18-12-2012, 03:24 PM
AN IMPROVED AUTHENTICATION AND KEY AGREEMENT PROTOCOL OF 3G
[attachment=44244]
ABSTRACT
With the development of mobile communication network, the requirements of mobile users for data services are higher and higher, which makes data service become more diversiform and various service providers appear on after the other. As a result, data services increasingly become the main service in mobile network.
The Universal Mobile Telecommunications System (UMTS) is one of the new ‘third generation’ (3G) mobile cellular communication systems being developed within the framework defined by the International Telecommunications Union (ITU) known as IMT-20001.UMTS aims to provide a broadband, packet-based service for transmitting video, text, digitized voice, and multimedia at data rates of up to 2 Mbps while remaining cost effective. The AKA procedure is the essence of authenticating a user to the network and vice versa. AKA procedures in UMTS have increased security compared with GSM.
However, during its development some security problems emerged. Although the authentication and key agreement (AKA) protocol solve some, it still has some flaws such as lacking complete authentication and interworking and so on. In order to those problem preferable, aiming at the security threaten for services based on mobile network and the problems with the existing AKA, we analyzed the existing Authentication and Key Agreement (AKA) protocol, and points out the security flaws among it and possible methods of attack. For the security flaws, an improved AKA protocol is proposed. In the end, we analyzes the improved AKA protocol.
INTRODUCTION
The third generation mobile communication system (3G) not only support the tradition pronunciation service, it will also provide other services, such as the multimedia services, the data service, electronic commerce, the electronics trade as well as the Internet serves and so on. If we apply 3G in the special domain of information based society construction, it will certainly to enhance the process of information based society construction effectively. As the openness of 3G wireless channel, the security problem always a key factor of affecting the system performance. Most information in the special domain is confidential information and should be controlled in a secure scope, therefore, it is the key problem that preventing this information from being tampered and being got by illegal users in the wireless channel. In the safe communication, the implementation of the authentication and the key agreement is the premise and guarantee of the encrypted communication.
The Authentication and Key Agreement (AKA) protocol is a security protocol used in 3G networks. AKA is also used for one-time password generation mechanism for Digest access authentication. It is a challenge-response based mechanism that uses symmetric cryptography.AKA provides procedures for mutual authentication of the MS and serving system. The successful execution of AKA results in the establishment of a security association (i.e., set of security data) between the MS and serving system that enables a set of security services to be provided. AKA is typically run in a UMTS IP Multimedia Services Identity Module (ISIM), which resides on a smart card like device that also provides tamper resistant storage of shared secrets.
AUTHENTICATION VECTOR DISTRIBUTION:
Fig 2 shows the generating process of authentication vector. The process begins by picking an appropriate sequence number (SQN).Roughly speaking, what is required is that SQNs are chosen in ascending order. The purpose of the SQN is to provide the user (or more technically the USIM) with proof that the generated authentication vector is fresh (i.e., it has not been used before in an earlier run of authentication. In parallel with the choice of SQN,a 128-bit long unpredictable challenge RAND is generated. This is a mental way so that the output of one function reveals no information about the outputs of the other functions.
WEAKNESSES IN UMTS SECURITY MECHANISMS
To sum up, the main weaknesses in UMTS security mechanism are:
Integrity keys used between UE and RNC generated in VLR/SGSN are transmitted unencrypted to the RNC (and sometimes between RNCs).
IMSI is transmitted in unencrypted form.
For a short time during signaling procedures, signaling data are unprotected and hence exposed to tampering.
CONCLUSION
AKA procedures in UMTS have increased security compared with GSM All messages should be integrity checked, but indirectly by requiring confidentiality protection together with integrity. AKA concept is used to perform authentication of the user and network, as opposed to 2G systems, which only authenticated users in a system. The confidentiality algorithm is stronger than its GSM predecessor. The integrity mechanism works independent of confidentiality protection and provides protection against active attacks. The design of cryptographic algorithms is open and they are extensively crypto analyzed. Moreover, the architecture is flexible and more algorithms can be added easily. In view of the flaw existed in traditional AKA protocol, we have designed an improved AKA protocol. The improved protocol has realized MS to the VLR authentication and the confidentiality of information transmitted in network, and enhanced the security of information transmitted in the wireless channel.
