Information Technology Reference
In-Depth Information
real identity with her present location[2]. In [3], Kesdogan et al. also identified some
security flaws (including
passive attacks
and
active attacks
) of TP method and
proposed a new method, using the distributed TP (DTP). This method can protect
against passive attacks. However, the protection method against active attacks is not
clear. A detailed explanation will be given in Section 2. In this paper we consider
mainly some problems on an active attack in the TP method of Kesdogan et al.[3]. We
also propose and analyze a new scheme solving them. Our scheme is more effective
and secure than the previous ones.
We discuss about TP method in Section 2 and propose a new location management
scheme in Section 3 and analyze it in Section 4. Finally, in Section 5 we describe
concluding remarks.
2 Discussion of TP Method
Kesdogan et al. introduced attacks for the TP method in [3] as follows:
x
Active Attacks
: Active attacks of the network provider, i.e. attempts to find out the
user location by periodically asking her home trust device, may be recognized
because all requests are logged at the device. Hence, if there are many more requests
at the device than actual calls, this points towards an active attack.
As a matter of course, this is able to detect the attempt of an attack by maintaining a
log-file requested from the network provider in the trust device. However, it is not a
reasonable proof of an the attack because the network provider may consider the log-
file forged. They introduced only one solution, adding the functionality of a
reachability manager[7] to the device, i.e. it could decide for each request whether the
importance of the request justifies revealing the pseudonym. But this method would
be rather an alternative than a solution. It is not clear about how to decide whether the
request justifies a response. The problem lies upon the periodic request of network
provider for the PMSI to the device without a reasonable reason, even though the
external user did not call a request. In order to prepare for the attack of network
provider, it is necessary to check the request of real calls from the external user and
the real connection of the call setup that is received by the network provider to the
user. In addition, it is surely needed for the function of surveillance for the real
connection of calls by using the user and trust device. In addition, the existing
reachability manager is not included in this function so far. Moreover, the attaching of
the reachability manager system also adds further load. In the next section, we
propose a new scheme improving on these problems and analyzing its security and
effectiveness.
3 New Scheme for the Location Management
The basic idea of our scheme, protecting an illegal request from a malicious network
provider, is to verify whether an external user actually has requested by giving an
acknowledgement message ACK, as a proof that the user received a call request from
the network provider. A scenario of the scheme is as follows: (1) If an external user
