EAPSG: Efficient authentication protocol for secure ...

EAPSG: Efficient authentication protocol for secure group communications in maritime wideband communication networks Tingting Yang, Chengzhe Lai, Rongxing Lu & Rong Jiang

Peer-to-Peer Networking and Applications ISSN 1936-6442 Peer-to-Peer Netw. Appl. DOI 10.1007/s12083-014-0251-9

1 23

Your article is protected by copyright and all rights are held exclusively by Springer Science +Business Media New York. This e-offprint is for personal use only and shall not be selfarchived in electronic repositories. If you wish to self-archive your article, please use the accepted manuscript version for posting on your own website. You may further deposit the accepted manuscript version in any repository, provided it is only made publicly available 12 months after official publication or later and provided acknowledgement is given to the original source of publication and a link is inserted to the published article on Springer's website. The link must be accompanied by the following text: "The final publication is available at link.springer.com”.

1 23

Author's personal copy Peer-to-Peer Netw. Appl. DOI 10.1007/s12083-014-0251-9

EAPSG: Efficient authentication protocol for secure group communications in maritime wideband communication networks Tingting Yang · Chengzhe Lai · Rongxing Lu · Rong Jiang

Received: 21 November 2013 / Accepted: 14 January 2014 © Springer Science+Business Media New York 2014

Abstract The maritime wideband communication network, which extends the operation of wireless access from land to sea, will significantly contribute to the maritime distress, urgency, safety, and general communications. The Worldwide Interoperability for Microwave Access (WiMAX) technology has been applied to establish a maritime wideband shore-side network infrastructure, to achieve large capacity data backhauls. However, in this scenario, many new security and privacy challenges are arising, e.g., the reduced time overhead for group access authentication due to limited time window vessels passing by infostations along the shore-side. In this paper, a simple and reliable group authentication framework is developed for dealing with security issues in this special maritime wideband communication scenario. Specifically, an efficient authentication protocol for secure group communications (EAPSG) in maritime wideband communication network is proposed based on the Elliptic Curve Diffie-Hellman (ECDH), to overcome the weakness existing in the prevailing protocols on

land, i.e., user identity disclosure, the lack of perfect forward secrecy, and man-in-the-middle attacks. Meanwhile, EAPSG can reduce the communication overhead and computational complexity by designing group access authentication procedures. Compared with conventional EAP-AKA protocol used in WiMAX networks on land, our scheme enhances the security and provides better performance. Especially, the security of the proposed protocol was verified by Automated Validation of Internet Security Protocols and Applications (AVISPA), and detailed performance evaluations are also given. The results illustrate that the proposed EAPSG outperforms other existing schemes on land in terms of the delivery cost and the number of signaling messages. Keywords Maritime wideband communication network · Group communication · Wireless network security · Authentication

1 Introduction T. Yang () Navigation College, Dalian Maritime University, 1 Linghai Road, Dalian, Liaoning, China e-mail: [email protected] C. Lai School of Telecommunications Engineering, Xidian University, Xian, China R. Lu School of Electrical and Electronics Engineering, Nanyang Technological University, 50 Nanyang Avenue, Singapore, Singapore R. Jiang School of Computer, National University of Defense Technology, Changsha, China

The threat of maritime piracy has mushroomed enormously in the past few years, especially for the detailed sea area below are piracy affected areas where the terror and threat of sea pirates has reached looming proportions: Malacca Straits, South China Sea, Gulf of Aden and so on. The news channels on a daily basis have several incidents to report about pirates attacking crew and looting the vessel or hijacking a ship, and even causing harm to the crew when their ransom demands are not met by the authorities [1]. The adopted method is to draw up a group of ships passing by this funky sea area, that would be either a fleet, such as a commercial fishing fleet, or an armada, such as a naval

Author's personal copy Peer-to-Peer Netw. Appl.

armada. At the same time, a maritime wideband communication system has been envisioned to significantly contribute to the maritime distress, urgency, safety, and general communications [2], to make up the bandwidth limitation for off the shelf maritime communication system identified as Global Maritime Distress and Safety System [3]. Large capacity data such as surveillance videos collected from the interior and exterior of the vessels could be transmitted to the maritime administrative authority on land via this wideband network. Simultaneously, some safety related information, multimedia data and command or documents broadcast by authority could also be disseminated via this system. Therefore, it is an imperative demand to establish a maritime wideband communication system at a low service expenditure, which will significantly benefit the safety of maritime activities (backhauls, information acquisition, etc.). It perfectly matches the emerging E-Navigation strategy initiated by International Maritime Organization (IMO), a led concept based on the harmonisation of marine navigation systems and supporting shore services driven by user needs [4]. The study of new maritime wideband communication network commenced to be attracted attention recently. In [5], Zhou et al. devised a cognitive maritime mesh/ad hoc network. In Singapore, the project of wireless-broadbandaccess for Seaport (WISEPORT) achieves wireless broadband access rate up to 5 Mbps based on Worldwide Interoperability for Microwave Access (WiMAX) technology [6]. Taking advantage of its high data rate and large coverage area, WiMAX technology has been approved to be a favorable candidate to satisfy the increasing demand of wideband data traffic at sea [7]. However, building up a ubiquitous network at sea similar to cellular network on land is unrealistic, due to the long coastline and expansive surface. When group of vessels passing through the infostations, they need to be authenticated by the server connected to the infostations. In this paper, we design such a maritime wideband system, through which data delivery can be achieved via infostations shore-side, whereas the coverage provided by infostations might not be seamlessly subject to high deployment cost of infostations. Due to the limited time window vessels passing by, the time overhead of access authentication should be reduced to increase the data transmission periods. Hence, there are a few new security and privacy challenges emerged in this special maritime communication scenario, e.g., the reduced time overhead for group access authentication due to limited period for vessels passing by infostations along the shore-side and the reliability of security and privacy preservation for fleet. Similar to wireless network on land, when mobile terminal desires to access internet, it also need to design a dedicated authentication framework to overwhelm the weakness of user identity disclosure and man-in-the-middle attacks when applying the

prevailing protocols on land. The identifications of group vessels, as well as the individual vessel are deterministic since the schedule of vessel group is determined and known a priori. On one hand, the existing EAP-AKA protocol dedicated for WiMAX on land has some problems on security and privacy preservation; on the other hand, the majority of protocols currently focus on one-to-one authentication method. How to design a simple and reliable group authentication protocol with less time overhead is still an open issue. In this paper, we focus particularly on an interesting case: each vessel in the group uploads miscellaneous safetyrelated information, (e.g., surveillance video) to the administrative authority on land. We define vessel group as a set of vessels acting as a team to perform certain tasks in collaborative way, therefore, vessels in the group have almost the same communication demands. Mobile vessels generate large capacity data (e.g., surveillance videos) along the ship route1 , and the videos could be uploaded to the administrative authority on land through the base stations christened as infostations intermittently deployed shore-side. Meanwhile, at the downlink the vessels could also receive the safety related information via the infostations. The Worldwide Interoperability for Microwave Access (WiMAX) technology is used to establish a shore-side network infrastructure. We will elaborate a simple and reliable group authentication framework for this special maritime wideband communication scenario, to address the shortcoming of user identity disclosure and man-in-the-middle attacks when applying the prevailing protocols on land. An efficient authentication protocol for secure group communication (EAPSG) is investigated, based on Elliptic Curve Diffie-Hellman (ECDH), with the goal of decreasing the overhead and computational complexity of access authentication process during the limited time window within vessels pass by infostations. To the best of our knowledge, this is the first work in literature to investigate the group security authentication issues in maritime communication system, which is featured by the vessel group authentication, limited time window, and deterministic global knowledge. The remainder of this paper is organized as follows. In Section 2, we discuss some related works. System model is presented in Section 3. The EAPSG protocol is proposed in Section 4, while the performance analysis of the protocol and simulation are corroborated in Section 5. We conclude this paper in Section 6.

1 We

use the term of vessel and ship interchangeably.


2 Related work In the literature, although very few in maritime scenario, access authentication protocol on land has been extensively studied. Most of them are designed based on EAP scheme, when non-3GPP (the 3rd Generation Partnership Project) mobile terminals desire to access 3GPP network. More than 40 types of EAP authentication schemes, i.e., EAP-TTLS [8], EAP-PEAP [9], EAP-LEAP [10] and EAPSPEKE [11], etc. Different methods have different attributes to satisfy different security requirements. Within them, EAP-AKA is recognized as the candidate authentication protocol of 3GPP network. However, it also presents some security problems. In literature [12], authors discussed the privacy protection problems in the re-authentication process based on EAP methods. In literature [13], authors proposed three parties key distribution protocol. In literature [14, 15], the key management and handover authentication are fully investigated. However, the most existing network authentication schemes are based on one-to-one authentication method, i.e., the authentication process could be finished through 3-4 turns interaction between users and belonging servers, whereas it doesn’t commendably suit to group users. The vessel group contains numbers of mobile vessels with nearly identical attributes and service requirements, such as the same applications with maritime authority, at the same sea area, or the same departure/arrival behaviors. In these scenarios, when the vessels in this group connect to the internet network simultaneously, it would not only increase the network information command resulting the congestion, but also occupy large mounts of network resources and time apportion, resulting in valid data transmission period drastically shrinked. In this situation, the existing authentication mechanism is not effective anymore. A new group authentication protocol should be considered to decrease the resource consumption, as well as reduce the opportunity of network congestion. Most of the existing group authentication schemes are dedicated for the downlink communications [16], which are not suitable to the uplink communications. A few literatures related the group authentication have been proposed in [17– 19]. However, there is still no appropriate group access authentication method for wideband maritime network. Recently, the authors propose several novel group access authentication and key agreement protocols for machinetype communication and LTE networks in [20–23]. Luet al. [24] propose an efficient and privacy-preserving aggregation scheme by adopting the batch verification technique based on bilinear pairing functions. However, due to its extensive use of certificates and asymmetric cryptography, the scheme is costly in both communication and computation. This may not be suitable for resource-constrained

devices in maritime scenario. Therefore, a more efficient and practical group authentication protocol is desirable. To the best of our knowledge, it is the first work in literature to investigate vessel group access authentication in maritime scenario.

