Generic hybrid methods for secure connections based on the integration of GBA and TLS/CA

摘要

The Generic Bootstrapping Architecture (GBA) is standardized by the Third Generation Partnership Project (3GPP) to provide authentication and data confidentiality based on the existing Mobile Network Operator's (MnO) infrastructure. Unfortunately, this method is not well deployed as the MNO is not always fully trusted by its clients. On the other hand, Transport Layer Security (TLS) is a well-spread protocol that provides strong authentication and data confidentiality based on Public Key Infrastructure (PKI) and certificate distribution. However, distributing certificates for each client remains impractical especially for Internet of Things (IoT) devices. In this paper, we propose hybrid methods that integrate both mechanisms to provide mutual authentication based on two trusted authorities. Each proposed method is deployed depending on the adopted devices and security requirements. Finally we estimate the impact of each of these methods and we conclude with the intended future work.