SUPI-Rear: Privacy-Preserving Subscription Permanent Identification Strategy in 5G-AKA
Sowjanya K., Pal P., Verma A., Das B., Saha D., Baswade A.M., Lall B.
Conference paper, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2025, DOI Link
View abstract ⏷
Security and privacy concerns are crucial for the success of any new technology. With the global rollout of 5G networks, new use cases are continually emerging. The 3GPP consortium mentioned the authentication and key agreement protocol for the 5th generation (5G) mobile communication system (i.e., 5G-AKA) in the technical specification (TS) 33.501. It introduces public key encryption to conceal the so-called Subscription Permanent Identifier (SUPI) to enhance mobile users’ privacy. However, the user’s permanent identity i.e., SUPI is available in cleartext to the Serving Network (SN) after the successful primary authentication. SUPI availability is required for the operational and regulatory perspective of SUPI usage. In 5G-AKA, the SUPI is available in cleartext to the Serving Network (SN). Since the SNs are considered semi-trusted because the long-term secret key and the sequence numbers are not revealed with SNs, only SUPI is provided in cleartext for proper billing. Hence, SUPI availability in cleartext under a zero-trust, multi-tenant-based 5G network compromises the user’s privacy. This work provides a way to enhance privacy and security during communication between the Home Network (HN) and the SN without compromising the original SUPI. Furthermore, the proposed solutions (termed collectively as SUPI-Rear) are also applicable to various use cases where SUPI privacy is required, like Public Land Mobile Network (PLMN) hosting Non-Public Network (NPN) scenario. Moreover, it abides by the lawful requirements and 5G AKA authentication procedure.
Standardization aspects of Authentication Relay Attack using False Base Station
Sowjanya K., Jana S., Kumar V., Saha D., Lall B.
Conference paper, International Conference on Communication Systems and Networks, COMSNETS, 2025, DOI Link
View abstract ⏷
False Base Stations (FBSs) are nowadays proven to be a serious threat to location privacy. Apart from the location privacy threats, FBS causes several threats like Manin-the-Middle (MitM) attacks, eavesdropping, identity tracking, phishing attacks, etc. FBS-based two threats are presented in the 3GPP TR 33.809, namely, Authentication Relay Attack (ARA) and MitM attack. The corresponding solution mentioned for the ARA (which occurs because the user is connected with FBS) in TR 33.809 uses the real location of the user causing the location privacy issue. i.e., the user has to share its GPS location with the legitimate base station, even though it was not connected with the legitimate base station. In this regard, this work proposed an Elliptic Curve Cryptography (ECC) based proximity testing protocol termed as ECC based Private Equality Testing (EPET) to preserve the location privacy of the user under FBS.
Zero-Trust Security in 5G and Beyond Networks: An Overview
Conference paper, International Conference on Communication Systems and Networks, COMSNETS, 2025, DOI Link
View abstract ⏷
The evolution of 5G and anticipated 6G networks presents new opportunities for connectivity, performance, and services, but it also introduces substantial security risks due to increased complexity and attack surfaces. Traditional perimeter-based security models fall short in these environments, prompting a shift towards Zero Trust Architecture (ZTA), which enforces principles of strict identity verification, least-privilege access, and continuous monitoring. As ZTA gains traction, standardization bodies such as NIST, 3GPP, and ETSI are developing guidelines to incorporate Zero Trust principles into 5G and 6G infrastructures. This paper explores how these standardization efforts, alongside core ZTA principles, provide a resilient and adaptable security framework for 5G and future 6G networks. Furthermore, the paper highlights the challenges of implementing Zero Trust in 5G and 6G networks and suggests future directions for overcoming these obstacles.
Preventing Cross Network Slice Disruptions in a Zero-Trust and Multi-Tenant Future 5G Networks
Vittal S., Dixit U., Sovitkar S.P., Sowjanya K., Antony Franklin A.
