3. authentication and equipment identification 3.1...
TRANSCRIPT
33
3. AUTHENTICATION AND EQUIPMENT IDENTIFICATION
3.1 INTRODUCTION
Authentication is a process of exchanging information between a
communication device and the mobile network which allows the network
operator to confirm the identity of the mobile user. During inter MSC
handover the new MSC/VLR do not have any information
regarding the MN [60][61]. So MN has to be authenticated [62]. During the
validation of the user, a service provider can deny service if their identity is
not proved [63]. Authentication is necessary in order to prevent unauthorized
users requesting for the service. This process includes some challenging
procedures. Authentication is essential for effective security, since access
control is normally based on the identity of the user who requests for a
resource [63]. If heterogeneous handover occurs then Equipment
identification is also needed to verify the IMEI number of the device [64].
In the present system, MNs authentication and IMEI verification
occur in s home network. During inter MSC handover, the MN enters into
foreign network so authentication and identity checking consumes more time,
which leads to network traffic and interruptions in communication. To avoid
these drawbacks, in the proposed system an agent called Mobile Information
Centre (MIC) is introduced which is located in MSC itself [Annexure I]. Until
now MSC takes care of inter MSC handover, intra MSC handover and all the
BSCs under its control. In order to avoid additional burden to MSC, the
separate agent MIC is developed which is exclusively designed to handle
inter MSC handover. MIC is an additional module of storage in MSC along
with necessary software modules for processing. MIC is designed in such a
way that the MN is directly authenticated and its identity being checked within
the two MSCs which are involved in inter MSC handover [65][66]. A dual
authentication procedure is used for the verification of a MN. This method
reduces authentication delay, network traffic, packet dropage and process
time during inter MSC handover.
34
3.2 PROPOSED MODIFIED AUTHENTICATION MECHANISM
Since handover occurs within two MSCs, mutual authentication
among two MSC/MICs is sufficient without disturbing the home
network for information on the MN. For mutual authentication both MSC/MIC
(existing MSC/MIC and new MSC/MIC) shares p,q,g values, where p is a 512
bit prime number, q is a 160 bit prime factor of p-1, and g is
where h is primitive root of p. The p,q and g parameters are same as the
parameters used in Digital Signature Algorithm [67]. The diagrammatic
representation is given in Figure 3.1.
Figure 3.1: MIC with p,q and g values
To reduce the authentication and equipment identity delay MIC
Authentication Algorithm (MICAuA) is proposed which reduces the handover
delay and provide mutual authentication among existing MSC/MIC, new
MSC/MIC and MN which is shown in Figure 3.2. To implement this algorithm
IMEI number is stored in existing MSC/VLR during registration itself which is
represented in Figure 3.3.
35
Figure 3.2: Mutual authentication among MSCs and MN
Figure 3.3: MSC/VLR store IMEI value during registration process
3.2.1 Mobile Information Centre Authentication Algorithm (MICAuA)
The sequences of transactions that take place for authentication
are given in the following steps.
Step 1: During TCH activation of new BS, existing MSC sends handover
request (LAI, IMSI) along with TMSIold (TMSI number used by
existing MSC) RAND (Random Number), Kc (Ciphering Key) and
MSISDN (Mobile Station International Subscriber Directory
Number) to new MSC/VLR.
36
Step 2: Existing MSC sends handover indication response,
TCH information along with p,q and g values to MN. After
completing step 2, existing MSC, new MSC and MN gets all the
parameter values. Thereafter they can compute the following
parameters needed for authentication.
Step 3: MN computes
(3.1)
(3.2)
Existing MIC computes
New MIC computes
(3.3)
MN sends r and ex values to new MIC along with connection
request message.
New MIC sends r value to new MIC along with authentication reply.
Step 4: New MIC checks
If (r of MN = r of existing MIC) and (ex of MN =ey of new MIC) then
MN is authenticated
else
MN is an intruder.
37
The equations of r,ex and ey are derived from the Digital Signature
Algorithm (DSA) [67]. The results generated for the verification of
authentication and identity checking are done in Python software (Annexure
II) which are done in parallel.
3.2.2 Importance of MICAuA algorithm
The significance of MICAuA algorithm is identity privacy, Dual
Authentication and reduction of packet dropage, which is discussed in detail
in the subsequent sections.
