-
5G-AKA-HPQC: Hybrid Post-Quantum Cryptography Protocol for Quantum-Resilient 5G Primary Authentication with Forward Secrecy
Authors:
Yongho Ko,
I Wayan Adi Juliawan Pawana,
Ilsun You
Abstract:
5G enables digital innovation by integrating diverse services, making security especially primary authentication crucial. Two standardized protocols, 5G AKA and EAP AKA', handle authentication for 3GPP and non 3GPP devices. However, 5G AKA has vulnerabilities, including linkability attacks. Additionally, quantum computing poses threats, requiring quantum resistant cryptography. While post-quantum…
▽ More
5G enables digital innovation by integrating diverse services, making security especially primary authentication crucial. Two standardized protocols, 5G AKA and EAP AKA', handle authentication for 3GPP and non 3GPP devices. However, 5G AKA has vulnerabilities, including linkability attacks. Additionally, quantum computing poses threats, requiring quantum resistant cryptography. While post-quantum cryptography (PQC) is being standardized, its real world robustness remains unproven. Conventional cryptographic schemes offer reliability due to decades of practical use. To bridge this gap, IETF is standardizing hybrid PQC (HPQC), combining classical and quantum resistant methods. Ensuring forward secrecy and quantum resilience in 5G-AKA is critical. To address these issues, we propose 5G AKA HPQC, a protocol maintaining compatibility with existing standards while enhancing security by integrating keys derived from Elliptic Curve Integrated Encryption Scheme (ECIES) and PQC Key Encapsulation Mechanism (KEM). We validate its security using SVO Logic and ProVerif, confirming its robustness. Performance evaluations assess computational and communication overheads, demonstrating a balance between security and efficiency. This research provides key insights into quantum-safe authentication, contributing to future standardization of secure mobile authentication protocols.
△ Less
Submitted 4 February, 2025;
originally announced February 2025.
-
An optimal security management framework for backhaul-aware 5G-Vehicle to Everything (V2X)
Authors:
Vishal Sharma,
Jiyoon Kim,
Yongho Ko,
Ilsun You,
Jung Taek Seo
Abstract:
Cellular (C) setups facilitate the connectivity amongst the devices with better provisioning of services to its users. Vehicular networks are one of the representative setups that aim at expanding their functionalities by using the available cellular systems like Long Term Evolution (LTE)-based Evolved Universal Terrestrial Radio Access Network (E-UTRAN) as well as the upcoming Fifth Generation (5…
▽ More
Cellular (C) setups facilitate the connectivity amongst the devices with better provisioning of services to its users. Vehicular networks are one of the representative setups that aim at expanding their functionalities by using the available cellular systems like Long Term Evolution (LTE)-based Evolved Universal Terrestrial Radio Access Network (E-UTRAN) as well as the upcoming Fifth Generation (5G)-based functional architecture. The vehicular networks include Vehicle to Vehicle (V2V), Vehicle to Infrastructure (V2I), Vehicle to Pedestrian (V2P) and Vehicle to Network (V2N), all of which are referred to as Vehicle to Everything (V2X). 5G has dominated the vehicular network and most of the upcoming research is motivated towards the fully functional utilization of 5G-V2X. Despite that, credential management and edge-initiated security are yet to be resolved under 5G-V2X. To further understand the issue, this paper presents security management as a principle of sustainability and key-management. The performance tradeoff is evaluated with the key-updates required to maintain a secure connection between the vehicles and the 5G-terminals. The proposed approach aims at the utilization of high-speed mmWave-based backhaul for enhancing the security operations between the core and the sub-divided functions at the edge of the network through a dual security management framework. The evaluations are conducted using numerical simulations, which help to understand the impact on the sustainability of connections as well as identification of the fail-safe points for secure and fast operations. Furthermore, the evaluations help to follow the multiple tradeoffs of security and performance based on the metrics like mandatory key updates, the range of operations and the probability of connectivity.
△ Less
Submitted 16 September, 2019;
originally announced September 2019.
