Chapter 3 Authentication Vector Management for UMTS
3.5 Numerical Examples
Based on the analytic and simulation models, we use numerical examples to investigate
how the RT period T affects the performance of AV management. These numerical examples also validate the simulation model (in Section 3.4) against the analytic analysis in Section 3.3.
Figure 3-5. Effects of T on α
Based on (3.6), Figure 3-5 plots the probability α of re-entrance to L0 against the RT period T. The figure indicates that for T < 27/µ, α significantly increases as T increases. For T ≥ 27/µ, the impact of T on α becomes less significant. We note that the α curve is determined by the probabilities of the movement directions. In the two-dimensional random walk, if the routing probabilities of the movement directions are not the same, then it is very likely that the MS will never return to L0. In the real world, the MS movement may exhibit locality, and the MS eventually moves back to L0.
According to (3.12) and (3.13), Figure 3-6 plots the normalized AV storage β against T and K. The figure indicates that β is an almost linearly increasing function of T. When T=27/µ, SGSN L0 consumes 17 times as much AV storage as that when T=0.
Based on (3.1) and (3.18), Figure 3-7 plots δ against T and K. We observe that δ decreases as T increases. For T>27/µ, the effect of T on δ is negligible. When T →∞, all AVs are utilized for the UARs, and δ=1/K. For the same T value, it is obvious that δ increases as K decreases. Consider the case K=30 and T=27/µ, the ADR traffic decreases 24.9% as
Figure 3-6. Effects of T and K on β (λ=20µ)
Figure 3-7. Effects of T and K on δ (λ=20µ)
compared with K=30 and T=0.
Figure 3-6 and Figure 3-7 indicate the relation between the storage usage and the ADR traffic, and provide the guidelines for the mobile operators to configure the RT timer. For example, if the operator sets K=10 and wants to reduce 88.86% of the ADR traffic (as compared with when K=1), the RT period T=27/µ should be selected. In this case, the
SGSN utilizes 17 times the AV storage as that when T=0.
Figure 3-8 shows the effects for the variance of the SGSN residence times. The Gamma distribution with mean 1/µ and variance Vs is considered for SGSN residence times because it has been shown that the distribution of any positive random variable can be approximated by a mixture of Gamma distributions (see Lemma 3.9 in [32]). Following the past experience [16][22][53], we can measure the SGSN residence times in a real mobile network, and the measured data can be approximated by a Gamma distribution as the input to our simulation model.
(a) Effect of Vs on α (b) Effects of Vs on β (c) Effects of Vs on δ Figure 3-8. Effects of Vs (λ=20µ, T=27/µ, and K=10)
Figure 3-8 shows the effect of variance Vs for the SGSN residence time distribution on the system performance. When Vs < 2.5x105/µ2, the impact of Vs on α and δ is insignificant, and β increases as Vs increases. For Vs > 2.5x105/µ2, as Vs increases, α significantly increases, β significantly decreases, and δ insignificantly decreases. This phenomenon is explained as follows. As Vs increases, more short and long SGSN residence times are observed, and the increase of the number of short SGSN residence times is more significant than that of long SGSN residence times. Since tr is composed of SGSN residence times, the increase of short tr is also more significant than that of long tr. Short tr results in large α value, and the SGSN consumes less AV storage after the MS leaves the SGSN area (i.e. small β value is expected). Moreover, as α increases, more stored AVs are used for UARs, and the number
of ADRs decreases. Therefore, the AV usage mechanism has better performance when the variance of SGSN residence times becomes large.
3.6 Summary
In UMTS, when an MS leaves a SGSN area, the SGSN may keep the unused AVs for an interval called the RT period. If the MS returns to the SGSN area within the RT period, the SGSN uses these stored AVs for mutual authentication instead of obtaining new AVs from the HSS/AuC. This AV usage mechanism reduces the signaling traffic between the SGSN and the HSS/AuC. On the other hand, this mechanism results in extra AV storage at the SGSN. In this chapter, we proposed an analytic model to investigate the impact of the RT period on the system performance. Three output measures are considered: the re-entrance probability, the extra AV storage, and the ADRs traffic between the SGSN and the HSS/AuC. The analytic results were validated against the simulation experiments. Our study provides the guidelines for the mobile operators to implement the AV usage mechanism.
