Enhance Vertical Handover Security During Execution Phase in Mobile Networks

Omar Khattab

Department of Computer Science and Engineering,Kuwait College of Science and Technology(KCST),Kuwait

Abstract: The Vertical Handover (VHO) is one of the most vital features provided for the heterogeneous mobile networks.It allows Mobile Users(MUs)to keep ongoing sessions without disruption while they continuously move between different Radio Access Technologies(RATs)such as Wireless Fidelity (Wi-Fi),Global System for Mobile Communication (GSM),Universal Mobile Telecommunications System (UMTS),Long Term Evolution(LTE) and Fifth Generation (5G).In order to fulfill this goal,the VHO must comply to three main phases:starting of collecting the required information and then passing it for decision phase to obtain the best available RAT for performing VHO by execution phase eventually.However,the execution phase still encounters some security issues which are exploited by hackers in launching malicious attacks such as ransomware,fragmentation,header manipulation,smurf,host initialization,reconnaissance,eavesdropping,Denial of Service (DoS),spoofing,Man in the Middle (MITM) and falsification.This paper thoroughly studies the recent security issues for hundreds VHO approaches found in the literature and comes up with a secure procedure to enhance VHO security during execution phase.A numerical analysis results of the proposed procedure are effectively evaluated in terms of security and signaling cost.Compared with the recent related work found in literature,the analysis demonstrates that the security is successfully improved by 20%whereas signaling cost is maintained as in non-proposed procedure.

Keywords: Vertical handover security;mobile networks;wireless networks;heterogeneous wireless networks

1 Introduction

Maintaining ongoing sessions over heterogeneous mobile networks is becoming an essential demand for the MUs during their movements.This process of switching between different RATs is referred to as VHO which is implemented via Initiation Phase(IP),Decision Phase(DP)and Execution Phase(EP)[1-8].There are three main types of information which should be considered for securing seamless VHO,as shown in Fig.1:a)network’s parameters such as latency and coverage area,b)MU’s preferences parameters such as cost of service and security and c)terminal’s parameters such as battery and velocity.The operators always strive to make a balance between MU’s preferences and optimum use of the network by making a seamless VHO as much as possible.This helps operators in attracting more number of subscribers and hence increasing their profit accordingly.However,the security as one of the most critical parameters from MU’s side must be considered carefully by the operators.Therefore,this paper thoroughly studies the recent security issues for hundreds VHO approaches found in the literature and proposes a secure procedure to enhance VHO security during execution phase.The rest of the paper is organized as follows:In Section 2,related works are presented.In Section 3,a design of the proposed procedure is presented.In Section 4,a numerical analysis is presented.In Section 5,performance evaluation and results discussion are presented.Finally,a conclusion is given in Section 6.

Figure 1:Main VHO parameters:networks,MUs and terminals

2 Related Works

In this section,174 previous works have been considered.In [9],132 VHO research works have been classified into two main categories:VHO security based category and VHO non-security based category.It has been concluded in[9]that the VHO non-security category presented a modest number of previous works(7%).In[10-21],many recent VHO research works have been proposed which also have not considered VHO security.In[22],22 security mechanisms proposed on securing the Mobile IPv6 handover have been surveyed [23-44].It has been concluded in [22]that it is still vulnerable to various malicious activities.In [45],a new proactive security algorithm for upcoming sensitive connection between heterogeneous mobile networks was proposed:Proactive Security for Upcoming Sensitive Connection (PSUSC).The PSUSC algorithm descendingly orders all available RATs in terms of security into two levels [2],as shown in Tab.1.When the VHO is triggered for a security session,the PSUSC’s priority is to secure the upcoming sensitive session and it therefore selects the best available secure RAT,taking into consideration that the sole VHO to 5G (L1) is dynamically taken place without MUs’confirmation.Otherwise,the MU could confirm proceeding VHO from available L2’s RATs.An analysis of the PSUSC algorithm for the decision phase has proved reducing potential attacks compared with previous works which rely on using less secure RAT.However,no performance evaluation or validation provided about the execution phase where attackers may lunch their malicious attacks due to using less secure RAT in sending sensitive date,as shown in Fig.2.Some security issues have been surveyed in[46]:fragmentation,header manipulation,smurf(broadcast amplification),host initialization and reconnaissance.Besides eavesdropping,DoS,spoofing,MITM,falsification and ransomware in[47-51]and[52],respectively.