3 System model We consider the scenario that a group of vessels generate interior and exterior surveillance videos periodically, while sailing from origin to destination. Video files are uploaded to authorities via infostations, which are intermittently deployed along the shore-side. The infostations are actually WiMAX Base Stations (BSs), and each vessel will exploit WiMAX technology to connect to the infostations. The coverage of infostation is 15km at least, which could satisfy the communication demands of vessels sailing not in the deep sea. Figure 1 depicts a simplified logical view of network architecture of maritime communication system based on Extensible Authentication Protocol (EAP) framework, with emphasis on the interconnections between access and authentication servers in vertical four layers. Access service network (ASN) and connectivity service network (CSN) are primarily incorporated in the architecture. The infostations (i.e., WiMAX Base Station) are connected to an Access Service Network Gateway (ASN-GW), which performs authentication, authorization, and accounting (AAA) functionalities. One ASN-GW hosts the AAA clients, dominating multiple infostations within the ”ASN region”. The traffic of surveillance videos is tunneled as payload between the WiMAX infostation and the ASN-GW. Then the ASN-GW connects to a proxy AAA server (PAAA) belonging to the WiMAX CSN, achieving the functionality of security anchoring, traffic accounting, and mobility anchoring or proxy. PAAA acts as intermediary to relay the authentication informations between infostation and Home AAA (HAAA). The HAAA will connect to the content server of maritime authority in the core network. It is important to mention that PAAA is not residing in the ASN region. And the AAA network allows the home domain network to authenticate the vessel clients. The constitution and functionality of the four layers are summarized as: (1) Mobile vessels, equipped with WiMAX communication devices; (2) Infostation, i.e, WiMAX BS, being relay to connect to the wireline network; (3) PAAA, being proxy to perform authentication, authentication, and accounting (AAA) functionalities; (4) HAAA, includes vessels configuration files, operator identity validation, authentication, and vessels information such as physical location, etc.

Author's personal copy Peer-to-Peer Netw. Appl. Fig. 1 Network architecture of maritime communication system

4 Proposed vessel group authentication protocol In order to decrease the cost of adopting the retail authentication model, we develop a vessel group authentication protocol for special maritime communication scenario. A secure and efficient group access authentication protocol (EAPSG) is proposed, in order to specially decrease the overhead and computational complexity during the limited time windows when vessels passing by infostations along the shore-side. 4.1 Elliptic curve Diffie-Hellman In this work, we use Elliptic Curve Diffie-Hellman (ECDH) to realize perfect forward secrecy. ECDH can be described as follows: Alice and Bob publicly agree on an elliptic curve E over a large finite field Fq and a point P on that curve. Then, Alice and Bob each selects random numbers a and b, respectively. Using elliptic curve point-addition, Alice and Bob each publicly compute aP and bP on E. Then, Alice and Bob send their own computed values to each other.

When Alice receives bP, she computes a(bP). Similarly, when Bob receives aP, he computes b(aP). Finally, Alice and Bob agree a shared secret abP. The shared secret calculated by both parties is equal, because a(bP ) = abP = baP = b(aP ). However, the original ECDH is insecure and vulnerable to man-in-the-middle (MITM) attack. Krawczyk proposed a provable secure and efficient DH key exchange approach, named SIGn-and-MAc (SIGMA) to solve this problem. 4.2 The proposed EAPSG In this section, a secure and efficient group access authentication protocol (EAPSG) is proposed for vessel group passing by infostations along the shore-side. The main idea of the protocol is as follows: The first vessel in the group needs to execute a complete authentication process, at the same time, it stands for other vessels in the group to obtain group authentication vectors. Then the other vessels in the group could achieve authentication through sharing the


group authentication vectors. The flows of EAPSG includes the following steps.

Table 2 Symbols definition Symbol

Definition

4.2.1 Group information initialization

TGi Rx I Dx T I Dx GKGi GT KGi Kxy f1 f2 f3 f4

The time stamp of vessel group i Random number generated by x Identification of x Identification of x The key of vessel group i The temporary key of vessel group i The sharing key between x and y Generation function of temporary identity MAC generation function Group temporary key generation function Sharing key generation function

In the phase of group information initialization, a set of vessel forms a group. The identifications of group vessels, as well as the individual vessel are deterministic since the schedule of vessel group is determined and known a priori. We call them maritime mobile service identity (MMSI) (e.g., a vessel in the group with MMSI 412123456, and the corresponding group MMSI is 041212345) as the ID. Then according to certain key calculation method and through negotiation, the key for individual vessel and the key for vessel group can be pre-stored among individual vessel, vessel group and the HAAA, respectively. The index list will be established as Table 1. The first column presents group name; the group ID and individual vessel ID are listed in second column and third column respectively; And the fourth column shows the initial value of authentication. As many symbols are used in the protocol, some important notation definitions are tabulated in Table 2.