Conference paper, 2023 IEEE 9th International Conference on Network Softwarization: Boosting Future Networks through Advanced Softwarization, NetSoft 2023 - Proceedings, 2023, DOI Link
View abstract ⏷
As network slicing is the chief enabler for future Beyond 5G(B5G) and 6G networks, multiple tenants interoperate cost-effectively to provide a variety of slice services on a common physical infrastructure. However, this opens the doors to cross-slice disruptions with Man-in-The-Middle (MITM) attack which ultimately disrupts the slice services in the data plane. In this paper, we address such possible cross-network slice disruptions in a zero-Trust and multi-Tenant based 5G network by proposing different design techniques namely, secure communication and Artificial Intelligence (AI)-based anomaly detection to prevent them. Our experiments on a 5G testbed prototype show that in the secure communication method, Attribute-Based Encryption (ABE) provides higher security benefits in confidentiality and implicit authorization. However, symmetric encryption and integrity protection prevent cross-slice disruptions with less communication overhead, but with a weaker security level. On the other hand, with online learning and noise tolerance capabilities, AI-based Hierarchical Temporal Memory (HTM) can proactively detect the occurrences of the identified cross-slice disruptions.
TLBO-based Resource Allocation scheme in 5G H-CRAN
Sowjanya K., Porwal A., Pandey S., Mishra P.K.
Conference paper, 2022 14th International Conference on COMmunication Systems and NETworkS, COMSNETS 2022, 2022, DOI Link
View abstract ⏷
In the direction of resource allocation in 5G and beyond networks, Device-to-Device (D2D) communication is proven to be a promising technology and improves the system throughput. At the same time, the reuse of cellular user's resource block by multiple D2D users introduces interference, which ultimately degrades the system's throughput. Hence, in this paper, we have proposed an efficient resource allocation scheme using Teacher Learner Based Optimization (TLBO) in the context of Heterogeneous Cloud Radio Access Networks (HCRAN) so that the system performance is improved. At first, the cellular user's resource block is assigned to the D2D users based on the calculated data rate at the corresponding cellular user. Consequently, TLBO is applied to this assignment matrix to obtain the optimum assignment/allocation of the cellular user's resource blocks to D2D users. The simulation results demonstrate the efficiency of the proposed scheme compared to the existing related schemes.
Elliptic Curve Cryptography based authentication scheme for Internet of Medical Things
Article, Journal of Information Security and Applications, 2021, DOI Link
View abstract ⏷
With the notion of the Internet of Things (IoT), the concept of Internet of Medical Things (IoMT) emerges to improve the healthcare quality. The patients’ medical data collected and transmitted in IoMT is very sensitive in nature. Thus, there is a requirement of lightweight end-to-end mutual authentication protocol to ensure the secure communication between the patient and medical service provider. Recently, He et al proposed an anonymous authentication protocol for Wireless Body Area Networks. However, through security analysis we have identified some security weaknesses in their protocol. In this paper, we have designed an improved lightweight Elliptic Curve Cryptography based anonymous authentication protocol for IoMT, which has lightweight as compared to the He et al.’s protocol and also removes the security weaknesses of He et al.’s protocol. Further, the security evaluation (formal and informal) proves the security strength of the proposed protocol. Also, the comparative analysis with existing protocols demonstrates that the proposed authentication scheme is more robust and appropriate for IoMT applications.
Provably secure lightweight key policy attribute-based encryption for internet of things
Book chapter, Cloud Security: Concepts, Applications and Perspectives, 2021,
A lightweight key management scheme for key-escrow-free ECC-based CP-ABE for IoT healthcare systems
Article, Journal of Systems Architecture, 2021, DOI Link
View abstract ⏷
The rapid increase in the implementation of Internet of Things (IoT) solutions in diverse healthcare sectors raises the IoT in the healthcare market. The real-time health monitoring to manage the chronic diseases is likely to drive the demand of IoT in healthcare. Moreover, the enhancement in communication technologies like real-time data transmission has improved the patients’ confidence in managing the chronic disease and medication dosage. Although IoT in healthcare makes a positive impact on patients and healthcare providers, however, it gets the challenges like data security and privacy. One means of sustaining security in IoT based healthcare system is through key management and at the same time an effective security mechanism for outsourced data to obtain fine-grained access control is the Ciphertext Policy-Attribute Based Encryption (CP-ABE). However, the overhead of complex decryption operations and key-escrow problem of CP-ABE hinders its applicability in IoT. Hence, in this work, we design a lightweight key management mechanism for the CP-ABE scheme using Elliptic Curve Cryptography (ECC). The novelty in this scheme is that irrespective of the secret key generation by the semi-trusted authority (honest, but curious to know the secret information), it is not capable to decrypt any message using these keys until and unless it has an additional private key of the receiver. For a constraint environment like IoT, the applicability of CP-ABE has two major issues: complex decryption operations and key-escrow problem. Hence, in this paper, a lightweight CP-ABE scheme for IoT based health care system using ECC has been designed. The proposed key management mechanism in the CP-ABE scheme is key-escrow free as well as significantly reduces the decryption overhead of the data receiver. The performance analysis shows that the proposed scheme is more effective as compared to the existing competing schemes.
