RADIOELECTRONIC AND COMPUTER SYSTEMS

The recent development of mobile networks has led to the emergence of new threats and methods of implementing existing ones. Phishing attacks, including robocalls, are causing record losses to both individual users and large corporations. At the same time, existing countermeasures cannot provide protection against such attacks because most existing solutions focus on device authentication, whereas user authentication does not occur during a call. Another problem with mobile networks is that there is no point-to-point encryption, i.e., the speech is encrypted only on the segment from the subscriber to the base station. The subject of study in this article is the process of ensuring user security during a call. The purpose of this study is to develop a model of mutual user authentication and end-to-end data encryption in a mobile network during a call. The main objectives are the protection of users from spoofing and vishing and the proposal of a protection method by implementing mutual authentication of users during a call without storing confidential information on the side of a "trusted third party". Method of secure key exchange and end-to-end encryption during a call in the mobile network was proposed. It prevents the interception of calls by the operator for circuit-switched and packet networks. The methods used are mathematical modelling, ontological approach, and multi-criteria optimization models. Because of this research, an algorithm for mutual authentication of users is proposed by introducing biometric authentication methods and modifying the sequence of messages during a call. The proposed approach can be implemented for CS-call and VoLTE/VoWiFi calls. A call cannot be received without user biometric authentication; such as ear pattern or bone conduction methods. Modified SETUP and CONNECT ACK messages are used to inform the other party about the user verification result. This prevents user spoofing, call masquerading, and robocalls. A combination of the proposed asymmetric encryption, a short authentication string, and hashes of previous calls provides a higher level of confidentiality, integrity, and additional resistance to man-in-the-middle attacks. Conclusions. The scientific novelty of the obtained results is the integration of the above methods into the sequence of call flow messages for providing mutual authentication, end-to-end encryption, and counteraction to the number of network attacks. The proposed methods allow one level to increase the provision of services of privacy and observation groups and can be implemented in the software part of user equipment.

user authentication during a call; voice encryption; mobile networks; call flow; attack prevention

Truecaller. Truecaller insights 2021. U.S. spam & scam report. Available at: https://www.truecaller.com/blog/insights/us-spam-scam-report-21 (accessed 12.03.2024).

Leonhardt, M. Americans lost $29.8 billion to phone scams alone over the past year. Available at: https://www.cnbc.com/2021/06/29/americans-lost-billions-of-dollars-to-phone-scams-over-the-past-year.html (accessed 12.03.2024).

Zadereyko, O., Trofymenko, O., Prokop, Y., Loginova, N., Dyka, A., & Kukharenko. S. Research of potential data leaks in information and communication systems. Radioelectronic and computer systems, 2022, no. 4, pp. 64-84. DOI: 10.32620/reks.2022.4.05.

Perdana, N. J., Herwindiati, D. E., & Sarmin, N. H. Voice Recognition System for User Authentication Using Gaussian Mixture Model. International Conference on Artificial Intelligence in Engineering and Technology (IICAIET), 2022, Malaysia, IEEE, pp. 1-5. DOI: 10.1109/IICAIET55139.2022.9936856.

Lee, M.-K., Kim, J. B., & Song, J. E. Smartphone user authentication using audio channels. Proceedings of the 2012 International Conference on Consumer Electronics (ICCE), 2012, USA, IEEE, pp. 735-736. DOI: 10.1109/ICCE.2012.6162060.

Shaofeng, L., Chaoping, G., Lin, N., Wanli, K., & Minjiao, Z. The Research of Encryption Algorithm for Voice Communication of Mobile Station. Proceedings of the 2015 International Conference on Intelligent Transportation, Big Data and Smart City, 2015, Vietnam, pp. 898-901. DOI: 10.1109/ICITBS.2015.228.

Rouaf, M. T., & Yousif, A. Performance Evaluation of Encryption Algorithms in Mobile Devices. Proceedings of the 2020 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE), 2021, Sudan, pp. 1-5. DOI: 10.1109/ICCCEEE49695.2021.9429673.

Eltengy, A. H. Encryption Of Voice Calls Using CryptoBin Algorithm. Proceedings of 2021 International Telecommunications Conference (ITC-Egypt), 2021, Alexandria, Egypt, pp. 1-5. DOI: 10.1109/ITC-Egypt52936.2021.9513963.

Irvan, M., Nakata, T., & Yamaguchi, R. S. User authentication based on smartphone application usage patterns through learning classifier systems. Proceedings of 2020 International Conference on Big Data (Big Data), 2020, Atlanta, GA, USA, IEEE, pp. 4462-4466. DOI: 10.1109/BigData50022.2020.9378172.

Alatawi, M., & Saxena, N. SoK: An Analysis of End-to-End Encryption and Authentication Ceremonies in Secure Messaging Systems. WiSec 2023 - Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2023, pp. 187–201. DOI: 10.1145/3558482.3581773.