3.2.2.1 Mobile node identity privacy
In existing algorithm, MN transmits IMSI number along with
authentication request. Similarly IMEI number is transmitted with equipment
identity request. IMSI and IMEI numbers are the unique identity key for every
MN. In MICAuA, the IMSI and IMEI are not transmitted for the authentication
and identity checking; so the probability of getting a unique key by intruder
will be almost nil. IMEI number is applied in r calculation alone which is
transmitted by MN. This reduces a separate equipment identity checking
process and provides security of IMEI number and also reduces time
compared to existing handover mechanism. In authentication even though
we are not using unique primary key, from the set of secondary keys (RAND,
TMSI, Kc and MSISDN), it provides authentication of MN. During MN
registration, RAND is given to MN by MSC but Kc and MSISDN are not
transmitted. TMSI number is only traceable to intruder. During the handover if
intruder gets handover request while sending from existing MSC to new
MSC, he succeed in the attack since IMEI number which is applied in r
value is not transmitted. Hence this method provides stronger user identify
privacy than other existing algorithms.
3.2.2.2 Dual Authentication
In existing algorithm MN is authenticated by HLR alone and hence
this is a single authentication method. In MICAuA, MN generates r and ex
38
values. Existing MIC generates r value and new MIC generates ey value. If r
value of MN is equal to r value of existing MIC then first authentication is
completed. This is also the identity checking process. Second authentication
is completed if ex value of MN is equal to ey value of new MIC. If both
authentications are satisfied then MN is an authenticated user else MN is not
an authorized user.
3.2.2.3 Reduction of packet dropage
Since same Kc is used for both MSC encryption and decryption
process so that, once authentication is completed then MN has to send data
with TMSIold to new MSC. New MSC forwards this data to Corresponding
Node (CN) through existing MSC. Similarly existing MSC forwards the data to
MN through new MSC. This data transmission continues to take place until
TMSInew allocation and path establishment from new MSC to CN is
completed. Where as in the original procedure, once the request for
handover is issued and authentication process starts, the transmission of
package is stopped or lost. This reduces the packet dropage and
retransmission of data. The duration of non transmission of data packet are
much less. Thereafter data will be communicated to CN through new MSC
with TMSInew.
3.3 MICAuA APPLICATION IN VARIOUS INTER MSC HANDOVER
In this section the application of MICAuA in various inter MSC
handover processes and the delay in handover is compared with existing
method and the improvements are evident.
3.3.1 MICAuA in GSM heterogeneous Inter MSC handover
In GSM heterogeneous Inter MSC handover, since MSCs are under
different service providers, MN has to authenticate and IMEI checking should
be done for proper authentication. Also TCH, MSRN (Mobile Station
Roaming Number), TMSI should be allocated newly.
39
We have learnt fro 68] authentication
protocol, key (Ki) and Random number (RAND) are used at HLR to generate
a temporary key with A3 algorithm. Further, that key is shared with MN and
visiting VLR. Ki is the secret key with MN and HLR, and the random number
is generated by HLR using random number generation algorithm. A
certificate CERT_VLRZ is created for A3 (Timestamp of MN, Ki) at HLR. This
certificate is used to verify the visiting VLR of MN.
Chin-Chen Chang [63], in his paper has used TMSI and LAI to
recognize IMSI between MN and VLR during authentication request. Further
VLR forwards IMSI along with time stamp to HLR for calculating SRES.
Though the IMSI transmission between MN and VLR is avoided, IMSI has to
be forwarded to HLR for SRES calculation. For mutual authentication Chun-I
Fan [69] has proposed time based protocols between MN, VLR and HLR. He
also suggested clock synchronization among the systems. Further stable
transmission is a prerequisite in his proposed system. This may lead to
hardware speculations. In his jth authentication protocol between user and
system, the final verification of authentication is done at the MN. For mutual
authentication during roaming services Yixin Jiang [70] suggested self-
certified scheme. This requires the transmission of the shared key through
the secured channel. Also he has used the temporary identity for
authentication between VLR, HLR and MN. He has used this temporary
identity for the purpose of combining certificate based and identity based key
systems.
