A Framework for Security-Enhanced Peer-to-Peer Applications in Mobile Cellular Networks

doi:10.4236/ijcns.2011.47055

Paper Menu >>

Journal Menu >>

Int. J. Communications, Network and System Sciences, 2011, 4, 456-463

doi:10.4236/ijcns.2011.47055 Published Online July 2011 (http://www.SciRP.org/journal/ijcns)

A Framework for Security-Enhanced Peer-to-Peer

Applications in Mobile Cellular Networks

Shuping Liu1, Shushan Zhao2, Weirong Jiang3

1Department of Electrical Engineering, University of Southern California, Los Angeles, USA

2Department of Computer Science, University of Windsor, Windsor, Canada

3Juniper Networks Inc, Sunnyvale, USA

E-mail: lius@usc.edu, zhao114@uwindsor.ca, weirongj@acm.org

Received May 24, 2011; revised June 21, 2011; accepted July 1, 2011

Abstract

Due to the dual trends of increasing cellular network transmission capacity and coverage as well as improv-

ing computational capacity, storage and intelligence of mobile handsets, mobile peer-to-peer (MP2P) net-

working is emerging an attractive research field in recent years. However, these trends have not been clearly

articulated in perspective of both technology and business. In this paper, we propose a novel MP2P frame-

work that is based on existing cellular network architecture to provide secure and efficient P2P file sharing

for 3G and future 4G systems. Our framework, which is built on P2P over Session Initiation Protocol (SIP)

mechanism, provides to network operators and P2P service providers efficient data transmission in cellular

networks. With a secure enhancement using identity-based cryptography, the framework also provides de-

sirable support for security, group management, mobility, and chargeability to meet business requirements.

Keywords: Mobile Cellular, 3G, P2P, SIP, IMS, Identity-Based Cryptography

1. Introduction

Mobile cellular networks and handsets are developing ra-

pidly in recent years. While GSM systems have proven

successful, 3G systems (including W-CDMA, CDMA-

2000, and TD-CDMA/TD-SCDMA) are burgeoning and

4G is on the way. These new technologies have brought

many conveniences to our life and in some way changed

the life style of modern people, although there are also

some criticisms against this change.

The P2P network has emerged as an efficient system,

being typically used for sharing content files containing

audio, video, data or any digital-format files and distrib-

uting services over fixed networks. Currently, P2P appli-

cations are considered to be generating most of the

internet traffic [1,2].

Meanwhile, the technology of P2P has recently begun

to extend its scope to address relevant problems of mo-

bile systems in the cellular networks. P2P data exchange

is a very promising business in cellular networks, but it

has attracted very little academic interest due to both busi-

ness and technical reasons. On the one hand, the business

model regarding how this business can operate and make

profit is not yet very clear. On the other hand, although

there is no technique impediment for applying P2P in

cellular networks theoretically, there is no complete so-

lution taking practical issues into consideration, e.g. se-

curity, group management, mobility, and chargeability.

There are many complications considering the complex-

ity of cellular networks. A P2P application makes a cellu-

lar network more prone to security issues such as trust

(privacy: how much information does the un-trusted peer

need to know about me? and confidentiality: what if the

peer who knows my information misuses it?) and DoS

attacks. Techniques widely applied in Internet, such as

PKI, are not suitable for cellular networks, due to spe-

cific characteristics of the latter, such as lack of infra-

structure, constrained communication and computational

resources etc. A reliable framework for authentication

without centralized elements is a challenge [3].

To inspire more interest and promote research on this

topic, we would like to propose a MP2P solution frame-

work in this paper. The framework considers P2P appli-

cations in cellular networks in particular 3G networks,

based on IMS and SIP signaling. The framework has a

security add-on layer to meet business requirements,

such as user authentication, non-repudiation, data and

identity integrity, confidentiality.