Chapter 4 One-Pass Authentication Procedure for UMTS and IMS
UMTS supports IP multimedia services through IP multimedia core network subsystem (IMS). Since the IMS information is delivered through the GPRS transport network, a UMTS MS must activate GPRS PDP context before it can register to the IMS network. In the 3GPP specifications, authentication is performed at both the GPRS and the IMS networks before an MS can access the IMS services. We observe that many steps in this 3GPP “two-pass” authentication procedure are identical. Based on our observation, this chapter proposes an one-pass authentication procedure that only needs to perform GPRS authentication. At the IMS level, authentication is implicitly performed in IMS registration. Our approach may save up to 50% of the IMS registration/authentication traffic, as compared with the 3GPP two-pass procedure.
4.1 Fraudulent IMS Usage
When an MS attaches to the UMTS network, the GPRS authentication procedure is performed for mutual authentication between the MS and the UMTS core network.
Detailed message flow of the GPRS authentication procedure is given in Figure 1-4. In addition to GPRS authentication, before the MS accesses the IMS services, the IMS authentication is performed. The IMS authentication is basically the same as the GPRS authentication. Detailed message flow of the IMS authentication procedure is illustrated in Figure 1-5.
Although GPRS authentication is implemented by GMM and SS7 MAP, and IMS authentication is implemented by SIP and Cx, many steps of these two authentication procedures are duplicated (see Table 4-1). Unfortunately, these redundant steps are required. That is, after GPRS authentication, it is necessary to authenticate the MSs again at the IMS level. Without IMS authentication, an IMS user may pretend to be another IMS user. Consider the example in Figure 4-1, where there are two MSs. MS-A has the IMSI value imsi-A and the IMPI value impi-A. MS-B has the IMSI value imsi-B and the IMPI value impi-B. Suppose that MS-B is a legal GPRS user and has passed the GPRS authentication (by using imsi-B) to obtain GPRS network access. If no IMS authentication is required, MS-B may perform IMS registration by sending the CSCF a Register request that includes the MS-A’s IMPI value impi-A as a parameter. The CSCF will consider this IMS registration as a legal action activated by MS-A. Therefore, MS-B can illegally access the IMS services of MS-A. The above example shows that IMS-level authentication is required to prevent illegal access to the IMS services.
In the next section, we describe an one-pass authentication procedure for both GPRS and IMS authentications. Our approach significantly reduces the number of accesses to the HSS/AuC. We also formally prove that the one-pass procedure correctly authenticate the IMS users.
Table 4-1. Identical Steps in GPRS and IMS Authentications
Figure 4-1. Illegal IMS Registration
4.2 One-Pass Authentication Procedure
This section proposes an one-pass authentication (performed at the GPRS level) that can authenticate an IMS user without explicitly performing the IMS-level authentication. In our approach, the SGSN implements a SIP application level gateway (ALG) [15] that modifies the format of SIP messages (to be elaborated). We first describe the SIP message flow of the one-pass procedure. Then, we provide a brief cost comparison between the one-pass and the two-pass procedures.
4.2.1 SIP Message Flow
After GPRS authentication (Steps G.1–G.6 in Figure 1-4) the MS performs PDP context
activation to obtain GPRS access. Then, the MS registers to the IMS through Steps I*.1–I*.4 illustrated in Figure 4-2.
Figure 4-2. IMS Registration (One-Pass Authentication)
Step I*.1. The MS sends a SIP Register message to the SGSN with the parameter IMPI = impi. Note that after PDP context activation, the SGSN can identify the IMSI of the MS that transmits the GPRS packets [5]. The SIP ALG in the SGSN adds the IMSI value (i.e., imsi) of the MS in the Register message and forwards it to the CSCF. Details of a possible SIP ALG implementation can be found in [15].
Step I*.2. The CSCF stores the (imsi, impi) pair in the MS record, and sends a Cx Server Assignment Request message to the HSS/AuC with the parameter IMPI = impi. We note that if the CSCF has stored the (imsi, impi) pair before, then Steps I*.2 and I*.3 are skipped.
