Enhancing cryptographic protection, authentication, and authorization in cellular networks: a comprehensive research study

ABSTRACT


INTRODUCTION
The rapid proliferation of smart devices and their widespread connectivity has had a profound impact on the delivery of mobile services worldwide.In this interconnected environment, ensuring the security of transmitted data primarily depends on the process of authentication.Authentication serves as a fundamental defense mechanism against unauthorized access to sensitive applications or devices, both offline and online as shown in Figure 1.Traditionally, transactions were authenticated through physical means, such as the use of wax seals [1]- [10].The left side represents a traditional physical method, symbolized by a wax seal stamp, to physically verify the authenticity and integrity of a transaction or document.On the right side, a digital authentication method is depicted, represented by a lock symbol and a fingerprint, symbolizing the use of digital technologies like biometric authentication or encryption keys to validate and secure access to digital systems or data [11], [12].
Sharing passwords can immediately jeopardize an account, and a variety of attacks, such as dictionary attacks, rainbow tables, or social engineering techniques, can be attempted by unauthorized users.Therefore, when employing this type of authentication, it is crucial to consider minimum password complexity requirements [13].Recognizing the limitations of single-factor authentication (SFA), obviously that two-factor authentication (2FA) emerged as a logical progression.2FA links representative data, such as username and password, with a personal possession factor like a smart card or phone [14].
Subsequently, multi-factor authentication (MFA) was to provide a quite high level of information security and enable permanent protection of computing devices (servers) and critical services against unauthorized access.MFA entails the use of more than two categories of credentials, often incorporating biometrics that automatically identify individuals on their biological and other behavioral features.This advancement in authentication methods bolsters security by requiring users to provide confirmation of their identity based on two and/or more different factors [5], [11], [14].Figure 2 illustrates the development of authentication methods.
Figure 2 showcases the progression of authentication methods over time, starting with SFA and evolving to 2FA, culminating in MFA utilizing biometric factors.Arrows depict the transition from one authentication method to another.In recent times, there has been notable progress in online applications as organizations strive to meet the evolving demands of customers.Online identity access management (IAM) plays a vital role in securely authenticating customers during daily financial transactions.Surveys have highlighted several types of client authentication protocols implemented for secure data transfer, which include SFA and MFA.These protocols employ diverse authentication factors, evaluated based on parameters such as i) collectability, ii) universality, iii) uniqueness, iv) usability, and v) performance.To enhance security and avoid the use of sensitive biometric information, a framework has been proposed to identify important missing factors and enable efficient authentication using built-in sensors, like those found in vehicles [6], [12], [15].Current biometric approaches, such as face recognition and fingerprint recognition utilized in smart devices, aim to enhance usability compared to traditional authentication methods.However, the drawback of physiological biometrics lies in the static nature of these characteristics, rendering them susceptible to replication by adversaries [7], [11], [16].Authentication of user can occur on the device as well as on serverside.Authentication of device-side occurs fully on the self-device, while service/cloud-side authentication requires users to provide authentication credentials to their server, which in turn verifies the user's identity and grants access to the service upon successful authentication.The availability of high-performance computing and servers' resources and on-demand cloud services enables users and organizations to use cloud-based data processing, storage, and easy access to various services, including convenient data backup [17].
However, this article examines a potential concern with session-oriented approaches.The issue arises when a user leaves their computer or device unattended, allowing malicious users to gain unauthorized access to the device or any other services in which the user is logged into.This problem can be significantly mitigated by implementing standard security mechanisms that continually re-authenticate authenticate the user during a session.Authentication of the user methods can be categorized as active or passive.Active authentication requires constant attention user attention or other action, such as PIN-code, entering a password, as well as utilizing a fingerprint scanner.On the other hand, we understand that passive authentication is a transparent and seamless type of authentication that operates in the background but without user notification or attention [9], [13], [18].To effectively address information threats, it is crucial to ensure reliable data encryption, alongside the implementation of an efficient system to detect and prevent such threats.This article will explore the concept of robust data encryption and its significance in maintaining strong information security.