71] work we have observed a trust model is
framed to bypass the VLR and HLR for the purpose of mutual authentication
between MN and AuC. He has also used offline authentication between HLR
and MN within the same network. In this work, we have used the similar
concept for the purpose of inter MSC authentication. Ming-Chin Chuang [72]
implemented authentication mechanism as a seamless handover process in
Proxy Mobile IP version 6. In his architecture, a set of MSCs are connected
40
with local mobility anchor and Authentication-Authorization-Accounting (AAA)
server. He adopted 3 procedures. They are initial registration, authentication,
and password change procedure. There are 12 steps to complete these
authentication procedures. Yuh-Ren Tsai [73] proposed subscriber identity
module based authentication mechanism. He has used WLAN concept for
authentication purpose which involves Dynamic Host Configuration Protocol
(DHCP), Authentication server and gateway. This authentication mechanism
has temporary IP address acquisition phase and subscriber identity
verification Phase. In a temporary IP address Acquisition Phase MN finds
out DHCP server and also gets a temporary IP address of authentication
servers. In subscriber identity verification phase MN sends a registration
HLR then forwards the message to the HLR. HLR generates triplet and
returns to the authentication server. Further he has utilized A3 and A8
algorithms. Qiang Tang [74] in his Cryptanalysis of hybrid authentication
protocol for large mobile network, suggested not burdening the MN for
extensive computations for the purpose of authentication. As the hybrid
authentication protocol has to authenticate every message through Kerberos
V4 (version 4) and V5 (version 5). Initial authentication has to be re-hashed
by the MN. Guangsong Li [75] in his concept of proactive key distribution -
ticket-based re-authentication scheme for fast Handover method, used the
authentication server to provide the handover ticket to MN. Each ticket
corresponds to the neighboring access point of MN. The ticket contains
encrypted pairwise master key neighbor access point, generated by the
authentication server. With this ticket the MN can re-authenticate with
neighbor AP.
3.3.1.1 Existing procedure
MN measures the received signal level (RXLEV) and received
signal quality (RXQUAL) of current communication and received signal
strength of neighbouring cells in every 480ms. MN has to send these
41
information to existing BSC through Slow Associated Control Channel
(SACCH)[76][77]. Existing BSC verifies whether the neighbouring cells are
under its subordinate or not. Since in inter MSC handover, all the
the existing BSC forwards this
message to existing MSC. Existing MSC identifies the new BS based on the
signal strength, and also it sends handover request (LAI, IMSI) to new MSC.
The new MSC/VLR stores the IMSI and LAI values to its database. New
MSC sends new TCH request to new BSC. New BSC allocate a TCH to MN
and then sends TCH activation message to new BS [78]. New BS activates
the TCH and then sends TCH response to new MSC through new BSC. The
TCH activation procedure is shown in Figure 3.4. New MSC forwards the
TCH response to existing MSC. Existing MSC sends the handover indication
response along with TCH information to MN through existing BSC and the
same is given schematically in Figure 3.5. MN sends handover indication
response acknowledgement to existing BSC. There after no communication
occurs between MN to existing BS. Instead of TCH allocation to new BSC
through new BS, this pre-allocation preforms through existing BS before MN
being connected to new BS. Due to this pre-allocation of TCH in advance,
the handover time is reduced.
Figure 3.4: TCH activation
42
Figure 3.5: Handover indication response
To transmit data through new TCH, new BS has to establish the
control channel SDCCH with MN [79]. After receiving the SDCCH request
from the MN, new BSC has to assign a SDCCH to MN. SDCCH is a
dedicated point-to-point signaling channel which is not tied to the existence of
i.e. it is used for signaling between a MN and the BSC
when there is no active connection. The SDCCH involves in authentication
process, MN location update process and TCH assignment process.
For RAND, SRES,
Kc, TMSI, LAI and entire database values of are invalid.
Hence MN has to prove its authentication and identity checking once again.
For authentication MN sends connection request along with IMSI to new
MSC through SDCCH. The SDCCH assignment is shown in Figure 3.6. New
MSC identifies the home MSC of MN from the IMSI value then forwards this
connection request to its home MSC. Home MSC generates a RAND using
random number generation algorithm. RAND
are taken as inputs and perform COMP-128 algorithm [32][63]. This algorithm
produced SRES and Kc as the outputs which is shown in Figure 3.7. Home
MSC sends triplet (SRES, Kc, RAND) to new MSC. New MSC/VLR stores
this triplet and sends RAND to MN. MN executes SRES and Kc using
COMP- . MN sends SRES
43
to new MSC as authentication reply. New MSC verifies the SRES generated
by both MN and home MSC. If both are equal then MN is authenticated node.