-
Security of 5G-V2X: Technologies, Standardization and Research Directions
Authors:
Vishal Sharma,
Ilsun You,
Nadra Guizani
Abstract:
Cellular-Vehicle to Everything (C-V2X) aims at resolving issues pertaining to the traditional usability of Vehicle to Infrastructure (V2I) and Vehicle to Vehicle (V2V) networking. Specifically, C-V2X lowers the number of entities involved in vehicular communications and allows the inclusion of cellular-security solutions to be applied to V2X. For this, the evolvement of LTE-V2X is revolutionary, b…
▽ More
Cellular-Vehicle to Everything (C-V2X) aims at resolving issues pertaining to the traditional usability of Vehicle to Infrastructure (V2I) and Vehicle to Vehicle (V2V) networking. Specifically, C-V2X lowers the number of entities involved in vehicular communications and allows the inclusion of cellular-security solutions to be applied to V2X. For this, the evolvement of LTE-V2X is revolutionary, but it fails to handle the demands of high throughput, ultra-high reliability, and ultra-low latency alongside its security mechanisms. To counter this, 5G-V2X is considered as an integral solution, which not only resolves the issues related to LTE-V2X but also provides a function-based network setup. Several reports have been given for the security of 5G, but none of them primarily focuses on the security of 5G-V2X. This article provides a detailed overview of 5G-V2X with a security-based comparison to LTE-V2X. A novel Security Reflex Function (SRF)-based architecture is proposed and several research challenges are presented related to the security of 5G-V2X. Furthermore, the article lays out requirements of Ultra-Dense and Ultra-Secure (UD-US) transmissions necessary for 5G-V2X.
△ Less
Submitted 18 December, 2019; v1 submitted 23 May, 2019;
originally announced May 2019.
-
Security, Privacy and Trust for Smart Mobile-Internet of Things (M-IoT): A Survey
Authors:
Vishal Sharma,
Ilsun You,
Karl Andersson,
Francesco Palmieri,
Mubashir Husain Rehmani,
Jaedeok Lim
Abstract:
With an enormous range of applications, Internet of Things (IoT) has magnetized industries and academicians from everywhere. IoT facilitates operations through ubiquitous connectivity by providing Internet access to all the devices with computing capabilities. With the evolution of wireless infrastructure, the focus from simple IoT has been shifted to smart, connected and mobile IoT (M-IoT) device…
▽ More
With an enormous range of applications, Internet of Things (IoT) has magnetized industries and academicians from everywhere. IoT facilitates operations through ubiquitous connectivity by providing Internet access to all the devices with computing capabilities. With the evolution of wireless infrastructure, the focus from simple IoT has been shifted to smart, connected and mobile IoT (M-IoT) devices and platforms, which can enable low-complexity, low-cost and efficient computing through sensors, machines, and even crowdsourcing. All these devices can be grouped under a common term of M-IoT. Even though the positive impact on applications has been tremendous, security, privacy and trust are still the major concerns for such networks and an insufficient enforcement of these requirements introduces non-negligible threats to M-IoT devices and platforms. Thus, it is important to understand the range of solutions which are available for providing a secure, privacy-compliant, and trustworthy mechanism for M-IoT. There is no direct survey available, which focuses on security, privacy, trust, secure protocols, physical layer security and handover protections in M-IoT. This paper covers such requisites and presents comparisons of state-the-art solutions for IoT which are applicable to security, privacy, and trust in smart and connected M-IoT networks. Apart from these, various challenges, applications, advantages, technologies, standards, open issues, and roadmap for security, privacy and trust are also discussed in this paper.
△ Less
Submitted 9 August, 2020; v1 submitted 13 March, 2019;
originally announced March 2019.
-
Security management for backhaul-aware 5G-V2X
Authors:
Vishal Sharma,
Yongho Ko,
Jiyoon Kim,
Ilsun You
Abstract:
Security is a primary concern for the networks aiming at the utilization of Cellular (C) services for connecting Vehicles to Everything (V2X). At present, C-V2X is observing a paradigm shift from Long Term Evolution (LTE) - Evolved Universal Terrestrial Radio Access Network (E-UTRAN) to Fifth Generation (5G) based functional architecture. However, security and credential management are still conce…
▽ More
Security is a primary concern for the networks aiming at the utilization of Cellular (C) services for connecting Vehicles to Everything (V2X). At present, C-V2X is observing a paradigm shift from Long Term Evolution (LTE) - Evolved Universal Terrestrial Radio Access Network (E-UTRAN) to Fifth Generation (5G) based functional architecture. However, security and credential management are still concerns to be resolved under 5G-V2X. A sizably voluminous number of key updates and non-availability of sub-functions at the edge cause adscititious overheads and decrement the performance while alarming the possibilities of variants of cyber attacks. In this paper, security management is studied as a principle of sustainability and its tradeoff is evaluated with the number of key-updates required to maintain an authenticated connection of a vehicle to the 5G-terminals keeping intact the security functions at the backhaul. A numerical study is presented to determine the claims and understand the proposed tradeoff.