Step I*.3. The HSS/AuC uses the received IMPI value impi as an index to retrieve the IMSI and the user profile of the MS. We denote IMSIHSS(impi) as the IMSI value retrieved from the HSS/AuC. The HSS/AuC stores the CSCF name and sends a Cx Server Assignment Answer to the CSCF (with the parameters IMSIHSS(impi) and user profile).
Step I*.4. The CSCF checks whether the value imsi and IMSIHSS(impi) are the same. If so, the CSCF sends a SIP 200 OK message to the SGSN and the authentication is
considered successful. If IMSIHSS(impi) ≠ imsi, then it implies that the registration is illegal (i.e., the scenario illustrated in Figure 4-1 occurs). Suppose that IMSIHSS(impi) = imsi. The SGSN forwards the 200 OK message to the MS, and the IMS registration procedure is successfully completed.
4.2.2 Cost Analysis
Table 4-2 compares the steps executed in the one-pass and the two-pass authentication procedures. Suppose that the expected SIP message delivery cost between an MS and the CSCF is one unit, and the expected Cx message delivery cost between the CSCF and the HSS/AuC is γ units. It is anticipated that γ < 1 for the following two reasons.
z The CSCF and the HSS/AuC exchange the Cx messages through IP network. On the other hand, besides the IP network overhead, SIP communications between the MS and the CSCF involves GPRS core network and UTRAN radio network.
z The CSCF and the AuC/HSS are typically located at the same location, while the MS is likely to reside at a remote location.
Table 4-2. Comparing the One-Pass and the Two-Pass Authentication Procedures in IMS Registration
It is clear that the expected IMS registration C1 for the one-pass procedure (see Figure 4-2) is
C1 = 2 + 2
γ
(4.1)Note that Step I*.1 needs to trigger SIP ALG for SIP message analysis. Since this action is executed in micro kernel of the SGSN, the overhead can be ignored as compared with SIP message exchange. Similarly, the extra cost of IMSIHSS(impi) and imsi comparison at Step I*.4 can be ignored. Our analysis assumes that the (imsi, impi) pair does not exist at Step I*.1. Therefore Steps I*.2 and I*.3 are always executed. This assumption favors the two-pass procedure.
In the two-pass procedure, if the distribution of authentication vectors from the HSS/AuC to the SGSN (Steps I.1–I.4 in Figure 1-5) is performed, then the expected IMS registration cost C2,1 is expressed as
C2,1 = 4 + 4
γ
(4.2)If the authentication vector distribution is not executed in the two-pass procedure, then the expected IMS registration cost C2,2 is expressed as
C2,2 = 4 + 2
γ
(4.3)Like periodic location update in UMTS [38], IMS registration is periodically performed.
In Steps I.2 and I.3 of the two-pass procedure, an AV array of size n (where n ≥ 1 ) is sent from the HSS/AuC to the CSCF. Therefore, one out of the n IMS registrations incurs execution of Steps I.2 and I.3. Therefore, from (4.2) and (4.3), the expected IMS registration cost C2 for the two-pass procedure is
γ
From (4.1) and (4.4), the improvement S of the one-pass procedure over the two-pass procedure is
Figure 4-3 plots S as a function of n and γ. The figure indicates that the one-pass procedure can save up to 50% of the SIP/Cx traffic for IMS registration/authentication, as compared with the two-pass procedure. Another significant advantage of the one-pass procedure is that it consumes much less AVs (about 50% less) than the two-pass procedure.
Figure 4-3. Improvement of the One-Pass Procedure over the Two-Pass Procedure
One may argue that implementation of a SIP ALG is required in the one-pass procedure.
Since IMS is based on SIP, a SIP ALG is required for other purposes (see an example in [25]). Therefore, the one-pass procedure will not incur extra cost for implementing SIP ALG.
4.3 Correctness of The One-Pass Procedure
In this section, we prove that the one-pass authentication procedure correctly
authenticates the IMS users. In UMTS, every MS maintains the attributes IMSI, IMPI, and the preshared secret key K in its SIM card. Consider an MS with IMSI = imsi, IMPI = impi, and K = k. To simplify our discussion, we assume that these parameters are grouped into a set RMS = {imsi, impi, k} in the SIM card of the MS. Define functions IMSIMS, IMPIMS, and KMS such that for any x∈RMS
IMSIMS(x) = imsi, where imsi is the IMSI value in RMS. (4.6) IMPIMS(x) = impi, where impi is the IMPI value in RMS. (4.7)
KMS(x) = k, where k is the K value in RMS. (4.8)
Based on the above definitions, it is clear that, for example IMSIMS(impi) = IMSIMS(k) = imsi.