– –

4.2.2 Registration When the first arriving vessel in one group, without loss of generality, denoted as V G1−1 , it needs to connect to the maritime cloud center located in the backbone network. The first execution is registration, including the following steps: – –

–

Subsequently, V G1−1 generates authentication token AU T HG1 = (T I DG1−1 ||T I DVG1−1 ||TG1 ||RVG1−1 ||MACVG1−1 ||I DH AAA ), and transmits it to the infostation; Step-3 The infostation relays AU T HG1 to PAAA; Step-4 The PAAA will find the corresponding HAAA according to I DH AAA from AU T HG1 . Meanwhile, PAAA transmits AU T HG1 and the own identification I DP AAA to H AAA; Step-5 The HAAA authenticates the received messages, as follows: –

Step-1 The infostation transmits Request/Identity message to acquire the identity information of V G1−1 ; Step-2 When receiving Request/Identity message from infostation, V G1−1 calculates temporary identity message T I DVG1−1 = fK1 V −H AAA (I DVG1−1 ) 1−1 and temporary group identity information of the belonging vessel group denoted as T I DG1−1 = fK1 V −H AAA (I DG1 ); Then V G1−1 calculates mes1−1 sage authentication code indicated as MACVG1−1 = fK2 TG1 ||RVG1−1 ||I DP AAA ||I DI nf ost at ion .

–

VG −H AAA 1−1

Table 1 Index list of initialization

– Group

Group ID

Vessel ID

Initial Value

G1 .. .

I DG1 .. .

G2 .. .

I DG2 .. .

I DV G1−1 .. . I DV G1−n I DV G2−1 .. . I DV G2−n

I VV G1−1 .. . I VV G1−n I VV G2−1 .. . I VV G2−n

–

The HAAA resumes TG1 , RVG1−1 , I DP AAA and I DI nf ost at ion from MACVG1−1 , exploiting f 2 and KV1−1 . Firstly, compare them with TG1 and RVG1−1 resumed from AU T HG1 , and validate the correctness of TV and RVG1−1 . Sequently, HAAA compares I DP AAA with I DP AAA obtained from PAAA, to validate the validity of PAAA server. If passing the validity, it means the identity of PAAA is valid, TV is in the correct authentication period, and RVG1−1 is fresh; After the validation, HAAA resumes I DVG1−1 and IDVG1 from T I DVG1−1 and T I DG1−1 respectively, applying f 1 and KVG1−1 ; HAAA checks the corresponding group key GKG1 from database, according to MMSI and I DG1 . And then calculates the temporary group key using 3 GT KG1 = fGK (RH AAA ||I DH AAA ), within G1 RH AAA is denoted as a new random number generated by HAAA.

Step-6 HAAA transmits the I DI nf ost at ion, GT KG1 , RH AAA and temporary index list of group G1 , to PAAA


–

server. Here, we assume the channel is safe and reliable between PAAA server and HAAA server. Table 3 depicts the temporary index list of group G1 . Step-7 Finally, PAAA server preserves the above parameters for the following steps. Then the registration process is finished.

–

–

–

–

Step-8 PAAA server generates random number RAAA , and calculates the message authentication code 2 MACAAA = fGT KG1(RAAA RH AAA RMEG1−1 I VVG1−1 + i). Here i indicates that the ith authentication process of this vessel. I VVG1−1 could be obtained from Table 3. Consequently, PAAA server calculates aP according to ECDH algorithm; Step-9 PAAA server transmits the authentication token AU T HP AAA = (MACP AAA RP AAA RH AAA ) and aP to VG1−1 ; Step-10 After VG1−1 receives AU T HP AAA , the MACP AAA need to be validated as: –

Firstly, vessel VG1−1 calculates GT KG1 = 3 fGK (RH AAA I DH AAA ); G

–

Then, vessel VG1−1 calculates MACP AAA = 2 fGT KG1(RP AAA RH AAA RMEG1−1 I VMEG1−1 +i); Vessel VG1−1 compares the calculated MACP AAA with MACP AAA in AU T HP AAA . If the verification is successful, it shows that PAAA server and HAAA server are legal. Otherwise, the verification process is terminated.

1

–

G1−1

1

–

4.2.3 Authentication and key agreement The process of authentication and key agreement is divided into the following steps:

Step-11 When the verification is successful, similarly, vessel VG1−1 calculates bP , KVG1−1 −P AAA = 4 1 fGT KG (abP ) and MACVG1−1 −P AAA = fKV −P AAA

–

– –

–

(RP AAA bP ); Step-12 Vessel VG1−1 transmits MACVG1−1 −P AAA and bP to PAAA server, and calculates MSK (used to protect the safety of communication between vessel and infostation. Step-13 Applying bP , PAAA server also could cal4 culate KVG1−1 −P AAA = fGT KG1 (abP ), and verify MACVG1−1 −P AAA . After verifying VG1−1 , PAAA server will calculate MSK used to communicate between VG1−1 and infostation; Step-14 PAAA server transmits I DI nf ost at ion MSK to infostation through Success message. Step-15 Infostation verifies I DI nf ost at ion, whether it matches its identity information. If it passes the verification successfully, the infostation will store MSK, and use it to encrypt I DI nf ost at ion, which will be transmit to vessel VG1−1 through Success message. Step-16 Exploiting MSK, vessel VG1−1 decrypts and verifies I DI nf ost at ion whether I DI nf ost at ion is exactly the same with the prior infostation it accessed. If the verification is successful, the authentication process is completed, and the MSK will be used to protect the following communication between vessels and infostation. The whole authentication process of vessel VG1−1 is shown in Fig. 2.