Pevnev, V., & Kharchenko, V. Cyber security of wireless smart systems: channels of intrusions and radio frequency vulnerabilities. Radioelectronic and computer systems, 2020, no. 4, pp. 79-92. DOI: 10.32620/reks.2020.4.07.

Li, J., Shi, Y., Chen, J., Huang, Q., Ye, M., & Guo, W. Flexible Self-Powered Low-Decibel Voice Recognition Mask. Sensors, 2024, vol. 24, no. 10, article no. 3007. DOI: 10.3390/s24103007.

Hao, Z., Peng, J., Dang, X., Yan, H., & Wang, R. mmSafe: A Voice Security Verification System Based on Millimeter-Wave Radar. Sensors, 2022, vol. 22, no. 23, article no. 9309. DOI: 10.3390/s22239309.

Mo, L., Zhang, L., Sun, X., & Zhou, Z. Unlock Happy Interactions: Voice Assistants Enable Autonomy and Timeliness. J. Theor. Appl. Electron. Commer. Res, 2024, vol. 19, no. 2, pp. 1013-1033. DOI: 10.3390/jtaer19020053.

Kilinc, H. H., & Yanik, T. A Survey of SIP Authentication and Key Agreement Schemes. IEEE Communications Surveys & Tutorials, 2024, vol. 16, no. 2, pp. 1005-1023. DOI: 10.1109/SURV.2013.091513. 00050.

James, T. Yu. An Analysis of Applying STIR/SHAKEN to Prevent Robocalls. Advances in Security, Networks, and Internet of Things, 2021, pp. 277-290. DOI: 10.1007/978-3-030-71017-0_20.

ND TZI 2.5-004-99. Kryteriyi otsinky zakhyshchenosti informatsiyi v komp'yuternykh systemakh vid nesanktsionovanoho dostupa. [State standard 2.5-004-99 criteria for assessing the security of information in computer systems against unauthorized access]. Kyiv, 1999. 60 p. Available at: https://tzi.com.ua/downloads/2.5-004-99.pdf (accessed 12.03.2024).

Sim, J. Y., Noh, H. W., Goo, W., Kim, N., Chae S.-H., & Ahn, C.-G. Identity Recognition Based on Bioacoustics of Human Body. IEEE Transactions on Cybernetics, 2021, vol. 51, no. 5, pp. 2761-2772. DOI: 10.1109/TCYB.2019.2941281.

Kurapati, S., Mohan, R., Sadhasivam, K., & Tyagi, S. System, method and apparatus for authenticating calls. US Patent, no. US9197746B2, 2009. Available at: https://patents.google.com/patent/ US9197746B2/en (accessed 12.03.2024).

Zhang, G., Rong, W., Zhou, K., Wang, D., & Xu, Y. Incoming call answering method and mobile terminal. CN Patent, no. CN105187672A, 2015. Available at: https://patents.google.com/patent/ CN105187672A/en (accessed 12.03.2024).

Dolan, R. A., Hofstatter, D. F., & Kirchhoff, L. Methods and apparatus for providing expanded telecommunications service. US Patent, no. US8594287B2, 2010. Available at: https://patents.google.com/patent/US8594287B2/en (accessed 12.03.2024).

Mukund, S. K. Headset for Acoustic Authentication of a User. US Patent, no. US20200184057A1, 2020. Available at: https://patents.google.com/patent/US20200184057A1/en (accessed 12.03.2024).

3GPP TS 33.102 version 11.5.1 Release 11. Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); 3G security; Security architecture. 2013. 77 p. Available at: https://www.etsi.org/deliver/etsi_ts/ 133100_133199/133102/11.05.01_60/ts_133102v110501p.pdf (accessed 12.03.2024).

Khalfaoui, S., Leneutre, J., Villard, A., Ma, J., & Urien, P. Security Analysis of Out-of-Band Device Pairing Protocols: A Survey. Wireless Communications and Mobile Computing, 2021, pp. 1-30. DOI: 10.1155/2021/8887472.

Miers, I., & Green, M. Short Authentication Strings for TLS, 2014. 6 p. Available at: https://tools.ietf.org/html/draft-miers-tls-sas-00 (accessed 12.03.2024).

Bresciani, R., & Butterfield, A. ProVerif Analysis of the ZRTP Protocol. International Journal for Infonomics (IJI), 2010, vol. 3, iss. 3, pp. 306-313. DOI: 10.20533/iji.1742.4712.2010.0033 (accessed 12.03.2024).

Zimmermann, P. R. Method and system for key management in voice over internet protocol. US Patent, no. US7730309B2, 2006. Available at: https://patents.google.com/patent/US7730309B2/en (accessed 12.03.2024).

Berggren, D. E., & Belczyk, S. E. Method and system for securing packetized voice transmissions. US Patent, no. US8462942B2, 2009. Available at: https://patents.google.com/patent/US8462942B2/en (accessed 12.03.2024).

Kasabwala, D. R., & Leavy, T. M. Secure telecommunications. US Patent, no. US9596079B1, 2016. Available at: https://patents.google.com/patent/ US9596079B1/en (accessed 12.03.2024).