequate level of security for WLANs, in the proposed security protocol these measures are employed as complementary security measures focusing on the protection of the WLAN against certain security threats and not protecting it in general. After the initial EAP-MD5 authentication, the proposed security protocol employs the Internet Key Exchange version 2 (IKEv2) [2] that encapsulates EAP-SIM messages for “strong” mutual authentication between the user and the network (second phase). In this way the weaknesses of the legacy EAP-SIM authentication method are eliminated, and the level of authentication provided in B3G networks is enhanced. Then, the Security Associations (SAs) that have been established by IKEv2 are used for the deployment of a VPN between the user and the WLAN. The deployed VPN, which is based on IPsec [6], ensures confidentiality, source authentication, and integrity of the data exchanged over the WLAN. At the same time, the user has been subscribed to the 3G-network for charging and billing purposes using the legacy EAP-SIM authentication protocol. To support VPN mobility, in cases that the involved user moves, the security protocol incorporates the Mobility and Multihoming IKE (MOBIKE) functionality [5], which provides mobility management to the deployed SAs. The proposed security protocol eliminates the required enhancements to the current network infrastructure and operates transparently to the existing network functionality.