EVALUATION OF SECURITY ATTACKS ON UMTS AUTHENTICATION MECHANISM

In this study security of internet access over the Third Generation (3G) telecommunication systems is considered and Universal Mobile Telecommunications System (UMTS) is selected as the most popular system among 3G systems. The study then focuses on network access security mechanism of UMTS, called Authentication and Key Agreement (AKA). In addition, twenty types of important attacks and threats in UMTS system are presented and classified based on three major security factors; authentication, confidentiality, and data integrity. The evaluations finally show that the authentication factor is more interesting than other factors for hackers. Then, we describe four attacks named; man-inthe-middle, denial of service, identity catching, and redirection as the most significant attacks against authentication mechanism. Furthermore, we provide some solutions and methods to improve AKA mechanism and prevent these attacks in UMTS system.

[1]  Ja'afer Al-Saraireh,et al.  An Enhancement of Authentication Protocol and Key Agreement (AKA) For 3G Mobile Networks , 2011 .

[2]  Lazaros F. Merakos,et al.  Security in third Generation Mobile Networks , 2004, Comput. Commun..

[3]  Eli Biham,et al.  Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication , 2003, Journal of Cryptology.

[4]  Geoff W. Hamilton,et al.  Detecting Man-in-the-Middle Attacks by Precise Timing , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[5]  Chris J. Mitchell,et al.  Heterogeneous Internet Access via PANA / UMTS , 2004 .

[6]  Chih-Ya Shen,et al.  Provable Secure AKA Scheme with Reliable Key Delegation in UMTS , 2009, 2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement.

[7]  Geir M. Køien,et al.  Access security in CDMA2000, including a comparison with UMTS access security , 2004, IEEE Wireless Communications.

[8]  Zhiling Lan,et al.  The GSM/UMTS Phone Number Catcher , 2011, 2011 Third International Conference on Multimedia Information Networking and Security.

[9]  Safwan El Assad,et al.  Security of mobile Internet access with UMTS/HSDPA/LTE , 2011, 2011 World Congress on Internet Security (WorldCIS-2011).

[10]  Xinyi Chen,et al.  The optimization of security algorithm selection for wireless communications in UMTS , 2011, 2011 International Conference on Multimedia Technology.

[11]  Chih-Ya Shen,et al.  S-AKA: A Provable and Secure Authentication Key Agreement Protocol for UMTS Networks , 2011, IEEE Transactions on Vehicular Technology.

[12]  Georgios Kambourakis,et al.  Performance Evaluation of Public Key-Based Authentication in Future Mobile Communication Systems , 2004, EURASIP J. Wirel. Commun. Netw..

[13]  S. Yousef,et al.  Enhancement Mobile Security and User Confidentiality for UMTS , 2006 .

[14]  Patrick P. C. Lee,et al.  On the Detection of Signaling DoS Attacks on 3G Wireless Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[15]  Flemming Nielson,et al.  Security for Mobility , 2002, FOSAD.

[16]  A. Bais,et al.  Evaluation of UMTS security architecture and services , 2006, 2006 4th IEEE International Conference on Industrial Informatics.

[17]  Somayeh Salimi,et al.  New attacks on UMTS network access , 2009, 2009 Wireless Telecommunications Symposium.

[18]  Ulrike Meyer,et al.  A man-in-the-middle attack on UMTS , 2004, WiSe '04.

[19]  Hahnsang Kim,et al.  Improving mobile authentication with new AAA protocols , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[20]  Andrey Bogdanov,et al.  A Hardware-Assisted Realtime Attack on A5/2 Without Precomputations , 2007, CHES.

[21]  Muzammil Khan,et al.  Vulnerabilities of UMTS Access Domain Security Architecture , 2008, 2008 Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing.

[22]  Safwan El Assad,et al.  UMTS security: Enhancement of identification, authentication and key agreement protocols , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[23]  Yuefei Zhu,et al.  Security analysis of a cocktail protocol with the authentication and key agreement on the UMTS , 2010, IEEE Communications Letters.

[24]  J. Vijay Franklin,et al.  Enhanced Authentication Protocol for Improving Security in 3 GPP LTE Networks , .

[25]  G.M. Koien,et al.  An introduction to access security in UMTS , 2004, IEEE Wireless Communications.

[26]  Valtteri Niemi,et al.  UMTS security , 2003 .

[27]  Omar Al-Amir,et al.  Analysis and enhancement of SSL based UMTS authentication protocol , 2010, 2010 7th International Symposium on Communication Systems, Networks & Digital Signal Processing (CSNDSP 2010).