After the authentication process, MN sends IMEI number to home MSC, so
that home MSC/EIR can verify the IMEI number. IMEI checking is to avoid
malicious user from using block list of stolen devices. After IMEI checking is
completed, new MSC/VLR assigns a MSRN number and this number is
shared by home MSC and new MSC. Similarly TMSI number is assigned by
new MSC/VLR which is shared by new MSC and MN as shown in Figure 3.8.
TMSI is used for data transmission. New MSC sends a TCH release
message to existing MSC [80][81]. Existing MSC releases the old TCH and
then it sends acknowledge message to new MSC so that that particular TCH
can be used to other new mobile devices. New MSC sends connection
complete message to MN. Then MN sends information for outgoing
communication message to new MSC. New MSC sends initial address
message (path establishment) to CN. CN sends address complete message
to MN through new MSC. After these processes, both MN and CN
communicate with each other.
Figure 3.6: SDCCH assignment
44
Figure 3.7: Authentication process
Figure 3.8: TMSI assignment process
3.3.1.2 The attack on the existing method
Using man-in-the-middle technique, an attacker can pretend to be
an original user of the network [82][83]. In this case, the network sends the
RAND number along with the authentication request to the user. The attacker
captures the authentication request message. Then attacker forwards the
same message to original user as a service provider. Then the original user
computes COMP-128 algorithm to calculate SRES value and sends it to
attacker. Attacker receives the SRES values and further forwards it to
45
network. Network gives authentication completion message. The Figure 3.9
shows the above said process in detail.
Figure 3.9: Man-in-the-middle attack
To find the key, the attacker may use several ways. If the attacker
sends any query to the user (example phone number), then user replies to
attacker. From that, the attacker can use brute-force attack then it can
identify the key Kc [84]. Also in these algorithms bit size is 128. Present
[85]. These drawbacks are
overcome using the proposed method.
3.3.1.3 Proposed work
In the proposed work, while sending TCH request from existing
MSC to new MSC, existing MSC adds additional parameters TMSI, RAND,
Kc and MSISDN. Handover request procedure and parameter exchange are
shown in Figure 3.10. Since existing and new MSC/MICs share p, q and g
values, the new MSC/MIC has sufficient parameter values to compute ey
value as per equation 3.3 in the mutual authentication algorithm. Since
existing MSC/VLR stores the IMEI number during the registration process,
existing MSC/MIC can calculate r value as given in equation 3.1. In case the
intruder captures this handover request information, IMEI number is not
available. So he cannot succeed. To compute ex based on equation 3.2 and
r values, MN needs the p, q and g values. For that existing MSC sends this p,
q and g values to MN through handover indication response message along
46
with new TCH information is shown in Figure 3.11. MN sends
acknowledgement to existing BS then connection is terminated with existing
BS. MN now requests to establish control channel SDCCH to new BS. New
BS establishes this control channel and the channel information is sent to
MN. Since existing MSC, new MSC and MN gets their own parameters to
compute the parameters needed for MICAuA. Also due to parallel processing
all computations are completed before establishing SDCCH. This reduces
the handover time also. MN sends connection request along with ex and r
values to new MSC/MIC. Similarly existing MSC sends the authentication
reply along with r value to new MSC/MIC. Then new MSC/MIC performs the
MICAuA authentication verification process in which it checks whether ex
generated by MN and new MSC/MIC generated ey are equal as well as r
value generated by MN and existing MSC/MIC are equal. If both conditions
are satisfied then MN is an authorized user otherwise MN is an intruder.This
is reperesented in Figure 3.12. If MN is intruder then network denies its
service. IMEI is used to computer r value and hence there is no need of
identity checking separately thereby reduces a step in handover. Since MN is
a genuine user to the existing MSC, both existing MSC and new MSC
authentication is sufficient to prove the MN as an authorized one.
47
Figure 3.10: Handover request with additional parameters and TCH activation
Figure 3.11: Handover indication responses with additional parameters
Figure 3.12: Dual Authentication
Once new MSC completes dual authentication, communication
starts immediately via new MSC and existing MSC with the help of TMSIold
(TMSI value which was used to communicate before handover process) as
shown in Figure 3.13. TMSIold is stored in MN, new MSC and existing MSC.
