Security analysis and enhancements of 3GPP authentication and key agreement protocol

This paper analyzes the authentication and key agreement protocol adopted by Universal Mobile Telecommunication System (UMTS), an emerging standard for third-generation (3G) wireless communications. The protocol, known as 3GPP AKA, is based on the security framework in GSM and provides significant e...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on wireless communications 2005-03, Vol.4 (2), p.734-742
Main Authors: Muxiang Zhang, Fang, Yuguang
Format: Article
Language:English
Subjects:
3G mobile communication
Agreements
Applied sciences
Authentication
Base stations
Business and industry local networks
Communication standards
Communication system security
Equipments and installations
Exact sciences and technology
GSM
Home automation
Mobile radiocommunication systems
Network security
Networks and services in france and abroad
privacy
Radiocommunications
security
Systems, networks and services of telecommunications
Telecommunication standards
Telecommunications
Telecommunications and information theory
Teleprocessing networks. Isdn
Teletraffic
third generation (3G)
wireless
Wireless application protocol
Wireless communication
Wireless communications
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper analyzes the authentication and key agreement protocol adopted by Universal Mobile Telecommunication System (UMTS), an emerging standard for third-generation (3G) wireless communications. The protocol, known as 3GPP AKA, is based on the security framework in GSM and provides significant enhancement to address and correct real and perceived weaknesses in GSM and other wireless communication systems. In this paper, we first show that the 3GPP AKA protocol is vulnerable to a variant of the so-called false base station attack. The vulnerability allows an adversary to redirect user traffic from one network to another. It also allows an adversary to use authentication vectors corrupted from one network to impersonate all other networks. Moreover, we demonstrate that the use of synchronization between a mobile station and its home network incurs considerable difficulty for the normal operation of 3GPP AKA. To address such security problems in the current 3GPP AKA, we then present a new authentication and key agreement protocol which defeats redirection attack and drastically lowers the impact of network corruption. The protocol, called AP-AKA, also eliminates the need of synchronization between a mobile station and its home network. AP-AKA specifies a sequence of six flows. Dependent on the execution environment, entities in the protocol have the flexibility of adaptively selecting flows for execution, which helps to optimize the efficiency of AP-AKA both in the home network and in foreign networks.
ISSN:1536-1276
1558-2248
DOI:10.1109/TWC.2004.842941