△ Less
Submitted 21 November, 2018; v1 submitted 20 November, 2018;
originally announced November 2018.
-
Internet of Drones (IoD): Threats, Vulnerability, and Security Perspectives
Authors:
Gaurav Choudhary,
Vishal Sharma,
Takshi Gupta,
Jiyoon Kim,
Ilsun You
Abstract:
The development of the Internet of Drones (IoD) becomes vital because of a proliferation of drone-based civilian or military applications. The IoD based technological revolution upgrades the current Internet environment into a more pervasive and ubiquitous world. IoD is capable of enhancing the state-of-the-art for drones while leveraging services from the existing cellular networks. Irrespective…
▽ More
The development of the Internet of Drones (IoD) becomes vital because of a proliferation of drone-based civilian or military applications. The IoD based technological revolution upgrades the current Internet environment into a more pervasive and ubiquitous world. IoD is capable of enhancing the state-of-the-art for drones while leveraging services from the existing cellular networks. Irrespective to a vast domain and range of applications, IoD is vulnerable to malicious attacks over open-air radio space. Due to increasing threats and attacks, there has been a lot of attention on deploying security measures for IoD networks. In this paper, critical threats and vulnerabilities of IoD are presented. Moreover, taxonomy is created to classify attacks based on the threats and vulnerabilities associated with the networking of drone and their incorporation in the existing cellular setups. In addition, this article summarizes the challenges and research directions to be followed for the security of IoD.
△ Less
Submitted 10 August, 2018; v1 submitted 1 August, 2018;
originally announced August 2018.
-
Intrusion Detection Systems for Networked Unmanned Aerial Vehicles: A Survey
Authors:
Gaurav Choudhary,
Vishal Sharma,
Ilsun You,
Kangbin Yim,
Ing-Ray Chen,
Jin-Hee Cho
Abstract:
Unmanned Aerial Vehicles (UAV)-based civilian or military applications become more critical to serving civilian and/or military missions. The significantly increased attention on UAV applications also has led to security concerns particularly in the context of networked UAVs. Networked UAVs are vulnerable to malicious attacks over open-air radio space and accordingly, intrusion detection systems (…
▽ More
Unmanned Aerial Vehicles (UAV)-based civilian or military applications become more critical to serving civilian and/or military missions. The significantly increased attention on UAV applications also has led to security concerns particularly in the context of networked UAVs. Networked UAVs are vulnerable to malicious attacks over open-air radio space and accordingly, intrusion detection systems (IDSs) have been naturally derived to deal with the vulnerabilities and/or attacks. In this paper, we briefly survey the state-of-the-art IDS mechanisms that deal with vulnerabilities and attacks under networked UAV environments. In particular, we classify the existing IDS mechanisms according to information gathering sources, deployment strategies, detection methods, detection states, IDS acknowledgment, and intrusion types. We conclude this paper with research challenges, insights, and future research directions to propose a networked UAV-IDS system which meets required standards of effectiveness and efficiency in terms of the goals of both security and performance.
△ Less
Submitted 1 July, 2018;
originally announced July 2018.
