Key Establishment and Management for Secure Cellular ... - IEEE Xplore

Download PDF
7 downloads 34785 Views 585KB Size Report
Comment
Especially, M2M will bring various benefits in wireless communications when it is interconnected with cellular network. Considering the characteristics of cellular ...
2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing

Key establishment and management for Secure Cellular Machine-to-Machine Communication Inshil Doh

Jiyoung Lim*

Shi Li, Kijoon Chae

Dept.of Computer Science and Engineering Ewha Womans University Seoul, Korea [email protected]

Dept.of Computer Software Korean Bible University Seoul, Korea [email protected]

Dept.of Computer Science and Engineering Ewha Womans University Seoul, Korea [email protected], [email protected]

Abstract— M2M(Machine-to-Machine) communication is considered to be one of the major issues in future network. Especially, M2M will bring various benefits in wireless communications when it is interconnected with cellular network. Considering the characteristics of cellular M2M network, traditional security solutions are not practical to apply because the cellular M2M network is more vulnerable to various attacks. In this work, we consider security aspects for cellular M2M communication and propose a key management. Our proposal can provide reliability and efficiency for secure cellular M2M communication network.

Cellular M2M market benefited from increasing numbers of mobile network operators launching M2M service offerings as their core services market grows increasingly mature and saturated. ABI Research expects cumulative cellular M2M connections to rise to 364.5 million globally by 2016. This report discusses the market and technical trends impacting the cellular M2M connectivity services market, analyzes cellular M2M connectivity service provider strategic responses, and forecasts cellular M2M connections and revenue growth for the period from 2007 through 2016, segmented by region, application, and air interface standard [3,4].

Keywords—M2M; cellular M2M communication; security; key management

There are lots of advantages of cellular M2M. While Ethernet or WiFi only provides local coverage, cellular networks provide ubiquitous coverage & global connectivity. Users are already familiar with cellular network, the proven infrastructure, and they can use M2M applications easily on proprietary platforms [5].

I.

INTRODUCTION

Recently, Machine-to-machine (M2M) has attracted a lot of people and industries for its ability to increase efficiency and improve productivity while reducing operating costs. It has great application areas and it can be connected with other infrastructure and brings much more powerful and efficient results. M2M devices or M2M Equipments (M2MEs) will ultimately connect to core network services through a variety of means, from direct broadband or capillary wireless networks, to wired networks. Connectivity to these wireless and wired networks is an essential part of the M2M communications network. There is a need to be able to integrate a variety of application-specific technologies into a complete end-to-end solution to be offered by service providers [17]. This kind of leap in technology would not be possible without the support of wide area wireless communication infrastructure, in particular cellular data networks. It is estimated that there are already tens of millions of such smart devices connected to cellular networks worldwide and within the next 3-5 years this number will grow to hundreds of millions [1, 2]. Table I shows various application area in M2M communication. Among the application areas, cellular M2M provides the ability to connect diverse devices and applications by enabling fixed assets, such as electric meters, or mobile assets, such as fleet vehicles. Cellular M2M is the best option to connect assets over great distances using already established, robust, and proven networks. Also, cellular technology is effective across widely varied industries because it's easy to integrate and cost effective to deploy [18].

Cellular M2M has great applications including telematics, asset management, U-healthcare, security and so on. Its application area will be drastically expanded. The more an organization relies on information technology and the more mobile it is, the greater the risks of security breaches. And the success and the expansion of M2M depend on protecting security issues such as confidentiality, integrity, availability of the data. As in Fig.1, basically, Machine Type Communication (MTC) device, or M2ME can be managed by MTC server to be used by MTC users. They can be interconnected with each other through Mobility Management Entity (MME), P-GW, SGW. In some cases, they can communicate directly with each other. M2ME is easy to be lost and hard to detect malfunction. When integrity is not guaranteed, the equipments are excluded for service. In addition, M2MEs from one server or from one M2M user should be authenticated as one group, and they need to provide individual communication at the same time. The 3GPP SA3 study in TR 33.812, “Feasibility study on remote management of USIM application on M2M equipment”. Its goal is to make it possible that the network can provision remote management of USIM and ISIM application in an M2M equipment in a secure way in a 3GPP system [6]. One of the main issues in TR 33.812 is to investigate candidate security solutions and signaling procedures for provisioning and remote management of USIM/ISIM application in an M2M equipment in a secure manner.

