Peer-assisted location authentication and access control for wireless networks

This paper presents the development and implementation of a location-based, lightweight peer-assisted authentication scheme for use in wireless networks. The notion of peer-assisted authentication is based upon some target user equipment-(UE) seeking authentication and access to a network based upon its physical location. The target UE seeks authentication through the UE of peers in the same network. Compared with previous work, the approach in this paper does not rely on any cryptographic proofs from a central authentication infrastructure, thus avoiding complex infrastructure management. However, the peer-assisted authentication consumes network channel resources which will impact on network performance. In this paper, we also present an access control algorithm for balancing the location authentication, network quality of service (QoS), network capacity and time delay. The results demonstrate that peer-assisted authentication considering location authentication and system QoS through dynamic access control strategies can be effectively and efficiently implemented in a number of use cases.


Contribution and organization
Our proposed approach overcomes previous limitations by authenticating the location of what we term target UEs, through the use of peer UE within the coverage area of the relevant AP. Our key contributions include: (1) A lightweight, noncryptographic method of using cooperating users to verify an entrusted user's location. (2) An access control method that balances the strength of authentication and network QoS. This is needed since a network with a high volume of UEs, will have network resources that are tightly constrained. However, it must be noted that the peer UEs occupy the communication channel while they are authenticating the target UE's location. The remainder of this paper is organized as follows. The system model is presented in Section 2, and the authentication probability success based on the peer-assisted authentication is considered in Section 3 . In Section 4, the network QoS (eg, network capacity and time delay) is analyzed and a related access control method is introduced. The numerical results of the success authentication probability are analyzed in Section 5 before Section 6 presents the results and ongoing challenges.

SYSTEM MODEL
The system considered in this paper is a heterogeneous wireless Internet of Things (IoT) network. It contains a range of mobile IoT (MIoT) technologies standardized by the third Generation Partnership Project (3GPP). 9 As shown in Figure 1, IoT UEs (from x 1 to x i ) access the IoT services through the IoT AP y i . When a new user x z wants to join the network, a peer-assisted location authentication scheme is employed. The scheme uses the existing UEs within the network to assist authenticating the target UE for LBS. It does not use a transitional mutual authentication with UEs through the evolved packet system Authentication and Key Agreement protocol. 10 For the analysis, the assumptions in this paper are as follows: (1) The UEs within the existing cellular network are secured and authenticated; (2) The probability of UEs (x i ) willing to assist the new UEs is modeled as a probability P valued by a Normal distribution; iii) The traffic model is assumed to be a full buffer and the relaying protocol used is a time division duplex (TDD) network. The authentication success probability is defined as at least one UE being willing to assist.

Peer assistance authentication
As shown in Figure 1, when UE x z requests a LBS and UE x i is used for peer-assisted location authentication of UE x z . The operation details are:

1.
The UE x z sends an internet accesses request to IoT network AP. This includes the service type and QoS requirement (network capacity and time delay); 2. AP returns the authentication information identity frame D, which is a data frame containing the channel state information (CSI). Once x z received frame D, it executes the authentication scheme; 3. The UE x z broadcasts an assistance signal to other UEs. If x i is within the transmission range of x z , and is willing to help then it replies with an acknowledgment; 4. x z updates and sends the authentication information package D to the UE x i ; 5. x i updates and relays the data D to the AP for verification. 6. When the AP receives the data frame D, it compares the CSI of authentication participators for verifying the location of x z .

SUCCESSFUL AUTHENTICATION PROBABILITY
We assume the probabilities P i are independent and identically distributed. So the successful authentication probability is where N is the total number of assisting UEs.