RESEARCH METHOD
To address these issues, the following research questions were investigated in this study.As cellular vehicle-to-everything (C-V2X) technology gains popularity and widespread usage, vehicles are becoming mobile devices facing various network security challenges.The integration of communication, transportation, and automotive technologies in C-V2X exposes vulnerabilities such as forgery or eavesdropping, as well as spoofing and denial of service attacks (DoS attack).Addressing all these security challenges requires the widespread adoption and scale commercial application of technology of C-V2X.Therefore, the development of C-V2X security technology needs to be synchronized with its communication technology [10], [14], [19].
Previous schemes and systems internet of things (IoT) and fog environments prioritize authentication and use blockchain technology to enhance information security and also for decentralization.However, many of these schemes and systems rely on the Ethereum blockchain, while others depend on centralized databases, causing certain limitations.This article proposes a decentralized authentication system of fog and IoT, which based on technology of Neo blockchain as an improvement over existing systems, aiming to overcome the limitations associated with Ethereum-based decentralized authentication systems.Table 1 provides a concise overview of common cyberattack scenarios in an IoT system.
Cyberattack scenarios can target the original encryption key and the session key used for authentication and data transfer [20]- [25].A Merkle tree structure organizes data by hashing transactions and recursively generating hash values until a final Merkle root digest, representing all transactions, is obtained.The Merkle root is added to the block header, creating a block hash that serves as the block's identifier.In this study, node information and network data were stored in blocks, with each block accommodating 100 data units.New blocks are created once sufficient data is collected.

RESULTS AND DISCUSSION
In this section, the results of the research are explained and comprehensively discussed.Results are presented in figures, graphs, tables and other forms that the reader may easily understand.In this study, an examination of various authentication and authorization methods in cellular communication networks was conducted.One of the proposed approaches is a simplified PUF that is based scheme of mutual authentication for wireless telecommunication networks, which ensures provable security.The scheme consists of several steps, including i) registration by user, ii) registration of sensor node, iii) key agreement, iv) mutual authentication, and v) password change.During the key agreement and mutual authentication phase, the worker initiates a message of authentication to the gateway, establishing a session key between the worker, sensor node, and gateway.This enables the worker to receive patient information from the sensor node.
With the worldwide transition from 4G to 5G mobile networks, leveraging advancements in wireless and networking technologies, improvements are expected.5G offers quite data transfer rates, increased bandwidth, and low latency, enabling a large number of IoT devices to be connected.The selection of authentication and privacy schemes for 4G and 5G networks was based on a literature search using relevant keywords and assessment criteria.These schemes aim to address the unique security challenges found within 5G networks.
The proposed blockchain-based differentiated authentication mechanism (BDAM) enhances authentication processes in heterogeneous 6G networks.It builds upon the differentiated authentication framework based on blockchain.The mechanism utilizes blockchain technology to differentiate authentication methods.Figure 3 provides a simplified illustration of the mechanism, excluding the encryption and also illustration decryption of messages between user equipment (UE) and authentication authority (AA) for clarity.The authentication and authorization phase in our system involves the interaction between mobile users (Ui) and service providers (Sj).After registering on randomly selected service provider, mobile users can access hierarchical cloud services provided by the service providers.Service providers, acting as semitrusted entities, verify the identity, privileges, and service duration of the mobile users before granting them access to the hierarchical cloud services.
During this stage, mutual authentication occurs between the user of mobile (Ui) and the service provider (Sj).Additionally, the service provider consults the service subscription list (L) to determine the appropriate service level (LevSj) that the user can access during the service's duration (DaySj) [21], [25].Remix Solidity is a widely used development environment for smart contract development, known for its user-friendly interface and simplicity [11], [25].The smart contract also includes functions that display transaction options for different levels of identification.Figure 5 illustrates a code snippet representing a function that presents transaction types with varying levels of protection.
To initiate the local test blockchain, the ganache command-line interface (Ganache-CLI) tool is utilized.It generates ten test accounts on the local test blockchain.Launching the Ganache-CLI tool from the bash console allows for an intermediate check of the smart contract's functionality.The tool is invoked by executing the command "ganache-cli" in the "node.js"console, which then displays the ten test accounts.The test network can be accessed at localhost:8545.
Once the test blockchain network is established, the smart contract is compiled in the Remix integrated development environment, using the ".sol" extension.In the "Run" tab of the development environment, the "Environment" field is configured to utilize the web3 provider address created with ganache-cli, which is http://localhost:8545.The available test accounts are displayed in the "Account" field of the development environment, as illustrated in Figure 6.Following the aforementioned steps, the subsequent task is to deploy the smart contract by clicking on the "Deploy" button in the Remix integrated development environment and test its functionality.During this process, relevant information about the survey being created is provided in the constructor.The four authentication methods mentioned above align with the depicted authentication process in Figure 7.   7 demonstrates that each authentication device (AD) can only respond to user authentication requests (UARs) if the corresponding authentication methods are deployed.In the case of 2FA, it utilizes image-based authentication, where the user's key facial points are scanned and recognized.However, this method is resource-intensive and heavily reliant on factors such as image quality and lighting.Processing time is not significant when dealing with individual images, but it becomes a challenge when working with videos due to processing delays.The complexity of authentication increases exponentially with the number of simultaneous transactions.Despite its advantages, this method remains susceptible to several attacks such as eavesdropping, "man in the middle" attacks, replay, service denial and denial attacks.On the other hand, full-spectrum authentication (FSA) is a widely used authentication method with high processing speed and stability.It exhibits consistent performance with a nearly linear dependence even with more than ten simultaneous transactions.However, this method is vulnerable to common types of attacks, including eavesdropping, man-in-the-middle attacks, DoS attacks, replay, denial attacks, and others.
In contrast, the blockchain-based differentiated authentication mechanism overcomes these vulnerabilities.However, as the number of concurrent transactions exceeds 15, processing time undergoes an exponential increase.This is primarily due to the significant growth in user logs and the necessity to update all entries in real-time.Based on this assessment, it can be concluded that BDAM allows for flexible and dynamic deployment of authentication methods, facilitating unified management while also offering high scalability.However, this method requires algorithm and hardware modifications to accelerate record processing.

