Analytical model for authentication transmission overhead between entities in mobile networks Ja’afer Al-Saraireh * , Sufian Yousef Anglia Ruskin University, Chelmsford, UK Received 8 February 2006; received in revised form 29 January 2007; accepted 6 February 2007 Available online 15 February 2007 Abstract This paper analyses the authentication and key agreement (AKA) protocol for UMTS mobile networks. In this research the current authentication protocol has been enhanced by reducing the network traffic, signalling message between entities. Consequently the bot- tleneck at authentication centre is avoided. This is achieved by reducing the number of messages between mobile and authentication centre, then reducing the authentication times, and setup time as well as improving authentication efficiency as shown in analytical analysis and simulation results. In this paper dynamic length (L) for an array for authentication vector (AV) has been proposed. This requires designing a new technique to predict the numbers of records in AV in each authentication data request depending on the arrival rate of authentication events and residence time of the mobile station (MS) in VLR/SGSN. The analytical and simulation study have been carried out to explore the impact of dynamic length for authentication vector on the signalling traffic in mobile network. To validate the simulation results in this research work, the results have been compared with the analytical results and fill match has been achieved. Ó 2007 Elsevier B.V. All rights reserved. Keywords: AuC; Authentication; UMTS; Authentication vector 1. Introduction Fig. 1 illustrates the UMTS architecture. There are three entities participating in the UMTS security architecture, home environment (HE), serving network (SN) and mobile station (MS). The HE contains the home location register (HLR) and authentication centre (AuC). The SN consists of the visited location register (VLR) and the Serving GPRS Support Node (SGSN). The VLR handles circuit switched traffic, but SGSN handles the packet switched traffic. To provide security services in wireless networks, authentication is used as an initial process to authorize a mobile terminal for communication through secret creden- tials [2,3]. Authentication procedure is executed when the MS moves from one registration area (RA) to another one (location update) during the process of calls origina- tion and call termination. The MS is continuously listening to the broadcast message from VLR/SGSN to identify the location area by using location area identity (LAI) and the MS compares the LAI which is received with the LAI that stored in the USIM. When the LAI is different then the MS executes authentication procedure [2]. Reducing authentication signalling in third generation mobile networks, and the proposed an automatic selection mechanism that dynamically selects the length (L) of the array to reduce the network cost are recently discussed by [1]. In their method, it is assumed that when MS moves to new VLR/SGSN area, the authentication data stored in the old VLR/SGSN are not sent to the new VLR/SGSN. Also it guesses the length (L) of AV only when the MS moves to new VLR/SGSN. In this paper, a new authenti- cation protocol is proposed which is computationally more efficient and also guesses the length (L) of AV when MS 0140-3664/$ - see front matter Ó 2007 Elsevier B.V. All rights reserved. doi:10.1016/j.comcom.2007.02.001 * Corresponding author. Tel.: +44 1245493131x3028; fax: +44 1245493136. E-mail addresses: j.al-saraireh@anglia.ac.uk (J. Al-Saraireh), s.yousef @anglia.ac.uk (S. Yousef). www.elsevier.com/locate/comcom Computer Communications 30 (2007) 1713–1720