S. P. LIU ET AL.

457

The rest of the paper is organized as follows. In Sec-

tion 2, we will present types of architectures for MP2P

and propose a hybrid P2P architecture which can be ap-

plied to IMS-based P2P networks, and introduces the

application of SIP in P2P network. In Section 3, we first

state the security requirements for the MP2P system, and

then propose a solution. To evaluate the performance of

the proposed framework we build a mathematical model

that takes as input search and download queries, and re-

turns as output hit-rate probabilities and time delay. In

Section 4, we analyze the system performance and secu-

rity features mathematically. The last section concludes

the paper.

2. A MP2P Framework in IMS

2.1. Types of Traditional P2P Architectures and

Proposed Hybrid P2P Architecture

Traditionally, there are two types of P2P architectures:

centralized P2P and Decentralized P2P.

 Centralized P2P: In wired network, centralized P2P

is the first generation architecture which uses several

central index servers to control the whole network

and provide metainformation service, such as index

of files for sharing by each peer. To participate in

these networks, the peer must connect as a client to

the centralized server and then locate specific contents.

When the peer is located, the requesting node starts

the transfer directly from the located peer.

 Decentralized P2P: The decentralized P2P architec-

ture lacks central entities which could control the

network, and every node in the network acts as a peer

which is unaware of other peers. All the information,

including metainformation, is maintained by peers.

The decentralized architecture can be divided into

structured and unstructured. Though search and down-

load queries are flushed in both structured and un-

structured P2P network, queries in structured P2P

network are easier to be hit than unstructured P2P

network. That is because the topology of structured

P2P network is tightly controlled and files for sharing

are placed at specific locations. Such kinds of sys-

tems usually deploy Distributed Hash Table (DHT).

The unstructured P2P networks have no precise con-

trol over the network topology or the file placement.

Queries in such systems are usually forwarded to

random neighbors [4]. In decentralized P2P network,

flushing queries consumes a lot of time and band-

width.

 Semi-centralized P2P: The semi-centralized P2P

architecture combines the efficiency and resilience of

both centralized and decentralized architectures. It

structures the network in hierarchies by establishing a

backbone network of super peers which function as

the central index servers in centralized P2P. As a re-

sult the whole P2P network is partitioned by these

super peers into several sub-networks logically. Each

logical sub-network is characterized by centralized

P2P architecture. When a client peer logs on to the

network, it makes a direct connection to a single su-

per peer which collects and maintains information

about client peers and content available for sharing.

Comparison among different P2P architecture is given

in Table 1.

In the context of cellular networks, a cellular network

covers a certain area that is divided into possibly over-

lapping cells. Each cell has a fixed base station (BS). The

base stations are connected to each other by a wired

network. In cellular network, radio link is costly and in-

adequate. For this reason, in normal structure of cellular

communication, there is no direct correspondence be-

tween cellular phones. Several architectures have been

proposed, such as mobile hash-based structured P2P ar-

chitecture (HS-P2P) [5] and mobile agent P2P architec-

ture [6].

In this paper we proposed a hybrid P2P architecture

that combines the efficiency and resilience of both cen-

tralized and decentralized architectures [7]. By using

semicentralized architecture, each mobile terminal con-

nects to a single super peer directly, which is basically

Base Station (BS) of cellular networks. The super peer

collects and maintains information about peers and me-

tainformation of contents available for sharing. Then all

these super peers form a decentralized P2P backbone

Table 1. Comparison of different P2P architectures.

Architecture CentralizedDecentralized Semi-Centralized

Network

Scalability Medium Low Very High

Resiliency Low Very High Medium

Efficiency Very HighMedium High

Coverage Very HighMedium High

Operator

Control Very HighLow High

Signaling

Overhead in

Very High-- High

Signaling

Overhead in

Low High Low

S. P. LIU ET AL.

458

network. In this way, the traffic loads are moved to the

network (super peers) side, which minimizes the usage of

the radio link. Additionally, due to the two-layer hierar-

chies, semi-centralized architecture is more scalable.

