A Low-Cost Packet Originator Verification for Metering at Access-Routers

  • Bernd Lamparter
  • Dirk Westhoff
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2816)


To provide a mobile device wireless last hop access to packet switched networks, authentication is a necessary pre-requisite for most charging and billing solutions. A lot of work has already been done to establish an initial user and device authentication both within a single administrative domain and across several administrative domains. Unfortunately, initially authenticating the mobile device and even ensuring mutual authentication with the involved access-router does not prevent all types of fraud. Similar to the well-known IMSI-Catcher attack in GSM networks, a malicious mobile node in IP-based networks may spy on the IP-address of a node with access to the wired part of the network. Such an attack is of considerable advantage for a malicious node since it can send traffic free of charge, masquerading as the mobile node by spoofing its IP-address. In this paper, we evaluate different existing protocols to prevent such fraud and finally propose, by presuming an initial device authentication, a new low-cost packet originator verification for access-routers. Such an approach suits realtime-responsive traffic and is even extendable to support the metering of traffic per device over different access technologies.


Packet originator verification wireless last hop charging support unpredictable bits 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Rigney, C., Livingston, S.W., Merit, A.R., Daydreamer, W.S.: Remote Authentication Dial In User Service (RADIUS). IETF RFC 2865 (2000) Google Scholar
  2. 2.
    Calhoun, P.R., Arkko, J., Guttman, E., Zorn, G., Loughney, J.: Diameter Base Protocol. Internet Draft, IETF (Junuary 2002) (work in progress) Google Scholar
  3. 3.
    Glass, S., Hiller, T., Perkins, C.: Mobile IP AAA Requirements. IETF RFC 2977 (2000) Google Scholar
  4. 4.
    Braun, T., Ru, L., Stattenberger, G.: An AAA Architecture Extension for Providing Differentiated Services to Mobile IP Users. In: 6th IEEE Symposium on Computers and Communications (ISCC 2001), Hammamet, Tunesia (2001)Google Scholar
  5. 5.
    Samfat, D., Molva, R., Asokan, N.: Untracebility in Mobile Networks. In: Procedings of MOBICOM 1995, Berkeley, CA (1995)Google Scholar
  6. 6.
    Zheng, Y.: An Authentication and Security Protocol for Mobile Computing. In: IFIP World Conference on Mobile Communications (1996)Google Scholar
  7. 7.
    Looi, M.: Enhanced Authentication Services for Internet Systems using Mobile Networks. In: IEEE GLOBECOM 2001, San Antonio, Texas (2001)Google Scholar
  8. 8.
    ETSI TS 101 761-1: Broadband Radio Access Networks (BRAN), HIPERLAN Type 2, Data Link Control (DLC) Layer, Part 1: Basic Transport Functions Google Scholar
  9. 9.
    O’Hara, B., Petrick, A.: IEEE 802.11 Handbook A Designer’s Companion. Standards Information Press/IEEE Press (1999)Google Scholar
  10. 10.
    Borisov, N., Goldberg, I., Wagner, D.: Intercepting Mobile Communications: The Insecurity of 802.11. In: ACM MOBICOM 2001 (2001)Google Scholar
  11. 11.
    Kent, S., Atkinson, R.: Security architecture for the Internet Protocol. IETF RFC 2401 (1998) Google Scholar
  12. 12.
    Madson, C., Glenn, R.: The Use of HMAC-MD5-96 within ESP and AH. IETF RFC 2403 (November 1998) Google Scholar
  13. 13.
    Madson, C., Glenn, R.: The Use of HMAC-SHA-1-96 within ESP and AH. IETF RFC 2404 (November 1998) Google Scholar
  14. 14.
    Keromytis, A., Provos, N.: The Use of HMAC-RIPEMD-160-96 within ESP and AH. IETF RFC 2857 (Junuary 2000) Google Scholar
  15. 15.
    Elkeelany, O., Matalgah, M.M., Sheikh, K.P., Thaker, M., Chaudhry, G., Medhi, D., Qaddour, J.: Performance Analysis of IPSec Protocol: Encryption and Authentication. In: IEEE International Conference on Communications, IEEE ICC 2002, NY, USA (April 2002)Google Scholar
  16. 16.
    Degermark, M., Engan, M., Nordgren, B., Pink, S.: Low-loss TCP/IP Header Compression for Wireless Networks (1996) Google Scholar
  17. 17.
    Frier, A., Karlton, P., Kocher, P.: The SSL 3.0 Protocol. Netscape Communication Corporation (November 1996) Google Scholar
  18. 18.
    Allen, C., Dierks, T.: The TLS Protocol Version 1.0. Internet Draft, IETF (November 1997) (work in progress) Google Scholar
  19. 19.
    Menezes, A.J., Oorshot, P.C.v., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar
  20. 20.
    Goldreich, O.: Modern Cryptography, Probabilistic Proofs and Pseudorandomness, Algorithms and Combinatorics. In: Brunnstein, K., Händler, W., Haefner, K. (eds.) RGU 1974. LNCS, vol. 17, Springer, Heidelberg (1974)Google Scholar
  21. 21.
    Zorzi, M.: Packet dropping statistics of a data-link protocol for wireless local communication. In: ICUPC 1997, San Diego (1997)Google Scholar
  22. 22.
    SUN Micro Systems. The Java Media Framework Version 2.0 API (1999),
  23. 23.
    Aijaz, A.: Framework for device and traffic authentication of mobile subscriber nodes. Master Thesis, University of Stuttgart, Germany (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Bernd Lamparter
    • 1
  • Dirk Westhoff
    • 1
  1. 1.NEC Europe Ltd.HeidelbergGermany

Personalised recommendations