Table 1:Security comparison of RATs[45]

Figure 2:The penetrated PSUSC algorithm[45]

3 Design of Proposed Procedure

In Section 2,hundreds VHO approaches have been surveyed.It has been noticed that only [45]has considered a proactive security for upcoming sensitive connection in decision phase.However,no performance evaluation or validation provided about the execution phase where attackers may lunch their malicious attacks due to using less secure RAT in sending sensitive date.Therefore,for VHO execution phase,this section proposes a secure procedure compared with non-proposed procedure[45]which relies on using less secure RAT.This is shown Fig.3,where the green arrows are referred to the proposed procedure and the orange arrows are referred to the non-proposed procedure.Once the VHO is triggered for a security session,instead of sending MU’s sensitive packets over old less secure RAT(steps:2,3,4:MU-Old RAT-Internet-Corresponding Node(CN)),while VHO is taking place(step:1:Old RAT-New RAT),the proposed procedure sends concurrent signals to inform both of VHO to start its phases(step:1a:Old RAT-New RAT)and MU to make use of the VHO period to start buffering MU’s sensitive packets(step:1b:MU).After that the MU starts to sending its sensitive packets over secure RAT to the CN(steps:2,3,4:MU-New RAT-Internet-CN).

Figure 3:The design of proposed procedure

4 Numerical Analysis

In this section,a numerical analysis for security and signaling cost is presented in order to evaluate the performance of the proposed procedure during the VHO execution phase compared with nonproposed procedure.This is shown in Fig.4.

Figure 4:The analysis of proposed procedure vs.non-proposed procedure

The signaling cost of each of two procedures is as follows:

a.None-proposed procedure

whereVSA_sc,SP,IP,DPandEPare referred to signaling cost of Vulnerable Session Attacks,

Sensitive Packet,Initiation Phase,Decision Phase and Execution Phase,respectively.

From(1),

wherePsis referred to Phases

From(2),

b.Proposed procedure

whereNVSA_SCis referred to signaling cost of None-Vulnerable Session Attacks.

From(4),

From(5),

The security of each of two procedures is as follows:

a.None-proposed procedure

whereVSA_secis referred to security of Vulnerable Session Attacks.Mis referred to Metric(5,4,3,2,1 to 5G,LTE,UMTS,(WiMAX,GSM)and WiFi,respectively).PSVHOis referred to Proactive Secure VHO and it is assumed to be 3(VHO phases).

b.Proposed procedure

whereNVSA_secis referred to security of None-Vulnerable Session Attacks.

5 Performance Evaluation and Results Discussion

In this section,the performance of security and signaling cost of the two procedures:proposed procedure and none-proposed procedure are evaluated where four VHO scenarios between RATs are considered:Wi-Fi to 5G,Wi-Fi to LTE,Wi-Fi to UMTS and Wi-Fi to WiMAX/GSM.

From Tab.2,it can be seen that the security is successfully improved by 20%compared with noneproposed procedure,as shown in Figs.5-8.This obviously due to early buffering sensitive packets.From Tab.3,it can be seen that the signaling cost is maintained as in non-proposed procedure,as shown in Fig.9.

Table 2:Parameters of VHO security

Figure 5:VHO from Wi-Fi to 5G

Figure 6:VHO from Wi-Fi to LTE

Figure 7:VHO from Wi-Fi to UMTS

Figure 8:VHO from Wi-Fi to WiMAX/GSM

Table 3:Parameters of VHO signaling cost

Figure 9:Signaling cost:proposed procedure vs.non-proposed procedure

6 Conclusion

In this paper,the recent security issues for hundreds VHO approaches have been surveyed thoroughly.It has been noticed that the VHO execution phase still encounters some security issues which are exploited by hackers in launching malicious attacks due to using less secure RAT in sending sensitive date.Therefore,the paper came up with a secure procedure to enhance VHO security during execution phase.A numerical analysis results of the proposed procedure were effectively evaluated against non-proposed procedure in terms of security and signaling cost.The results showed that the security was successfully improved by 20%whereas signaling cost was maintained as in non-proposed procedure.

Funding Statement:The author received no specific funding for this study.

Conflicts of Interest:The author declares that he has no conflicts of interest to report regarding the present study.