IoT UE distribution
A doubly Poisson cluster process is used for generating the UE distribution. The UEs are uniformly scattered on the circle centered at each AP. The APs y j are deployed using Poisson point processes (PPP) Φ AP = {y 1 , y 2 , …, y j , …} with constant density Λ AP . The UEs are deployed from another PPP For any subset of a Euclidean space ℬ, N(ℬ) is the number of points in the set ℬ, the number N(ℬ) has a Poisson distribution with the density Λ UE of a space set of ℬ. Therefore the probability of k random Poisson points in the set ℬ is 11 : where ∫ ℬ Λ(x)dx = AΛ UE , and A is the area of the space ℬ. So the probability of the number of random points in the two-dimensional set ℬ is,

The number of assisting UEs
In order to characterize the performance of successful authentication probability, it is necessary to determine the number of UEs participating in the peer-assisted authentication. This number depends on the UE density and maximum transmission range of UEs. As shown in Figure 1, each UE is capable of transmitting a signal of up to a distance of R. For the requirement of the data communication, the required minimum signal-noise-ratio (SNR) is . The maximum transmission distance is defined such that the SNR of the receiver is bigger than the SNR threshold .
where H is the channel fading gain, P UE is the transmission power of UEs, UE is the frequency-dependent pathloss constant, is the pathloss distance exponent, r is the distance between the transmitter and receiver UEs and 2 is the additive white Gaussian noise. Without considering the multichannel gain, the maximum transmission distance is: The probability of the number of random points is shown in Equation (2), by applying Equation (4) the expectation of assisting UEs within the maximum transmission range R is given by: Applying Equation (5), the successful authentication probability is: where ⌈E(N)⌉ is rounded up.

NETWORK PERFORMANCE AND ACCESS CONTROL
Quality of Service (QoS) is a particularly important parameter for network performance. This is because network resources such as frequency bandwidth and available time slots are limited. In this section, the network capacity and time delay under the assisted authentication scheme are addressed. During the peer-assisted authentication process, UEs are broadcasting both request signals and Acknowledgments (ACKs). Thus they would consume channel resources such as frequency bandwidth for the frequency division duplex (FDD) channel or available time slots for the TDD channel. Network performance is highly dependent on the channel resources available. We propose an access control protocol for managing LBS dependent on the network QoS and authentication requirement.

IoT UEs capacity
The first index is capacity, from the Shannon theory, the network capacity related to SNR is C = Blog 2 (1 + i ) where B is the channel bandwidth. The expectation of a nonnegative continuous random variable X is E[X] = ∫ t>0 P(X > t)dt. Therefore, expectation capacity of a single IoT UE is: The multipath fading has a pdf of f H (h)∼ exp( ), where = 1/P AP . By a known spatial distribution of UEs, the definition of the mean capacity of the channel is given by: where (y, ) is given as 12 :

Average time delay
Let P k(k + 1) (t) be the probability that given the process X is in state k at time t 0 , then at a time t later, it will be in state k + 1. This process can be modeled as 13 : The steady-state probabilities are defined as, k+1 = lim t→∞ P k(k+1) (t) where k + 1 is the steady-state probability at state k + 1. The global balance steady-state equations for the M/M/1/K is obtained: k = k + 1 for k = 0, 1, 2, 3, ..., K − 1 where K ≥ 1, K is the size of the system buffer. The normalizing equation is ∑ K k=0 k = 1. Therefore, the probability that there is no UE in the IoT system is, , S is the transmission data size, N is the number of assistant UEs and C is from Equation (8). The IoT traffic confliction probability is the probability that at least one UE is communicating in the system.
The communication system is a TDD system, so only one UE can transmit at any one time. Therefore, the average time delay is: where E(T W ) is the mean data transmission time and E(T ) is the mean system severing time, S∕C in the IoT system.
The system limit is K, so when K UEs are in the system there is no access for the next UE. Therefore, the mean waiting time is given by:

6:
Calculate capacity C( , Λ AP ) from Equation (8)  7: Calculate delay E(T D ){ , Λ AP , S} from Equation (13) 8: if C > C ′ ςE(T D ) > T ′ then 9: LBS access allowed 10: else 11: LBS access put on waiting list 12: end if According to the QoS and authentication requirements, an access control algorithm is executed. When a new LBS call arrives: (1) If the authentication level is not satisfied based on the peer-assisted authentication, the service call is declined. (2) If the authentication level is satisfied then the scheme checks the QoS (capacity, delay) in the system. (i) If the QoS quality is met, the service call will be processed. (ii) If there is not enough network capacity or the delay is bigger than requested, when a new call arrives the call will be put on the waiting list. The processing of the algorithm is shown in Algorithm 1.