By using SP, the performance of P2P applications is-

dramatically improved. At the same time, decentralized

P2P applications are also supported for peers with spe-

cial requirements, for example high privacy in their com-

munication.

2.2. Database Tables in Super Peers

Each super peer maintains four tables: content table, cli-

ent table, caching table, membership table.

The content table stores the information about content

for sharing in its network and facilitates SP to locate the

client peers (in following sections client is used to refer

to client peer). To improve searching efficiency, SP

builds three levels index for the lookup table. The first

level index consists of different classes of content. For

instance, the first level index can be categorized into: mu-

sic, picture, literature and so on. The second level com-

prises different clusters in each class in the first level,

which divides the first level classes into more detailed

sub-classes. The third level is made up of leaf nodes

which are the specific metainformation of content file for

sharing. Each file has a unique id.

To illustrate the use of index table, let us look at an

example. One client has a piece of song, called “Country

Road” for sharing. According to the classification of in-

dex, this song belongs to class of music in the first level

index and country music in the second level index. SP

obtains this information and adds the new item along

with the file profiles, such as ownership and file size into

its content table. Because the content of shared file with

the same name may be different, each content table also

contains the basic information of shared file, such as file

size, modified time and so on.

In client table, each entry is a client which is identified

by the client’s ID (such as the telephone number). Each

entry records the specific bandwidth and membership

information of one client. The client table provides the

parameters which SP can choose so that QoS is guaran-

teed when downloading the files.

The caching table, by nature, is similar with the con-

tent table. The only difference is that caching table stores

the sharing content owned by clients in other SP net-

works. For example, initially the caching table is empty.

When a SP A can not find the requested information in

its content table, it floods the requests to all the other SPs.

If a SP B responses to SP A, which means B has the re-

quested information, A locates the client (who has the

requested resource) and at the same time stores the re-

sponse information and corresponding SP in its caching

table. The caching table is updated in the way of Least

Recently Used (LRU) cache, in which the items are

saved in decreasing order by the times of most recent

request. More popular the file, closer it is to the top of

the lookup table. To fit the fixed length of caching table,

once response information reaches the end of the list, it is

removed from the caching table, when a new item is

added. Once the caching table has been built, the SP may

obtain its next hop without flushing the request message,

which, to some extends, reduces traffic flooding.

The membership table contains information about

groups. Groups are categorized by interest. To participate

or leave a group, the client has to apply to SP. SP exam-

ines whether the group ID in the request message matches

the group ID in the response message.

2.3. Backup Super-Peer

In the introduced MP2P hybrid architecture, the super-

peer becomes a single-point failure for its network, when

super-peer fails or be offline the all shared information in

the network is lost. To increase the reliability of the ar-

chitecture, the backup super-peer is introduced. They

copy all the data information from the super-peer peri-

odically. When the super-peer fails or be offline net-

work the backup peer replaces it and operates as a super-

peer. The possibility of both a super-peer and its backup

peer failing at the same time is much smaller than failure

of super-peer alone. Therefore, the introduction of the

backup super peer improves the architecture's robustness

greatly.

2.4. P2P Based on SIP in the IMS

To apply the hybrid architecture in the IMS, it is natural

to implement the SP as an SIP application server (SP-AS)

which hosts and executes services. SP-AS interfaces with

the S-CSCF (Serving Call/Session Control Function)

using SIP in the ISC (IMS Service Control) interface, as

shown in Figure 1. The ISC interface is between the

Serving CSCF and the service platforms. The SP-AS

uses the ISC interface to communicate with the S-CSCF.

The S-CSCF is connected to a P-CSCF (Proxy Call/Ses-

sion Control Function) through the Mw interface. The

Mw reference point allows the communication and for-

warding of signaling messaging between CSCFs, e.g.

during registration and session control [8]. The S-CSCF

and PCSCF are SIP proxies with IMS functionality. The

SCSCF is the central node in the signaling plane and the

P-CSCF is the inbound/outbound SIP proxy between the

terminal and the IMS network [9].