Similarly, for every MS, the HSS/AuC maintains a record RHSS that consists of attributes IMSI, IMPI, and K. That is, for an MS who has legal GPRS and IMS accesses
RHSS = {imsi, impi, k} = RMS.
Like (4.6)-(4.8), we define functions IMSIHSS, IMPIHSS, and KHSS such that for any x∈RHSS,
IMSIHSS(x) = imsi, where imsi is the IMSI value in RHSS. (4.9) IMPIHSS(x) = impi, where impi is the IMPI value in RHSS. (4.10) KHSS(x) = k, where k is the K value in RHSS. (4.11) In 3G 23.060 [5] and 3G 33.203 [11], MS authentication at the GPRS and the IMS levels are based on the following Theorem.
Theorem 1: Suppose that an MS claims that it has the IMSI value imsi and the IMPI
value impi. Then,a) The MS is a legal GPRS user if KMS(imsi) = KHSS(imsi).
b) The MS is a legal IMS user if KMS(impi) = KHSS(impi).
Note that Theorem 1 does not hold if an illegal user already possesses the SIM
information of a legal user (e.g., by duplicating the SIM card through the SIM card reader [25]). This issue was addressed in [33]. In this chapter, we assume that such fraudulent usage does not occur. 3GPP GPRS authentication procedure (i.e., Steps G.1–G.6) checks if both a GPRS user and the HSS/AuC have the same preshared secret key K using Theorem 1 and Fact 1a below. Similarly, 3GPP IMS authentication procedure (i.e., Steps I.1–I.8) checks if both an IMS user and the HSS/AuC have the same preshared secret key using Theorem 1 and Fact 1b.
Fact 1:
a) For an MS claiming IMSI = imsi, if XRES = RES, then KMS(imsi) = KHSS(imsi).
b) For an MS claiming IMPI = impi, if XRES = RES, then KMS(impi) = KHSS(impi).
Now, we prove that the one-pass authentication correctly authenticates the IMS users (i.e., the one-pass procedure checks if KMS(impi) = KHSS(impi)). From the definitions of the IMSIHSS and KHSS functions [i.e., (4.9) and (4.11)], it is trivial to have the following fact.
Fact 2:
For any IMPI value impi, if IMSIHSS(impi) = imsi, then KHSS(impi) = KHSS(imsi).
With Fact 2, correctness of the one-pass authentication procedure is guaranteed according to the following two theorems.
Theorem 2: Suppose that
a) an MS with the IMSI value imsi has passed the GPRS authentication; that is
KMS(imsi) = KHSS(imsi). (4.12)
b) The MS claims that its IMPI value is impi.
c) The network maps impi to the IMSI value imsi; that is
IMSIHSS(impi) = imsi. (4.13)
Then, the MS is a legal IMS user. In other words
KMS(impi) = KHSS(impi). (4.14)
Proof:
From hypothesis a, imsi∈RMS. In hypothesis b, the MS claims that it has the IMPI value
impi, which implies that impi∈RMS. From (4.8)
KMS(imsi) = KMS(impi). (4.15)
From Fact 2 and (4.13) in hypothesis c, we have
KHSS(impi) = KHSS(imsi). (4.16)
From (4.12) in hypothesis a and (4.16), we have
KMS(imsi) = KHSS(impi). (4.17)
From (4.15) and (4.17), we have KMS(impi) = KHSS(impi).
In other words, if hypotheses a–c hold, an MS is a legal IMS user with IMPI = impi.
Q.E.D.
Theorem 3: The one-pass authentication procedure correctly authenticates the IMS users;
that is, for an MS claiming the IMPI value impi, the one-pass procedure recognizes the MS as a legal IMS user if KMS(impi) = KHSS(impi).