* corresponding author 978-0-7695-4974-3/13 $26.00 © 2013 IEEE DOI 10.1109/IMIS.2013.102

579

When M2M is connected with cellular network, its vulnerabilities to various attacks are increased. Without providing service security, the growth of cellular M2M service would be limited.

II.

PRELIMINARIES

A. Key aggrement and Authentication in GSM network The GSM network authenticates the identity of the subscriber through the use of a challenge-response mechanism. A 128-bit random number (RAND) is sent to the mobile device. The mobile device computes the 32-bit signed response (SRES) based on the encryption of the random number (RAND) with the authentication algorithm (A3) using the individual subscriber authentication key (Ki). Upon receiving the signed response (SRES) from the subscriber, the GSM network repeats the calculation to verify the identity of the subscriber. The individual subscriber authentication key (Ki) is present in the subscriber's SIM, and not transmitted through the network. If the received SRES is the same with the calculated value, the mobile device has been successfully authenticated. If the two values do not match, the connection is terminated and an authentication failure is indicated to the mobile device [8].

In this work, we consider the security aspects of cellular M2M service and propose key agreement mechanisms which are the basic element to provide security for the service. Our contribution is that we have considered key agreement for various cellular M2M communication architecture which includes D2D(Device to Device) direct communication and M2M group communication for cellular M2M security. The remainder of this paper is organized as follows. Section II describes the preliminaries for our proposal. Keys required for cellular M2M communication and the agreement mechanisms are explained in III. Section IV evaluates the security aspects. Finally, we conclude our paper in Section V.

A8 algorithm produces the 64-bit ciphering key (Kc), which is computed by applying the same random number (RAND) and the individual subscriber authentication key (Ki) used in the authentication process. The ciphering key (Kc) is used to encrypt and decrypt the data between the mobile device and Server [8]. (a) Traditional M2M Communication Service

eNB : Evolve Node B MME : Mobility Management Entity P- GW : PDN Gateway S- GW : Serving Gateway

(b) Cellular M2M Communication Service Figure 1. M2M service infrastructure

Figure 2. User Authentication and Key generation using USIM card

TABLE I. M2M Application Area[7]

B. Homomorphic Encryption Homomorphic encryption allows specific types of computations to be carried out on ciphertext and obtain an encrypted result which decrypted matches the result of operations performed on the plaintext. Originally, the homomorphic property of various cryptosystems can be used to create secure voting systems [9]. It tries to hide individual plaintext and usually used for protecting privacy. The most common and brief definition is the following. An encryption scheme is said to be homomorphic if for any given encryption key k the encryption function E satisfies Εκ( Χ ๬Υ) = Εκ(Χ) ღΕκ(Υ).

580

(1)

As a result, without knowing plaintext X or Y, we can get Χ ൟΥ. The operator could be addition or multiplication and so on. For homomorphic encryption, RSA[19], EL Gamal[10], Paillier[11], Maccache-Stern[12], Boneh-Goh-Nissam (BGN) [13] can be adopted. In our work, we adopted the homomorphic encryption mechanism for delivering partial data traffic until the authentic pairwise keys are delivered. By delivering the data in the process, we can decrease the latency and make the M2ME can efficiently use the time and resources. III.

functions and A8 algorithm. Authentication processes for mobile device to eNB is described, as in Fig. 4. After getting the IDM2ME and H(Ki) of the M2M device, the eNB generates a nonce and encrypts it with H(Ki) for the device to process A3 algorithm for authentication. After receiving and decrypting EncH(Ki)(nonce), the device computes A3 to generate RESM2ME and sends this value back to the eNB. The eNB also computes RESeNB with H(Ki), nonce, and A3, and compares two values. If the eNB verifies the results are the same, authentication is completed. Now, two parties generate hash chain and exchange the commitment values for pairwise key generation as in Fig. 3. K0 is the commitment value. In this way, two parties prepare the keys for future communication. Each computes the session key by computing A8 algorithm with the seed value from the key chain.