Hence any data received from CN by existing MSC is forwarded to new MSC
which is further forwarded to MN. Similarly any data packet received from the
48
MN by new MSC is forwarded to existing MSC which is further forwarded to
existing MSC and then to CN. Due to this data communication, dropage in
transmitted data and handover delay is reduced. Therefore for time sensitive
applications such as multimedia, voice and video the quality of information is
improved.
During communication, new MSC generates new TMSI and MSRN
values. TMSI is distributed to MN and also MSRN is distributed to home MSC
in parallel. There after MN gives the information for outgoing communication
to new MSC and new MSC establish the path (routing) to the CN which is
given in Figure 3.14. Until now the TCH used by existing BS to the particular
MN is not released instead it is kept on reserve. Now, because of the new
MSC established connection with CN, new MSC sends the TCH release
message to existing MSC, existing MSC forward this message to the
concerned BSC, and BSC releases the TCH information from its database
and also it sends release message to the concerned BS. The BS releases
the particular TCH and then sends acknowledgement to existing MSC
through BSC. Thereafter the released TCH can be utilized for new
communications. Existing MSC deletes
MSC/VLR database, there after there is no information available in existing
MSC . The above process is shown in detail in Figure 3.15.
49
Figure 3.13: Data communication via new MSC and existing MSC
Figure 3.14: New Path establishment
Figure 3.15: Proposed TCH release message
This data communication continues with TMSIold until the existing
MSC/VLR deletes . This increases communication
duration and there by reduces idle time and hence packet drops. Then
existing MSC sends the handover complete message to new MSC. New
MSC forward this handover complete message to MN so that the further data
packets are re-routed by new TMSI value and send to CN. All these
50
information are given along with the required parameters and the time on
which they are requested. The data flow is shown in Figure 3.16.
Figure 3.16: MICAuA in GSM heterogeneous inter MSC handover
3.3.1.4 Simulation Results
The Simulation is done in yellowjacket string Editor. The standard
transmission delay involved in the proposed as well as in the existing work is
shown in Table 3.1 [22].
51
Table 3.1: Transmission delay
Channel Type Transmission
Delay (ms)
SDCCH (Stand-alone Dedicated Control Channel) 14
SACCH (Slow Associated Control Channel) 14
FACCH (Fast Associated Control Channel) 38
BCCH (Broadcast Control Channel) 14
AGCH (Access grant Channel) 14
PCH (Paging Channel) 14
Intermediate nodes 10 (assume)
After authentication, the existing MSC forwards the data packets to
new MSC as shown in Figure 3.17. Figure 3.18 represents new path
establishment process and Figure 3.19 shows data communication after
handover completion process.
Figure 3.17: Simulation Result Data transfer from existing MSC to new MSC
52
Figure 3.18: Simulation Result New path establishment
Figure 3.19: Simulation Result Data transfer via new path
53
3.3.1.5 Comparison between existing and proposed procedure in GSM heterogeneous Inter MSC handover
Using simulation a comparison between the existing procedure and
proposed procedure run on various parameters are given in the Table 3.2
shown below.
Table 3.2: Comparison of various activities for GSM heterogeneous handover
Existing Work Proposed Work
Authentication type
Single authentication Double authentication
-
-
54
Existing Work Proposed Work
Identity privacy IMSI and IMEI numbers are unique numbers of MN. Transmit IMSI along with authentication request. Also transmit IMEI number along with identity request.
Instead of IMSI number, TMSI is used in the authentication algorithm. IMEI number is used to compute r values.
Based on handover delay, the percentage of reduction in handover
delay is 44% compared to existing procedure.
3.3.2 MICAuA in GSM homogeneous Inter MSC handover
Inter MSC handover within an access network is called
homogeneous inter MSC handover [86][87]. Homogeneous inter MSC
handover perform authentication process but it eliminates equipment identity
process.
3.3.2.1 Existing work
GSM homogeneous inter MSC procedure is same as
heterogeneous handover as discussed in section 3.3.1.1 but the only
55
difference is that identity checking is not needed. The handover parameters
and the sequence of the data flow is shown in Figure 3.20.