Survey of symmetric and asymmetric key management schemes in the context of IoT based healthcare system
Conference paper, 2020 1st International Conference on Power, Control and Computing Technologies, ICPC2T 2020, 2020, DOI Link
View abstract ⏷
Internet of Things (IoT) based real-time health monitoring system gains the attention of the researchers as well as the business sectors. This service turns out to be a blessing to the patients as well as the health care professionals. However, without data security, the practical implementation of this vital healthcare service is not feasible. The sensitive nature of the patient's healthcare data is very crucial and the compromise of such data may compromise one's life. Therefore, in any IoT based healthcare system, data security is the vital issue. In this direction of IoT based healthcare system, this paper presents a survey of symmetric and asymmetric key management schemes. Considering the cryptographic key (symmetric or asymmetric), we have discussed the relevant studies within a time period of 6 years. A comparison of these schemes is presented with respect to the security features and simultaneously described the pros and cons of the respected schemes.
An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems
Article, International Journal of Information Security, 2020, DOI Link
View abstract ⏷
The innovations in the field of wearable medical devices, wireless communication and low cost cloud computing aid the wireless body area network (WBAN) to become a prominent component of future healthcare systems. WBAN consists of medical sensors, which continuously monitor the patients’ vital signs and transfers this data to the remote medical server via the cloud. The continuous monitoring of the patients’ health data improves the quality of the medical service and also provides the source for future medical diagnosis. The medical information collected from WBAN is generally transmitted through wireless channel and therefore vulnerable to various information attacks. In this context, medical data security and privacy are key issues; hence there is a requirement of lightweight end-to-end authentication protocol to ensure secure communication. Recently, Li et al. presented a lightweight end-to-end authentication protocol for WBAN based on elliptic curve cryptography (ECC). However, through cryptanalysis, some security loopholes are found in this protocol. In this paper, an enhanced lightweight ECC based end-to-end authentication protocol is proposed to overcome the security vulnerabilities of Li et al.’s scheme. Further, the formal security analysis of the proposed scheme is done using BAN logic and AVISPA tool. The comparative analysis shows that the proposed scheme not only removes the security loopholes of Li et al.’s scheme but also reduces the overall complexity.
An Efficient Elliptic Curve Cryptography-Based without Pairing KPABE for Internet of Things
Sowjanya K., Dasgupta M., Ray S., Obaidat M.S.
Article, IEEE Systems Journal, 2020, DOI Link
View abstract ⏷
The increasing deployment of Internet of Things in diversified fields provides groundwork for smart living. However, at the same time, it brings challenges like security and privacy. Among the numerous proposed security schemes, attribute-based encryption (ABE) is considered as one of the most promising security and privacy preserving scheme in distributed environment (or cloud environment). Many variants of the ABE exist, but most of them employ the expensive bilinear pairing operations. In this article, we have proposed a lightweight elliptic-curve-cryptography-based key-policy ABE without bilinear pairing and having a feature of key refresh/update mechanism. Also, the key distribution is done by the authority, which incorporates direct attribute/user revocation. The scheme is secured under elliptic curve decisional Diffie-Hellman assumption. The performance analysis demonstrates that the proposed scheme is efficient as compared to the existing ABE schemes.
A ciphertext-policy Attribute based encryption scheme for wireless body area networks based on ECC
Article, Journal of Information Security and Applications, 2020, DOI Link
View abstract ⏷
The Internet of Things (IoT) based healthcare system is one of the prominent approaches to overcome the issue of the increasing burden of healthcare costs in India. Wireless Body Area Networks (WBANs) are the key enabler in this scenario. It provides continuous monitoring of the patient's health condition remotely, by making the real-time health data of the patient available to healthcare professionals through cloud/public channel. On the other side, the practical implementation of this service is not possible if the issue of data security is not considered. Thus, in this paper, we have proposed a secure framework for WBAN using Elliptic Curve Cryptography based Ciphertext-Policy Attribute Based Encryption (CPABE) without bilinear pairing operations. The proposed CPABE is secured under Elliptic Curve Decisional Diffie-Hellman assumption and also has a feature of user/attribute revocation. We have evaluated the lightweight feature of the proposed CPABE by comparing it with other existing ABE schemes for WBAN. The result shows that our scheme outperforms the existing schemes for WBAN in terms of keys-ciphertext size and computation overhead.