KEY ESTABLISHMENT FOR CELLULAR M2M COMMUNICATION

For secure cellular M2M communication, keys need to be established for data encryption, authentication, and so on. The keys required for M2ME communication are as follows. We assume that each pair of eNBs share pairwise keys for secure communication among them. • Pairwise Keys between eNB and the M2ME: For default data communication in cellular M2M communication, eNB and the M2ME need to share pairwise key. •

Figure 3. Key chain generation

Pairwise Keys between M2MEs: As in section II, M2MEs can communicate with each other with the help of eNB, or they can communicate directly when they are in each other vicinity as in Fig.1 (b).



Functional Group Keys for M2MEs: Some M2MEs need group communication. When it is for functional group communication, they can share the group key. This group keys need to be managed by the Mobility Management Entity (MME) in Fig.1, because the M2MEs are still group members even if they move from one cell to another.



Regional Group keys for M2MEs: Regional group can be formed in some region of the network field. When an M2ME moves in the region, they need to be provided the group key while they stay in the region and want to receive the data traffic of the group (Fig. 8 (b)). When they leave the region, the key is not valid anymore and the old group key needs to be rekeyed depending on the membership policy.

When M2ME moves in the cell, the eNB notifies it to MME and receive the security information from the eNB where the M2ME has left. This information is renewed periodically for security purpose.

A. Key establishment between eNB and the mobile M2ME In our previous work[8], we have proposed key establishment and authentication mechanism based on USIM card for ubiquitous healthcare system. For cellular M2M communication, we basically assume that USIM card and A3 and A8 algorithms are deployed in each M2ME. Based on that assumption, we can apply the initialization, key establishment, and authentication mechanism in [8] to cellular M2ME communication.

Figure 4. M2ME authentication and key generation in the cellular M2M communication system

B. Key establishment between a pair of M2MEs for direct communication When M2MEs are communicating directly with each other, there are many advantages. Time and frequency resources can be reused and latency can be reduced. Direct M2ME communications can be classified into two categories as in Fig. 5 (b) and (c).

When an M2ME device is registered to an eNB, the ID of M2M device and hashed key, H(Ki) for key generation are predistributed transferred to the eNB and M2ME through a secure channel. After registering the IDs of the device, the device and the eNB need to generate key chains with hash

581

(1) Two M2MEs in the same cell are directly communicating with each other (Intra-cell M2ME communication): When M2MEs belong to the same cell, they are managed by the same eNB, which means their pairwise keys are generated by the eNB. Because their IDs and authenticities can be validated by the same eNB, the time

provided when the resource of the M2ME is sufficient [14]. As mentioned in the previous section, in the process of data communication between the M2ME and the eNB, the plaintext can be delivered before the pairwise keys distributed and the time delay can be compensated as a result.

required for authentication can be reduced. When the M2MEs request the pairwise keys, the eNB generates the key and encrypts the key by the pairwise key between the eNB and each M2ME, and then distributes it to each M2ME for them to communicate with each other.

C. Group Key establishment among M2MEs for group communication Group based policing and addressing are required in cellular M2M communication. The network shall enable the broadcast to a specific group of devices. In our previous work, we proposed an energy-efficient and secure channel group key establishment and rekeying management scheme for mobile IPTV service [16]. It adopted Pre-distribution and local Collaboration-based Group Rekeying (PCGR), a group key management scheme for sensor networks [15]. We basically considered cellular network environment where many mobile devices are provided IPTV services through eNBs and ISP (Internet Service Provider). Because the mechanism is to generate group keys for group communication and to rekey the group keys, it can be efficiently adopted for cellular M2M group communication. Its brief process is shown in Fig. 6. Description in detail is omitted here.