When the second vessel VG1−2 in the group is going to access the internet backbone network, the following procedures will be executed: –

Step-1 The infostation will transmit Request/Identity message to vessel VG1−2 to obtain the identity information;

Table 3 The secrecy performance comparison of different protocols Performance

EAPSG

EAP-AKA

EAP-TTLS

EAP-PEAP

EAP-LEAP

EAP-SPEKE

Cryptosystem

symmetrical + ECDH lower yes yes

symmetrical

public key based

public key based

public key based

public key based

low no yes

higher yes no

higher yes no

higher no no

higher no no

yes yes yes yes

no yes no no

yes yes no no

yes yes no no

yes yes no no

yes yes no no

Computation cost Privacy protection Access authentication for heterogeneous network Resist man-in-the-middle attack Resist Replay attacks Provide perfect forward secrecy Support group authentication

Author's personal copy Peer-to-Peer Netw. Appl. Fig. 2 The complete authentication process of vessel VG1−1

–

– –

Step-2 After receiving the Request/Identity message, vessel VG1−2 calculates the temporary identity information T I DVG1−2 =fK1 V −H AAA (I DVG1−2 ) firstly. Then 1−2 vessel VG1−2 generates authentication token AU T HG1 = (TIDG1 T I DVG1−2 RVG1−2 MACVG1−2 I DH AAA ), and transmits it to the infostation; Step-3 The infostation relays AU T HG1 to PAAA server. The step 4-7 could be omitted; Step-4 When PAAA server receives the AU T HG1 , it will exploit the reserved group authentication information (i.e., I DI nf ost at ion, GT KG1 , RH AAA , and temporary index list of group G1 ) to execute the same procedures from step 8-16 until the last vessel in the group passes the authentication. Then the whole authentication process of the vessel group is accomplished.

5 Protocol analysis In this section, we will analyze the security of the proposed EAPSG, as well as its performance in terms of communication cost and the authentication signaling number. 5.1 Security analysis 5.1.1 The security attribute of the proposed protocol –

Protect Vessels and Group Identity Information: In EAPSG, the identity information of vessel group and individual vessel all exploit the share key pre-negotiated between vessels and HAAA to encrypt. Hence, only the vessel and HAAA could obtain the actual identity information of vessel and HAAA, from the encrypted temporary information.


–

–

–

–

Resistance to Man-in-the-middle Attack: The manin-the-middle attack can be prevented by the method that the entities involved in the authentication, i.e.,the vessel, the PAAA and the infostation, add their identity information to the authentication messages. Once adversary launches a man-in-the-middle attack, its behavior will be detected. Key Agreement and Perfect Forward Secrecy: In order to provide perfect forward secrecy between vessel and PAAA server, ECDH is considered to be the important part of the protocol. We use ECDH to process key negotiation and generate KV −P AAA , with aP and bP as the parameters of key. GTK is used to encrypt, which could guarantee the safety of KV −P AAA . Meanwhile, there is no association of any type with a series of key such as KV −H AAA and MSK, etc. It means that attackers could not obtain any key, guaranteeing the perfect forward secrecy, although KV −P AAA is exposed. Resistance to Replay Attacks: Firstly, when VG1−1 accesses the backbone network, time stamp TG1 will be utilized to insure the group authentication in a reasonable time interval. Moreover, when each vessel accepts to be authenticated, it will employ a generated random number R which is different in each authentication, hence the protocol could resist replay attacks. At the same time, authentication initial value I VV is resorted to replace the original synchronization mechanism, e.g., I VV +i stands for the ith authentication flow of this vessel. The protocol could avoid dedicated synchronization mechanism. Provide Mutual Authentication: The primary functionality of this protocol is providing mutual authentication, including the following aspects: (1) HAAA verifies vessel group: when the first vessel in the group need to connect to the backbone network, this vessel will transmits group temporary identity and time stamp to HAAA. After HAAA decrypts group temporary identity, HAAA will look up the corresponding group key GK according to the group identity information. Meantime, the group temporary key GTK is calculated according to group key, and authentication parameters are transmitted to PAAA server. (2) Infostation verifies PAAA server: PAAA server transmits I DI nf ost at ion MSK via Success message to infostation, who validates whether it matches own identity information. If the verification is successful, it means the objective of MSK transmitted from PAAA server is correct. (3)Vessel group verifies HAAA: When receives AU T HP AAA , the vessel will verify the parameter MACP AAA in it, and compare the calcu lated MACP AAA with MACP AAA in AU T HP AAA . Due to the following factors, e.g., identity information includes HAAA, random number generated by HAAA,