S. P. LIU ET AL.

459

Figure 1. Interfaces and elements of P2P in IMS.

The SP-AS server has three main functions: content

management, cache management and membership ser-

vices. The SP-AS server maintains the directory of meta-

information. When he/she registers to the network, the

client sends the initial list of content for sharing as well

as further updates as the content changes to the SPAS.

When a client requests resources, the SP-AS consults its

lookup tables and replies back with matching contents. It

as well forwards the requests to other SP-AS.

SIP provides an established method for routing the

P2P connection to the end peer utilizing a set of proxy

servers. The INVITE message performing this function

carries the P2P control message in SDP (Session Descri-

ption Protocol) format. The SDP describes the streams

used for communication and allows the end peers to

agree on the session parameter.

3. Security Enhancement to the Framework

3.1. Security Requirements for MP2P Business

The MP2P framework proposed above provides a high-

performance content sharing model, and is the carrier of

P2P traffic, but it will not work without meeting security

requirements for MP2P business. From business perspec-

tive, security requirements come from two aspects: the

network operator and terminal users, although there is

some overlap between them. These requirements include:

 Identity authentication and non-repudiation: verifies

that the data or request came from and goes to a spe-

cific, valid user. From network operator perspective,

this is to ensure that only subscribed users can get the

service, and bills are charged to correct users. From

end user perspective, this is to ensure communicating

with the correct peer.

 Data confidentiality: keeps data secret to outsiders.

Only the destination user can get the data, and not

anybody else; even an outsider gets it, he/she cannot

get the meaning of the data. From the network opera-

tor perspective, this is to prevent free access to con-

tent, and encourage more traffic. From the end user

perspective, this is to prevent eavesdropping and pro-

tect their privacy.

 Data integrity: prevents data from being altered.

 Data freshness: keeps data in correct order and up-to-

date.

 Data availability: data should be available on request.

With P2P-over-SIP architecture, the operator can

identify and control the transferred contents. As a SIP

signaling message passes through the SP, the content

type, content name and potentially some other informa-

tion can be extracted. This allows the operator to deny

access to illegitimate contents and have group manage-

ment.

Cellular networks have already provided security from

Mobile Switching Centre (MSC) to base stations, and

base station to handsets. GSM network access security

uses A3/A8 (COMP128 actually used in GPRS) authen-

tication algorithm and A5 encryption algorithm, which

have already been broken [10,11]. 3GPP has developed

proprietary cryptographic algorithms—the MILENAGE

algorithm set and KASUMI cryptographic core to re-

place the broken ones in GSM. However, much of the

work with the UMTS access architecture has been fo-

cused on backward compatibility with GSM/GPRS [12].

From a security point of view, backward compatibility

with a system with weaker security is undesirable but

dictated by commercial reality.

On the other hand, as for end-to-end security between

two cellular terminals, current 3G networks do not pro-

vide any mechanism. In Internet world, the traffic can be

protected by using Public Key Infrastructure (PKI). It is

not feasible in cellular networks, especially for handsets.

First, there is no such infrastructure in cellular networks.

Second, PKI is too heavy weight for cellular handsets.

In light of the above reasons, we propose to employ

identity-base cryptography (IBC) in this framework.

Such a scheme has the property that a user’s public key

is an easily calculated function of his identity, while a

user’s private key can be calculated for him by a trusted

authority, called Private Key Generator (PKG). The

identity-based public key cryptosystem can be an alter-

native for certificate-based PKI, especially when effi-

cient key management and moderate security are re-

quired.

Compared to PKI, it has the following advantages in

cellular networks:

 Lightweight: PKI is implemented in RSA, and IBC is

implemented in Elliptic Curve Cryptography (ECC).