-
Self-enforcing Game Theory-based Resource Allocation for LoRaWAN Assisted Public Safety Communications
Authors:
Vishal Sharma,
Gaurav Choudhary,
Ilsun You,
Jae Deok Lim,
Jeong Nyeo Kim
Abstract:
Public safety networks avail to disseminate information during emergency situations through its dedicated servers. Public safety networks accommodate public safety communication (PSC) applications to track the location of its utilizers and enable to sustain transmissions even in the crucial scenarios. Despite that, if the traditional setups responsible for PSCs are unavailable, it becomes prodigio…
▽ More
Public safety networks avail to disseminate information during emergency situations through its dedicated servers. Public safety networks accommodate public safety communication (PSC) applications to track the location of its utilizers and enable to sustain transmissions even in the crucial scenarios. Despite that, if the traditional setups responsible for PSCs are unavailable, it becomes prodigiously arduous to handle any of the safety applications, which may cause havoc in the society. Dependence on a secondary network may assist to solve such an issue. But, the secondary networks should be facilely deployable and must not cause exorbitant overheads in terms of cost and operation. For this, LoRaWAN can be considered as an ideal solution as it provides low power and long-range communication. However, an excessive utilization of the secondary network may result in high depletion of its own resources and can lead to a complete shutdown of services, which is a quandary at hand. As a solution, this paper proposes a novel network model via a combination of LoRaWAN and traditional public safety networks, and uses a self-enforcing agreement based game theory for allocating resources efficiently amongst the available servers. The proposed approach adopts memory and energy constraints as agreements, which are satisfied through Nash equilibrium. The numerical results show that the proposed approach is capable of efficiently allocating the resources with sufficiently high gains for resource conservation, network sustainability, resource restorations and probability to continue at the present conditions even in the complete absence of traditional Access Points (APs) compared with a baseline scenario with no failure of nodes.
△ Less
Submitted 19 April, 2018;
originally announced April 2018.
-
A framework for mitigating zero-day attacks in IoT
Authors:
Vishal Sharma,
Jiyoon Kim,
Soonhyun Kwon,
Ilsun You,
Kyungroul Lee,
Kangbin Yim
Abstract:
Internet of Things (IoT) aims at providing connectivity between every computing entity. However, this facilitation is also leading to more cyber threats which may exploit the presence of a vulnerability of a period of time. One such vulnerability is the zero-day threat that may lead to zero-day attacks which are detrimental to an enterprise as well as the network security. In this article, a study…
▽ More
Internet of Things (IoT) aims at providing connectivity between every computing entity. However, this facilitation is also leading to more cyber threats which may exploit the presence of a vulnerability of a period of time. One such vulnerability is the zero-day threat that may lead to zero-day attacks which are detrimental to an enterprise as well as the network security. In this article, a study is presented on the zero-day threats for IoT networks and a context graph-based framework is presented to provide a strategy for mitigating these attacks. The proposed approach uses a distributed diagnosis system for classifying the context at the central service provider as well as at the local user site. Once a potential zero-day attack is identified, a critical data sharing protocol is used to transmit alert messages and reestablish the trust between the network entities and the IoT devices. The results show that the distributed approach is capable of mitigating the zero-day threats efficiently with 33% and 21% improvements in terms of cost of operation and communication overheads, respectively, in comparison with the centralized diagnosis system.
△ Less
Submitted 16 April, 2018;
originally announced April 2018.
-
Extension of MIH to Support FPMIPv6 for Optimized Heterogeneous Handover
Authors:
Jianfeng Guan,
Vishal Sharma,
Ilsun You,
Mohammad Atiquzzaman
Abstract:
Fast handover for Proxy Mobile IPv6 (FPMIPv6) can reduce handover delay and packet loss compared with Proxy Mobile IPv6 (PMIPv6). However, FPMIPv6 still cannot handle heterogeneous handovers due to the lack of unified Layer 2 triggering mechanism along with the booming of emerging wireless technologies. Media Independent Handover (MIH) can provide heterogeneous handover support, and a lot of integ…
▽ More
Fast handover for Proxy Mobile IPv6 (FPMIPv6) can reduce handover delay and packet loss compared with Proxy Mobile IPv6 (PMIPv6). However, FPMIPv6 still cannot handle heterogeneous handovers due to the lack of unified Layer 2 triggering mechanism along with the booming of emerging wireless technologies. Media Independent Handover (MIH) can provide heterogeneous handover support, and a lot of integration solutions have been proposed for it. However, most of them focus on the integration of MIH and PMIPv6, and require the additional mechanisms, which are out of the scope the MIH and difficult to standardize the operations. Therefore, in this paper, we propose an integration solution of FPMIPv6 and MIH by extending the existing MIH standards, and adopt the city section mobility model to analyze its performance under different scenarios. The analytical results show that the proposed solution is capable of reducing the handover delay and the signaling cost compared with the standard as well as the fast handover solutions.
△ Less
Submitted 27 May, 2017;
originally announced May 2017.