‫ڌڠ ڨڍ ڨ‬ ‫ڌڠ ڨڍ ڨ‬

‫ڲ ڢګڊ ڲ ڢڮ‬

‫ڍڠ ڨڍ ڨ‬

‫ڲ ڢګڊ ڲ ڢڮ‬

‫ڍڠ ڨڍ ڨ‬

(a) Default data path setup

(b) Locally routed data path setup

‫ڌڠ ڨڍ ڨ‬

‫ڲ ڢګڊ ڲ ڢڮ‬ ‫ڍڠ ڨڍ ڨ‬

(c) Direct mode data path setup Figure 5. Cellular M2M data path setup Scenarios

(2) Two M2MEs located in different cells are directly communicating with each other (Inter-cell M2ME communication Fig. 5(c): When M2MEs located in different cells communicate with each other, setting up pairwise keys takes relatively longer. For this situation, they start communicating with a temporary key until they get the authentic pairwise key from each eNB. Homomorphic encryption algorithm can be adopted for the temporary communication. When neighboring M2MEs want to communicate with each other, they request pairwise key to each eNB. While they are waiting for the key to be delivered, they can exchange their data in packets encrypted with homomorphic encryption using the temporary keys until they get the pairwise keys from respective eNBs. We assume that the temporary keys are predistributed to each M2Mes which applied direct M2M or D2D communication at the setup stage. After they get the pairwise keys, they encrypt the temporary key with the pairwise key, and exchange them. After getting the key, they decrypt the data which have been piled up while they have waited for the key. After they share the pairwise keys, they communicate data traffic encrypted with the pairwise keys.

Figure 6. Direct mode data communication

(1)

Functional Group

When group communication is required for specific functions among M2MEs, group keys are to be established among M2MEs which accomplish the functions. In this case, M2MEs can be scattered in many cells. For example, some of the M2MEs need to provide specific data or need to play the role of relaying for other M2MEs. In this case, several designated M2MEs require group keys and even if they are mobile, memberships are not often changed. Even if the M2ME moves to another cell, MME can manage their locations if only M2ME maintains the group membership. When new M2MEs move in to specific cell, the eNB of the cell notifies it to MME and the location information is managed by the MME while the group membership and the group key are not changed. It is because the M2ME is still the functional group member even if its location is changed (Fig. 8(a)).

When the M2MEs move away from each other, the pairwise keys are disposed automatically and now they can communicate with each other through the eNBs. Additional security property can be added when higher level of security is required. For example, message authentication can be

582

(a) Group key initialization flow among ISC, eNB, and Devices (a) Functional Group

(b) Group key rekeying for all devices Figure 7. Group key management based on PCGR

(b) Regional Group Figure 8. Group management

(2) Regional Group Regional group membership is related to specific region of the network. In regional group, group membership could be changed depending on the policy and the mobility of the M2MEs. The ratio of M2MEs to eNB in regional group is higher than that of functional group membership. So the overhead for managing the group keys can be decreased when eNBs provide the secret share and the new group keys generated are just distributed to M2MEs by the eNBs. After generating the new regional group key, eNB distributes the new key encrypted with the old group key to each group member M2ME. When the M2ME moves out of the regional group, it is notified to MME, and the group keys can be rekeyed according to rekeying policy. The process for regional group key rekeying is as in Fig. 9. cWhen M2ME moves in the new cell and the M2ME is still in the regional group area, the eNB asks if the M2ME wants to get the group service.

Figure 9. Regional Group key rekeying and distribution through eNBs

IV.

dIf the answer is yes, eNB notifies this to MME and the MME just modifies the location information without rekeying the group key because the M2ME is still the group member.

SECURITY ANALYSIS

To the best of our knowledge, there is no key agreement mechanism proposal for cellular M2M group communication and D2D communication. So, we couldn’t compare our key agreement proposal with other mechanisms. We would like to consider the security aspects for cellular M2M and D2D communications related to key establishment.

eOtherwise, eNB notifies the answer to the MME, and the MME decides if the group key should be rekeyed or not. fIf rekeying is required, MME requests key share to the eNBs. gThe eNB reply with the key shares. hMME computes the new group key, send it back to eNBs. Finally, eNBs distribute the new group key to each member devices in each cell.

583

y Confidentiality: In cellular M2M communication, personal information such as location, account data, the content of the data can be revealed if the data are not encrypted. For encrypting the data, traffic encryption keys are used. In our work, we have proposed pairwise key agreement between M2MEs and eNBs, between M2Mes, and between Devices for D2D communication. We also proposed group key establishment process for secure group communication. Using those keys properly, even the attackers eavesdrop the data, the confidentiality can be achieved.

ACKNOWLEDGMENT This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education, Science and Technology(2012R1A1A3019459). REFERENCES [1]

[2]

y Authentication: Basically, machine or device need to authenticate the other entities before they communicate. In many cases, they need to mutually authenticate each other. In our proposal, by adopting the algorithms in USIM card, the device and eNB can mutually authenticate each other. For communication between the devices, additional authentication process is required.