S. P. LIU ET AL.

460

For a security level of 2048-bit RSA, ECC outper-

forms in every aspect; for a security level of 1024-bit

RSA, ECC outperforms in scenarios such as in mo-

bile cellular networks [13]. This saves storage and

computational resources of the handsets.

 Easy to deploy: In PKI, the Public Key Certificate

(PKC) of a user need be signed by the Certificate

Authority (CA) before being distributed to other users,

and a user need to store all PKC’s of all other users

he/she wants to communicate. In IBC, the public key

is implicit in the communication traffic, and there is

no need to have it signed, distributed and stored. This

saves communication and storage resources of the

network and handsets.

3.2. Basic System Setup

Our security scheme is based on Boneh’s implementation

of IBC [14]. The scheme needs a setup phase in which

system parameters are distributed to its users. These pa-

rameters include system public key, master key, private

key of each user, and algorithms to be used for hash-

ing/encryption/decryption.

The operator chooses a Bilinear Map denoted as ê:

11 2

GG G between two cyclic groups G1, G2 of

order q for some large prime q, where G1 is the group of

points of an elliptic curve over Fp and G2 is a subgroup

of 2

. At system setup phase, the operator sets the

system public key Ppub as sP where s is a random num-

ber in *

, and P is an arbitrary point in E/Fp of order q.

It also chooses a cryptographic hash function G:



0, 1

 to map variable identity strings to points

in E/Fp, and chooses hash functions H1:



*0, 1



,

H2: 2

Zq, H3:

 

0,1 0,1nnFp



, and H4:

 

0,1 0,1nm



 for keys of specified length.

The initial master key



and the system pa-

rameters <p, n, P, Ppub, G, H1, H2, H3, H4 >are deter-

mined and calculated by the operator. The network op-

erator assigns a short code to each super peer in the net-

work and publishes the numbers. For a MP2P subscriber,

the operator uses the MSISDN as the unique identity and

hence public key. For each



0,1ID 

, the crypto-

graphic scheme builds an initial private key dID as dID

= sQID where QID is a point in E/Fp mapped from ID.

Every user gets the system parameters and its private key

from the operator when he/she subscribes the MP2P ser-

vice.

3.3. Secured P2P Communication

The P2P applications installed on cellular terminals take

care of secure communication between two terminals and

between a terminals and a SP. When node A wants to

send a message to node B, either a SP or a regular peer

node, the application encrypts and authenticates the

message as follows:

1) A first generates an implicit shared key with B,

without any interaction with B:



kHg, where





ˆ,

edAQB,





2,rHeQAQB







,





QAG IDA,





QBGIDB, dA sQA



. IDB is the MSISDN or short

code of the receiver to whom the sender intends to send

the message.

2) A encrypts the message M, and outputs the cipher

text









4CEHkM, where Ek is a secure symmetric

cryptosystem encryption function.

3) A signs the message with its own private key and

the receiver’s public key using a message authentication

code (MAC) function, named H3 here, the authentication

code







 is determined by the message to be

sent and the private key of the originator, and serves as a

signature to the message signed by the node. The en-

crypted message C and signature σ are put into the pay-

load field of the packet, ,MC



.

At the receiver B side, the message is verified and de-

crypted as follows:

1) B first generates the implicit shared key with A,

without any interaction with A:



kHg, where





ˆ,

eQAdB. Note that IDA is the MSISDN of sender

derived from the packet header and









ˆˆ

,,eQAdB edAQB.

2) For a received message ,MC



 in the de-

fined format with signature σ and cipher text C, the sig-

nature is re-calculated:





 and verified

against the one in the received message. If they match,

the message is processed further. Otherwise, the message

is discarded.

3) For the received message, B decrypts it with the

shared key:



 

DHk C

 , where Dk is a secure

symmetric cryptosystem decryption function.



 should

be the same as the original message M.

One weakness of this scheme is key escrow [15], i.e.

the network operator knows the encryption key between

A and B. To transfer content that A and B want to keep

secret from the operator, the following extra steps can be

executed for calculating a shared session key between A

and B after they get a pairwise secret key:









ˆˆ

ABedA QBeQAdBKBA. KAB is then di-

vided into two parts Ke and Ka. Encryption under Ke

prevents all other networks nodes from reading the mes-

sages, whereas Ka is used in a message authentication

code to enable mutual authentication. Then, A

→

B: A,

EKe (K1), B

→

A: B, EKe(K2), MACKa (A,EKe(K1),

Eke (K2)), A

→

B: MACKa (B,EKe(K2), EKe (K1)). A

shared session key can be set up as





1, 2

sesf KK

[16]. This key provides forward security and prevents the

S. P. LIU ET AL.

461

operator from being a key escrow.

3.4. Group Generation and Communication

The MP2P architecture supports fixed group and ad-hoc

group for peers to share data by broadcasting to group

members. The security scheme generates group key for

each fixed group and ad-hoc group.

Each fixed group is formed by the network operator,

and includes one super peer and any number of regular

peers. The group broadcasting key is chosen by the super

peer, and can be generated from a random number. One

regular peer can join a super peer’s group by sending a

request message and get a reply message, including the

group key, from the super peer. These messages are en-

crypted and signed using the scheme introduced in Sec-

tion 3.3. After that, the super peer can announce infor-

mation by broadcasting to its subscribers. The informa-

tion can include the updates in its content table, client

table, caching table, and membership table.

Regular peers can generate ad-hoc groups by them-

selves, and exchange data that are protected to outsiders

using a group-wide secret key. The secret key is gener-

ated in this way:

1) Node 1 computes its broadcast parameter that is uni-

que for node 1:



11,23

Ne sQidQidQidQidn



ˆˆ ˆ

1,21, 31,esQidQidesQid QidesQid Qidn and

distribute 11PbrdcstKNP to all candidate nodes

using respective pairwise encryption.

2) Node 1 use P1−brdcst to encrypt a message sent to

the group, and sign a message as



11 1

:, ,

id Nid

MUVrQ KrhQ



 where r is a random

number and h is a hash of the original message.

Other group members decrypt the message with

1Pbrdcst, and verify if



ˆˆ

1, , 1ePbrdcst VeP UhQid

holds.

4. Discussion

4.1. Performance Analysis

From previous sections, we know that the search effi-

ciency depends on the search in different SP. The effi-

ciency of caching policy will be analyzed in the follow-

ing section. Suppose all of the SPs form a graph in which

all nodes have the same degree D. And there is up to Nf

different files for sharing being cached in snumber of N

SPs, with Ni files in each SP. Each SP reserves the cache

memory space for at most number of K files. Maximum

searching steps, which limits the searching steps, are





log11 1nDDNi. Let s be the possible

number of steps used to search the target.

And we assume searching steps and file location are

evenly distributed in the content table and caching table.

The analysis falls into the following three categories,

 N × K = Nf and without search loops:

Assume that there are no duplicate contents in both the

content table and the caching table. When no repeat con-

tent and search loop exists, the probability for hitting the

target is,











hit

ffff

iff

PPhits Ps

PhitsnPs n

KKKK

nN NNKNK

NiKNnK

nNjKNiK









 





 

 

 





 





































 N × K > Nf and without search loops:

At a certain time point, there are totally N × K files in

SPs and Nf is fixed. If Nf < N × K, the overlap of con-

tents occur between the content table and caching table.

The repeat probability is defined as follows Pr(n) the

probability for a certain cached file in the SP checked in

nth steps to be the same as some file in the SP checked

before, that is, in the SP checked in 0th , 1th, …, (n–1)th

steps.





00;













 











1P1

21 ;

NKK



 





 





…



01P

NKi

Pn N













 







Therefore the hitting probability is,

S. P. LIU ET AL.

462









11 12

11 11

hit

fff

ff fr

nrr

nnr

PnNN NK

KP KP

NNK

NKK P

KPj KPn

NKPm

NKPk

KPj































 

 





















 





























rf r

KPi

Pk NKPm





















 With search loops:

Now we consider the condition that loops are possible.

If the search process hits the target in n steps, then the

maximum number of the checked SPs is n, and the

maximum number of steps that can be wasted due to

loops is n - 2. The wasted step means that one SP that

has already been checked is checked for a second time.

Suppose the number of possible loop is evenly distrib-

uted.

Let



lab denotes the probability for hitting target

in a steps along with b steps wasted because of loops,

then,

 

labPlA aB bPlAaBb 



22PlAaBb Denote the probability for

hitting the target in nth steps by Sn, then,



000

SP;



110

SP;



220

SP;

   



111

303130 20

222

ll ll

SPPP P



SPi

n

.

Then the hitting probability is as follows,

  

10 200

hitl ll

PPPPj















where



jll

flfl

KPi KPj

NKPmNKPi

















 



 







From Figures 2 and 3, the advantages of the proposed

Figure 2. File number is 10000, n = 3, file caching room is in

the range of 100 to 2000, connectivity degree = 10. File re-

peat probability is 0.

Figure 3. File number is 10000, n = 2 to 3, file caching room

is 1000, connectivity degree = 5 to 40. File repeat probabil-

ity is 0.

architecture when evaluating hit probability are clear.

The hit probability is improved significantly as the cache

room and connectivity degree rises. Our results reasona-

bly show some trends for parameters changes.

4.2. Business Security Analysis

The security enhancement provides integrity, authentica-

tion, and confidentiality to MP2P messages by binding a

message with a private key possessed only by the cellular

terminal. It effectively prevents the following attacks

previously available in cellular networks:

 Identity Impersonation: In cellular networks, the pos-

sibility exists that an attacker manages to impersonate

the service provider or a terminal user. With the pro-

posed security enhancement, the originating address

of the sender is bound to the private key of the sender.

The attacker, not knowing the private key, cannot

forge an arbitrary address. This ensures correctness of

delivered service and billing.

 Message Forgery and Tampering: Similarly to ad-

dress forgery, an attacker can also forge or tamper the

payload field of a data packet, namely the content of

a message, in current cellular networks. With the pro-

posed security enhancement, every message is signed

by the sender. The attacker, not knowing the private

S. P. LIU ET AL.

463

key of the sender, cannot tamper the message and ge-

nerate a correct signature. It’s easy to verify the inte-

grity of the message.

 Eavesdropping: As was stated earlier, there are many

possibilities an attacker can get access to messages

transmitted through current cellular networks. The

attacker can intercept the messages from the Internet

or over the air, and easily get interesting information,

since there is no strong protection to them. With the

proposed security enhancement, every message is

encrypted, and only the sender and receiver know the

decryption key. Any attacker will need a great deal of

effort if he wants to crack the encryption.

With these features, a MP2P service can be securely

deployed; security requirements from both the network

operator side and terminal user side can be well satisfied.

A business model based on this framework is thus feasi-

ble, profitable, and also promising.

5. Conclusions

In this paper, we propose a framework for implementing

P2P as a SIP-based service in cellular networks, in par-

ticular in IMS. The framework is based on MP2P hybrid

architecture. We show several benefits of this framework

by mathematical analysis and simulation. The framework

also includes a security enhancement, with which the

operators can have control on security and group man-

agement, and chargeability is possible. The enhancement

is lightweight and convenient to deploy in cellular net-

works environment by using identity-based cryptography.

Business model using this MP2P framework with secu-

rity enhancement can be easily and successfully setup,

which is one of our future works.

6. References

[1] N. B. Azzouna and F. Guillemin, “Experimental Analysis

of the Impact of Peer-to-Peer Applications on Traffic in

Commercial IP Networks,” European Transactionson

Telecommunications, Special Issue on P2PNetworking

and P2P Services, Vol. 15, No. 6, November-December

2004, pp. 511-522.

