Security analysis and enhancements of 3GPP authentication and key agreement protocol

This paper analyzes the authentication and key agreement protocol adopted by Universal Mobile Telecommunication System (UMTS), an emerging standard for third-generation (3G) wireless communications. The protocol, known as 3GPP AKA, is based on the security framework in GSM and provides significant enhancement to address and correct real and perceived weaknesses in GSM and other wireless communication systems. In this paper, we first show that the 3GPP AKA protocol is vulnerable to a variant of the so-called false base station attack. The vulnerability allows an adversary to redirect user traffic from one network to another. It also allows an adversary to use authentication vectors corrupted from one network to impersonate all other networks. Moreover, we demonstrate that the use of synchronization between a mobile station and its home network incurs considerable difficulty for the normal operation of 3GPP AKA. To address such security problems in the current 3GPP AKA, we then present a new authentication and key agreement protocol which defeats redirection attack and drastically lowers the impact of network corruption. The protocol, called AP-AKA, also eliminates the need of synchronization between a mobile station and its home network. AP-AKA specifies a sequence of six flows. Dependent on the execution environment, entities in the protocol have the flexibility of adaptively selecting flows for execution, which helps to optimize the efficiency of AP-AKA both in the home network and in foreign networks.

[1]  Natsume Matsuzaki,et al.  Key Distribution Protocol for Digital Mobile Communication Systems , 1989, CRYPTO.

[2]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[3]  Li-Fung Chang,et al.  Privacy and authentication on a portable communications system , 1991, IEEE Global Telecommunications Conference GLOBECOM '91: Countdown to the New Millennium. Conference Record.

[4]  Kaoru Kurosawa,et al.  On Key Distribution and Authentication in Mobile Radio Networks , 1994, EUROCRYPT.

[5]  M. Beller,et al.  Fully-fledged two-way public key authentication and key agreement for low-cost terminals , 1993 .

[6]  G. Tsudik,et al.  Authentication of mobile users , 1994, IEEE Network.

[7]  Ashar Aziz,et al.  Privacy and authentication for wireless local area networks , 1994, IEEE Personal Communications.

[8]  Ulf Carlsen Optimal privacy and authentication on a portable communications system , 1994, OPSR.

[9]  Moti Yung,et al.  The KryptoKnight family of light-weight protocols for authentication and key distribution , 1995, TNET.

[10]  Lein Harn,et al.  Authentication protocols for personal communication systems , 1995, SIGCOMM '95.

[11]  Yi Mu,et al.  On the design of security protocols for mobile communications , 1996, ACISP.

[12]  Colin Boyd,et al.  Key Establishment Protocols for Secure Mobile Communications: A Selective Survey , 1998, ACISP.

[13]  Wei-Pang Yang,et al.  Enhanced privacy and authentication for the global system for mobile communications , 1999, Wirel. Networks.

[14]  Wen-Guey Tzeng,et al.  Inter-Protocol Interleaving Attacks on Some Authentication and Key Distribution Protocols , 1999, Inf. Process. Lett..

[15]  Levente Buttyán,et al.  Extensions to an authentication technique proposed for the global mobility network , 2000, IEEE Trans. Commun..