[attachment=44244]
ABSTRACT
With the development of mobile communication network, the requirements of mobile users for data services are higher and higher, which makes data service become more diversiform and various service providers appear on after the other. As a result, data services increasingly become the main service in mobile network.
The Universal Mobile Telecommunications System (UMTS) is one of the new ‘third generation’ (3G) mobile cellular communication systems being developed within the framework defined by the International Telecommunications Union (ITU) known as IMT-20001.UMTS aims to provide a broadband, packet-based service for transmitting video, text, digitized voice, and multimedia at data rates of up to 2 Mbps while remaining cost effective. The AKA procedure is the essence of authenticating a user to the network and vice versa. AKA procedures in UMTS have increased security compared with GSM.
However, during its development some security problems emerged. Although the authentication and key agreement (AKA) protocol solve some, it still has some flaws such as lacking complete authentication and interworking and so on. In order to those problem preferable, aiming at the security threaten for services based on mobile network and the problems with the existing AKA, we analyzed the existing Authentication and Key Agreement (AKA) protocol, and points out the security flaws among it and possible methods of attack. For the security flaws, an improved AKA protocol is proposed. In the end, we analyzes the improved AKA protocol.
INTRODUCTION
The third generation mobile communication system (3G) not only support the tradition pronunciation service, it will also provide other services, such as the multimedia services, the data service, electronic commerce, the electronics trade as well as the Internet serves and so on. If we apply 3G in the special domain of information based society construction, it will certainly to enhance the process of information based society construction effectively. As the openness of 3G wireless channel, the security problem always a key factor of affecting the system performance. Most information in the special domain is confidential information and should be controlled in a secure scope, therefore, it is the key problem that preventing this information from being tampered and being got by illegal users in the wireless channel. In the safe communication, the implementation of the authentication and the key agreement is the premise and guarantee of the encrypted communication.
The Authentication and Key Agreement (AKA) protocol is a security protocol used in 3G networks. AKA is also used for one-time password generation mechanism for Digest access authentication. It is a challenge-response based mechanism that uses symmetric cryptography.AKA provides procedures for mutual authentication of the MS and serving system. The successful execution of AKA results in the establishment of a security association (i.e., set of security data) between the MS and serving system that enables a set of security services to be provided. AKA is typically run in a UMTS IP Multimedia Services Identity Module (ISIM), which resides on a smart card like device that also provides tamper resistant storage of shared secrets.
AUTHENTICATION VECTOR DISTRIBUTION:
Fig 2 shows the generating process of authentication vector. The process begins by picking an appropriate sequence number (SQN).Roughly speaking, what is required is that SQNs are chosen in ascending order. The purpose of the SQN is to provide the user (or more technically the USIM) with proof that the generated authentication vector is fresh (i.e., it has not been used before in an earlier run of authentication. In parallel with the choice of SQN,a 128-bit long unpredictable challenge RAND is generated. This is a mental way so that the output of one function reveals no information about the outputs of the other functions.
WEAKNESSES IN UMTS SECURITY MECHANISMS
To sum up, the main weaknesses in UMTS security mechanism are:
Integrity keys used between UE and RNC generated in VLR/SGSN are transmitted unencrypted to the RNC (and sometimes between RNCs).
IMSI is transmitted in unencrypted form.
For a short time during signaling procedures, signaling data are unprotected and hence exposed to tampering.
CONCLUSION
AKA procedures in UMTS have increased security compared with GSM All messages should be integrity checked, but indirectly by requiring confidentiality protection together with integrity. AKA concept is used to perform authentication of the user and network, as opposed to 2G systems, which only authenticated users in a system. The confidentiality algorithm is stronger than its GSM predecessor. The integrity mechanism works independent of confidentiality protection and provides protection against active attacks. The design of cryptographic algorithms is open and they are extensively crypto analyzed. Moreover, the architecture is flexible and more algorithms can be added easily. In view of the flaw existed in traditional AKA protocol, we have designed an improved AKA protocol. The improved protocol has realized MS to the VLR authentication and the confidentiality of information transmitted in network, and enhanced the security of information transmitted in the wireless channel.