NUMERICAL RESULTS AND ANALYSIS
In this section, the simulation results are presented to analyze the performance of IoT communication systems with assistance authentication protocols. In this paper, channel bandwidth is 20 MHz, AWGN Power is −162 dB, AP Transmit Power P AP is 40 W, IoT UE Transmit Power P UE is 1 W, D2D UE Density

Successful authentication probability
From the results shown in Figure 2, the assisted authentication can achieve an acceptable successful authentication level. The successful authentication probability would climb to 75% with user density 50 or even to 97% with user density 400 where is 2. When the pathloss distance exponent increases from 2 to 4, the successful authentication probability decreases. Because the transmission range is decreasing, the number of available assistance UEs is less. When there are fewer UEs the successful authentication probability decreases.
The user density has a significant effect on success of peer-assisted authentication. As such the peer-assisted authentication is suitable for high UE density scenarios, such as multimedia tourism services, where the LBS can deliver the scenic spot location, city history, and traffic information-based locations of visitors. However, for a low UE density environment, such as a rural area, the peer-assisted authentication does not work efficiently. Under this situation, a different location authentication scheme is needed.

5.2
Network performance with peer-assisted authentication As Figure 3A shows, without the peer-assisted authentication the network capacity is 27.1 Mbits/s but with assistance, the network capacity is reduced to 1.8 Mbits/s when the number of assistance UEs is over 13. The different values of show the same tendency. Thus peer-assisted authentication is suitable for applications requiring lower capacity. However, for some high capacity network applications such as live video or online games, the peer-assisted authentication would seriously reduce the network performance.
When the assistance authentication is utilized, the IoT UEs have to wait a period for the UE identification. Figure 3B shows the average time delay of the different number of assistance UEs compared with different network traffic volumes. The delay time would climb from 0.01 to 0.4 seconds with a data package size of 3000 kbits. The system average time delay increases significantly when more UEs take part in the authentication. The impact is greater with bigger data sizes.
In this paper, a TDD network is considered for analysis. For an FDD network, the same tendency would be observed since the assisted UEs cause interference with other UEs. The interference leads to a greater bit error rate (BER) and reduces channel capacity.

5.3
Under QoS requirement constraint Figure 4 displays a qualitative comparison of different QoS and authentication requirement. Generally, the more UEs participating in peer-assisted authentication, the bigger the impact on the network performance. Specifically, for a relatively low QoS requirement (such as 0.4 s delay and 1 Mbits/s), more The balance in assistance authentication operations between network security and system quality of service (QoS) UEs are allowed for assisted authentication. Conversely, when the requirement changes to 0.05 seconds and 20 Mbits/s, no UEs are allowed for assisted authentication.

CONCLUSION AND FURTHER WORK
In this paper, a novel lightweight and noncryptographic location authentication scheme, which relies on decentralized peer to peer-assisted authentication, is implemented for wireless networks. The peer-assisted authentication can achieve a relatively high successful authentication probability. While UEs assist the AP to authenticate the target UE's location, they occupy the channel resources. Thus, the network performance (channel capacity, time delay) is reduced, a QoS-based access control is executed to balance the network performance and authentication. The security and privacy become big challenges in LBS applications. 14 In our approach, the location privacy of assisted UEs is leaked to the target UE. Thus, our further work will be based on privacy aware LBS. 15