[3] [4]

[5]

y Access Control: For the devices to get the access to the network, they need a process for getting the admission. The process is out of the scope or our work. However, through the admission step in cellular network, access can be controlled by the eNBs, and basic key related information can be acquired for further security functions.

[6] [7] [8]

[9]

y Integrity: Integrity is required for keeping data from being forged or modified by the attackers. The keys from our proposal can be used for encrypting the data and the data can be decrypted only by the receiver. This pairwise keys can be delivered by the eNB, and the eNB is not compromised, integrity can be obtained.

[10]

[11] [12]

y Privacy: In many cases, M2MEs are deployed closely to human beings. The data can contain very personal information which is not supposed to be disclosed. These days, privacy is one of the major security issues to be protected. Privacy protection is one of our future work.

[13]

[14]

V. CONCLUSIONS

[15]

More and more M2M equipments (M2MEs) are connected to traditional infrastructures in wired or wireless environments. Especially, connection of cellular network and M2M equipments is expected to bring great impacts and market share in future network. When M2MEs communicate with one another in the cellular infrastructure, the possibility of security breaches is getting higher while great deal of application services are provided. In this work, we proposed key establishment mechanisms for secure communication between entities in cellular M2M network. The mechanism includes keys for D2D communication and group communication among the M2MEs. Our key agreement proposal can provide security and reliability for cellular M2M communication.

[16]

[17]

[18] [19]

584

3G machine-to-machine (M2M) communications: Cellular 3G, WiMAX, and municipal Wi-Fi for M2M applications. Technical report, ABIresearch, 2007. The global wireless M2M market. Technical report, Berg Insight, December 2010. Cellular M2M Connectivity Services - Research Report by ABI Research , 2012. M. Zubair Shafiq,Lusheng Ji, Alex X. Liu, Jeffrey Pang, Jia Wang, "A First Look at Cellular Machine-to-Machine Traffic –Large Scale Measurement and characterization," SIGMETRICS’12, June 11–15, 2012. Mischa Dohler,Thomas Watteyne,Jesús Alonso-Zárate, "Machine-toMachine: An Emerging Communication Paradigm," Mobilight 2010, MONAMI 2010, PIMRC 2010, Globecom 2010. 3GPP TR 33.812 M2M Technology and Services of KT, KNOM tutorial 2011. Jung-Min Park, Inshil Doh, Kijoon Chae, "Security Approach for Ubiquitous Healthcare Services through Wireless Communication," In Proceedings of ACSA 2012. Ron Rivest, "Lecture Notes 15: Voting, Homomorphic Encryption," 2002-10-29. T. E. Gamal, "A public key cryptosystem and a signature scheme based on discrete logarithms," in Proceedings of CRYPTO 84 on Advances in cryptology. Springer-Verlag New York, Inc., 1985, pp. 10–18. P. Paillier, "Public-key cryptosystem based on composite degree residuosity classes," in Proceedings of Eurocrypt’99, 1999. D. Naccache and J. Stern, "A new public key cryptosystem based on higher residues," in CCS ’98: in Proceedings of the 5th ACM conference on Computer and communications security, 1998, pp. 59–66. D. Naccache and J. Stern, "A new public key cryptosystem based on higher residues," in CCS’98: in Proceedings of the 5th ACM conference on Computer and communications security, 1998, pp. 59–66. Jihae Park, Kyung Choi, Inshil Doh, Kijoon Chae, "Secure aggregation using homomorphic principle with verification," The 34th Conference of the KIPS, 2010. W. Zhang, G. Cao, "Group Rekeying for Filtering False Data in Sensor Networks: A Predistribution and Local Collaboration Based Approach," IEEE Infocom 2005. Inshil Doh,Jiyoung Lim,Min Young Chung, "Group Key Management for Secure Mobile IPTV Service," Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 2012. Inhyok Cha, Yogendra Shah, Andreas U. Schmidt, Andreas Leicher, Mike Meyerstein, "Security and Trust for M2M Communications," in Proceedings of the Wireless World Research Forum Meeing 22, 2009. Dean Fledderjohn, "Learn Cellular M2M Basics," Field Tchnologies Online. R. Rivest, A. Shamir, L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM, Vol. 21 (2), 1978, pages 120–126.