Security and privacy in wireless and roaming networks

Abstract

With the advancement of mobile technologies, wireless networks have become widely available and interconnected nowadays. However, since wireless transmission is done through the public atmosphere, wireless communications are more vulnerable to various kinds of network attacks. And the low bandwidth of wireless channels and the limited processing resources of wireless devices make it even more challenging to design security modules and protocols for protecting wireless communications. This thesis presents new techniques and methodologies on constructing Authentication and Key Establishment (AKE) protocols, which are a central piece for building secure communication channels, for wireless networks. We investigate several security and privacy issues regarding AKE protocols for wireless communications that lack formal security treatment and are urged to be provided with more promising security solutions. We explore the weaknesses in existing definitions and solutions for these problems and issues, give more formal and well-defined security models and definitions, and provide new solutions with rigorous security analyses and proofs. In particular, we focus on the following problems, We study the problem of two factor authentication and key establishment using mobile devices and passwords. We refine previously proposed security requirements, show the insecurity of some existing schemes, and present a provably secure and practical framework for constructing two factor authentication and key establishment protocols, where a user/client must have the mobile device and know the password in order to be authenticated and get services from the service provider/server. We then investigate the security and privacy issues in roaming networks. We show the insufficiency of existing security treatments for roaming networks and the insecurity of some existing roaming protocols. We also give the first full set of security requirements for anonymous secure roaming, and propose several different solutions. In particular, we propose two Universal Authentication and Key Establishment protocols for anonymous wireless communications. Compared with existing standards and solutions, our protocols greatly reduce system and round complexities, while at the same time provide stronger security and privacy protections for roaming users. We also perform a formal study on the notion of "Anonymous Signature" that is very useful in anonymous wireless communications. We first provide formal definitions for anonymous signature, and show that some popular digital signature schemes cannot provide signer anonymity. We then give extensions to those popular schemes for allowing them to achieve signer anonymity.