International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Provably-Secure Enhancement on 3GPP Authentication and Key Agreement Protocol

Authors:
Muxiang Zhang
Download:
URL: http://eprint.iacr.org/2003/092
Search ePrint
Search Google
Abstract: This paper analyses the authentication and key agreement protocol adopted by Universal Mobile Telecommunication System (UMTS), an emerging standard for third generation (3G) wireless communications. The protocol, known as {\em 3GPP AKA}, is based on the security framework of GSM and provides significant enhancement to address and correct real and perceived weaknesses in GSM and other wireless communication systems. In this paper, we show that 3GPP AKA is vulnerable to a variant of false base station attack. The vulnerability allows an adversary to re-direct user traffic to an unintended network. It also allows an adversary to use authentication vectors obtained from a corrupted network to impersonate all other networks. In addition, we show that the need of synchronization between a mobile station and its home network incurs considerable difficulty for the normal operation of 3GPP AKA. To provide further enhancement on 3GPP AKA, we present an authentication and key agreement protocol which defeats re-direction attack and drastically lowers the impact of network corruption. The proposed protocol also eliminates synchronization between a mobile station and its home network. Following the multi-party simulatability approach, we have developed a formal model of security for symmetric-key based authentication and key agreement protocols in the mobile setting. Within this model, we have analyzed the security of our protocol against a powerful adversary having full control of the communication channels between a user and a network.
BibTeX
@misc{eprint-2003-11807,
  title={Provably-Secure Enhancement on 3GPP Authentication and Key Agreement Protocol},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / Authentication, Key Agreement, mobile communication},
  url={http://eprint.iacr.org/2003/092},
  note={ muxiang.zhang@verizon.com 12187 received 8 May 2003, last revised 15 May 2003},
  author={Muxiang Zhang},
  year=2003
}