Figure 3.20: Data flow for existing GSM homogeneous handover
3.3.2.2 Proposed work
In the proposed work the TCH allocation procedure is same as in
the existing procedure but additional parameters are added and appended
and given to new MSC and MN. With the help of the additional parameters
MN is authenticated based on MICAuA algorithm. After the completion of
authentication, communications starts with the help of both MSCs. TMSI and
56
MSRN allocation and its activation will be done as parallel process, hence it
consumes less time. The new routing path is established from new MSC to
CN. Thereafter existing BS TCH is deactivated. After these processes, data
communication starts with new TMSI through new path. The parameters
involved in the handover and the detailed dataflow is shown in Figure 3.21.
Figure 3.21: Data flow for proposed GSM homogeneous handover
57
3.3.2.3 Comparison between existing and proposed work during GSM homogeneous Inter MSC handover
A comparison between existing and proposed work during GSM
homogeneous Inter MSC handover is made based on various parameters
and is shown in Table 3.3. The proposed procedure provides 34.7%
reduction compared to existing one in the handover delay.
Table 3.3: Comparison table for GSM homogeneous handover
Existing procedure Proposed procedure
Authentication Single Double
Handover delay 960ms 626ms
Parallel processing Not permitted Permitted
No of bits process 128 bits 512 bits
Packet dropage duration 806 ms 263 ms
3.3.3 IS-95 homogeneous inter MSC handover
IS-95 is a CDMA based network. In IS-95 soft and softer handover
are possible only with intra BSC, but in case of inter MSC hard handover is
only possible. Hence authentication is necessary during inter MSC handover.
3.3.3.1 Existing work
In IS-95 authentication procedure, instead of COMP-128 algorithm,
CAVE algorithm is used [41]. The detailed flow diagram is shown in
Figure 3.22.
3.3.3.2 Proposed work
With the help of MIC agent homogeneous inter MSC, hard
handover is made as soft handover. The same radio frequency is shared by
both existing BS and new BS but the channels use different Walsh codes and
58
the mobile node communicates simultaneously with these BSs [88]. Due to
this, there is no data loss during handover. Figure 3.23 shows the detailed
handover procedure. In the MICAuA, for the computation of r value
(equation 3.1), ESN is used instead of IMEI.
Figure 3.22: Data flow for existing IS-95 homogeneous handover
59
Figure 3.23: Data flow for proposed IS-95 homogeneous handover
3.3.3.3 Simulation Results
After receiving the TCH and pn offset information, the data
transmission takes place in both BSs. Figure 3.24 shows the simulation
output for this scenario.
60
Figure 3.24: IS-95 soft handover
3.3.3.4 Comparison between existing and proposed work during IS-95 homogeneous Inter MSC handover
A comparison is made between existing and proposed works of IS-
95 homogenous inter MSC handover based on the output obtained from
yellowjacket string Editor and is shown in Table 3.4
Table 3.4: Comparison table for IS-95 homogeneous handover
Existing procedure Proposed procedure
Handover delay 798 ms 400 ms
Handover type Hard Handover Soft Handover
Data packet loss Yes No
Packet dropage duration 640 ms Nil
Percentage reduction in handover delay for the proposed procedure
is 49.9%
61
3.3.4 IS-95 Heterogeneous inter MSC handover
In IS 95 heterogeneous inter MSC both existing and proposed work
involves hard handover.
3.3.4.1 Existing work
The diagrammatic representation of the parameter used and the
data flow is shown in Figure 3.25. Since ESN is applied in CAVE algorithm
itself there is no need for separate procedure for identity checking. This also
reduces the handover delay.
Figure 3.25: Data flow for existing IS-95 heterogeneous handover
62
3.3.4.2 Proposed work
In the proposed work MICAuA algorithm is applied for
authentication of IS-95 heterogeneous network. The data flow of the
handover is shown in Figure 3.26.
Figure 3.26: Data flow for proposed IS-95 heterogeneous handover
63
3.3.4.3 Comparison between existing and proposed procedure during IS-95 heterogeneous Inter MSC handover
By the simulation it is seen that the Percentage of handover delay
reduction in the case of proposed procedure is 50.54% compared to the
existing procedure. The comparison between the existing work and the
proposed work based on the output obtained from yellowjacket string Editor
simulator is shown in Table 3.5.