encrypted by GTK which is generated only by vessel and HAAA, they all account for the legality the HAAA if the authentication is passed. (4) The mutual authentication between PAAA server and vessels: Vessel achieves the authentication towards PAAA server through verifying MACP AAA . Meanwhile, the PAAA server fulfills vessels authentication, through verifying MACVG1−1 −P AAA . 5.1.2 Formal analysis of the EAPSG protocol The primary functionality of this protocol is providing authentication and key negotiation. AVISPA (Automated Validation of Internet Security Protocols and Applications) [25] is utilized to implement secrecy verification. Owing to the safety channel between PAAA server and HAAA server, we just consider the security of the protocol between vessel and PAAA server. Additionally, in respect that all the vessels have the same authentication process, we only need to verify the authentication of one vessel. AVISPA is a set of security protocol model establishing and analysis tool, including 4 kinds of analysis terminals with different special functions. It employs HLPSL language to set up security protocol analysis model, with input of necessary variables, e.g., participant identifier, running environment, achieving goal and attacker capability, etc. OFMC is used to test, with the security goal of bidirectional authentication and sharing conversational key safely. Figure 3 depicts the security goal of our protocol. Figure 4 shows the output results applying OFMC to test EAPSG. The test code is list in Appendix. From the test, we find that EAPSG could effectively achieve the authentication between vessel and PAAA server, and successfully set up the conversation key between vessel and PAAA server. The whole authentication and negotiation process is safe and reliable. 5.1.3 Results analysis Table 3 shows the secrecy performance comparison between our scheme with other protocols based on EAP. It could be seen that, due to EAPSG scheme exploiting symmetrical code and mixed operation model of ECDH, the calculation

Fig. 3 Analysis goals of the model


2 messages delivered from PAAA server to HAAA server. We suppose there are x vessels in the vessel group, then the delivery cost is Cprop1 = (4a + 2b) + (x − 1) × 4a.

(1)

In the second situation, PAAA server has obtained a set of latest authentication vector, therefore, it does not need to communicate with HAAA any more. Then the delivery cost is Cprop2 = 4ax.

Fig. 4 Results reported by the OFMC back-end

complexity is lower than other EAP schemes adopting public key. Meanwhile, security performance (e.g., privacy protection, forward Secrecy, etc.) outperforms other schemes. In addition, EAPSG supports wireless access authentication and group authentication for heterogeneous network. That is the shortcoming of the majority protocols based on EAP. 5.2 Performance analysis Due to the mainstream of protocol designed for land network is the secrecy performance improvement based on EAP-AKA, the common feature is exploiting traditional EAP-AKA signaling model and there is no group authentication mechanism. The signaling process of these protocols are nearly the same with traditional EAP-AKA. Hence, in this paper, we just need to compare our protocol with traditional EAP-AKA protocol.

(2)

In order to attain the transmission cost of EAP-AKA protocol, we consider the following two situations in the same way. The authentication process in the first situation includes: (a) 8 messages delivered from vessel to PAAA server; (b) 2 messages delivered from PAAA server to HAAA server. We suppose there are x vessels in the vessel group, then the delivery cost is CEAP −AKA1 = (8a + 2b)x.

(3)

In the second situation, PAAA server has obtained a set of latest authentication vector, therefore, it does not need to communicate with HAAA any more. Then the delivery cost is CEAP −AKA2 = 8ax.

(4)

In the authentication process, PAAA server requires n sets of authentication vectors from HAAA. From Eqs. 1 and 2, we could obtain the delivery cost of EAPSG is 1 n−1 Cprop1 + Cprop2 , n n then we could get Cprop =

Cprop =

(5)

4anx + 2b . n

(6)

5.2.1 Delivery cost analysis 0.95 0.9 1

Improvement ratio

In this section, we compare the proposed EAPSG protocol with traditional EAP-AKA protocol in terms of transmission cost. We consider the delivery cost is one unit for transmitting one message between vessel and HAAA server. And a units (a < 1) for transmitting one message between vessel and PAAA server, since the communication distance is smaller for vessel and PAAA than vessel and HAAA. Similarly, the transmission cost is b units (a < 1) between PAAA server and HAAA server. In Fig. 3, we consider two situations in EAPSG. In the first situation, PAAA server must fetch latest authentication vector from HAAA. In the second situation, PAAA server has obtained a set of latest authentication vector, therefore, it does not need to communicate with HAAA any more. The authentication process in the first situation includes: (a) 4 messages delivered from vessel to PAAA server; (b)

0.85

0.9

0.8

0.8

0.75

0.7

0.7 0.65

0.6 0 0.5 0

0.1

0.6

20 0.2

0.55 0.3

40 0.4

60

Number of vessel

Transmission cost

Fig. 5 Improvement ratio I versus number of vessels and message transmission cost units


From Eqs. 3 and 4, the delivery cost of EAP-AKA is attained as 1 n−1 CEAP −AKA = CEAP −AKA1 + CEAP −AKA2 , (7) n n then we could get

0.9 n=1 n=5 n=8

0.8

Improvement ratio

0.7 0.6

8anx + 2bx . (8) n From Eqs. 5 and 6, the improvement ratio I of delivery cost of EAPSG than EAP-AKA is CEAP −AKA − Cprop 4anx + 2bx − 2b I = = . (9) CEAP −AKA 8anx + 2bx CEAP −AKA =

0.5 0.4 0.3 0.2 0.1 0 0.5

0.6

0.8 0.7 Message delivery cost units

1

0.9

Fig. 6 Improvement ratio I versus message transmission cost units with different number of vessels

