Secure mobile communication via identity-based cryptography and server-aided computations

In this paper, an identity-based key agreement protocol for securing mobile telephony in GSM and UMTS networks is presented. The approach allows two mobile phones to perform a session key agreement over an unsecured channel and between different providers using telephone numbers as public keys. Using the created session key, a symmetric encryption of all call data can be performed. Solutions to the problems of multi-domain key generation, key distribution, multi-domain public parameter distribution and inter-domain key agreement are presented. Furthermore, the proposed approach can be speeded up using server-aided cryptography, by outsourcing computationally expensive cryptographic operations to a high-performance backend computing server. The feasibility of the approach is illustrated by presenting experimental results based on a Symbian implementation running on N95-1 and N82-1 Nokia smartphones.

[1]  L. Moldal,et al.  End to end encryption in GSM, DECT and satellite networks using NSK200 , 2003 .

[2]  Vitaliy V. Sapozhnykov,et al.  A Data Modem for GSM Voice Channel , 2008, IEEE Transactions on Vehicular Technology.

[3]  Eiji Okamoto,et al.  Key distribution system based on identification information , 1989, IEEE J. Sel. Areas Commun..

[4]  G. Edward Suh,et al.  Speeding up Exponentiation using an Untrusted Computational Resource , 2006, Des. Codes Cryptogr..

[5]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[6]  Ulrike Meyer,et al.  A man-in-the-middle attack on UMTS , 2004, WiSe '04.

[7]  J. M. Pollard,et al.  Theorems on factorization and primality testing , 1974, Mathematical Proceedings of the Cambridge Philosophical Society.

[8]  Paulo S. L. M. Barreto,et al.  A New Two-Party Identity-Based Authenticated Key Agreement , 2005, CT-RSA.

[9]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[10]  Pil Joong LeeDepartment Authenticated Session Keys and Their Server-aided Computation , 2007 .

[11]  Ashutosh Saxena,et al.  Mutual Authentication and Key Agreement for GSM , 2006, 2006 International Conference on Mobile Business.

[12]  Travis Earl Russell,et al.  Signaling System #7 , 1995 .

[13]  Chae Hoon Lim,et al.  Security and Performance of Server-Aided RSA Computation Protocols , 1995, CRYPTO.

[14]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[15]  Anna Lysyanskaya,et al.  How to Securely Outsource Cryptographic Computations , 2005, TCC.

[16]  Christophe Clavier An Improved SCARE Cryptanalysis Against a Secret A3/A8 GSM Algorithm , 2007, ICISS.

[17]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[18]  Ahmet M. Kondoz,et al.  Secure voice over GSM and other low bit rate systems , 2003 .

[19]  Phong Q. Nguyen,et al.  Distribution of Modular Sums and the Security of the Server Aided Exponentiation , 2001 .

[20]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[21]  Hideki Imai,et al.  Speeding Up Secret Computations with Insecure Auxiliary Devices , 1988, CRYPTO.

[22]  Bernd Freisleben,et al.  An Identity-Based Key Agreement Protocol for the Network Layer , 2008, SCN.

[23]  Eiji Okamoto,et al.  Key Distribution Systems Based on Identification Information , 1987, CRYPTO.

[24]  Jeff Hewett,et al.  Signaling System No. 7 (SS7/C7): Protocol, Architecture, and Applications , 2003 .

[25]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.