Table 3.5: Comparison table for IS-95 heterogeneous handover
Existing procedure Proposed procedure
Handover delay 912 ms 451 ms
Parallel processing Not permitted Permitted
Authentication Single Dual
Number of bits process 128 bits 512 bits
Packet dropage duration 788 ms 153 ms
3.3.5 IS-95 to GSM heterogeneous inter MSC handover
IS-95 system supports both TDMA and CDMA based network. In
this vertical handover of the existing and proposed work is discussed below.
3.3.5.1 Existing work
In vertical handover, cave algorithm is utilized for authentication.
Traffic channel and SDCCH activation, authentication procedure is discussed
in detail using the flow diagram shown in Figure 3.27.
64
Figure 3.27: Data flow for existing IS-95 to GSM heterogeneous handover
3.3.5.2 Proposed work
The MICAuA is applied for the vertical handover authentication so
as to reduce the handover delay. The procedural steps involved is shown in
Figure 3.28.
65
Figure 3.28: Data flow for proposed IS-95 to GSM heterogeneous handover
3.3.5.3 Comparison between existing and proposed procedure in IS-95 to GSM Inter MSC handover
The Percentage of reduction in handover delay in case of proposed
method is 42.61%. A detailed comparison made based on various
parameters for the existing and proposed work is shown in Table 3.6.
66
Table 3.6: Comparison table for IS-95 to GSM heterogeneous handover
Existing procedure Proposed procedure
Handover delay 998 ms 577 ms
Parallel processing Not permitted Permitted
Authentication Single Dual
Number of bits process 128 bits 512 bits
Packet dropage duration 830 ms 419 ms
3.3.6 3G WCDMA Inter MSC handover
The authentication algorithm MICAuA is also applicable to 3G Inter
MSC handover. The existing handover and the proposed handover is studied
in detail and simulated. A comparison between the two is also made below.
3.3.6.1 Existing work
In 3G except authentication, the remaining process remains same
as 2G. For authentication, the home MSC generates RAND and Sequence
Number (SQN). Figure 3.29 and Figure 3.30 show the existing procedure.
F1, F2, F3 F4 and F5 functions are generated based on RAND, Key (K),
Authentication and key Management Field (AMF), SQN etc., [89][90]. The
home network sends the Quintel (RAND, Expected Response (XRES), CK,
Integrity Key (IK), Authentication Token (AUTN)) to new MSC. New MSC
sends RAND and AUTN to MN. MN generates F1 to F5 functions and
forwards Response (RES) to new MSC. New MSC verifies whether the RES
send by MN and XRES send by home MSC are same. If same, then it sends
authentication complete message.
3.3.6.2 Proposed work
In the proposed work MICAuA is being applied for authentication
and found that the handover delay is reduced. The procedural step for
handover is shown in Figure 3.31.
67
Figure 3.29: Data flow for existing 3G WCDMA heterogeneous handover-1
68
Figure 3.30: Data flow for existing 3G WCDMA heterogeneous
handover-2
69
Figure 3.31: Data flow for proposed 3G WCDMA heterogeneous handover
3.3.6.3 Comparison between existing and proposed procedure during 3G-WCDMA Inter MSC handover
A comparison is made between the existing and the proposed work
for 3G WCDMA and is shown in Table 3.7.
70
Table 3.7: Comparison for 3G WCDMA heterogeneous handover in existing and proposed procedures
Existing Work Proposed Work
Handover delay 1104 ms 451 ms
Parallel processing Not permitted Permitted
Authentication Single Dual
Number of bits processed 128 bits 512 bits
Packet dropage duration 980 ms 153 ms
Percentage of reduction in handover delay for the proposed
procedure is 59.1%
3.4 CONCLUSION
In this chapter, how the authentication algorithm MICAuA is being
applied to various generations of mobile communication networks is
discussed. This chapter also provides a brief comparison between existing
mechanism and the proposed method and improvements are observed in the
proposed mechanism. Even though this algorithm provides improvements
from the existing system, the new BS is decided based on the signal strength
of neighbouring BSs given by MN. The signal strength obtained by the MN
will not be accurate due to signal reflection from buildings, mountains or
other reflective surfaces including water, etc. This leads to wrong prediction
of new BS. To avoid these drawbacks, and to find the accurate location of
MN, hybrid location prediction method is suggested which is discussed in
detail in the subsequent chapter.