[2] T. Karagiannis, A. Broido, N. Brownlee, K. C. Claffy and

M. Faloutsos, “Is P2P Dying or Just Hiding?” Proceeding

s of IEEE Global Telecommunications Conference, Dal-

las, Vol. 3, 29 November-3 December 2004, pp. 1532-

1538.

[3] K. Singh and H. Schulzrinne, “Peer-to-Peer Internet Te-

lephony using SIP,” Columbia University Technical Re-

port, CUCS-044-04, New York, October 2004.

[4] J. Yang, Y. P. Zhong and S. Y. Zhang, “An Effcient In-

terest-Group Based Search Mechanism in Unstructured

Peer-to-Peer Networks,” Proceddings of the International

Conference on Computer Networks and Mobile Comput-

ing, Shanghai, 20-23 October 2003, pp. 247-252.

[5] H. C. Hsiao and C. T. King, “Bristle: A Mobile Struc-

tured Peer-to-Peer Architecture,” Proceeding of Interna-

tional Parallel and Distributed Processing Symposium,

Nice, 22-26 April 2003, pp. 33-40.

[6] H.-T. Hu, B. Thai and A. Seneviratne, “Supporting Mo-

bile Devices in Gnutella File Sharing Network with Mo-

bile Agents,” Proceedings of the 8th IEEE International

Symposium on Computers and Communications, Kemer-

Antalya, 28 June-1 July 2004, pp. 25-30.

[7] S. Liu, W. Jiang and J. Li, “Architecture and Performance

Evaluation for P2P Application in 3G Mobile Cellular

Systems,” Proceedings of International Conference on

Wireless Communications, Networking and Mobile Com-

puting, Shanghai, 21-25 September 2007, pp. 914-917.

doi:10.1109/WICOM.2007.235

[8] 3GPP TS 23.002 v5.12.0 3rd Generation Partnership

Project; Technical Speci_cation Group Services and Sys-

tems Aspects Network architecture (Release 5). Septem-

ber 2003.

[9] G. Camarillo and M. A. Garcia Martin, “The 3G IP Mul-

timedia Subsystem,” John Wiley & Sons, Hoboken, ISBN

0470 871563, 2004.

[10] D. Wagner, “GSM Cloning,” June 2010

http://www.isaac.cs.berkeley.edu/isaac/gsm.html

[11] A. Biryukov, A. Shamir and D. Wagner, “Real Time Cryp-

tanalysis of A5/1 on a PC,” Proceedings of the 7th Inter-

national Workshop on Fast Software Encryption, 2000,

pp. 1-18.

[12] G. Koien, “An Introduction to Access Security in

UMTS,” IEEE Wireless Communications, Vol. 11, No. 1,

2004, pp. 8-18. doi:10.1109/MWC.2004.1269712

[13] V. Gupta, S. Gupta, S. Chang and D. Stebila, “Perform-

ance Analysis of Elliptic Curve Cryptography for SSL,”

Proceedings of the ACM Workshop on Wireless Security,

Atlanta, September 2002, pp. 87-94.

[14] D. Boneh and M. Franklin, “Identity-Based Encryption

From The Weil Pairing,” Proceedings of Cryptology, Lec-

ture Notes in Computer Science, Vol. 2139, Springer,

2001, pp. 213-219.

[15] S. Zhao, A. Aggarwal and S. Liu, “Building Secure User-

to-User Messaging in Mobile Telecommunication Net-

works,” Proceedings of Wireless Telecomunications Sym-

posium, Pomona, 24-26 April 2008, pp. 151-157.

doi:10.1109/WTS.2008.4547559

[16] K. Hoeper and G. Gong “Preventing or Utilising Key

Escrow in Identity-Based Schemes Employed in Mobile

Ad Hoc Networks,” International Journal of Security and

Networks, Vol. 2, No. ¾, 2007, pp. 239-250.