Secure Framework for Ambient Assisted Living System
Conference paper, Communications in Computer and Information Science, 2019, DOI Link
View abstract ⏷
The development in the field of miniature sensors and wireless communication enables the successful deployment of Internet of Things (IoT) in the healthcare sector. The healthcare data generated by the medical sensors is very sensitive and enough to qualify as an instance of big data. In this paper, a secure framework is designed to assist the diabetic patients. The sensors’ data of each patient is used to generate context aware correlation rules by using map-reduce apriori algorithm. From these rules another labeled dataset is created to build a classifier for predicting the present state of the patient. After the successful deployment of this classifier on the service provider side, secure communication has been provided between the patient and the service provider using Key-Policy Attribute Based Encryption. Hence, providing an IoT based secure ambient assisted living system for diabetic patient may be helpful to the healthcare sector.
Big Data based Enhanced Ambient Assisted Living System Framework
Conference paper, 2019 10th International Conference on Computing, Communication and Networking Technologies, ICCCNT 2019, 2019, DOI Link
View abstract ⏷
The current developments in the fields of networking and sensor technology enable more and more number of devices of the real world to be an integral part of Internet of Things (IoT). This leads to the generation of huge volumes of data on the scale sufficient enough to qualify as an instance of big data. This big data includes various types of hidden information that are useful for different kinds of services and applications. In this paper, an enhanced big data based framework for Ambient Assisted Living (AAL) system is presented. Where the prediction accuracy of the existing state-of-art work is enhanced by using map-reduce genetic algorithm. The results show that the proposed framework is more accurate when compared with the existing works.
Secure Ambient Assisted Living System using Elliptic Curve Cryptography based CPABE
Conference paper, 2019 10th International Conference on Computing, Communication and Networking Technologies, ICCCNT 2019, 2019, DOI Link
View abstract ⏷
Ambient Assisted Living (AAL) system plays a vital role in the field of Internet of Things (IoT) based healthcare. AAL provides continuous monitoring of the patient and consequently increases the quality of the medical service. One of the major issues in AAL service is the security. In this paper, we have proposed an efficient Elliptic Curve Cryptography (ECC) based Ciphertext-Policy Attribute Based Encryption (CPABE) for the well accepted existing framework of AAL. The proposed CPABE is secured under Elliptic Curve Decisional Diffie-Hellman (ECDDH) assumption. We have evaluated the performance of the proposed CPABE with the existing schemes and result shows that the proposed scheme is more efficient in terms of computation overhead.
MobDBTest: A machine learning based system for predicting diabetes risk using mobile devices
Sowjanya K., Singhal A., Choudhary C.
Conference paper, Souvenir of the 2015 IEEE International Advance Computing Conference, IACC 2015, 2015, DOI Link
View abstract ⏷
Diabetes mellitus (DM) is reaching possibly epidemic proportions in India. The degree of disease and destruction due to diabetes and its potential complications are enormous, and originated a significant health care burden on both households and society. The concerning factor is that diabetes is now being proven to be linked with a number of complications and to be occurring at a comparatively younger age in the country. In India, the migration of people from rural to urban areas and corresponding modification in lifestyle are all moving the degree of diabetes. Deficiency of knowledge about diabetes causes untimely death among the population at large. Therefore, acquiring a proficiency that should spread awareness about diabetes may affect the people in India. In this work, a mobile/android application based solution to overcome the deficiency of awareness about diabetes has been shown. The application uses novel machine learning techniques to predict diabetes levels for the users. At the same time, the system also provides knowledge about diabetes and some suggestions on the disease. A comparative analysis of four machine learning (ML) algorithms were performed. The Decision Tree (DT) classifier outperforms amongst the 4 ML algorithms. Hence, DT classifier is used to design the machinery for the mobile application for diabetes prediction using real world dataset collected from a reputed hospital in the Chhattisgarh state of India.
