The integration of heterogeneous mobile/wireless networks using an IP-based core network materializes the beyond third generation (B3G) mobile networks. Along with a variety of new perspectives, the new network model raises new security concerns, mainly, because of the complexity of the deployed architecture and the heterogeneity of the employed technologies. In this chapter, we examine and analyze the security architectures and the related security protocols, which are employed in B3G networks focusing on their functionality and the supported security services. The objectives of these protocols are to protect the involved parties and the data exchanged among them. To achieve these, they employ mechanisms that provide mutual authentication as well as ensure the confidentiality and integrity of the data transferred over the wireless interface and specific parts of the core network. Finally, based on the analysis of the security mechanisms, we present a comparison of them that aims at highlighting the deployment advantages of each one and classifies the latter in terms of: (1) security, (2) mobility, and (3) reliability.
Key Terms in this Chapter
Authentication, Authorization, and Accounting (AAA): AAA is a security framework which provides authentication, authorization, and accounting services. The two most prominent AAA protocols are Radius and Diameter.
Extensible Authentication Protocol method for GSM Subscriber Identity Modules (EAP-SIM): EAP-SIM is an EAP method based on GSM authentication of SIM cards.
Extensible Authentication Protocol (EAP): EAP is a security framework used to provide a plethora of authentications options, called EAP methods.
802.11i: 802.11i is a security framework that incorporates the four-way handshake and group-key handshake for session key management and specifies the TKIP and CCMP security protocols to provide confidentiality and integrity services in 802.11 WLAN.
Counter-Mode/CBC-MAC Protocol (CCMP): CCMP is a security protocol defined in 802.11i, which employs the AES encryption to provide confidentiality and data integrity services.
IKEv2: IKEv2 is a security association (SA) negotiation protocol used to establish an IPsec-based VPN tunnel between two entities.
Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA): EAP-AKA is an EAP method based on UMTS authentication of USIM cards.
Beyond Third Generation (B3G): B3G is the integration of heterogeneous mobile networks through an IP-based common core network.
IP Security (IPsec): IPsec is a security protocol used to provide VPN services.