Figures 5 and 6 show the improvement ratio I along the variation of vessels number n and message delivery cost units b respectively. In Fig. 5, we set a ∈ (0, 0.5) and b = 1 − a due to a < b. The critical value is 0.5, that means the transmission distance between vessel and PAAA server is half of transmission distance between vessel and HAAA server. Here, x is set to be equal to n since x vessels need at least x vectors. From Fig. 5, we depicts the 900

300

EAP−AKA EAPSG

800

250

Number of signaling Messages


EAP−AKA EAPSG

200

150

100

50

700 600 500 400 300 200 100

0

0

5

10

15

20

0

25

0

5


EAP−AKA EAPSG


15

20

25

20

25

1500

1500

1000

500

0

10

Number of vessels

Number of vessels

0

5

10

15

Number of vessels

20

25

EAP−AKA EAPSG

1000

500

0

0

5

10

15

Number of vessels

Fig. 7 The comparison of the number of authentication signaling messages with different parameters


improvement ratio I versus number of vessels and message transmission cost units. At the beginning, with the number of vessels and transmission cost units increases, the transmission cost improvement ratio I is increased remarkably. However, after transmission cost over 0.1, I is decreased rapidly, whereas I is always more than 0.5. That means the proposed protocol could significantly improve the performance when the ratio of distance between vessel and PAAA server to vessel and HAAA server is lower. In Fig. 6, the value of x is set up to 1, 5, and 8 respectively. It is observed that the improvement ratio of protocol is not obvious. The improvement ratio of transmission cost I increases with the message delivery cost units b increases. Hence, we could observe that along with the increase of number of vessels as well as the message delivery cost, the improvement ratio of delivery cost I increases. That is because it needs each vessel to execute the whole authentication flows in traditional EAP-AKA protocol. Consequently, PAAA server needs frequently to communicate with HAAA server to obtain the latest authentication vectors. In contrast, EAPSG protocol just exchanges information once between PAAA and HAAA server.

Hence, the proposed protocol not only decreases the authentication delay and signaling cost, but also effectively solves the network congestion problem to some extent.

6 Conclusion In this paper, we have shed light on the group authentication protocol in the maritime wideband communication network, which is set up by efficiently exploiting WiMAX technology. Due to the network intermittent feature, a vertical maritime communication architecture is established to achieve large capacity data backhuals. In order to decrease the communication overhead and computational complexity, and consequently increase data transmission period, EAPSG scheme is proposed. The security of EAPSG is verified by AVISPA, and the performance analysis shows that the proposed EAPSG protocol outperforms other existing protocols on land in terms of the delivery cost and the number of signaling messages.

Appendix 5.2.2 Comparison of the number of authentication signaling messages In this section, we consider the situation of n vessels and m groups, with each vessel launches x times re-authentication flows. In respect to EAP-AKA protocol, the signaling message number of a whole authentication flow is 12, hence the signaling message number is 12x for one vessel, and the total signaling message number is 12nx. In terms of EAPSG protocol, the first vessel accesses backbone network in one group executes the whole authentication flows. The signaling message number is 8, while the rest of vessels just need 6 signaling messages. We assume that there are n vessels composing m groups, then the (n − m) vessels do not need to execute the whole authentication flows, and each vessel only need 6 signaling messages to accomplish authentication. Therefore, the total signaling messages number is 8m+6(n−m). If each vessel still need to execute the additional re-authentication for (x − 1) times, the whole signaling messages number is 8m + 6(n − m) + 6n(x − 1). Figure 7 shows the number of authentication signaling messages comparison with different parameters. With comparison between subfigure (a–d), it demonstrates that the number of authentication signaling messages increases with the number of vessels increases. And the growth rate of our scheme EAPSG is obviously slower than EAP-AKA protocol, approximately only 50 %. The reason is EAPSG protocol transforms the impact of vessels number on network to impact of groups number on network, therefore, it decreases the order of magnitude of authentication entity.

The formal security verification code is described as follow:

References 1. Sharda (2011) What is a group of ships called? http://www. marineinsight.com/marine/marine-piracy-marine/10-maritime-pir acy-affected-areas-around-the-world/

