@ARTICLE{8844829,
  author={M. A. {Azad} and S. {Bag} and C. {Perera} and M. {Barhamgi} and F. {Hao}},
  journal={IEEE Transactions on Industrial Informatics}, 
  title={Authentic Caller: Self-Enforcing Authentication in a Next-Generation Network}, 
  year={2020},
  volume={16},
  number={5},
  pages={3606-3615},
  abstract={The Internet of Things (IoT) or the cyber-physical system (CPS) is the network of connected devices, things, and people that collect and exchange information using the emerging telecommunication networks (4G, 5G IP-based LTE). These emerging telecommunication networks can also be used to transfer critical information between the source and destination, informing the control system about the outage in the electrical grid, or providing information about the emergency at the national express highway. This sensitive information requires authorization and authentication of source and destination involved in the communication. To protect the network from unauthorized access and to provide authentication, the telecommunication operators have to adopt the mechanism for seamless verification and authorization of parties involved in the communication. Currently, the next-generation telecommunication networks use a digest-based authentication mechanism, where the call-processing engine of the telecommunication operator initiates the challenge to the request-initiating client or caller, which is being solved by the client to prove his credentials. However, the digest-based authentication mechanisms are vulnerable to many forms of known attacks, e.g., the man-in-the-middle (MITM) attack and the password guessing attack. Furthermore, the digest-based systems require extensive processing overheads. Several public-key infrastructure (PKI)-based and identity-based schemes have been proposed for the authentication and key agreements. However, these schemes generally require a smart card to hold long-term private keys and authentication credentials. In this article, we propose a novel self-enforcing authentication protocol for the session-initiation-protocol-based next-generation network, based on a low-entropy shared password without relying on any PKI or the trusted third party system. The proposed system shows effective resistance against various attacks, e.g., MITM, replay attack, password guessing attack, etc. We analyze the security properties of the proposed scheme in comparison to the state of the art.},
  keywords={5G mobile communication;authorisation;computer network security;cryptographic protocols;entropy;Long Term Evolution;message authentication;next generation networks;public key cryptography;signalling protocols;smart cards;authentic caller;next-generation network;cyber-physical system;emerging telecommunication networks;5G IP-based LTE;critical information;control system;national express highway;sensitive information;telecommunication operator;seamless verification;next-generation telecommunication networks;digest-based authentication mechanism;request-initiating client;man-in-the-middle attack;password guessing attack;digest-based systems;public-key infrastructure-based;identity-based schemes;self-enforcing authentication protocol;session-initiation-protocol-based;trusted third party system;Authentication;Password;Servers;Protocols;Next generation networking;Informatics;Authorization;identity spoofing;password-based authentication;session-initiation-protocol (SIP) authentication;self-enforcing authentication},
  doi={10.1109/TII.2019.2941724},
  ISSN={1941-0050},
  month={May},}