Proof:
After Steps G.1–G.6 have been executed, the network verifies that KMS(imsi)= KHSS(imsi);
i.e., (4.12) in Theorem 2 is satisfied.
At Step I*.1, the MS claims that its IMPI value is impi and, therefore, the network assumes that KMS(imsi) = KMS(impi); i.e., (4.15) in Theorem 2 is satisfied.
At Step I*.4, the one-pass authentication checks if IMSIHSS(impi) = imsi [i.e., (4.13) in Theorem 2 is checked]. If so, KMS(impi) = KHSS(impi) as a direct consequence of Theorem 2, and the authentication procedure recognizes the MS as a legal user (according to Theorem 1). Otherwise, the authentication fails.
In other words, the one-pass procedure follows Theorem 1 to authenticate an MS.
Q.E.D.
4.4 Summary
This chapter proposed an efficient IMS registration procedure without explicitly
performing tedious authentication steps. As specified by the 3GPP, after a UMTS mobile user has obtained GPRS network access through GPRS authentication, the “same”
authentication procedure must be executed again at the IMS level (during IMS registration) before it can receive the IP multimedia services. This chapter described an one-pass authentication procedure, which only needs to perform GPRS authentication. At the IMS registration, the one-pass procedure performs several simple operations to verify if a user is legal. We prove that the one-pass procedure correctly authenticates the IMS users. Compared with the eight-step two-pass authentication, the four-step one-pass authentication saves two to four SIP/Cx message exchanges among the MS, the SGSN, the CSCF, and the HSS/AuC. Our study indicates that this new approach can save up to 50% of the network traffic generated by the IMS registration. This approach also saves 50% of the storage for buffering the authentication vectors.
Chapter 5 A Client-Side Design for PoC Service
This chapter proposes a client architecture for the Push to Talk over Cellular (PoC) service based on the Open Mobile Alliance (OMA) PoC specifications v1.0 release. We show that most standard VoIP modules can be reused for the PoC client, and the VoIP software can be easily extended to support PoC service. Then we present the detailed message flows between the PoC client and other network entities in the PoC system. A PoC client prototype has been implemented in the Industrial Technology Research Institute (ITRI) and National Chiao-Tung University (NCTU) Joint Research Center.
5.1 Introduction to PoC Service
Push to Talk over Cellular (PoC) service provides a walkie-talkie like service in the cellular communication infrastructure. In this service, several predefined PoC group members participate in one PoC session. Since the PoC session is half-duplex, only one group member speaks at a time, and the others listen. Therefore, a user must ask for the floor (the permission to speak) by pressing the push-to-talk button before he/she starts to talk. In this chapter, we describe the implementation of a PoC client in the WLAN environment [25] with some variation from the Open Mobile Alliance (OMA) PoC specifications v1.0 release [42]. The PoC architecture is illustrated in Figure 5-1.
Figure 5-1. PoC Architecture
In our design, Session Initiation Protocol (SIP) [46] is utilized to implement the PoC service, where a PoC group includes a predefined set of group members, and the SIP Universal Resource Identifier (URI) of each PoC group member is maintained in a group member list. The PoC group is identified by a Telephone URI (TEL URI; e.g., tel:
+88635131350) or a SIP URI (e.g., sip:[email protected]). The PoC group information and its group member list are stored in the Group and List Management
Server (GLMS; Figure 5-1 (2)). When the PoC clients (Figure 5-1 (4) and (5)) join in the PoC system or when the PoC server (Figure 5-1 (1)) handles a call invitation, they obtain the group information and its group member list from the GLMS. The PoC server is responsible for handling PoC session management (create or delete a PoC session) and floor control. Floor control permits a PoC client to talk at a certain time. A PoC client uses SIP to transmit the session management requests and floor control requests to the PoC server. After the PoC session is established, each PoC group member (PoC client) builds a Real-time Transport Protocol (RTP) [49] session with the RTP Proxy (Figure 5-1 (3)). If a PoC group member obtains the floor, his/her voice is sent to the RTP proxy through the RTP session. The RTP proxy then forwards the voice packets to all group members.
Note that in the OMA PoC specification v1.0 release, the communication between the PoC
Note that in the OMA PoC specification v1.0 release, the communication between the PoC