Author's personal copy Peer-to-Peer Netw. Appl. 2. Yang T, Liang H, Cheng N, Shen X (2013) Towards video packets store-carry-and-forward scheduling in maritime wideband communication. accepted by IEEE GLOBECOM’13 3. Maglogiannis I, Hadjiefthymiades S, Panagiotarakis N, Hartigan P (2005) Next generation maritime communication systems. Int J Mob Commun 3(3):231–248 4. Mitropoulos E (2007) E-navigation: a global resource. seaways. In: The international journal of the nautical institute 5. Zhou M-T, Harada H (2012) Cognitive maritime wireless mesh/ad hoc networks. J Netw Comput Appl 35(2):518–526 6. Cellular-news (2008) Maritime WiMAX network launched in Singapore. http://www.cellular-news.com/story/29749.php 7. Hoang VD, Ma M, Miura R, Fujise M (2007) A novel way for handover in maritime WiMAX mesh network. In: Proceedings of IEEE ITST, pp 1–4 8. Funk P, Blake-Wilson S (2008) Extensible authentication protocol tunneled transport layer security authenticated protocol version 0 (EAP-TTLSv0). In: RFC5281 9. Palekar A, Simon D, Zorn G, Josefsson S (2004) Protected EAP protocol (PEAP). In: Work in Progress 10. Yuan G, ZHU K, FANG N-s, WU G-x (2006) Research and application of 802.1 x/EAP-PEAP. Comput Eng Des 10:34 11. Dantu R, Clothier G, Atri A (2007) EAP methods for wireless networks. Comput Stand Interfaces 29(3):289–301 12. Pereniguez F, Kambourakis G, Marin-Lopez R, Gritzalis S, Gomez A (2010) Privacy-enhanced fast re-authentication for EAP-based next generation network. Comput Commun 33(14):1682–1694 13. Marin-Lopez R, Pereniguez F, Bernal F, Gomez A (2010) Secure three-party key distribution protocol for fast network access in EAP-based wireless networks. Comput Netw 54(15):2651–2673 14. Marin-Lopez R, Ohba Y, Pereniguez F, Gomez AF (2010) Analysis of handover key management schemes under IETF perspective. Comput Stand Interfaces 32(5):266–273 15. Al Shidhani AA, Leung VC (2011) Fast and secure reauthentications for 3GPP subscribers during WiMAX-WLAN handovers. IEEE Trans Dependable Secure Comput 8(5):699– 713 16. Jiang R, Luo J, Wang X (2013) HRKT: a hierarchical route key tree based group key management for wireless sensor networks. KSII Trans Internet Inf Syst (TIIS) 7(8):2042–2060 17. Ngo HH, Wu X, Le PD, Srinivasan B (2010) An individual and group authentication model for wireless network services. J Converg Inf Technol 5(1):82–94 18. Chen Y-W, Wang J-T, Chi K-H, Tseng C-C (2012) Groupbased authentication and key agreement. Wirel Pers Commun 62(4):965–979 19. Aboudagga N, Quisquater J-J, Eltoweissy M (2007) Group authentication protocol for mobile networks. In: Proceeding of IEEE WiMOB, pp 28–28 20. Lai C, Li H, Li X, Cao J (2013) A novel group access authentication and key agreement protocol for machine-type communication. In: Transactions on emerging telecommunications technologies 21. Jiang R, Lai C, Luo J, Wang X, Wang H (2013) EAP-based group authentication and key agreement protocol for machine-type communications. Int J Distrib Sensor Net 2013(2013):1–14 22. Lai C, Li H, Lu R, Shen XS (2013) SE-AKA: a secure and efficient group authentication and key agreement protocol for lte networks. Comput Netw 57(17):3492–3510 23. Lai C, Li H, Lu R, Jiang R, Shen XS (2013) LGTH: a lightweight group authentication protocol for machine-type communication in LTE networks. In: Proceedings of IEEE Globecom 24. Lu R, Liang X, Li X, Lin X, Shen X (2012) EPPA: an efficient and privacy-preserving aggregation scheme for secure smart grid

communications. IEEE Trans Parallel Distrib Syst 23(9):1621– 1631 25. Avispaautomated validation of internet security protocols. http:// www.avispa-project.org

Tingting Yang received the B.Sc. and Ph.D. degrees from Dalian Maritime University, China, in 2004 and 2010, respectively. She is currently a lecturer at Navigation College of Dalian Maritime University, China. Since September 2012, she has been a visiting scholar at the Broadband Communications Research (BBCR) Lab at the Department of Electrical and Computer Engineering, University of Waterloo, Canada. Her research interests are in the areas of maritime wideband communication networks, DTN networks, wireless network security. She served as the Technical Program Committee (TPC) Member for 2014 IEEE International Conference on Communications (ICC 2014).

Chengzhe Lai received the B.S. degree from Xi’an Institute of Posts and Telecommunications. He is currently working toward the Ph.D. degree in Cryptography, Xidian University, China. He is currently a visiting Ph.D. student with the Broadband Communications Research (BBCR) Group, University of Waterloo. His research interests include wireless network security, LTE networks and M2M communication security.

Rongxing Lu received the PhD degree in computer science from Shanghai Jiao Tong University, China, in 2006 and the PhD degree (awarded Canada Governor General Gold Medal) in electrical & computer engineering from the University of Waterloo, Canada, in 2012. From May 2012 to April 2013, he worked as a Postdoctoral Fellow at the University of Waterloo. Since May 2013, Dr. Lu has been an Assistant Professor at School of Electrical and Electronics Engineering, Nanyang Technological University. Dr. Lu’s research interests include ccomputer network security, mobile and wireless communication security, and applied cryptography.

Author's personal copy Peer-to-Peer Netw. Appl. Rong Jiang received the B.S. and M.S. degrees in 2007 and 2009, respectively, from the School of Computer Science, National University of Defense Technology, Changsha, China, where he is currently pursuing the Ph.D. degree. He is now a joint Ph.D student at Department of Electrical and Computer Engineering, University of Waterloo, Canada. His research interests include wireless sensor networks security and privacy preservation, cloud computing and smart grid.