Advancing authentication for cellular networks and mobile users

Julkaisun otsikon käännös: Advancing authentication for cellular networks and mobile users

Tutkimustuotos: Doctoral ThesisCollection of Articles


Cellular networks provide connectivity and network services to billions of users. Therefore, it is critically important to protect the cellular network and its users against malicious actors. This thesis contributes to two aspects of cellular network security: authentication and transparency. Authentication is a crucial element in cellular network security. It is required for authorizing subscribers to access the cellular services, authenticating users to applications, and logging in administrators to the cellular backend. We integrated federated OpenID authentication with an early version of the OpenStack cloud for authenticating the cloud administrators. One of the authentication methods in OpenID was the Generic Bootstrapping Architecture (GBA), which uses the mobile subscriber credentials for the authentication. We performed formal modeling and analysis of OpenID with GBA internetworking. The analysis provided security assurance of the integration for critical applications, such as administering virtual mobile backend functions in the cloud. The security of the mobile subscriber authentication depends on how the user credentials are provisioned, and this is changing from physical SIM cards to remotely downloadable SIM profiles. We perform formal modeling and analysis of the consumer Remote SIM Provisioning (RSP) protocol that is used for downloading the credentials. We verify that the protocol meets its stated and implicit security goals against a network adversary. We also analyze the protocol in realistic partial compromise scenarios, such as in the presence of some compromised servers and phones. We then suggest how to make the protocol more robust in these scenarios. In the cloud, a tenant relies on the cloud provider for its security. We developed an automated security compliance monitoring tool for the OpenStack cloud. Its primary purpose was to increase trust in the cloud platform and to enable the implementation of virtual network functions. This work was done before commercial cloud providers had widely adopted such compliance monitoring mechanisms. We also designed two transparency mechanisms that enable the tenants and third-party auditors to monitor for security breaches. The first is a smart contract based transparency mechanism for the web PKI, and the second is transparency for issued SIM profiles in RSP. Overall, this thesis presents research results that have addressed timely and relevant security issues in cellular networks over a time span of about ten years. We have contributed technologies and provided research-based input to the design and implementation of secure cellular networks.
Julkaisun otsikon käännösAdvancing authentication for cellular networks and mobile users
Myöntävä instituutio
  • Aalto-yliopisto
  • Aura, Tuomas, Vastuuprofessori
Painoksen ISBN978-952-64-1335-8
Sähköinen ISBN978-952-64-1336-5
TilaJulkaistu - 2023
OKM-julkaisutyyppiG5 Artikkeliväitöskirja


Sukella tutkimusaiheisiin 'Advancing authentication for cellular networks and mobile users'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä