Entity Authentication And Personal Privacy In Future Cellular Systems

The article discusses the increasing use of mobile communication and the need for entity authentication and personal privacy in future cellular systems. It examines the access security in current 3GPP systems, including GSM/GPRS and UMTS, as well as the emerging LTE architecture. The first part of the book focuses on the authentication and key agreement procedures in 3GPP systems, while the second part discusses the limitations and shortcomings of current cellular access security architectures. The article also explores the potential for improved subscriber privacy and entity authentication without the restrictions of backwards compatibility. The design of authentication protocols and the role of formal verification in security protocol design are also discussed.

There are now (Q1 2009) more than 4 billion cellular subscribers in the world and this number is constantly growing. With this in mind it should be clear that use of mobile communication has already become both pervasive and ubiquitous. It has become a global commodity really. Entity Authentication and Personal Privacy in Future Cellular Systems aims at explaining and examining access security as it is found in mobile/cellular systems. A thorough investigation of how access security and personal privacy is handled in the 3GPP system is conducted. This includes both the 2G systems GSM/GPRS and the 3G system UMTS. The emerging fourth generation LTE architecture is also examined. The first part of the book deals exclusively with presenting access security as found in the 3GPP system. Particular attention is given to the authentication and key agreement procedures. The 3GPP systems have evolved and the access security architecture in LTE is substantially more advanced and mature than what you would find in GSM/GPRS, but even the LTE security architecture has its limitations. In part two of the book we go on to examine what is missing from the current cellular access security architectures. Some of the shortcomings found in GSM/GPRS and later UMTS have been partially addressed in LTE, but the burden of backwards compatibility has meant that many issues could not easily be resolved. Free from those restrictions, we shall see that one can provide substantially improved subscriber privacy and enhanced entity authentication, while also avoiding the delegated authentication control that all 3GPP systems have. The design of authentication protocols is discussed in depth, and this would also include looking into the role of formal verification in the design of security protocols.