CONCLUSION
This article delves into the exploration of novel methods of cryptographic protection and advancements in authentication and authorization techniques in cellular communication networks, with a specific focus on high-speed data encryption.To comprehensively address the research topic and tackle the underlying problem, a thorough review of various solutions has been conducted.This includes an analysis of MFA approaches, challenges, requirements and attacks, as well as improved performance methods for fog computing and mutual authentication of IoT devices using physical non -cloneable functions and hashing.
The importance of digital security cannot be overstated, and MFA plays a crucial role in safeguarding sensitive data.By employing multiple authentication methods, we introduce an additional layer of protection, and that is making it significantly more challenging for unauthorized users to gain access.Understanding the significance of MFA and the various authentication factors is essential for making informed decisions when securing digital assets."Open Authentication"-compliant solutions have become the industry standard for MFA, and organizations should consider implementing such solutions to ensure secure authentication.
Blockchain-based methods for distributed mobile cloud computing have been identified as particularly suitable for authentication and authorization schemes.This work includes the programmatic modeling of an authentication protocol or wireless sensor networks based on blockchain and the testing of an authentication and authorization scheme for hierarchical cellular network services based on blockchain.The proposed scheme enables "single user" sign-on without the need for a trusted other party, reducing the associated overhead of establishing a secure cell session.It also allows for the loading of all relationships of authorization between a user of mobile and other users, including devices of IoT, with just one transaction, providing flexibility and avoiding multiple updates.Additionally, it prevents the reusing expired privileges in previous transactions, mitigating double spending attacks.Transactions are stored in plaintext as a transparent blockchain, and user's registration information is publicly accessible.Therefore, the scheme which is proposed is designed for permissioned blockchains and cannot be applied directly to private blockchains.Future work will focus on modeling and hardware implementation on field programmable gate array (FPGA) for decentralized authorization while maintaining access privileges in ciphertext, which will significantly enhance transaction speed.The research presented in this article contributes to addressing the challenges of enhancing information security in data transmission, particularly in cellular communication networks.

Figure 1 .
Figure 1.Conceptual examples of authentication

Figure 2 .
Figure 2. Evolution of authentication methods

Figure 5 .Figure 6 .
Figure 5. Transaction type display function with varied levels of protection

Figure 7 .
Figure 7.The number of authenticated transactions in BDAM and without BDAM in the range of 0-100 s

Figure
Figure7demonstrates that each authentication device (AD) can only respond to user authentication requests (UARs) if the corresponding authentication methods are deployed.In the case of 2FA, it utilizes image-based authentication, where the user's key facial points are scanned and recognized.However, this method is resource-intensive and heavily reliant on factors such as image quality and lighting.Processing time is not significant when dealing with individual images, but it becomes a challenge when working with videos due to processing delays.The complexity of authentication increases exponentially with the number of simultaneous transactions.Despite its advantages, this method remains susceptible to several attacks such as eavesdropping, "man in the middle" attacks, replay, service denial and denial attacks.

Table 1 .
Description of cyberattack scenarios VI Listening attack: covertly searching for confidential data in communication networks with insecure canal net.VII Spoofing/Spoofing Attacks: Masquerading as a trusted node within an IoT system VIII "Side channel" attack: Exploiting physical access to the PUF, with potential types including invasive, semi-invasive and noninvasive attacks.These attacks analyze factors like power consumption to recover the PUF's secret key.They can be active or passive depending on the attacker's manipulation or data collection approach. ISSN: 2088-8708 Int J Elec & Comp Eng, Vol.14, No. 1, February 2024: 479-487 482